429- Shadow AI Becomes Load Bearing w/Daniel Jensen

429-Daniel Jensen

Host: Phil Howard

Guest: Daniel Jensen

Phil Howard: Ladies and gentlemen, we are talking with Daniel Jensen. You tell

me, current position where you're working, and then let's go back in time.

Daniel Jensen: Thank you. Phil. So presently I t director at Ontario

Environmental, a conglomerate of many different environmental service

organizations through my tenure, I believe since twenty eighteen. but Ontario

went through a rebranding actually of April this year, on the twenty second from

formerly known as Montrose and trying to apply kind of the brand, the pale blue

dot, for our service offering. But you touched on something that made me smile a

second ago of where did I start? it started on my father's lap, just kind of

mashing keys on a keyboard with just a curious intrigue of just. The CRTs were

all green back in the day, and then just, it didn't make any bit of sense for

me. but then playing on my father's Tandy three thousand, I think it was and

just, tinkering, didn't know what I was doing. Had no idea, but, had the

appetite to ask questions. And, he had the willingness to offer answers may not

have always been the right answers, especially later in life. once I kind of

knew what I was doing, but he still allowed me to play and allowed me to then be

curious. And from that curiosity, further into life. It was around two thousand

and five. It was a little summer intern gig. that curiosity, sparked an

opportunity for me to actually enter it. And it came from just asking questions

of an IT manager like, hey, can I borrow this hardware that I didn't have

available for me to play with at home, but I saw it was just sitting on a shelf

and I was basically just the copy guy. here's some papers. go copy some items

and go and prove it. But I want to ask the IT guy of like, hey, I'd rather do it

this way. and this could also help me for my home project. and he was like, you

know what I'd is, you know what theta is, you know what all these little odds

and ends are. And very quickly he was like, I want to borrow this guy as an

intern for it, as opposed to just being a copy guy. And then in very short

order. Then it just kind of became a career. I was pursuing computer science for

a bit, but that didn't whet the palate for what I wanted to do. I always enjoyed

the problem solving and not to no disrespect to developers respect them. one

hundred percent.

Phil Howard: But when you disrespect them as much as you want. I love doing it

because, a lot of my friends are dev guys and they're like, just like real chill

dev guys. And like, it's kind of split down the middle right now, at least, like

the ones that think AI is going to take over and ones that are like, no way.

Daniel Jensen: And you flip a coin, man, flip a coin. some of them, I have a lot

of respect for some of the challenges they have to endure when I hear some of

their war stories. but then other parts you couldn't pay me enough to do that

role and they have their own problem solving, but it's not the problem solving

that really then kind of captured my attention. so from garnering that entry

level role where basically I just became the help desk and then that IT manager

just focused on infrastructure and in very short order, kind of worked my way up

the food chain. And then ultimately, for better or for worse, ended up taking

his role for different reasons that can unpack in different times. But, from

there just culminated to the landscape of it leadership and have been kind of

crawling my way up the corporate ladder. But what's been fascinating is a lot of

it's then been through M&A. So watching how all these different organizations

have congealed into to present day on terrorist and then also formally through

my experience at AGC and then the integration thereof.

Phil Howard: it never ceases to amaze me. And I wish I could give credit to

everyone where credit's due. I try to remember everyone that said and I'll have

to look this back up. it wasn't too long ago. And one of the guys that we had on

the show was saying, when I'm interviewing people, if any of them have had a

home lab in their house, like I already know that they're going to be like a

great fit for the job. And if we had to pick a value, if we had to pick like a

top three value for IT leaders in general and like for the show in general, like

number one, top of the list would be curiosity. And without a doubt, it's just

so easy. I can literally go down the list. Curiosity is one. Does someone have a

home lab? And it's just absolutely amazes me how many people are in their roles

because and have a story that's just so similar to yours. I was working in the

cafeteria and then I ended up in it and I was working over here, and then I was

like, aw, the printer guy, or I was fixing this, or I was doing that, or I

helped so-and-so fix some things. And like the IT guy at the time, which was

back in the day when we were hiding in the server rooms or whatever. It was

like, wow, you can do that. Like you want to come on the team. Like, sure. That

sounds like fun. give me a moment in your career where, if you hadn't been

there, like the whole place would have come crashing down and, the business

would have sunk.

