In this episode we interview Glendin Franklin-Browne, Technology Consulting Manager at Diamond IT. We chat about his personal journey into his current role, the importance of Cyber Security and examples of local businesses that have been affected by breaches to their security systems.
Hope you enjoy the episode!
Here you can source all the things we have talked about in the podcast whether that be books, events, meet-up groups and what’s new in the newcastle tech scene.
welcome to another episode of new tech people today we have glendon franklin brown uh technology consultant and diamond id welcome thanks james we’re really uh really excited to be here and um talk about a few things technology related so thanks for for inviting me on the show not a problem i think uh one of the key things we’ll get in and tackle today is that cyber element i know your crew is definitely going down that route and it has been and it’s a growing element and uh focus for for newcastle and technology in general but for those that don’t know who you are can you give us a bit of an overview of who you are career to date yeah sure so originally grew up in new zealand i started in it in probably 94 small town probably the best data i could have had because it was in a little computer company and dealing with lots of different organizations but in that smaller setting i started as an infrastructure engineer so i think a lot of people sort of get into technology and go do i want to do software or hardware i decided at the time that that hardware was the the way to go uh keeping in mind that when i started it was pre-internet yeah we had dial-up modems and things like that but that wasn’t the internet that was just i think they call them bulletin boards so it’s pre-internet um and so therefore there was no uh look up google how to do that it was you know try and i guess figure it out yourself talk to other people you know we had other resources as well but it was it’s a really good time to actually get into the industry and so i went through that you know network admin sysadmin those sorts of things and i kind of fairly quickly realized that although i really enjoyed that sort of stuff i could see a real opportunity in the management space and although i really enjoyed working for that little company i knew that you know that that wasn’t going to last so i took it upon myself to go and meet the it manager from the local council and when i look back at what happened that was 1998 so it was pretty y2k when i looked back and i thought well i had really big balls to do what i did but i essentially you know got a meeting with him and i said i really want to come work for the council gave him my cv and i think he appreciated the the boldness of that i think that you know that was his personality yeah and a couple of weeks later he said oh come and have another chat and and you know one thing led to another and it’s been a couple of years working for the council and so you know at that point i thought uh auckland’s too small for me i’ll i’ll go and move to uh sydney um got a job with unisys but got jack of that pretty quickly it was basically sitting at a desk cleaning up it manager’s mistakes and uh you know although it was a good transition piece because it was quite hard to get into work when at that particular time it was a good opportunity to realize i definitely don’t want to do that again i spent just over six years with them so and and through that time i went from uh those four little nursing homes uh united care new south wales act at the time decided no we need to consolidate they went from it was eight regional hubs within new south wales to seven i think then maybe down to six my hub got swallowed up into another hub but at the time the guy that was directing it at head office saw that you know this was probably a little bit too small for me said no i think you need to come work and head office with us and i think you need to establish a technology and innovation role within within head office so and then there was a a bit of a change in management and and things when i sort of sat in the top role for a little bit but i thought no i’m not really ready for that they employed another director of it and um his vision was to basically create a shared service which was logical and lots of organizations do that they go you know we’re running a large company here why are we doing things differently around the country so so yeah i was heavily involved in setting up a shared it service for the whole of new south wales and act and i was my role as infrastructure manager so still in that infrastructure space as hobbies go um i was one of those quintessential nerds not too bad i was a handsome nerd i thought oh i like to think i was anyway my wife might say something different yeah keeping in mind that the average age for a ham radio operator was about 65 yeah so i was well intrigued i think there was one other bloke that was maybe in his 20s but i was well and truly the youngest heavily involved in scouting which is really hands-on practical ham radio electronics was a new thing at high school but i really really enjoyed that um remember sending away for a dick smith a kit and having and living in new zealand having to wait what seemed like an eternity six or eight weeks for the for the kid to come and doing all those sorts of things to you know how does this work and what does this do and that sort of stuff which is which is i think really