In this episode of Modern Cyber, Jeremy chats with Jeff Lyon, CEO and founder of The CyberWild, about the unique challenges of securing the healthcare industry. Jeff shares his journey from IT management to becoming a cybersecurity consultant and discusses his firsthand experience dealing with ransomware attacks in healthcare settings.
.png)
In this episode of Modern Cyber, Jeremy chats with Jeff Lyon, CEO and founder of The CyberWild, about the unique challenges of securing the healthcare industry. Jeff shares his journey from IT management to becoming a cybersecurity consultant and discusses his firsthand experience dealing with ransomware attacks in healthcare settings. He explains why legacy systems and a lack of resources make healthcare an attractive target for attackers, and how organizations can mitigate these risks. The episode dives into best practices for managing vulnerabilities on medical devices, developing incident response plans, and building a more resilient security posture.
About Jeff Lyon
Jeff Lyon is the CEO and founder of The Cyberwild, a cybersecurity firm specializing in helping small and mid-sized organizations protect their digital assets. With decades of experience in cybersecurity, including roles in healthcare and as a consultant for Fortune 50 companies, Jeff brings a wealth of knowledge to the table. He is a certified CISM, CISSP, and CCSP, and holds degrees in management information systems and computer engineering. Jeff is passionate about making advanced security solutions accessible to all organizations, regardless of size or industry.
The Cyberwild Website: https://thecyberwild.com
LinkedIn: https://www.linkedin.com/in/cyber-jeff/
Jeremy Snyder (00:02.828)
All right, welcome back to another episode of Modern Cyber. I am delighted today to be joined by somebody with a long history in cyber, maybe more years as a practitioner under his belt than I have, I think by a few, but somebody who brings a particular industry specialty to the conversation today and we're gonna get into that. My guest today is Jeff Lyon. Jeff is a business information security advisor who empowers organizations to take control of their cybersecurity frontier.
Jeff is the CEO and founder of TheCyberWild, where he guides organizations through the intricacies of cyberspace. With a wealth of knowledge accumulated through years of hands -on experience and strategic leadership, he provides security awareness training, security assessments, 24 -7, 365 security monitoring and governance, risk and compliance strategies, and other cybersecurity solutions tailored to the unique needs of each client. And particularly interesting for our conversation today, Jeff has a long history in cybersecurity in the healthcare industry.
Such a critical industry that is coming under a lot of attacks. We're going to get into that as part of the conversation. Finally, just to wrap out Jeff's background, Jeff has an MS in management information systems from Nova Southeastern University, a BS in computer engineering from Clemson University, and holds several industry certifications such as CISM, CISSP, and CCSP. Jeff, thank you so much for taking the time to join us today on Modern Cyber.
Jeff (01:23.161)
My pleasure, Jeremy.
Jeremy Snyder (01:25.107)
Awesome. Well, let's get started on your background. I know we just went through some of it and we went through some of your qualifications, but I'm really curious, you know, I think everybody has their own kind of origin story or kind of hero myth, legend, whatever you want to call it. How did you get into cybersecurity in the first place? Because I really think most of us who are in the field, such as myself, this was not what I studied and trained for.
In fact, back in my days when I was going to university, there really weren't cybersecurity programs. So I'd love to hear how you got started in the industry.
Jeff (01:57.079)
Now there wasn't cybersecurity programs either when I was in college. Matter of fact, my freshman year was the year they threw away the punch cards. I would imagine that most people on this podcast don't even know what a punch card is. And I'm glad you didn't have to live through that. But I got started.
in cyber by accident. I was actually an IT manager at a small college here in South Carolina and we had just put in an exchange server, that's an email server and
I think it had been running maybe a day or so when I finally got this strange email from somebody saying that, you know, I love you and you love me. And then everybody started getting messages saying I love you. And man, it was just a, it was like a 1960s love fest, you know, was going crazy. Everybody was getting it. But anyway, everybody was getting all this stuff until nobody got anything because all this mail just brought the server to a screeching halt.