Daniel Jensen: There's many of those moments, but, the first one that came to

mind, and this is all kind of public knowledge. It's googleable. But yeah, there

was, the classic horror story of a ransomware event and, twenty twenty two and,

unfortunately, it was as doomsday as most of them tend to be. it was brutal. And

there's no sugar coating how challenging that truly was not only from a

professional perspective, but even at the end of the day, we go to work, we put

on our professional hats and deliver the best we can to then support the

organization and garner a paycheck. But then on a personal level, the sacrifice

of the time, the sacrifice of just the sleep, the sacrifice of so many items

that go into it. and the reason why there's a bit of a cape there, maintaining

the morale across the team as you are working absurd hours, you're sleeping

under desks, you are doing everything you absolutely can to then recover this in

a timely fashion. You're working with third parties. you're shipping out,

overnighted hard drives, because of different items that were taken down. and

just all the logistics at play played into that was Herculean. And I know I'm

patting myself on the back, but looking back with retrospect now, it's something

that I'm really kind of proud of not just how I led the team, but also then how

the team chose to show up. No one quit, everyone pushed through, everyone

carried their weight and everyone was saying, hey, what can I do next? What's

next on the cut list? Okay, it was a lot of those moments, you hear the horror

stories of how then you find out you get the screens that you've been ransomed

and people are like, nope, I'm out. I'm not dealing with this. And just the way

the team showed up was incredible. And the reason why it stands out for me

individually was this employee is no longer with us, but the IT leader, the head

of the whole department disappeared. And basically then I was like in command

and said, Dan, go solve this. So I was left talking with the CEO. I was left

talking with general counsel, the board, the cyber insurers, everyone, and.

Phil Howard: The IT guy disappeared because like, it was like his fault or he

was assuming it was his fault and they were going to be like, oh, you're fired.

So he was like, screw it, I'm gone.

Daniel Jensen: a little bit of column A, a little bit of column B, the vector to

which items were then compromised was well known, well documented and a lot of

squeaky wheels are saying, hey, let's close this gap to then minimize risk. And

it didn't take a rocket scientist to figure out how it landed. And they were

more focused on minimizing, their opex and than trying to solve the challenges

and avoid these sort of outcomes. So while some of this is that the tinfoil hat

may be extra thick at the moment, and even then I would say that the former

leader just did not really appreciate the details and didn't want to fight the

hard fight to then help understand how to avoid it. And as such, they chose not

to show up and, be there for that.

Phil Howard: I think it's ransomware live dot com. I well, here's the thing.

It's like, were you chatting back and forth with the guys that were like, yeah,

we got in through here. And like, were you guys communicating with whoever, like

was trying to grab ransom from you.

Daniel Jensen: we are not promised to immediately got involved with legal and

immediately got involved with the cyber insurers. and then they were brokering

the cyber insurer, folks, were brokering with the actors.

Phil Howard: Okay. Okay. Did you guys end up paying anything? I'm just curious.

Daniel Jensen: we actually did not pay out. and I have very strong personal

opinions that one does not pay out. And I was really proud to see that we did

it. Not to suggest that it wasn't considered at certain moments in time, but we

were able to avoid a payout and was, pretty proud of the team of that.

Phil Howard: Awesome. Some stats this year since we're talking about it. three

thousand eight hundred and ninety eight victims so far this year. That is up

thirteen point one percent since twenty twenty five. That's thirteen percent.

That's ridiculous. Any company wishes they could grow at that rate, thirteen

percent.

Daniel Jensen: Yeah.

Phil Howard: victims this month. Take a guess. How many victims this month?

Daniel Jensen: Dude, you quoted, it was how many thousands previously for the

year. it's going to be measured in thousands. Three thousand eight hundred and

ninety eight three thousand eight hundred. I'll say eight hundred.

Phil Howard: Six hundred and ninety eight this month but it's down twenty

percent this month. Don't ask me why. Why are we down twenty percent in April?

Something must I don't know, maybe there's something like, I don't know, the

weather was hot or they took more vacation.

Daniel Jensen: Mythos is actually doing something and actually, minimizing risk

in a way to, avoid, attack surface.

Phil Howard: Maybe this ransomware live dot com. thanks to Steve Goudreau who

put me on to this like, yeah, I'm like, this is just like a crazy site. It's so

interesting to see how people like go back and forth with these guys because

they're like, hey, thank you. we really appreciate you telling us how you got in

and hacked us. And they're like, no problem. They're like, here's, we'll tell

you everything you need to fix. And we promise we won't do it to you again. And

but you gotta watch out for these guys. it's like you get pulled over by the

cops and they're like, hey, by the way, there's another speed trap. about two

miles down the road, so slow down.

