403- Why Home Labs Beat College Degrees w/Thomas J. Sweet

403-Thomas J. Sweet

Host: Phil Howard

Guest: Thomas J. Sweet

Phil Howard: Everyone, Tom Sweet, welcome to You've Been Heard. Let's just start off with the brief breakdown and what your day job is right now. Let's start there.

Thomas J. Sweet: Sure. So my day job, I'm CIO of a private equity backed portfolio company. We've acquired eight companies. And so in my role, I'm doing everything from software development, large language model work, AI strategy, educating the executive team on AI, running security end to end, Azure security, Microsoft 365 security. And obviously those the policies, the budget, the purchasing, the vendor management, mergers and acquisitions, due diligence, working with the board, helping the board with other companies in their portfolio that either don't have a CIO or have a managed service provider and providing a second set of eyes on those decisions. And then, my team handles support, cameras, physical security, phones, telecom, everything, some app development website work. So pretty much everything that goes on in IT. In a small company, we do one way or the other here.

Phil Howard: Let's start with what's your recipe? Or how do you deal with all that? How do you break all that down? What are the steps?

Thomas J. Sweet: I enjoy this type of work. Not everyone does. There's a lot of people in the CIO community who almost pride themselves on either not being technical, never having been technical or no longer needing to be technical. And the nature of my current role is I have to be deep into this and my previous role at GM financial, I was leading one hundred and thirty people, and so there was a lot that I didn't understand of the ins and outs of the different financial systems for the different financial systems my team worked on. Right? I had different teams that worked on the lease system or the remarketing, which is when a car came off of lease. I was trying to manage three levels of management and drive business transformation. But here I'm trying to help as a leader building the ultimate IT team and the ultimate IT service for a private equity company and to help deliver business value through technology. It's a different role. And I love this. I love staying engaged with it. And so that makes it so much easier.

Phil Howard: What part of the business do you need to know and understand at your level right now in order to be effective as an IT leader? So maybe just explain the private equity or maybe explain the mergers and acquisitions piece to it. And the pieces that an IT leader would need to be very, very aware of. In other words, are you at a stage where you need to lower customer acquisition cost, and the cost of acquiring customers is high, and there's a certain churn rate, like what are kind of the dynamics of the business piece. And then also so you've got that aspect right. And then you have like the cost of a lead or a customer. You've got that aspect. But then you also have when you have companies being acquired or looking to be sold or being purchased, you have this aspect of when you look at a company, what are the red flags or dangerous areas that would make someone say, no, we don't want to buy them because of this. And so it's kind of like at what stage how do you break it down? Like where do you start with an IT with with all of that? And how does it add value to the business that's evaluating businesses and purchasing them and selling them all that.

Thomas J. Sweet: And So when we look at acquiring companies, there are people who are early on in this phase for that. They're looking at the companies that they're going to acquire. They're looking at their sales, they're a bidder. There's a number of they have forensic accountants that will go and investigate the history of the company, make sure that everything is up and up. I'm not involved at that point. I am involved much later in the end. And probably they're going to if they make the decision to buy the company, regardless of what I say, it's probably going to happen, but I need to be able to and articulate the investment. Hey, you know what? They have old systems. They have this old ERP, they don't have multi factor authentication,

Phil Howard: Their data leakage or something other.

Thomas J. Sweet: They may have been hacked. The port 3389 is open to the whole world. You know things like that. And so you're looking at okay, there's a risk here. There's a period of time that we have risk as a company because we have cyber insurance, right? But we have to make sure that how quickly can we get them migrated, get them educated on hey, is M365 here is multifactor authentication. Then we're going to move you to a passkey. After that we're going to block some websites that shouldn't be accessed. There's a whole bunch of cultural change and change management. So I'm involved prior to that, not doing an audit, doing the assessment, doing a report and then presenting it. Here's what I found. And then a lot of what I'm doing is right at the beginning because day one, the CFO's team is looking to get at their financial data. And I have to find ways to get that securely opened up, but also work on the cultural change of changing IT. However, everything else is changing for these companies right there. The day they get paid is probably going to change right there how they do business, how they do service, how they do construction. Maybe there's different policies for company vehicle that weren't necessarily in place prior. So there's a lot of organizational change management. So it's working to do that without doing that right. It's changing it without being too aggressive. Because it's overwhelming. Because it's overwhelming for someone who's never had any cyber right. They're running admin and they're running global admin as admin on their computer. And that's the way it's always been. And MFA is annoying. So they don't do it to coming into.