put me in good stead for for working life yeah right on that point like i interview obviously a lot of tech professionals and i think uh one of the common themes is that that tinkering right that building stuff on your own some are some of the guys that are a little bit younger has been you know building computers or or playing or building some software from scratch or pulling apart something and doing it again it’s definitely a common theme for people i’ve seen have some success in technology is that a tinker a mindset sounds like that was a big part of your youth it was it got me my first job in i.t the guy that i got the job with it was own the company and he said most of the other cvs when they put down their hobbies put surfing hiking camping whatever motorbike riding whatever i was the only one that put down you know electronics computers that sort of stuff and that wasn’t my whole life because obviously scouts is very was very non-technical at the time but i think that’s a key part of it depending on what level of technology you want to get into you might if you are a tinkerer you might say well i want to get into creating things for me i wanted to understand how it works i could explain it to somebody else and then if you go to the other end of it i’ll i now have to explain to business leaders and decision makers not why technology is so important to them but i guess how technology can grow their business because they don’t care about technology just don’t care about it they think they do they got a smartphone and i’ve got this fancy computer and i do zoom meetings and things like that it’s more about you know how can it grow my business how can it make me more money you know all those sorts of things so technology is an enabler right for a lot of businesses even if you know a technology business technology isn’t enabler for you to have more success or scale or grow quicker so i think technology’s playing a part in every business whether they’re a tech company or not right yeah and not everyone understands that but there are still plenty of business leaders and by no fault of their own haven’t had that explained to them before in the way that they understand and i think that’s a key part as well of of being a sort of consulting is you you can’t uh you know i can’t go in front of a director and say oh you need an active directory and you need to connect this thing up with the wan and you need to did it and you know whatever what does that mean what does that mean or not even that yeah okay thanks bye yeah so man there’s a couple of points you may have mentioned before um obviously obviously having technology and the fact you’re a tinker on a cv getting your first job i think that’s a great story i think that’s uh something a lot of people can learn from um especially grads uh grads a grad certificate’s probably not enough these days for a lot of roles it’s a certificate plus what else have you done have you built something on the side have you what else have you done built or played with so you show you’ve got a genuine interest in that so i think that’s a really good lesson for definitely young tech professionals yeah but uh the part i found like really i guess interesting right there is you actually taking the proactive approach to approach council for your for that role you mentioned you know as a sign of confidence or a sign of you know yeah having the confidence to actually go and do that for people that might not be as bold might not be as confident any advice you would provide others to approach a company that they may be interested in working for yep you know when as you were saying that i was thinking well you know obviously young professionals in whatever vocation they choose need to be too careful they’re not trying to shoehorn themselves into a role that they would like to have but really they’re not suited for and if you’re shoehorning yourself into an it management strategy role but you’re not very good at the charisma and the communication things it’s it’s about understanding you know where your strengths and weaknesses are so if you go for a software engineering role probably the person that’s interviewing you will also be a software engineer or have a good understanding of that so you can just talk shop and i listen to the guys that interview engineers at diamond and they say yeah that guy knew what he was talking about like he may not have the best personality in the world but he is the right candidate because he knows exactly what he’s talking about and when he’s got a really tricky problem to solve he’ll fix it and then i’ll tell the customer how he fixed it you know that sort of stuff so my advice to to young professionals nowadays is really try and understand where you sit um don’t worry too much about the money or the prestige or what have you unless that’s where you sit but really understand what your strengths and weaknesses are and sort of play to those strengths yeah no i don’t disagree i think the part you’ll mention there is a bit of self-awareness right yep understanding sort of where you sit uh having a little bit of self-awareness which is not that’s a it’s definitely a learned skill and then the other part is probably understanding your audience right understanding who you’re talking to who you’re going to try to pitch yourself to yeah another point you made mention of was and you mentioned a role you maybe skipped over a little one of the roles it wasn’t wasn’t you