Jeremy Snyder (02:50.502)
Yeah, yeah.
Jeff (03:02.273)
And well, what we were experiencing was one of the first worm type virus. was called the Melissa I love you virus. So I got to experience a lot of really fun things like how to get inside of an exchange server and run all of these cryptic commands from the command prompt, the dark place as we called it back then. so I said, well, I really don't want to ever see this happen again to anyone.
Jeremy Snyder (03:09.65)
Yep,
Jeff (03:31.873)
So we started, once we got everything back up and running and rebuilt, started getting more into security tools. Yeah, we went out and bought a, we already had antivirus, but we needed certain tools for the server. well, we'll fast forward a few years and a few certifications later, and I'm working in the healthcare industry. And...
as an engineer, as a security engineer, I was helping put together a SOC, a security operations center, and coming up with the plans for that. And that's really where I cut my teeth more in cyber. It got more serious at that point. My reinvention was complete.
Jeremy Snyder (04:18.506)
Interesting interesting and by the way for those who are seeing the video I don't know how well this is show up, but you know I I I just barely missed this I have to say I was just you know Maybe a couple years behind you where they had been completely phased out by the time I came through and in fact We were three and a three and a quarter inch floppies for sorry three and a half inch floppies I'm gonna get some hate mail about that slip up there. I know five and a quarter three and a half. Let's get it straight
But yeah, no, I dodged the punch card era. I'm curious, by the way, on the Melissa virus, because I lived through that as well, and it was our exchange server. And by the way, for the kids in the audience, exchange is how email was done before Google Workspace and Office 365 were a thing. And in fact, Office 365 is almost certainly powered by a bunch of exchange servers. How many times did you go through the Melissa virus? Because what happened with me was we went through the initial rounds.
And then inevitably there was somebody who was out of the office on vacation that week and would come back in and would have X hundreds of copies of it sitting in their inbox and would double click and start another round. So I think I remember going through like four or five rounds of it before we finally got it all the way cut out of our organization. What was your experience like?
Jeff (05:32.857)
Well, I believe we ran a tool to clean up everyone's mailbox, but I do recall having like a smaller reoccurrence of it that was really capped really quickly. I mean, it really cause an outage or anything, but so really one and a half, but it was a hard thing to live through. And, you know, all eyes were upon me. And, you know, I just don't know if I like that type of attention or not, but I got it. So.
Jeremy Snyder (06:01.89)
No, you know, and I tell people this and I think, you know, unless you've, unless you've walked in these shoes, it can be hard to understand just how underappreciated the field is, whether it's cyber or whether it's IT. You know, the 99 % of the time when things are just working, it's just nothing. Not a thank you, not a complaint, just nothing. You just kind of take it for granted. And then the 1 % of the time when the proverbial mess hits the fan, then you get complaints.
Jeff (06:22.746)
Yeah.
Jeremy Snyder (06:31.518)
And rarely do you get the kind of, know, thank you, you went above and beyond to get the business back up and running. And now I have worked at organizations that did recognize that, you know, recovering from an outage, recovering from a cyber incident, where they did go, you the organization bent over backwards to kind of recognize the effort that's got into it. But I do think by and large organizations kind of take it for granted, complain a little bit, and then take it for granted again, very, very quickly in the aftermath. I don't know if your experience has been any different.
Jeff (07:00.473)
Well, the whole thing at that point, the maturity level of the IT infrastructure at the college was not at the point where we actually had a real incident response plan and knowing what to do. mean, people were still calling me on the phone asking when things were going to be back up. And, you know, I'm trying to fix it. Don't, don't, you know, leave me alone. You know, in a very bit.
Jeremy Snyder (07:23.688)
Yeah. That's right. Yeah.
Jeff (07:29.879)
much more polite way. But you know, we were coming from a, and here's another old term that most people aren't going to recognize, a Vax VMS environment, the green screenings, Mr. Green Screening. So all this was new to people. Windows was new to people. Yeah.