Phil Howard: That's amazing that really is still a thing. It's still it seems like one of the most general best practices. But you're talking about a company with ten people.

Thomas J. Sweet: Fifty people. Ten people.

Phil Howard: I can see fifty people without multifactor authentication. I mean, even ten. It's like it's like you shouldn't even do it as one person.

Thomas J. Sweet: Yeah. So that's kind of where I'm at there, right. So that's part of that piece.

Phil Howard: Okay. It's like when a company comes in, it's kind what are the kind of the problems and how do we go through a checklist. And it's kind of like you've got revenue, EBITDA, customer acquisition cost. And like, well, wait a second, is our customer acquisition cost going up? There's all these different factors and there's kind of like a tier that you've got to like kind of go through.

Thomas J. Sweet: And so when you look at industrial refrigeration, right, this is warehouses, huge companies like Cargill or a Butterball turkey or a Tyson Foods, those size companies. Cheesecake Factory warehouse, not your local supermarket, not the Walgreens cooler. I mean, these are huge facilities, so there's a limited number of them. It's not like you're selling a scooter, right? And there's a whole country full of people that potentially could be a scooter buyer. There's only a small number of people who have this. So one thing that IT did is we built a SaaS app. So we decided, hey, let's help reduce the cost of customer acquisitions. We'll make a SaaS app that'll take refrigeration plans. I mean, is there a specific type of plan that they use for refrigeration plants and piping. Not just refrigeration, but industrial type work with pipes. And we use some machine learning and some LLM to create a maintenance plan for the user. So the user will upload the plan, we'll create a maintenance plan based on a lot of effort on the back end. And then give that to the user for free. Now the trade off is the contact info for the user user uploads. A plan will give them a teaser or a small report. You want the full report. You will email it to you, but there's no half hour meeting required and we just need like a legit email, right? And then we'll send it out. And that's to help to acquire more customers. It's a lead generation tool. And so the cost of customer acquisition, it will be much less than someone going and knocking on doors and trade shows and other areas or other approaches that are more costly.

Phil Howard: Okay. So the right person to ask for this, then? Obviously with the size of your team, you have to have very, very good partners. When it comes to security, if we were to just break down the security aspect of whatever companies being of merged together, you've got things like, well, you were talking about multi-factor authentication. I'm going to be talking about endpoint detection and response and event management and email security and proactive security training, incident response, compliance Reporting. Do you have good partners? Do you love using partners? Mssp for that one MSP no.

Thomas J. Sweet: None zero.

Phil Howard: So what do you do?

Thomas J. Sweet: You do everything in house. We have a lot of great tooling okay.

Phil Howard: And so Let's just keep going. So some of the bullet points that we have on here to talk about today are native organizations, role consolidation at the end of heavy teams. What does that mean. Hand off heavy teams.

Thomas J. Sweet: So when I worked for the larger company that I just mentioned, they had all different silos. So let's say you bought application that needed single sign on, right. That would have to go to an IAM team. They would have to contact a different team for DNS. They would go to a third team. You have to go through change management boards. We're a small company. If I buy an app today and I want to make it single sign on, and I paid the single sign on tax when I purchased it, the extra ten dollars per user per month, whatever they charge, go and I can go to my DNS and add the entry. I can go into Azure and create the enterprise app, and then I can connect my purchased app all together and be done in fifteen minutes. And so another company that might take them four weeks to go through that process, when really it's only because of change management, because of handoffs, because of silos. Only one team is allowed to touch DNS. Only one team is allowed to touch IAM, only one team is allowed to do this. And larger organizations slow down because of that. And things get confused as backlogs is internal politics, whereas a smaller company, I mean we can go much faster if we fail, we fail forward. We have to do a rollback. We're like, oh, we made a mistake, let's fix it and go forward. And I've made mistakes, trust me a lot.