know it wasn’t a great role but i think most people that have had success in their career have had a role that wasn’t perfect for them at some point in time but you can still take learnings from that as well as you can take learnings from any year successful roles yep any thoughts on you know learning from bad experiences or learning from environments that maybe weren’t ideal for you yeah one comes to mind but i won’t sort of go into it too much it was in newcastle i guess the signs were there but the type of person that i am i’m not going to just quit and leave i always try and look on the bright side and see the opportunity and so forth and so i don’t regret sticking around for as long as i did because as you rightly said i’ve learned i’ve learned something from that i’ll know those signs next time and i’ll know um how to avoid those mistakes in the past and that’s probably what what it more of what it is so you know i always used to get i was really surprised when you’d hear someone they’d start a job and they’d get up at lunch time and never come back and i thought do people really do that and and it really puzzled me and i understand people make different decisions at different times you know i’m going to waste my time here because i don’t like the boss or i don’t like the people i’m working with but i think you got to give things a red hot go and do your best to change the environment to you know as best you can but learn from the experience if you have the confidence perhaps challenge the regime in an appropriate way but learn from the experience so the role that i was sort of alluding to from in newcastle i thought i was doing the right thing i was trying everything and i was getting really good feedback from everyone else except for my boss and that was my mistake in that role the only person that probably should have mattered was my boss and therefore i should have been making every effort to you know communicate with my bosses taking uh feedback from other people you’re doing a great job thanks for helping that sort of stuff so yeah it’s it’s it’s about it goes back to that audience thing what’s your audience and and who are you not so much who are you playing to but you know who do you need to influence yeah i agree i think it’s important in technology as you said like who do you need to influence where does technology sit within the business and what is its role so i i agree maybe one of the other last point before we would dig into this cyber angle in a sec but one of the other points you may mention of was you carved out the more of the help desk part of your role in one of your previous roles to have that focus hey i think there’s definitely some roles out there where you’ve got to be a bit of a generalist and you’ve got to take on you know a lot but as organizations continue to grow you start to get more specialization that specialization helps people’s careers grow as i’d say you made mention of carving that that sort of help desk lower end out to allow you to succeed and focus in that higher area is that you has that been your experience throughout your career is it trying to get that more focused approach yeah we all try and do that i always use the example i i empathize with a lot of it managers because and that’s why strategy often gets left to the last and often never gets done because they are so focused on keeping the lights going and keeping things running keeping people happy and things like that they never get an opportunity to focus on that so whilst i made a decision not to sit at a desk and be on a service desk that didn’t mean i didn’t want to help people and even though i’m the it manager of a company and i’ve got you know 11 other people working for me i was never too proud to go and help someone with a printing problem even though my boss probably felt that’s not what you should be doing and you need to delegate but yeah just just understanding it’s all part of it is is really people management and and and and going back to that communication thing so or you might get really good at telling people no yeah and saying i need you to log a ticket and then it’ll be allocated to somebody else which is often a challenge for it professionals as well so tell us high skill i think there’s the ability to fail yeah i don’t think i have mastered that skill yet but you know it is it’s really important and it’s not about saying no it’s about saying in a way that people understand i used this example yesterday when i talked to someone about how to prioritize work tasks i said you know when i’m talking to a potential candidate i might say all right you’ve got a couple of issues here so ceos come screaming down to the service desk and and you’re there and he said i can’t print i’ve got a board meeting in five minutes and i can’t print this and then but also you’ve just had a call come in to say one of your remote offices has gone down there’s 50 people sitting there twiddling their thumbs so you have a decision to make you know how do i communicate that to the ceo and make sure and he might not accept that he might not i need my printing problem fixed but at least he’s made that decision and he’s the runner he’s running the company or i might say to them this is the situation how would you like me to prioritize this or what have you so you’re using you’re still prioritizing but you’re using you’re leveraging off you know the person that might be running the company or high up and then i say