Daniel Jensen: Hope that if they were to send your files back, that they would

send it back with a bandwidth not limited or the hope that, hey, here's the

encryption key, but it decrypts slower than molasses. the stories I've heard,

it's never worth to pay it out and it only incentivizes them to keep doing that

same behavior over and over and over again. So avoiding payout, I don't know, I

feel principled to say that one one should not pay out.

Phil Howard: Yeah. I mean, it's like in healthcare is number one, my sister's

hospital was taken down for like over a week. They refused to pay. So complete

side note, I was not surprised to see in the news. Like eventually most of these

CISOs are just going to go to the dark side because they're getting screwed so

often. And like, it's just the job. I don't know, there's no way I think it's a

CISO role. It's like, how do you really measure their success? We didn't get

hacked. you were really good at, keeping us informed. it's one of those roles.

It's just such a difficult, role to really feel this like sense of

accomplishment in, I think. Right. So I wasn't surprised to see the news like a

month ago where it was like, two guys went to jail for four years for like

insider, ransomware attacks inside their company. Did you see that? I can't

remember what it was. It was like one of those things you just see like, oh

yeah, I'm not surprised.

Daniel Jensen: it's one of those.

Phil Howard: I applaud this at all whatsoever. But I'm not surprised.

Daniel Jensen: it's one of those like what you're opining upon for that role.

Sometimes it's damned if you do, damned if you don't. And, even when you have

those wins, it does not always feel like a win. And it may not even then be

perceived as a win, because then you could be framed as a blocker, or you're

slowing down the business or you're getting the way of the engineering team, or

you're getting the way of the networking team. And then you have to buy more,

fancier firewalls. and now your CapEx goes up and the understanding kind of the

return on investment, often that's not understood until you have to bleed a

little bit. And then that's when the CISOs tend to be appreciated because then

there's that context. And unfortunately, a lot of people don't learn from the

bumps and bruises of other folks. They easily, like you do that ransomware

website that you're sharing, you can easily have a justification why you need to

invest into security by just consuming that data. However, often until you have

those bumps and bruises, you bleed a little bit. That is when the CISO. That is

when the the security team. Because it's not just the leadership, it's the

event. the worker bees that are sitting there behind the scene parsing through

all that. that's monotonous stuff at times. and once you've experienced what

it's like to be compromised at a large scale because it's not a matter of, if

it's a matter of when. And I'm sure that that's probably another item that's,

colloquially shared around all the time here. but it's true. And once you

experience it, then the business starts to understand it's not to antagonize the

business, but they kind of need to have some of that lesson learned or really be

able to see, oh, that's going to hurt us in a big way, and not just from a

financial perspective, but then reputation perspective to clients, especially

when you want to bid to clients that have certain, we'll say, ISO or other

expectations of said enterprise. And now you have that black eye that's

googleable that is discoverable and easy to then say, oh well, I see this

happened at this date. Where's your posture now? What have you done to then

minimize that risk for potentially that client data that you potentially could

be housing? So yeah, CISOs, they have a tough job, to put it mildly.

Phil Howard: I've looked up the average CISO salary in compensation. It's

actually higher than I thought. the average pay range for CISO is three hundred

and twenty one thousand to three hundred and eighty five. But at enterprise

companies, it's closer to five hundred thousand, with some actually getting a

million dollars or more.

Daniel Jensen: I wonder how much of that it comes from then the personal

liability for some of these folks for certain contracts, there's, it's not just

the liability of the organization. Sometimes you have to say, as a Joe Bob CISO,

I attest that this organization is A, B, C the different items through some

degree of self attestation. I wonder if some of that compensation package then

comes from being able to compensate for managing a retainer for a lawyer in case

something goes south. But I'm just positing I'm pulling things out of the air.

But that's a pretty your paycheck than I expected from an average to.

Phil Howard: I mean, it's.

Phil Howard: Adding in other equity values, probably stock options and other

things. They're probably it's probably like total packages is what they're

thinking there. Okay. So what happened after you guys solved everything end of

the day story? Were they like, Dan, good job. what's next? Like, what was the

end. Was it like, hey, you saved the company and, that's why we got here.