Jeremy Snyder (07:31.656)
Yeah,
Jeremy Snyder (07:42.206)
Yeah. Yeah.
Jeremy Snyder (07:49.575)
Yeah, yeah. And I'm curious about, so when you moved on from the university and you went into the healthcare side of things, first of all, was that a big scale up or was it roughly the same scale but a different domain or how was the difference from your side?
Jeff (08:07.853)
Well, there were there were some steps in between there some smaller steps in between So I left the actually left the University and went to work for Microsoft for a short time and guess what doing exchange working Yes working But the pre -office 365 it was called B pause back then but didn't last long. It was just not the right type of
Jeremy Snyder (08:24.274)
Jeremy Snyder (08:31.419)
Yeah.
Jeff (08:36.789)
structure for B. But anyway, we moved on and that's when I really started focusing more on getting
studying for security. And then when I did land at the healthcare organization, you know, I really buckled down and got my certification, you know, started out with the CISSP. Well, I already had the Security Plus and a couple of the other CompTIA certifications, but.
but I really wanted to see ISSP and I studied hard for it and probably overstudied. mean, you can't really, you can't overstudy, but I mean, I would take every test I could find online and this was quite a while back and watch every video on it and was determined to get it. And so I did, I got through it
couple years later when I did the CISM. To me that was even more difficult than the CISSP.
Jeremy Snyder (09:42.783)
Mm -hmm, and I'm curious. So when did you start that process of getting these certifications? Was that in the 2000s or the
Jeff (09:51.978)
You know, I'll tell them myself again my first certification was it MCSA Microsoft Certified Systems Engineer MCSE. Yeah, I forgot how spell it, right? I don't even put it on my resume anymore because nobody needs MCSE for what Windows? What was it? NT4
Jeremy Snyder (09:58.659)
Yeah. Systems engineer. Yep. Yeah. Yeah.
Jeremy Snyder (10:11.364)
No.
Jeremy Snyder (10:17.751)
NT4. Yeah. Yeah, that was my first one as well. And back in those days, if you had the MCSE and the CCIE, the Cisco Certified Internet Engineer, you were golden. Let me tell you, like those. That is funny. Putting this into the context of.
Jeff (10:19.885)
Yeah, yeah.
Jeff (10:29.581)
That was it man. That was it. Yeah.
Jeremy Snyder (10:37.435)
modern salaries and certainly the value of a dollar over time. And we're going back 25 -ish years in my case, 27 -ish years from when I first got that first certification. Those were the two certs that if you had those, you could look at getting a six -digit salary. And nowadays, I feel like a six -digit salary in many parts of IT and certainly many parts of cybersecurity, that's like one to two years of experience. You might be getting into
stratosphere pretty quickly in the modern era, which is a big step change. I don't know if it's indicative of the overall state of the technology market or if it's indicative of organizations realizing the value of these services or if it's simply a question of supply and demand and we're still, you know, short supply on the cybersecurity side. I don't know if you have any thoughts on
Jeff (11:29.187)
Well, I still see it as a short demand, but I also see people looking for things that, I forgot the term a lot of people use a lot, like butterfly with unicorn, whatever, rainbow unicorn, but don't have that one right. It's like they want somebody with a lot of experience, but they want to pay on,
like somebody with no experience at times. Actually, I mean, a good friend of mine just said something to me today, hey, do you know anybody that might be interested in this job? And I looked at it, it's for a security engineer. And I emailed him back, said, you know, that looks way, way low for a security engineer. you know,
I can't believe they would even offer that. Now granted, you get into the public sector, working for the colleges, mean, they're limited on what they pay. mean, their pay structure is in such a way that it...
It's surprising that people stay there as long as they do, really. I I stayed at my college a long time and cause I mean, I was complacent. liked, I liked the people. I mean, I'm still close friends with many, many people there that were there. think most of us have retired from there now, but it was the family and that's what kept me there more so than money.
Jeremy Snyder (12:40.054)
Yeah, yeah.