to the person okay so you’ve got a ceo screaming because you’ve got a printing problem you’ve got a 50 person site down and then um your server room uh this smoke coming out of your server room well how do you prioritize that well you start by turning the ceo around and saying look there’s smoke coming out of the server room i need to go and address that or find out what the issue is but knowing how to communicate that so that you you know show people that you’ve somewhat got things in control but you’re doing things in the right order it would have been real easy to run upstairs and help him with his printing problem having said that people listening to this podcast will know if you try and fix a printing problem that you think is going to take five minutes it’s probably going to take an hour and a half and you’ll end up rebuilding the computer so there’s always that sort of stuff going on as well but yeah prioritization the tasks is really really important especially in that environment i like communication you may mention communications underrated for tech professionals it’s such an important part doesn’t matter what your role is yeah that’s getting the cyber side of things right you’re obviously in a technology consultancy role at the moment yep uh you’ve got a greater and greater focus for cyber security being part of your role at the moment and what what took you down that cyber route where i came into this sort of cyber security spaces understanding there are a lot of vulnerable people out there and it’s not about telling them what to do from mine it’s about um showing them maybe showing them what to do why they should do it and and by the way here’s some examples of people that haven’t done that before so you know you can keep doing what you’re doing you can keep you know using the same password for everything or you can keep incrementing your password i’ve got some really good examples of why that’s not a good idea life examples but at the end of the day every time you go online you’re running at risk of something adverse happen yeah the risk might be quite small if you’re an individual if you’re a company the risk might be fairly significant and the challenge with companies i guess and and managing that risk is the ceo that’s got the printing problem the other thing that he’s also got to deal with is the fact that he’s giving all his employees he’s trusting all his employees will do the right thing with company data with corporate data with client data and sometimes i don’t know where that trust is coming from because there’s no tangible evidence to suggest that maybe they are doing the right thing so going back to your question why cybersecurity it’s really about understanding the the threat landscape and understanding where the weaknesses are and i i’m of the opinion that technology is is is doing its best to keep up and i think it’s doing a really good job at keeping up you know you look at the we used to have firewalls now we have universal threat management devices that check anti-virus before it comes in and check all these other things that you know that other systems had to do in the past and and there’s millions and millions of dollars in in um innovation to try and get ahead of criminals and using artificial intelligence technology and changing the way that viruses are detected and things like that so just an enormous amount of effort going into that sort of stuff but our biggest strength in an organization or our biggest asset we always say is our employees and there’s no you know there’s no getting around that but our biggest weakness um or our biggest risk is employees as well because you know because of that trust that we think we have that they’ll do the right thing so it’s really um just looking at that aspect of it um that’s if you look at cyber security as a whole that’s the sort of area that i sort of lean into is that managing the people risk of it and trying to help people understand you know why would you do this yeah well and i think what you’re saying there as well is like the biggest risk is the employees and it might not even be on purpose right it’s a lot of the time it’s not there being malicious by doing doing something it’s just maybe a lack of awareness or lack of understanding vulnerabilities they may be creating is is that where we’re at yeah and so so as well as um so part of my role at diamond is to investigate um preachers after they’ve happened i have experts that do all the the technology you know that not so much hacking but they unpack all the evidence for me and i analyze the evidence and yeah most of the time it’s it’s not malicious at all it’s really just a misunderstanding sometimes it’s laziness speaking of which i imagine in this space you have a couple of good stories or stories maybe some cyber stories or some things that you’ve seen that i think might find interesting i care to share any of those with you absolutely my boss rob buck who um is the managing director of diamond he coined well i think he coined a phrase um ethically terrifying people so when i talk about cyber security i try and ethically terrify you into realizing that you know maybe you need to change some of the ways that you’re managing your own data and often it’s you know people go oh corporate data yep that’s his responsibility he gets the big bucks to manage that risk there’s some contention there and i don’t necessarily agree with that opinion but when it’s my data oh wow yeah no