Daniel Jensen: there was a.

Daniel Jensen: Little bit of that and it was fly out, come together and hey,

wow, you guys, pulled a rabbit out of the dark side of the moon. good work. But

what was, standing out to me as a kind of don't let a crisis go unutilized and

leverage that to then help the business avoid this risk in the future. And,

that's where probably the greatest challenge then came into play is that we had

those bumps and bruises. And even though we had those bumps and bruises, then

itemizing it out, saying, okay, let's look at this stack, let's look at how

we've implemented this and let's look at these controls that we put in into

place previously. But then we Swiss cheesed it to then support all these other,

items. let's figure out where the gray is because often you can turn on a

control, but then that control impacts how the business delivers. So you have to

find that middle ground, that gray area of the security control to then that of

empowering the business and allowing them to do what they need to do. And that's

where then the rubber really started kind of hitting the road to develop that

inertia of not just, okay, let's check the boxes and then Swiss cheese it after

we've checked the boxes, but let's look at how we can actually deliver it in a

way that continues to support the business. And it open conversations for that

to transpire. But the greatest challenge is keeping those conversations going.

Because once some of the Band-Aids did their healing of, the metaphorical bumps

and bruises that the bleeding, then some of those scars just became scars. And

sometimes that it falls back into distant memories or new leadership comes in or

different items change. That makes it harder to remember. But yeah, they were

pleased as punch, that we were able to recover what we did and understood how

painful it was. But helping to understand that it's not just, hey, we overcame

this in this particular moment, but it's a whole life cycle that we need to stay

on top of. Otherwise, it's only a matter of when as opposed to if, even though

we were able to recover it.

Phil Howard: Yeah. It's almost like we need like a, some sort of, memorial of

like, remember when, yeah, it's easy to be heard. in the midst of that, it's

easy. after the company almost was completely sunk and lost, whatever amount of

dollars, it's easy after, in the midst of that and you come out of the rubble as

the hero, for everyone to listen to you and you have a press conference,

everyone's going to listen to you. And then twenty years later, I mean, it's

like, Oh yeah, who are you again? I remember buzz, but I know there were some

other guys, and there were some other guys that were probably engineers and

involved in things that were important, but they're long forgotten. so now the

deeper question is when everything is running smoothly, when you have done your

job, I know it's kind of like a metaphorical dream, but it with their feet up on

the desk, just watching systems work and, printing money and helping the company

print money. But when everything is running smoothly, and it does become that

cost center on the spreadsheet, how are you making sure that your work is seen

or, and how are you making sure that you get heard at the executive round table,

so to speak, or amidst new investors or new team comes in, or there is an M&A or

something like that.

Daniel Jensen: The details, the nuance. Often a lot of folks don't like to enter

the weeds. a lot of times people like the Twitter post. I often receive feedback

for the lack of brevity, that I possess. And brevity is a skill and it's a

valuable skill. So I'm not diminishing the value of brevity or being succinct,

but rather that I understand the potency of, hey, this ad server out there, that

it's load bearing, and then you have this other one that's let's figure out how

we migrate in that pathway. But often sometimes these load bearing, details get

brushed under the rug and forgotten about or they're skeletons in the closet

that we don't want to talk about. And so how do I get seen and how do I have my

voice heard? Is appreciating those details, communicating those details and

having them understood at all levels that are willing to listen, that, hey, we

need to address them because they may not be a challenge today, but they

absolutely will be a challenge for tomorrow. And then the nuance of that is

given sometimes I can be a squeaky wheel. It's making sure that eventually that

squeaky wheel, you give it the grease a couple times, but then you kind of you

start to ignore it like, hey, I've given the grease, but now I'm going to wait

until the wheel bearings fail until I get rid of grease. And that's probably the

biggest challenge that I face is finding that balance of understanding those

details, communicating those details, but then not being too squeaky of a wheel

then that's, the la la la. I didn't hear anything.

Phil Howard: Can you give me an example of such brevity and how it needs to be.

I don't know. Short, powerful, but also to the point because I'm assuming

there's, a lot of people talking about this and we've got this plan and this is

on the vision twenty thirty. and we're trying to move towards this or we're now

in the midst of this crazy merger and acquisition and it's all a mess and blah,

blah, blah, blah, blah. And you need to say x, y, z. How do you get people's

attention? Can you give me an example of one of those details and translating it

into, a talk that, the guy that needs to get off to his golf game on Wednesday

afternoon is going to like, respect and understand.