Jeremy Snyder (12:56.608)
Yeah. Yeah, and I always tell people, you know, as you go through your career, and I'm 27 years into mine at this point, you know, you're going to change jobs a few times, most likely. There's very few people that stay anywhere nowadays longer than, I don't know, six, seven years. I tell people, by the way, that my first startup that I ever joined, I was at for seven years and like, whoa, that's a really long time at a startup. That's kind of the current view on it is how people think about it right now.
But I do think that you go through a few stops along your career and there's a few of them that you're gonna look back on and you'll be like, well, that was actually a really formative experience for me. Whether it's because of, let's say the personal connections and kind of the family vibe and some of the deep friendships that you make, or whether it's because of, let's say, you learn to navigate an organization and how to work with like...
peers and bosses and people one level below you and maybe you got your first couple promotions up the ladder or maybe it's because it was a change of technical area where you really got pulled into one. For me, by the way, that first stop that was seven years was kind of all of the above. You know, I joined there as an entry level network engineer with the aspiration of being a software developer and I actually kind of failed at being a software developer. You know, they put me through some of the tests and some internal coding assignments and I just wasn't good enough. And so they said, well, you know what?
We're growing so fast, go down this IT and cyber route, do that. And then we just grew and grew and grew. So I got opportunities to move up and learn to navigate an organization, went back to school, got an MBA at the same time. But I want to come back to kind of your experiences, Jeff, when you moved into the healthcare space, what were some of the unique challenges that you saw around cybersecurity for healthcare? Because it's a big space and I tend to think that their systems are very
Like you see devices at hospitals that you don't see anywhere else. So yeah.
Jeff (14:47.555)
Yeah, they're very, very different. Number one, you want to make sure everything's secure. And a lot of things have been put in organically over the years and maybe the network infrastructure is flat and not segmented in such a way that one area is secure from another.
So I've seen that in several organizations that I've visited.
with vulnerability scanning, it's a necessity in all of these organizations. But there are certain things that you just can't scan, at least not willy -nilly, because I mean, they're attached to human beings. You you don't want to scan someone's infusion pump or a baby monitor or something like that. I mean, it could cause problems that you really don't want to create.
Jeremy Snyder (15:39.493)
Mmm, yeah.
Jeremy Snyder (15:44.892)
Right.
Jeremy Snyder (15:50.513)
Yeah, yeah.
Jeff (15:53.25)
So, or you don't want to bring something offline either. And even, not just the things that are attached to it, but even if it's a piece of network equipment that's controlled, that's in that particular area, if you bring it offline using a scanner, then you've also created the problem. It may not be patient impacting as far as
Jeremy Snyder (16:16.337)
Yeah,
Jeff (16:19.274)
It's messing up the data, if it's needing to transmit out or whatever, it can't do it. It messes up the data flow.
Jeremy Snyder (16:27.012)
Yeah, yeah. So how do you manage that? I mean, do you have to kind of maintain two copies of the infrastructure so that you can scan like one of each or what's the approach?
Jeff (16:40.673)
Well, if you can, but I mean, you're talking about MRI systems that cost multi -millions of dollars sometimes. I mean, I've seen some of those that, yeah, I want to scan them. They're still running Windows XP. And you also have a disclaimer from the manufacturer, which could be something like GE Health or I don't remember some of the other ones, but.
Jeremy Snyder (17:04.741)
Yeah. Siemens or whatever, but
Jeff (17:07.589)
Yeah, if you scan these, you void the warranty on them, that kind of stuff. So you don't scan them. The best solution, the best workaround, compensating control, is to isolate them. I mean, just...
Jeremy Snyder (17:12.496)
Yeah, yeah.
Jeremy Snyder (17:22.082)
Okay, so you air gap them or you put them on a dedicated network of just a few devices or what do
Jeff (17:28.409)
Dedicating that for tennis or your PCI network, you know is like they're isolated from everything else and so you make sure that you control Everything that can go in or out of it to it to those particular devices
Jeremy Snyder (17:39.81)
Okay.