that’s top priority for me yeah so yeah one of the examples i i use in when i’m training people up on this is um i had a situation i didn’t do the full investigation but i i reviewed the the notes after it and it happened to a person in newcastle uh and they were very influential extremely intelligent person cannot underestimate how intelligent this person is but basically what happened is one day this person got up and checked their banking details and pretty much there was nothing left in their bank accounts that all been siphoned out jumped on their phone tried to call someone phone doesn’t work and so you you think about and if i can encourage people to think about that situation you’ve woken up you’ve checked your bank accounts there’s nothing in there and your phone doesn’t work you know i’m feeling anxious just telling the story right now and they’ve got enough information to be able to fill out a form a telstra form and get her number ported to another sim card and so you think oh how did her bank account details get compromised well most of you will realize that you know nowadays security being what it is when you try and do anything in your bank that’s un out of the ordinary like you try and set up another payee get a sms code on your phone you put that code in and there you go you say well how did they get her banking details to be able to log in and when we went back and looked at the what had happened there were small discrepancies in the way that person was managing their personal information so name is a piece of personal information date of birth is a piece of personal information address phone number all those sorts of things now individually they might not seem important but this hacker had collected a really solid profile on this person so much so that they could get them imported without any question they followed the telstra process to the to the t and they were able to um access banking details and and so it might have taken a few months for this to happen but this person was targeted and and that and and they were able to to get in and and certainly upset their life yeah um but also um really teach uh everyone that heard about the story or or was able to learn about the story a valuable lesson then you know i always say to people best thing to do is you have your multi-factor turned on so you get that code every time you log into a system and you use unique passwords for everything which comes to my next story some people say i can’t have a unique password or anything i’ve got 500 accounts you know and so that’s fine neither can i i can’t have a unique password for anything oh yeah i wouldn’t actually no i can have a unique password one of the strategies i teach people is if you really want to be serious about protecting your own personal information think about implementing a password management system i use one myself for personally i encourage companies to use a corporate one as well for a couple of reasons if in a corporate sense and lawyers do this a lot they’ll or in accountants they’ll sign up to an online subscription service maybe it’s you know a law library or something like that and there’ll be a shared account because they don’t want to sign up for multiple services for everyone and you give that information to one of your para paralegals or one of your junior partners they go away and start their own company and maybe they use those credentials to log on to that system that your company’s paying for so in a corporate sense you’re able to share usernames and passwords with people that never actually know what they are you give them access to that system they log on as themselves they use that information as they see fit and then you kick them out of that system when they leave and they’ve none the wiser at a personal sense it’s about understanding you know how do i set secure passwords how do i remember secure passwords and people always say to me oh what happens if lastpass gets hacked i guarantee you that it’s cheaper to hack me than it is to hacked last pla lastpass or dashlane or anything like that so you know think about cybersecurity as a risk profile how can i get the risk down to as low as possible so so that’s one way i do it by by doing that and which comes to my next example i did do this investigation and it’s centered around office 365 which is very well utilized nowadays and is going to be well utilized and well developed but what office 365 did as well as it gave us convenience because we can log on to our systems pretty much from anywhere and get it to word and excel and teams and that sort of stuff it also gives hackers the ability to do that as well without us even knowing and so what the hacker did the particular people at the time i started the investigation wouldn’t tell me how maybe their credentials have been stolen but anyway i’ll get to that in a second what the hacker did was they got in um and they set up a rule on that person’s corporate email account in outlook that said every message that comes in also goes out again as well so and every message that goes out also goes out to uh this they set up a rogue gmail address yeah so essentially they were funneling information out to to a gmail address to then analyze and work out where they could get any more information now this was a professional services company again in newcastle uh high profile cust clients they dealt with a lot of sensitive information and the targets there was actually two people