Phil Howard: And we make a lot of mistakes. We made two years of mistakes. On trying to do a website the wrong way. And then finally we just hired the best branding guy in the industry, and he did it in about thirty minutes and handed it off to us. We're like, okay, great. AI native organizations. What does that mean? What does that mean to you?

Thomas J. Sweet: Well. There's all sorts of podcasts that have different definitions about how well you're doing. But what we're trying to do here is get at least all the executive team and the people who are one layer below and get them educated on how to use AI strategically, not just tactically, not like, hey, paste this email in and rewrite it. It's using AI as a partner But there was a book that we read I made kind of made everyone read it, which was the AI driven leader. Now it is from twenty twenty four. So it might be a little dated for some people, but it was really good at helping people understand how to use a strategically making it a partner for what you're doing every day, not just, hey, solve this problem. But here's the backstory. Here's what I've done to solve a problem. I'm concerned about this, this and this. Ask me questions until you're comfortable with a solution.

Phil Howard: I believe everything you just said is completely on point and And people that don't know, you don't know, you don't know until you don't know. And I have been having a very long debate back and forth with one of my friends who is an entire offshore coding team. And he builds a like basically healthcare ERP software for another large country that may speak French. And so I basically I'm like, look, my prediction is, that the majority of the coders that were as of three years ago are going to be gone. And he's like, absolutely not. And then there's I have another friend that's like, yeah, if they're not on board, if they don't get on board now, forget about it. Because to your point about your employees and teaching them, if you don't learn this now and you don't start to learn the tools and have your own Sources of data built up and you haven't learned. And because like Claude is a good example, because you can have artifacts or you can have skills, you can have all these things that are kind of built up. And that takes a while. And, Greg, our producer, I mean, he's been doing this for years. And when he starts talking about Claude, I mean, he's got like all these skills built up. He's got multiple agents running up in Cloudflare. He's got all, apps. He built our podcast reporting app and scheduling and questions that we ask people and crunching down data and turning into infographics and passing it off to production team. And It's all our own custom software now. And it just like the light bulb just goes off in your head and you think to yourself, That is the most in danger. I don't know if you agree with that or not, but.

Thomas J. Sweet: Well, okay, so let's just back up to what you said. So you have talked about, Claude, they get hooked. They get commands, they get skills. There's a lot of people on Twitter Posting great links to grab all of those. So there's people who put investment in and now they share them, right. So you can grab all those. And there was a LinkedIn post about someone who was upset that the SaaS app went from seventy thousand to one hundred and forty thousand for renewal, and they built their own app. I don't know what the app did right. But it they basically didn't renew a SaaS app because they're like, we can build this in three weeks. And they built it in three weeks. And if you watch any of these like UFO shows, they talk about the aliens that kind of purpose built for the mission. And that's the way software was going now. It's like it's purpose built, right? You don't necessarily. You can build your own software.

Phil Howard: We're building our own CRM. I was like, never thought that would be possible. I'd be like, nah, it's going to be all screwed up. There's going to be all kinds of bugs, drop downs and plug ins and like, at least we're building like more point systems now kind of like to that MIT article, right? More talking about point systems and kind of starting out on that because I don't want to go like all in just yet. We're building an app to just do the vendor discovery because we sat down and we're like, okay, how do we consolidate all our apps? But okay, how do we teach our employees to use it? Oh, I know what it was. What about Cowork? That's like something that's really kind of a rogue thing. It's going to cause so many problems for security. I mean, if I let it take over what I want to let it take over, it will. But the thing is like an end user. Basically, it will take over your browser and you'll be like, hey, could you make sure to like, just, answer my emails for me and constantly search my emails? And can you send an email on my behalf? And it'll just it'll literally pull up your browser. It'll be clicking on Gmail or whatever. It'll click the send. Hey, I need you to kind of just go through all my Google Drive folders and like, will you search for this keyword and kind of organize everything and pull up all this stuff? And then I want you to build a PowerPoint presentation, and can you do that project on the side and then do all and you kind of do it coding thing on it. It's doing all this stuff. You're not even there. I just see that being a massive security issue for some.