But you're still, so I guess to your point, you know, it's all about risk management. And so you're basically saying like, there's probably vulnerabilities on this device because every device by the way is a hardware software device. Even if it is something that sounds like it should just be a pump that, know, literally just pump in, pump out, pump in, pump out. There's some hardware that is powering the controller. And on that hardware, there's some software that is running the logic of it that, I don't know, controls the rate of pumping or whatever the case may be.
So you're saying we've got a device, it's a hardware software device, it has some vulnerabilities on it, we're not even allowed to find out what those vulnerabilities are because of manufacturer warranty or other things. And so the best we can do is just kind of design network controls around it. And then hope and pray.
Jeff (18:31.897)
Hope and pray and watch.
Jeremy Snyder (18:33.823)
Yeah, okay. Okay,
Jeff (18:35.715)
You can still monitor it, you know, you can still, just like on a PCI network, you monitor any type of traffic that's going in and out of it and anything that looks out of place, it becomes an alert in your SIM, or it should. And you have an analyst follow up on it. I'm sorry, what?
Jeremy Snyder (18:52.045)
Okay, okay. And does that, in your experience... No, no, I was just gonna ask a follow -up on that question. mean, one of the things that I see from SIMs continuously, even in 2024, may be starting to get better with AI. And by the way, we made it 19 minutes in before the first mention of AI. I always like to track that just for fun. SIMs, in many cases, they generate so much data
teams that are covering them are often flooded with false positive alerts. And they spend a lot of time investigating that. Is that any different in the healthcare environment or is it actually the same? And it's a ton of false positives.
Jeff (19:33.462)
Well, it could even be worse because you have even, sometimes you have even older equipment that, especially if it's Windows and the different, if you're pulling up the complete log files in from every little Window event that comes up. it's gonna be the same, but it's gonna, the best thing is to have more intellectual or more
what you call a deeper level of Analysis within the tools so more than just the same you have something that That has more insight into the data it can do better correlations of it
Jeremy Snyder (20:18.786)
Gotcha. I'm curious from your perspective, you know, we've seen, okay, so that's the environment. You've got all these proprietary equipment, they've got their own challenges with them. You've got limitations because of the operations of the environment and the life criticality of a lot of this equipment. And so there's honestly limited access that you as a cybersecurity person, you're going to look at this environment and be like, well, I would love to be able to...
patch, patch, patch, patch, upgrade, upgrade, upgrade, update the BIOS and all these things, pen test these, like whatever. You've got your limitations that you have to operate inside. It's a ton of constraints, by the way. I don't know that I've ever truly appreciated just how constrained that environment is. What we're seeing right now, sorry, go
Jeff (21:04.247)
Yeah, I used to have this attitude. have an ocean and I want to boil it. I want to know every vulnerability that exists in your network. And by the way, your asset management, you don't even know what you have. You don't even know what... I mean, you can run scans sometimes and find stuff that nobody even knows what it is, especially if it's an organization that grows by acquisition.
Jeremy Snyder (21:11.684)
Yeah. Yeah, yeah.
Jeremy Snyder (21:33.2)
Yep. So if you're like a healthcare network and you've acquired a new hospital group or a new set of clinics or whatever, okay. And there's a lot of that going on in healthcare. So I know that that is a real thing. Yeah. I'm curious along the lines just on asset management while we're on the topic. I've never walked into an organization and asked the question, how confident are you in your inventory of, and you can insert anything here that could be users, groups, devices, endpoints, servers.
Jeff (21:36.857)
Mm -hmm. Exactly.
Jeremy Snyder (22:02.821)
especially not cloud. And in our case, we do API security. I've had literally had a customer laugh at me when I asked the question of, you know all the APIs that your organization has created or that you're exposing? On the healthcare side, there's got to also be the challenge of like, you know, these are, again, some of these devices are going to be really old. Some of them are going to be running really arcane or very specific operating systems. Do you often have to just chase down what the heck is this thing?