the targets had access to all this information and so you know when i unpacked the data that had been stolen it was quite scary to think that this driver’s licenses birth certificates accounting information legal information about individuals contracts that sort of stuff had been stolen and had gone who knows where okay so there’s that issue are we ever going to be able to get that data back probably not we need to start cleaning up the mess but they always ask well how did it happen i did a bit of digging and i found that the particular two individuals had appeared on a website called have i been pun dot com yeah hunt is it yep that’s an australian bloke and they’ve both been uh sort of identified in a couple of breaches but the main one that i you know worked out was the my fitness pal breach that happened uh back in 2018 and so that breach 144 million unique usernames and passwords were stolen and then turned up on the dark web about a year later for sale yeah and so there’s there’s two things here so well first of all they the person people had used their business email address to sign up for a personal thing which is okay now i understand why that shouldn’t happen because now i’ve put my company at risk yeah okay second thing was have i used the same password that i used back in 2018 and therefore does somebody have that and say oh no i have to change my password every 45 to 90 days okay i must be safe what these people were doing was they were incrementing their passwords so my password might be jimmy john one this you know quarter next quarter jimmy john two jim johns three funnily enough hackers are pretty smart and they figure that out and they run a script uh that will interrogate not only change that password to try and work out what the correct one is they’ll run it across multiple platforms so they’ll go instagram facebook linkedin all that sort of stuff and basically come back with a report to say yep this is where this this combination has worked and you know without knowing that criminals i would imagine that’s what they did and they said bang we’ve come up with office 365 credentials cha-ching this is awesome and they’ve gone and done that from a company perspective all of a sudden now they’ve got to get on the phone and call hundreds of clients and say i’m so sorry but we’ve let some of your data go and once that data’s gone it’s gone you can’t get it back again so yeah it’s um it’s it’s really uh really important i’ve got some other examples but keep shooting i find cyber security examples uh especially ones that have happened locally to newcastle yeah i think a lot of people think when they think cyber security they think oh that only happens to you know celebrities being hacked and this and that uh but hearing local examples is uh quite interesting so let’s shoot one more and i need to be clear because i’m sure there be people listening to the pos guys that go that sounds a little bit like me i need to be clear that you know these people uh use common sense uh and they’re very intelligent and they’re definitely not silly people so but it’s about understanding that’s why i sort of said at the beginning what you should be doing and why you should be doing it yeah i’m the same like don’t tell me what i have to do tell me why i have to do it or give me some examples of why i have to do it so this was the same method the person in question the attacker had got access to valid credentials we didn’t dig too far into how that had happened but the way it played out was the hacker came and set up a rule uh actually no they came in and for two weeks because we looked at all the logs and we watched them do it they came in from their ipad just was from south africa which we know isn’t necessarily where they were from because there’s software tools that are really readily available that can make you look like you’re from any part of the world so anyway the records show they came in from south africa and they just logged in every day looked at what was going on in this person’s account and this was a senior partner of another large newcastle company that had a lot of sensitive discussions with people and the discussions that he was having with one client was around superannuation and discussion got to the point where where do you want these funds directed to at that point the hacker went fantastic set up a rule anything from that client went to uh the rss subscriptions folder which if you go and have a look at your outlook it’s just a folder that no one ever tends to use i don’t use it i don’t know whether you use it but yeah yeah yeah it’s an older sort of thing so so anything that went into that folder probably wasn’t going to get found by this for the user and they set up an account that looked very similar to the client um the client uh just happened to be um they weren’t using their corporate um or their work things because this was a personal thing so they were using a gmail account and when we looked at the two different addresses the real one and the fake one it was pretty it wasn’t hard to see it when we knew what we were looking for it would have been hard if you were just you’re already having a conversation with that person you’re not expecting anything to happen like that so um and so it goes without saying that the hacker then pretended to be the person because he knew the types of language that that person had used and gave the person two bank account details and yeah there was several