Thomas J. Sweet: Oh sure. Because here's where it can go bad. You ask it to go to a website and click on Salesforce, for example. But someone has an ad on Google Adworks that's a malware that says at Salesforce and it's not right. And so the AI is like, oh, Salesforce link, I'll click on it and it's not the real Salesforce. And so those are the issues. I mean, I'm worried about data loss prevention and people deleting everything.

Phil Howard: So what do you think about my prediction? Well, what's your prediction eighteen months from now? It doesn't have to be AI. It could be anything. What is everyone going to be talking about?

Thomas J. Sweet: So. The prediction is that. You're going to see more disruption in the programming market because like you talked about, there are people who still insist like, hey, AI is too buggy, but they're not figuring out that, hey, you know what? It can fix the bugs, right? First of all, bugs existed before AI code and security issues existed before AI code. But the AI is only going to get better. And so there's going to be a tremendous disruption in that market. And, again.

Phil Howard: Every time they accused it of not being able to do something like two months later, it's like, oh, it can do it now. Yeah. But this now it can't do this. Yeah.

Thomas J. Sweet: It's going to see, the people who are embracing it in their job, right? You're going to be hired to deliver an outcome of you're a computer science grad, or you're a marketing grad or you're someone who go for a formal education, but you can deliver business value. We're talking role consolidation is how do you solve a problem for a business owner? How do you solve a problem for a company and you're using AI to solve the problem? Your pedigree may not matter. Most likely won't matter. How you've solved the problem. May not matter whether you did it intellectually or used a tool to do it. It doesn't matter. You got the right outcome. And I see startups are that way. The one pizza team used to be a two pizza team. Now they're talking one pizza team. Because you don't have as many team members. Because AI is filling in gaps in knowledge.

Phil Howard: So Yeah. Well, I mean, if people don't start now, if you don't start training your employees now and everything people need to get, there's like a certain although even though we've been switching LMS and stuff like that back and forth, people are going to start to realize they need to organize the data in my life better. And it's kind of like if I wanted to do a certain project on a certain thing. And, it's like, well, first give me the brand guide. So you gotta lay out a brand guide. You gotta be like, these are the colors we use. These are the logos. They've got to be in this aspect ratio. You've got to kind of lay all this stuff out. Otherwise you're just kind of like throwing stuff at it in a random.

Thomas J. Sweet: You go, here's my website. Go create the brand guide.

Phil Howard: Yeah. But the brand guide is also the voice. It's also the taglines. It's also, like because like we have a tagline that's having a seat at the having a seat at the table is nice. Yeah, I've heard nicer, but it'll change it to, if we don't say like it's exactly that, just the tagline. It can never change. They'll say something like, it'll just be like having a seat at the, round table is nice, but it's so much more superior to be, like, say something like it'll just like kind of screw up the taglines and stuff like that. Sure.

Thomas J. Sweet: I would have it create it for me, and I'd edit it and then tell it I didn't like it, and then it would fix it for sure.

Phil Howard: Okay. What's the best use of our time? How do you decide that?

Thomas J. Sweet: Again, we're trying to focus on, what makes us valuable for exit? What helps us make money. How do I get the sales team in front of more people? How do I get them the information they need? How do we.

Phil Howard: Granular? I mean, literally more granular. Like, do you use a planner? Do you write down things Do you like, do two week sprints and do you like what? What didn't go well?

Thomas J. Sweet: What was only three of us, right? We are. It is interactive on teams all day long. Like we have a shared chat and it's back and forth all day. Right.

Phil Howard: And then is it literally just a stream of consciousness or are you guys.

Thomas J. Sweet: Yeah, I think so. I mean, it's a stream of consciousness that I have, right? I get to see the CEO that calls me. I mean, he's the only one that gives me orders or orders, but the direction or requests, right? But ultimately, it's me making the decision as to how we operate. And there is no performance improvement plan for CIO, right? It's if you don't solve the problems, you're tossed, right. They don't put you on a pip, right? So.

Phil Howard: But you have to kind of like break things up because you might have different projects going on at one time. How do you break down your projects?

Thomas J. Sweet: I mean, breaking it down in markdown language, because that's what AI is using. So AI uses MD files a markdown, right? So it used to be you'd use like JIRA boards. But Jira and Java and all that, right? Or there was a Azure DevOps boards, right? But if, everything is going to AI now. So everything is in markdown, like I will do cloud plans, I will work through markdown files and keep all my information there, because that way the AI can read it and then act on it.