Jeff (22:32.771)
Yeah, all the time you can. And you might be lucky enough to have the networks defined for you. And if you can find a person that, I mean, if it's even documented, sometimes you might be lucky enough. I the problem is when things grow and people are working, fighting fires, and there's no one available to document as they go, that's how stuff gets out of hand.
And that's the biggest problem I've seen with some of these older organizations that they don't know what they have because by the time they do get it documented, it's changed. And the people that first put it in are gone.
Jeremy Snyder (23:21.142)
Yeah, Well, along those lines, mean, based on that understanding, it's probably pretty understandable that health care is getting hit with ransomware events as often as they are with all these constraints that you have in place. So, you know, what's been your observation or are there any kind of, I don't know, stories or case studies that you can share about kind of the health care industry, the types of incidents and maybe what you learned from them?
Jeff (23:48.281)
Well, I will say that, I mean, it's still rapid. It's still a big problem. And a lot of organizations, especially the smaller hospitals that don't have the big infrastructure and their built -in cybersecurity teams that have the know -how, have...
have the skill sets to manage cybersecurity. I can tell you one particular situation. I was on my way home from a music festival in Asheville a few years ago, pre -COVID, like a week before COVID actually. And so I got this phone call on Sunday afternoon as I was driving home and I said,
Okay, this can't be good. And so when I answered it, well, one of my hospitals had been attacked by ransomware and they were practically shut down. couldn't, could not do a thing. mean, they were, systems were getting encrypted right and left. And so they were reverting to pen and paper.
And next morning I was on a plane to that location, somewhere in the Midwest, and it was a fun time. When I got there, I just realized that, well, they don't have a security team. They had an IT team.
but none of them had the skillset to know what to do to protect and recover. I mean, yeah, they had backups. They had already started trying to restore stuff, but guess what? The ransomware culprit was actually on the backups as well. So that was kind of pointless. So we started running some diagnostics. I mean, they had carbon black and...
Jeff (25:40.313)
That was the tool that was at use at the time and nobody maintained it. There was, I believe there were some things that had not even had the pattern update in two years. And as you know, just in a week, I mean, new patterns come out. Can you imagine in two years? So it was a big job just to...
Jeremy Snyder (25:52.269)
my goodness.
Jeremy Snyder (25:57.365)
Yeah. Yeah, yeah.
Jeff (26:05.881)
to try to get things patched and actually find, I mean, we actually found the root cause of the, what we call patient zero, I guess, at some point. And it was an interesting trail to find. I love investigating things like that, but that's never been my core responsibility, but I have an acquiring mind, I guess, like they used to say that every time.
Jeremy Snyder (26:29.5)
Yeah, Well, talk us through, as somebody who's lived through this firsthand, talk us through to the extent you can and please don't share anything confidential. How did you go through the recovery process? Because if you step into a situation, their borderline completely shut down, they're reverting to pen and paper. Where do you start? Do you take the facility offline? Do you start by going straight to backups? How do you go through that process?
Jeff (26:56.821)
Well, yeah, I mean, first of all, you do have to take things offline. You have to, I can't even think of the word right now, I'm losing my word, but contain it. So stop it from spreading anymore. Identify every device that shows any symptom of it. It was actually a trick bot, ransomware.
Jeremy Snyder (27:19.848)
Okay. Okay.
Jeff (27:23.043)
So identify everyone and Carbon Black was doing a good job at showing that. And I'm not doing a plug for them, but I mean, it did help out. It was good to use. It's just a name I don't hear much anymore. So contain it, identify which systems are most critical that are brought down.
Jeremy Snyder (27:33.481)
Yep, yep.
Jeff (27:47.629)
Determine how you're going to recover identify the backups identify when the last backup was and You start recovery process, but don't bring it online yet Just just determine the order of it what has to come online first and of course you you're probably gonna have to start with something at the core like your your domain controllers and Yeah
Jeremy Snyder (28:12.987)
Right, right, your Active Directory server in many cases, right, with your AD and your primary IDP and everything,
Jeff (28:20.525)
Otherwise no one's gonna be able to log in anyway, right? Yeah. And honestly, I can't recall if they were actually hit or not, but it was quite a situation. we had to, first of all, we had to commandeer a war room. I mean, the first day I was there, I was sitting in a very small unprotected computer room with my laptop on my knees, really being a laptop.