tens of thousands of dollars moved into two different accounts that story becomes even more interesting because the same person tried it again 12 months later but they had a different uh avenue same um you know mechanism but they they were trying to do something differently and that was based on they were trying to send through an invoice and at that time internal processes stopped that from happening because their accounting process wouldn’t allow this type of invoice to be paid i issued the report with my you know how did it happen what was was it a breach in that situation it wasn’t a data breach wasn’t classified as a notifiable data breach because no data we couldn’t prove that any data had been stolen even though money had been stolen yeah 12 months later the same well we think the same person uh tried it again and then um a few weeks after that i was advised that they had been caught by the victoria police um and yeah and so i actually went into the um maitland police station and gave a statement and that’s still an ongoing case so i don’t know at this stage i have to give evidence in that but those sorts of things where you know they obviously we did a really good job at pulling it apart they can also be used to i guess bring people um to justice as well but so you know all these stories suggest that cyber crime is is a really profitable thing which i’m sure it is but yeah there are consequences they might take a while but there are definitely consequences to it as well so yeah i completely agree now where do you see uh where do you see cyber or the future of cyber security going or what’s what’s the next few years look like for us there are definitely at technology avenues i see education being a big thing we’ll always have to educate people in the right things to do there’s a bit of a movement at the moment in the technical world to suggest that passwords are becoming a thing of the past or that you’ll never have to change your password again because there will be other mechanisms we use the word we used to use about dual factor authentication now we say multi-factor because you might have to put your username password a code your fingerprint multiple things to access because the criminals are getting ahead of the game all the time so i think educating people is really important and i’m not talking about educating engineers i’m talking about educating you know just general people the two most vulnerable groups in our society are kids and the elderly yeah and kids because um you know they’re pretty fluent in the technology but their risk their ability to manage risk is pretty low in most cases and and to be honest the the um they don’t have much to lose they’re not the one that’s managing the mortgage and and the big the bank accounts and things like that they might have their own bank account but if they lose 50 bucks then that’s that’s fine elderly people in most situations that don’t understand technology as well or aren’t educated in cyber security um often just want to help and one of the big ones is that the fellow from the nbn calling you up saying your internet’s going to be disconnected i actually played that scenario out to see what they were trying to do and essentially and i felt very special through the whole process i got you know put to forward to that super the guy supervisor and and and oh we’re going to help you and and the things he was showing me were bollocks but and they just wanted to try and install teamviewer on my computer to get access to my computer so you know that middle group there you know should be a little bit more um tech savvy or should be a bit more educated so that we can then educate the other two groups either our kids or our or our parents nice yeah i think it’s going to become obviously a more and more important part and uh more prevalent day-to-day we’re getting close to the end but we’ll wrap up with just some i guess individual pieces about you mate uh you’re obviously quite educated in the in this space um is there any podcasts or books that you’ve come across podcasts or podcasts is there any podcasts you listen to on a frequent basis that you find interesting one really good podcast if anybody is interested in um stories about cyber hacks and stuff and they give end to end story about sometimes the people get away with it sometimes they don’t what are the ramifications of that really interesting good dark net diaries yeah it’s an american podcast jackery cider is the guy that does it i just you know i don’t i try not to listen to too many of them because you know it can get a bit overwhelming but it’s that’s a really good one yeah nice one that i listen to especially for productivity and and critical thinking so probably not so much on the cyber yeah but more about that productivity and critical thinking is the jordan harbinger show yeah um really practical advice but he also interviews people in you know military positions and critical thinking positions and social media positions and stuff like that but yeah really well put together podcast and the one i’m listening to at the moment has nothing to do with cyber security or critical thinking it’s called loose units it’s about an ex-cop and his son and they interview uh he their son interviews him yeah he was also in uh forensics he was also in the fire brigade uh he also ran a funeral home and the story is pretty cool so it’s a it’s a bit more uh some of them are fairly serious but you know just