Craig Taylor Podcast Transcript
Craig Taylor joins host Brian Thomas on The Digital Executive Podcast.
[00:01:11] Brian Thomas: Well, good afternoon, Craig. Welcome to the show.
[00:01:13] Craig Taylor: Hey, thank you for having me. I really appreciate it.
[00:01:16] Brian Thomas: Absolutely, Craig. Appreciate you making the time hailing out of the New Hampshire area, and sometimes traversing the globe can be challenging. So again, thank you.
[00:01:27] Craig Taylor: My pleasure, Brian.
[00:01:28] Brian Thomas: You bet! Craig, let’s just jump straight in here so we can get your story started. You’ve got quite the career in security, risk, compliance. You’re an entrepreneur. Now you’re the co-founder and CEO of CyberHoot. Could you share with our audience the secret to your career growth, and what inspires you?
[00:01:47] Craig Taylor: Absolutely. So many, many years ago, I graduated college with a psychology degree and, you know, you need a PhD to do anything in that career, but I also love computers. I worked in the computer lab at the university and there was a. A net news posting, and no one will know what that is, but it’s originally it’s a long forgotten job board for a cyber security engineer at a firewall company.
This is in the very early days of the Internet. And I said, you know what? I love computers. I understand a little bit of the Internet so far was working in the university lab there on email text-based email of all things. And I said, let’s give it a try. So, I got involved in cybersecurity very early on back in 1995.
And I’ve been in it ever since. And I love it. It’s a beautiful mix. My career has grown to program management in many ways to build cybersecurity programs for companies. I have a really kind of an altruistic view of things where I just want to make the world a little better place. And I also want to use my love of learning, education, psychology, and computers to They all sort of coalesce around the company I founded now.
So to answer your question, the secret to my career growth is really following your passions and where they intersect. Because I love computers. I love learning about people and what motivates them with psychology. And I loved education. So those three combined led to the founding of my company, CyberHoot.
[00:03:12] Brian Thomas: That’s awesome. Love the story. Like you, I’ve been in tech a long time. But the fact that you’re one of the, probably the first people I know that have really Got into the security space early on, as this thing didn’t really grow until I don’t know, about 15 years ago, but now it’s really something that’s got to be on everybody’s mind at this point. So, thank you for sharing.
Craig talk to us about the uniqueness of your platform, right? Because we’ve used a lot out there. Your platform, which is fully automated with managing training, governance and compliance and includes a password-less- less access, which we like to hear about.
[00:03:46] Craig Taylor: Yeah. You know, passwords are kind of a pain for everybody and particularly around.
Learning management systems, if you’re forcing your users to log in once a month to some website, it doesn’t work because they forget their password. They try to log in, they fail and then the opportunity to do their 5-minute training is over and compliance suffers. So, we started from the very beginning, looking at the problem in learning management systems of where are all the points of friction that occur.
So, to answer your question, what’s unique about CyberHoot is we’ve, we dove deeply into the points of friction and eliminated everyone we could find from being password less on assignments to the administration of the product by MSPs and SMBs, we’ve fully automated it. So, what makes CyberHoot unique today is we’re fully 100% automated.
We’ve reinvented phish testing. The traditional systems on the market. Are broken. They don’t work. In fact, there’s studies that show attack-based fishing can lead users to click more often than less often, which is the goal of everyone. We want to stop the fishing attacks from working and cyber hood has a simulation that allows users to have a positive outcome instead of a punitive one.
Attack based fishing. If you click, you’re punished with more training. You’re not told exactly how you failed in most solutions on the market, and you’re left wondering and kind of anxious. And so what happens is MSPs and IT departments start getting a flood of emails saying, is this a phish? Is that a phish?
Proving that it doesn’t work. People are on anxious and frustrated and they start to look at I. T. As causers of harm. They’re not helping me. They’re making me more anxious and they’re not giving me the skills I need. So, with cyber hood simulation, we actually walk you through the seven components of an email.
We have an open book test with some help me buttons that you can hover over to learn in a sender. What are you looking for? Well, hackers can’t send from the domain they’re impersonating, so watch out for typo squatted domains. And we explain that, and then you can go hover over the sender and look exactly to confirm what we’ve just explained to you.
And so the outcome is you pass a test. The other outcome that’s beautiful is the management has a compliance score for you. So, you know that every last person in your company Has taken and passed a phishing test. That’s the number one-way companies get hacked today and compromises through phishing as well as password hygiene.
It’s all linked to human error. And so having I. T. be the imparter of wisdom is a benefit for the relationship between the employee and the I. T. department makes them look good and it builds value in that relationship. Having us compliance score that shows 100% of your employees have taken and passed that phishing test is unheard of.
Most of the systems say, well, we had 5% of your users fail the attack based phishing and 95% of them. We just don’t know. What kind of metric is that to base your cyber security program on? You want to know that every person in your organization took and passed a phishing test and that they’re comfortable enough processing email that they’re not forwarding every other email to IT asking, is this an attack?
So those are some of the things that make us extremely valuable to the MSP community and to the SMB community. Because all you need to do is tie into Azure AD for user management, set it to automatic mode, and we deliver everything else you need. It’s completely 100% automated, and it eliminates that negativity that goes along with some of the attack-based solutions on the market.