Phil Howard: Keep going. What else? Teach me something there, because that's not what I do.

Thomas J. Sweet: Okay. So I mean that's what I do, right? I do have GitHub boards for some bugs and stuff that will keep track on. But a lot of it is, we're small enough, like we don't have to have all this stuff like we don't, right? It's you're working with the coup when we need this, this and this done. It's like, okay, we just go do it right, And we have a ticketing system that comes in so that the people that work may will handle ticketing system. If someone's printer doesn't work or, they got a software that application that needs installation. So we'll track all of that. But a lot of the strategic stuff is interactive in meetings. And it goes relatively fast.

Phil Howard: What's the most important? Message or topic that you would want to talk about in IT? That you would want to get out to the world that's important.

Thomas J. Sweet: Is hiring people that have a love for the craft. Right. Hiring people who love this type of thing, right? They do so much better. Like, I've never hired anyone that had a home lab that didn't work out as an employee,

Phil Howard: That's priceless. Actually, that's a priceless piece of advice.

Thomas J. Sweet: But they can tinker, right? They can figure out how something works. I mean, think about what that is. Right? So no one's helping you build this home lab offer, right? People buying a Raspberry Pi, or they're getting an old computer and they're putting a Linux on it or something, and they got to go find out how to get some app and make it work and connect the network. Right. So yeah, I love people who love to tinker can figure it out. They have the ability to learn because they demonstrated learning, right? Everyone I've interviewed, every single person I've interviewed. Oh yeah? Yeah, I'll learn anything you want. Oh, yeah. That's fine. Right. And I don't believe that. Right. But people who have a home lab, they've learned something. They've demonstrated to me that they can learn how to tinker, how to solve a problem, So.

Phil Howard: Well okay. So that's the IT thing. Like you have a home lab. Are you able to step out of your IT body and step into the CEO body. What do you think he would say.

Thomas J. Sweet: Unless I think he'd agree. But I'd have to explain the why. The why is people can troubleshoot. People can solve problems. People can learn. People can overcome challenges without documentation, without all the information and persevere. Right. And that's really what you hear about hiring people based on, characteristics and personality and ability and not hiring on skills. Right. But you're hiring on people who can do this. Now, obviously, integrity is another characteristic. You want an employee and the home lab doesn't necessarily test integrity specifically unless they were stealing the software that ran on them.

Phil Howard: Yeah. No, I guess what I'm saying is, for an IT guy hiring the right person, it's I want to hire someone that has a home lab, someone that's curious, someone that's always been curious.

Thomas J. Sweet: That's not the only thing. Right? Yeah, but I'm just saying it's.

Phil Howard: One time we, basically searched all of the transcripts and everything, and all of the guests that have ever been on the show, and curiosity was like on the list, like at the top right. Curiosity was probably like one of the top ones. My question to you is venture capitalists are looking at inserting a CEO into a company. What do you think they look for? I don't think they look for curiosity. I'm just curious. What do you think they look for as like, this hardcore business leader that we need to run?

Thomas J. Sweet: I think for the moment, who they were looking for. If you're talking private equity or venture capital, I mean private equity, you're looking for people who've done it before, who have a successful track record of delivering, a company. Right. Running a company and making a profit Profit is a really big deal for a lot of people. Obviously it's a business. That's why they started it.

Phil Howard: So that's the definition of a business right. The purpose of the business. Like have we lost? Have we so off track that we don't understand that.

Thomas J. Sweet: Some people are off track? It's the purpose of a business is to make it ultimately secure. It's like, no, you have to make money. So if you over go overboard on security and you have no money to hire business development people because all you have are security tools or you're going to go out of business, right? And if you take everyone's computer away because it's insecure, right?

Phil Howard: No one's doing any work. So that's a good balance. How do you sell the security budget?