Daniel Jensen: So let me circle back to the one project I was touching on, in

the beginning of our conversation, consolidating thirteen different Microsoft

tenants into, our primary parent tenant. And it's just that the hand wave of, oh

yeah. Dan, it's thirteen tenants into one. They may look at the revenue of each

of the individual tenants. That of course, represents a business or the

headcount or what have you, the geo diversity, the, hey, some of these are in

certain parts of the world and maybe appreciate some of those details. But then

as you and I can appreciate the complexity of how the end users use it, I don't

care if it's SharePoint the way that you use SharePoint. Phil is going to be

probably different than how I use SharePoint and being able to bring that

together, and then how to then deliver that in a way that then does not disrupt

the business when we migrate it in there. Yes, it's all one tool, but

understanding and appreciating the details of the user experience is really,

really key because otherwise the users are going to reject, entering that

corporate space and we're going to lose some user adoption. So to that point,

going back to sorry for the paragraph talking around brevity, what they want to

hear is okay. Yeah. Dan, you'll execute on thirteen tenants into the fourteenth

tenant by X date. I don't care about the details. Just make it happen. It's

like, okay, but you have to understand that there's a lot more that goes into

it. It's not just a lift and shift of data. It's also then making sure that you

bring it over without disrupting the operations of the business, with

appreciating what made each of these thirteen disparate businesses special and

how you then deliver that to then not lose that secret sauce of these thirteen

individual identities into this fourteenth one. And that's where it gets

challenging.

Phil Howard: Where do you see the problem being. In words, what's the ask? Is

there something that they might say no to there. Is there something that they

might object to? Or are you basically just kind of c y o a? Like, I'm just

letting you guys be prepared for what's about to happen or what are we doing

there?

Daniel Jensen: it's more of kind of the definition of requirements before

understanding what needs to be done. So hypothetically speaking, let's say get

it done by X date and then say, well, we can't get it done by X date. If you

want this level of, quality control, if you want this level of engagement to

minimize disruption and kind of putting, the requirements before really doing

the discovery and the design of how you're going to execute. It's often throw

the dart at the dart board. Okay, that's the date. and then going to the

previous conversation, understanding, that date may have some business value,

but the better I can understand what is driving that date, then we can solution

potentially around it. But having that just on the dart board and not

understanding the nuance of why that has to be that way, then we're solutioning

against something that may not have the right budget, may not have the right,

discovery, may not have the right design and how we can execute against that.

Phil Howard: I think this might be why the average IT project cost overrun is

twenty seven percent. Last year at some point we were talking ERP and I think

someone was just like, look, it's not even about cost. It's not about this. It's

like, how about just delivering on time? Like, forget about everything else.

Like I don't know if people really sit back and think about that, just like an

ERP project being delivered on time, It sounds like we're speaking about

mediocrity here. We're going to deliver on time. You know what I mean?

Daniel Jensen: It's table stakes.

Phil Howard: It's like what? Like, do you have any idea how big of a deal that

is?

Daniel Jensen: It's Herculean. but the problem is it's often delivered on time

that delivered on time is understood before one actually understands what it

takes to deliver on time. It's just often a dart on the dart board before those

details are actually understood. what are the requirements? And unfortunately,

sometimes requirements are then delivered just in time. But post the date being

determined.

Phil Howard: So we need to be able to speak in details in a way that people

really kind of understand it. But this comes up a lot, I think there's this idea

that it can just deliver on all these projects and things almost at the drop of

a hat, like we can get it done within a month or something. but then you end up

with twenty five projects and those would all be completed by twenty thirty

five. And by that time, a third of those projects would be worthless anyways.

Yeah. This is the question. If you had unlimited budget, what devices would each

end user receive? It might be different for each one. You might have it, grouped

up into different things might not even be a device. But if you had unlimited

budget, what devices would each end user get and how would your desktop

experience and design be?

Daniel Jensen: so there's several things that come to mind. and I'm assuming no

golden handcuffs on how I leverage that budget. So unlimited budget, but then

also the creativity to which I apply said budget is not constrained to just

technical solutions as well.

Phil Howard: It's like, call in whoever you want to call in for advisors and

MSPs and special people hire as many people as you need. Is it are we doing this

up in Azure? Are we doing this in AWS? Google cloud? Are we going all MacBooks?