Jeremy Snyder (28:23.057)
Yeah, yeah.
Jeremy Snyder (28:45.741)
Yeah. Ugh. Yeah.
Jeff (28:48.483)
nowhere to work and I said, well, we need somewhere to work because I had a bunch of guys coming in to help with the recovery efforts, which were by that going computer to computer, either compensating it and bringing it in or doing a repair on site at the workstation. It all depended on what severity of it was.
Jeremy Snyder (29:12.453)
Yeah, it's really interesting. You bring up something there that I think a lot of people don't think about right now, and that is kind of the order of operations. I remember from my days in IT and managing physical servers and whatnot, back then there was a lot of talk about the so -called three -tier architecture, where you had kind of the web server, the app server, the database server. And if something crashed in that stack, you very much had an order of how things had to spin up.
Jeff (29:32.858)
Yep.
Jeremy Snyder (29:41.634)
the database server pretty much always had to spin up first. But before that, by the way, the identity, so the active domain, the root controller, et cetera, like that had to come up first because it had service account credentials on it. And if you tried to bring up the database server before the domain server was running, sorry, the domain controller was running, the database wouldn't start, like SQL server would fail. And then you tried to bring up the app server before the database server was there, the app server would crash because it couldn't connect to the database.
And if you tried to bring up the web server without the others being in place, you know, the web interface would fail. It's something that I think like, sorry. That too, that too. Yeah. And it's so funny in the age of cloud, so much of this you can kind of take for granted. Not only because that certificate server, who's running a certificate server anymore. You're just printing certificates off of Microsoft Azure or, or Amazon web services or let's encrypt or wherever you're getting them from.
Jeff (30:13.722)
your certificate server. You've to have your certificate server up up too. So put some of that to work.
Jeremy Snyder (30:38.009)
But there's some certificate server as a service type of offering that you're getting from, I know almost no organizations that are running or hosting their own certificate authority anymore. And why would you? But having that order of operations mapped out is a critical part of a recovery plan. How much of that did you have documented in advance and how much of that did you have to learn in the moment?
Jeff (31:02.319)
For that organization, there wasn't one. I mean, there was nothing. mean, at least nobody knew where it was when we got there.
Jeremy Snyder (31:08.893)
there was no kind of incident response plan.
Jeremy Snyder (31:16.64)
Yeah. Yeah. That's such a fascinating statement. And I think that is true for most organizations. We're getting a little bit short on time for the episode, and I've still got two or three questions that I want to get through. So I need to move us along a little bit. After your experience in health care, what do you think is changing in the health care cyber domain? And what's kind of getting better? What's kind of getting worse? Or is it pretty much that's the state of things and
Jeff (31:32.81)
Sure, go ahead.
Jeremy Snyder (31:44.724)
it's gonna probably be the state of things for a while.
Jeff (31:48.921)
Well, I can't say it's getting better or worse, but we had a major incident in February with a third party, which everybody knows about now if they're in cyber and all, was the change healthcare situation, which affected one third of every US citizen.
Jeremy Snyder (32:02.925)
Yeah,
Jeremy Snyder (32:07.361)
Change healthcare, yeah.
Jeremy Snyder (32:14.388)
Yeah,
Jeff (32:18.189)
You know, it really left a lot of organizations vulnerable. It left them unable, somewhat unable to make payroll. And really, it's nothing that they did wrong. And they were relying on this provider to help them with payroll and prescriptions and whatever else that they were working with.
To me, that's still a major weakness that we don't have a quick, ready solution for. Now, I know a lot of vendors are starting to talk about it, and I am really all ears on it to listen. I think I've got something with one of my vendors later in the week to listen to about it, and I'm hoping they'll have something that I can share with my clients.