Thomas J. Sweet: I sell it because I'm explaining the why. Like I always every week or two, I'll send out an unfortunate list of huge companies that have much better security people than us, that have much smarter people and more people, and they're still compromised. They're still hit by ransomware. I mean, every week there's a big company, a healthcare company, whoever, they get hit by ransomware. And I'm saying this is the real threat. And then I also can track phishing attacks based on job role and function. And I show. I said, look, these are the executive team. And look at, they're getting ten times the number of attacks, right? This is the reality of the world we live in. And I think they trust me to make the right decisions there.

Phil Howard: So there was a really amazing point made in the selling of the security, budget yesterday. It was, I believe it was Mr. Brian Roe. And from the outside, like the numbers and the money to spend on the security. It seems as if it's, like insurance or something, right? Like we're paying for something. There's no real link to the bottom line. But he made like a really outstanding point which was when we do have the right seem right or whatever in process. And we do have a lot of the visibility tools in place. We learn so much more about the efficiency of the company and what people are doing. So just the act of like implementing security, and just this whole act of having a really, really good security policy, there is some kind of return on investment from the standpoint of understanding how everyone works, what they're doing. And there's, a layer of visibility into the company that you may not have had before if you did not do that. Does that make any sense?

Thomas J. Sweet: Yeah, it does. Right. I mean, we have DNS filtering, right? We have a lot of things in place. So if you really wanted to dig in to see, who's going where. I mean, you could do that. But I think the other piece of this is cybersecurity is not going to help us sell, but it could prevent us from selling. So if we had a horrible plan, right, that's going to affect our sell price, right? Like right now like everything is really good.

Phil Howard: So if there was any one thing that you wanted executive management to hear about it, or the world to hear us from IT leadership that they don't normally hear. You don't have to stop it here. What would that be?

Thomas J. Sweet: It would be stop saying IT and the business? It is the business. Like you don't say finance and the business or marketing in the business. Stop looking at it as outside the business because it can help you deliver business value if you let it.

Phil Howard: Yeah, we're not the department of IT. Is there any other idea on top of that. Is there any idea inside of that that every executive would understand about modern IT?

Thomas J. Sweet: I think that the executives need to do a little bit of learning themselves on technology. I mean, they expect it to understand all about the balance sheets and all about how the business makes money and all these pieces. However, they need to understand how their phone works. They need to understand the basics of a changing technological world, because they need to be able to use AI. They need to be able to use technology to improve their departments functions.

Phil Howard: Do they need to build a lab at home? Should we have them build a lab at home?

Thomas J. Sweet: They probably wouldn't do that. I don't think they would do that.

Phil Howard: Is there a checklist? Like, what is it? ZIP. What do they need to know? Like, do they need to know.

Thomas J. Sweet: About Outlook separation anxiety. Like how to spend one day using Outlook for web as opposed to Outlook client. Right. There's a lot of Outlook separation anxiety in the world right now. Outlook is their file transfer tool, their CRM, their data warehouse.

Phil Howard: So don't use email as a database.

Thomas J. Sweet: No, I don't use it as a data warehouse. Don't use it as a file transfer tool.

Phil Howard: It's amazing. So next point, let's just go through The top five things that C levels need to know that they have to know about it. Don't use Outlook as a,

Thomas J. Sweet: File transfer tool.

Phil Howard: A file transfer tool or database. Okay. Next thing.

Thomas J. Sweet: We really don't monitor what you do because we're really not that interested in you.

Phil Howard: Okay. Yeah.

Thomas J. Sweet: To try to look and like, it's just not that interested. I got enough other crap to do right. Honestly. So that's two. Okay. Number three is, if we want to wipe your computer to fix it, it's probably going to be a lot faster than if we try to spend three days fixing whatever is wrong. So that's another thing.

Phil Howard: Can we add some vocabulary into this for them? What would you call that? Desktop design? I don't know, there's supposed to be some like, we have this urban dictionary of IT terms, that we would love to add to every now and then. We got to really bring that up. We could easily publish this book, Herding Cats, Turning the Titanic. We've got all kinds.

Thomas J. Sweet: We call it a Fresh Start. So Microsoft Autopilot is called Fresh Start. So we want to do a Fresh Start. Just like send a signal, wipe it. All the stuff comes back from OneDrive.

Phil Howard: Can I get a Fresh Start? Yeah this is what they need. So terms that C levels need to know: Fresh Start. Can I get a Fresh Start today I'm done.