[00:07:21] Brian Thomas: That’s awesome. And thanks for breaking it down like that. We’ve got a lot of folks in the audience that are techies and some are not so much. So again, Craig, that’s very helpful. Thank you. Craig, you’re obviously leveraging some of that new and emerging tech in your tech stack or your business.
Is there anything you might be able to touch on for us today?
[00:07:39] Craig Taylor: Well, I’ll talk about AI and how we’re starting to use it because it’s on everybody’s mind. It’s the hottest topic in the last 10 years and all the investors are putting their money behind AI. You saw Microsoft make an enormous investment in ChatGPT, Google went out and said, we got to get Bard out there.
There’s a lot of. Potential to AI to help businesses. I think there’s also a lot of fear out there. So what cyber who’s been able to do with AI is very simple. We’re starting slow and we’re going to build. We use it now to help us draft the outlines of our blog articles. We say here’s a topic. I need the top five reasons that MSP should adopt in a learning management system and the benefits of it.
And then, the 25 30 years of experience. Allows me to go through and correct and tweak the article to make sure it covers the salient points. Sometimes the old, advice of, Hey, change your password every 90 days and have it be nine character comes into an article because that was the prevailing wisdom.
Ten, five, even five years ago, that’s no longer the case. If you’re listening to this. adopt a password manager, make all your passwords unique, put them to 14 characters randomly generated by your password manager. That’s the best advice you can do. But I have to sometimes go and correct the advice of the AI that spits out.
So it takes a combination of expert review, but it also just beautifully formats. It’s four or five wonderful paragraphs, and I just need to make sure that there’s nothing overtly wrong and correct those little mistakes. We’re also starting to use it for video generation. I can create videos on various AI websites where the content is brand new.
It’s like been created by the AI. So, there’s no licensing costs because, we’ve spent a lot of money on Shutterstock and some of these other video platforms to create our videos. AI is actually reducing the cost and some of the outcomes are better. So, it’s a little bit hit and miss today. I think we’re on the cusp of it becoming more common.
What we’re not using AI for is to write our code, right? It’s. Alleged that you can use chat GPT to write your code. I think Samsung employees would argue that’s a bad idea because their IP was placed in a public domain, and they got in trouble for that. So don’t put your code into chat GPT, do a private example or a private database and environment.
If you’re going to do that would be my advice there. But that’s probably the most interesting thing from a emerging technology that I could answer.
[00:10:11] Brian Thomas: Thanks, Craig. That’s awesome. And I appreciate you sharing some of the things that you’re leveraging today to get that edge, but also take advantage to be more efficient and effective in your processes.
So, Craig, last question of the day. Can you share something from your career experience that would be helpful for someone in our audience that’s looking to grow their career in either cyber security or entrepreneurship?
[00:10:33] Craig Taylor: Well, first and foremost, If you want to go into cyber security, it is a wide open field and it is an emerging field one day in the distant future, or maybe in the near term, maybe in the next 10 years.
I’m hoping that it matures quickly because it’s desperately needed. But cyber security belongs on the same level as law and medicine. and plumbers and electricians in terms of maturation and barriers to entry, getting educational programs behind it. All of those things. There is no bar or medical exam that says, once you pass this, you’re a.
Cyber security professional. There is the C. I. S. S. P. I’ve had mine for 22 years and it is a very challenging exam, but it doesn’t have the same cache or the gravity of passing the bar or the American Medical Association entrance exam. So it needs to get to that level and we need more people to come into the field.
There’s you. 500,000 open jobs in the United States and probably more than a million globally, and companies are suffering because they can’t find cybersecurity resources. So, my message to you all is that if you have an interest in computers, in networking, and how the internet works, In social psychology concepts, cybersecurity is the way to go.
Right? And on the white hat side, on the helpful side, don’t go to the dark side and start ransomware for hire. That is a bad idea. I chose cybersecurity many, many years ago because it couldn’t really be outsourced to somewhere else or to, automation. It really is an industry and a job that is very real. You need to be in the trenches. You need to be doing the technical work. You need to understand the underlying mechanisms of computing and networks and net masks and all of that stuff, firewalls and so on. As well as the psychology of how people think and how they react to things because, you need to teach your employees.
Hey, if there’s an email that comes into your inbox and it has you urgently having to take some action or emotionally engaged for some reason. That’s an attack. Nine times out of 10. And the reason we know that is social psychologist said you make mistakes when you react quickly to something that’s urgent or emotionally charged.
That’s the social psychology side of cyber security. So, blending those two together is a beautiful career choice for me. It fit my skill set. I think there’s a lot of people out there that could go into cyber that might not think about it. Hopefully when they’re hearing this, they take a stab at it because listen, there’s 12 jobs for every person.
So you need to get in, get out there. We need you educate yourself and do the hard work and you’ll have a long and successful career as I have had.
[00:13:22] Brian Thomas: Thank you, Craig. That’s very helpful. And I appreciate you sharing kind of the breakdown of how cybersecurity is so important. It needs to be elevated as more of a critical job.
And the fact that you do need to have that hands on technical ability, and it’s something you just can’t really hand off to someone else or a third party. So, thank you. And Craig, it was a pleasure having you on today. And I look forward to speaking with you real soon.
[00:13:47] Craig Taylor: Brian, it’s been a blast. Thank you so much for your time and great questions.
[00:13:51] Brian Thomas: Bye for now.
Craig Taylor Podcast Transcript. Listen to the audio on the guest’s podcast page.