Jeremy Snyder (33:08.778)
Yeah. Well, that
Jeff (33:09.487)
because I would like the solution. Just like on the 19th with the cloud strike issue. mean, know, the end users or the companies, they did nothing wrong. But still, I mean, it's that simple for a mistake to have such a major impact.
Jeremy Snyder (33:31.227)
Yep. Yeah. You know, you mentioned something there that I think I want to kind of close out our conversation on today and that is that, you know, you're looking for offerings for your own company. I know you started the cyber wild not too, too long ago, if I understand correctly. What led you to start your own company and why
Jeff (33:43.769)
Mm Right.
Jeff (33:48.933)
Well, I don't know if we mentioned it earlier in the conversation or not, but I was working for Deloitte, which is a great firm and I'll tell you, great experience, great opportunity, great people. I learned so much there. And I was a solution delivery manager working with big companies, Fortune 50 and state governments. And I realized that there's a gap that
They have everything they need to help them with their security. But there's also the growing companies, the up and coming organizations that also need the same level of protection that they don't have their own security center. They don't have a team of security analysts watching it, watching their networks. Well.
I want to be able to help these organizations, be it healthcare or small businesses. I want to be able to help them get control of their cybersecurity and help them with their security awareness training and help them get a monitoring platform in place or even with threat monitoring and threat intel just so they have a better idea of
less hoping and more knowing. It's a good way to say it. We can do that with the tools that I have in place, the bundles that I have as a Cyberwild. We have a great tool set and great products that we can provide for them at a great price. So I mean, it's...
Jeremy Snyder (35:18.448)
Mm -hmm.
Jeremy Snyder (35:37.081)
Awesome. You know, anybody in the audience who wants to learn more about, you know, what kind of offerings you have and what the bundles might be like, where do they find TheCyberWild?
Jeff (35:48.175)
Well, you can go to my website at www .vthecyberwild .com.
Jeremy Snyder (35:59.441)
Okay, awesome. And we'll have that linked in the show notes. And then just at a high level, what are the offerings that you have out there for customers? I think I saw four categories of offerings.
Jeff (36:09.133)
Yeah, well, there are more than that. I may not have them on the website right now, but let's see. I have several different security awareness training platforms. One's called Usecure, another one's NGO, Informa, Infoma, mean, I can help companies with their compliance. Also, if they just want a security assessment to know how...
Jeremy Snyder (36:36.784)
Mm -hmm.
Jeff (36:38.627)
where they are and how they can improve. I can provide that. I have a platform for that that they can actually log into and help provide the artifacts and we can see where they are. mean, if they need HEPA compliance, we can help there, but if they want to get something like the NIST framework, cybersecurity framework, we can do that. Also, we have monitoring. have...
Jeremy Snyder (37:01.369)
Okay? Awesome.
Jeff (37:09.273)
Pillar as a platform. also have a Black Point, which I'll be releasing something shortly on my website and on my LinkedIn page about my offerings with Black Point. Coming up here, hopefully this week, I'll get that out.
Jeremy Snyder (37:28.601)
All right. Well, I think by the time this episode goes out, that'll certainly be live on your website by then. But Jeff, I really want to thank you for taking the time today. I really enjoyed learning about some of the challenges specific to the healthcare domain and just hearing your background, your story, and, you know, also reminiscing on things like punch cards and some of the good old days of NT4. I don't actually look back at them as good old days. The technology was...
pretty primitive at the time, but thank you so much for taking the time to join us on the modern cyber podcast here today.
Jeff (37:59.129)
Yeah, the technology was primitive, but the music was great. Yeah.
Jeremy Snyder (38:03.473)
There we go. That's a great note to end today's episode on. Once again, I'm Jeremy signing off for this episode of Modern Cyber. We'll talk to you next time. And remember, like, subscribe, share, all that good stuff. And if you do know somebody who should come on the show, please feel free to recommend them and reach out to us. And otherwise, we will talk to you next time on the next episode of Modern Cyber. Bye bye.