Thomas J. Sweet: Yeah. And then the next thing is Chrome and Edge are not that different. I mean, they both come from chromium, but there's a lot of people who are really stuck on Chrome and Chrome and Edge both come from the chromium open source project. Right. And not that different.

Phil Howard: Okay. Number five.

Thomas J. Sweet: Number five is, I'm sorry. You have to sign in again today to Acrobat, but we're using single sign on, and that's just the way it is.

Phil Howard: So you get a lot of complaints about that.

Thomas J. Sweet: Yeah, because we sign in with our M365 account to the computer. Right. The computer is tied to Entra ID, so we sign in with M365 account, and you open a browser and it automatically knows who you are and all that stuff. But Acrobat is a windows client app, so it has to do with single sign on and the token expires and you got to kind of put your finger on the fingerprint button or it's a rogue.

Phil Howard: It's a rogue secondary.

Thomas J. Sweet: Yeah it's using M365, but it's three seconds and so most. So number five really should be most cyber attacks probably are from people who don't want to be inconvenienced for three seconds, whether it be scrolling on the phone because it says this is an external email. I mean, that's been a complaint. It's like, oh, right. When I email comes in, I have to scroll because we got this message that says it's an external email. It's like you get a scroll. Okay. Two seconds.

Phil Howard: Are they acting on that message that says this is an external email though? Are they is it making them?

Thomas J. Sweet: I would hope so. But does it make you think? No, our email system has nine or ten different ones. You know, this is an invoice. This is a first time sender. This is asking for banking information. So it gives it's dynamic. So it changes and it has different colors depending upon the perceived threat level and what's being asked.

Phil Howard: Super cool. So do you guys use a cyber awareness training program.

Thomas J. Sweet: We have that and we do the phishing sims.

Phil Howard: That's good. Super cool. we have to end with one, One more thing okay. So if again, the moral of this episode, I think the one that I'm most excited about is if someone has a home lab, that's a good sign. I don't know, you want to say there's got to be a quote around that. I've never hired someone with a home lab that hasn't worked out.

Thomas J. Sweet: Yeah, I think that's true. No, I mean, that's what I've said. And it's proven true. Now, obviously there's probably a hundred or five hundred of your, listeners who could demonstrate that doesn't always the case.

Phil Howard: But it's plenty of home labs. But they ended up arrested next week. You didn't say that.

Thomas J. Sweet: Oh yeah. Well, but it's a love for the craft, right. And so what happens is people who love this have that curiosity. They're willing to to learn something new. They're willing to try something because I've worked with people who like I do firewalls, but I won't do load balancing and I won't do network. That's not my job. My job is firewall.

Phil Howard: What I don't understand, what do you mean? I do firewalls, but I don't do load balancing, and. Yeah. What do you have to say to them? Like that's kind of dangerous to have that mentality, especially in a world where technology is changing so fast.

Thomas J. Sweet: It can be dangerous. You have to adapt to a changing world. And right now the changing world is AI and the changing world is role consolidation. So if you want to be a CEO of you, if you want to be heard, if you want to be able to deliver, for your family or for however you whatever you work for money, you have to adapt to this, changing world. And that's either, building your own LLM and your home lab, or using AI at work or showing people at work how AI can help reduce the costs by increasing how much work you do.

Phil Howard: That it's a great point. And if there was one massive challenge that you see coming up in the future, if there was one big challenge that you could fix in it tomorrow, what would that be?

Thomas J. Sweet: It is people have to adapt. And, I manage the QA team for a long time. And, part of why I thought I was brought in was to transform them and to move into a, more of a multi-dimensional role where people were developing software, they're testing it, they're deploying it, and a lot of people just didn't want they thought that the job they signed up for, at this point, fifteen years ago, would be the job they would have for the rest of their life. And that's not what happened there, and that's not what's going to continue to happen. The people who were developers today, they're going to have to change. They're going to adapt. The people who do firewalls today are going to have to adapt.

Phil Howard: That's good. Yeah. Mr. Tom Sweet, you've been heard. It's been a pleasure having you on the show.

Thomas J. Sweet: All right. Thank you.

Phil Howard: Sir. Have a good day.