trying to loosen up all that serious stuff that i listen to so nice man um is there anyone in particular you follow online or follow uh for the best information in regards cyber yep new south wales cyber security innovation node they’re sort of like uh i think there’s been a few changes but i think they’re in with aust cert as well yeah new south wales the new south wales government’s taking a really proactive approach on cyber security and as a state we want to be the best you know you look at victoria and queensland and they want to be the best in certain areas you know new south wales really pushing ahead in that and so uh the innovation note is a group of um people of which um i’m part of um to try to come up with some strategies on how we we can do that uh tafe new south wales tafe have brought out some short courses people can do as well which is you know sort of takes away from some of the stuff i do with training but i make the training a lot more interesting um but if you’re interested in self-paced training new south wales or the tafe is a really good one yeah and when i say short courses these are two or three hour online courses about networking and cyber security and stuff like that just little tidbits about that so if anyone’s looking to get into that it might be a good place to start especially if you’re coming from a plumbing background or a building background or a non-technical background going outside of the country the uk government i follow them on linkedin they put up some fantastic infographics some of the resources that they share are really good so this is the national cyber security center and that’s a it’s a uk government initiative i’ve got a lot of um information from them and the best people to talk to about cyber security is diamond i t so can’t underestimate that little plug nice mate let’s get a second last question if you had a an opportunity to sort of teach a younger version of yourself you know a key lesson or two and where would you go i would suggest especially now now is critical look into the future if you’re thinking of becoming an infrastructure engineer maybe have another think about that with everyone moving to the cloud the need for infrastructure engineers at a local sense probably going to become a lot less unless you want to get in with a cloud provider which yeah go for it that’s that’s cool that’d be an awesome job to have but i think it’s more around enablement software development you know we’ve seen how much social media apps and stuff like that have have taken off and been successful but it’s around that productivity stuff just look back to the industrial revolution as an example i might have been the one i’m bringing up a charlie and chocolate factory example but i might have been the one screwing the lids onto the toothpaste containers and then they go and buy a machine to screw the lids on why not learn how to fix the machine so machine’s going to break down and then we’ll learn how to fix all the machines that all the toothpaste factories are doing so think about it that way and that’s that’s that’s critical i you know worked with a lot of it professionals that i said i’ve got microsoft certification and i’m working for this company and that sort of stuff and and then all of a sudden the company goes cloud and just like well my skills don’t fit the organization i’m with look two years look five years ahead and work out where your skill set needs to be and there’s plenty of um information on the internet would you talk to someone like yourself about that you’re probably one of the best people to talk about that because you understand intrinsically you know how the industry works and where it’s going and and that sort of stuff but don’t get caught don’t fall back into you know i can be a plumber for um 40 years it doesn’t work like that in technology unfortunately ain’t not wrong by far people are keen for a little bit more information from you what’s the easiest way for people to get in contact um reach out to me on linkedin i try and um that’s one of my sort of goals as far as my network goes is to to really leverage off linkedin as well um you know we’ll link that up in our show notes yeah and um obviously i’m with diamond i.t so jump on our website and you can flip me a message that way but yeah i’m i’m probably more keen to talk to people about what we’ve talked about today and really start to get people critically thinking about that whether they want to use my services i’m not really that um i’m not too worried about that but i really i’m really quite passionate about the whole philosophy of that technology is enabler but there’s risks like with anything you know you hop into your car i might have a really schmick car but i choose not to put the seat belt on the chances of me getting into a car crash probably pretty low but the seat belt in this analogy is just understanding and being educated about cyber security and knowing that so i use the convenience of the car because i can get to the shops quicker but i’ve got to put the right risk mitigation strategies in there so i don’t get caught up if i’m in an accident so nice man thanks for your time today thank you i really appreciate the opportunity and and it’s been good to um i like talking if people haven’t figured that out so it’s been good to be able to and i’ll put a plug in here one of my goals at work is to be a better listener so it was nice to be able to talk okay thank you cool thank you