What are we doing? I'm just curious. I just like in a dream environment, like, I

mean, literally you have as much money as you want. What would you do? And I'm

wondering if there's companies out there that have that scenario. I think there

are.

Daniel Jensen: I think a lot of it comes down to the end user, needs. so

hypothetically, I could throw out my first inclination is to say VDI. but then

you would have end user requirements that would then simply say, oh, well, Dan,

my field workers, they're out there, collecting data, they're not going to have

internet access. So I'm like, okay, well, boom, satellite, unlimited budget.

let's just make it a SpaceX's problem. And there's a million ways to solve

against it. But then understanding that end user need, I think needs to come

first before then dictating that. But with an unlimited budget, I would posit,

and I would argue that with the infrastructure that we have in place across our

little pale blue dot earth, that one fundamentally could just make everything

VDI and then just make it all cloud. Now, cloud used to, in my opinion, be a

very dirty word, like, oh, it's someone else's computer, someone else's problem.

But under the constraint and the arbitrary, the unlimited budget often what

limits cloud is, it's more costly, to go cloud. for the operating expenditure of

it. And then often a lot of finance departments will have their CapEx over their

OpEx different items to unpack there. But I would say to Phil to just, just drop

it into to a whole VDI farm, now kind of pick your poison, whether it's AWS

Azure or what have you.

Phil Howard: Because this desktop design is something that's just becoming more

of this kind of like almost like an artistic thing. It's almost like this thing

now with so many startups and just medical companies or even, remote healthcare

stuff, there's just so much and I see daily, like so much work goes into just

staging laptops and computers and sending them out to users. And, it's just like

if you had, unlimited budget with just everyone get this and, end user group a

would have this, they would just log in and poof, like all their applications

would be there and it would be this way. And then the engineers would get this

and they would have, you know what I mean?

Daniel Jensen: It's all remotely manageable. and you can then nuke it from orbit

if need be. And let's say an end user wants a Mac OS, VDI versus that of

windows, or let's say they need Linux. Let's say what have you. Okay, screw it.

It's just a different image. It's just a different VM. it's kind of infinite at

that. It just really then comes down to then the hardware constraints, but then

to minimize that, make it B, y, o, d, but through VDI, you can secure that in a

way that then minimizes risk through a myriad of other tools. I would say one of

the biggest items that will come to mind, for cost is helping the end users

navigate through that. The cost to get that adoption, the cost to understand

their needs and then be able to solution those needs. I would say the solution

of VDI can solve it, but then doing the legwork to really appreciate that,

that's going to be very costly to solution. Let's say, a five ten employee

company. Trivial. But then as that grows and as that scales that solutioning to

understand the end users, Our customers is going to be, very key, but also very

costly.

Phil Howard: Yeah. And then there's, Azure, AWS cost containment. I was speaking

with a colleague the other day. He's an ex, whatever marine, naval nuclear sub

guy. And he's like, yeah, we're, I'm just doing desktop design for clients now

their whole company is just desktop design, their CSP, they're a Microsoft

provider, but they specialize in just desktop design and helping people roll

that out. And, it's like, oh, it's like this artistry in it.

Daniel Jensen: UX is big, and really appreciating it because sometimes that

desktop design also plays into how efficient our staff are. And if we create

artificial friction through just a bad design, bad UX, bad UI, bad delivery on

what we can give them the right tools, but if they don't know how to use the

tools, it doesn't really matter.

Phil Howard: So maybe that's the quasi hybrid future already. It's hard to have

a show and not talk about this, but everyone in it right now is living this

weird kind of, I guess split screen moment. And you've got all this stuff that

kind of gets us like fired up, right? And at the same time, there's this AI

stuff keeping us up at night could be AI. Obviously, it's been security. It's

kept you up before, kept you up for many nights in a row And what do you see

happening? Like what would your prediction be eighteen months from now? Does it

have to be AI? It doesn't have to be security. But what do you see? Like really

changing the landscape of it and where knowledge workers are going to be and

where we're going to be working eighteen months from now.

Daniel Jensen: Unfortunately, you hit the nail on the head. It's not just

because you said it, but AI, I do feel is going to be a big piece of that puzzle

and something that I've been kind of thinking on. and I'd say it's a more recent

thought, we know the term shadow it and I would say shadow AI because now we

have a lot more of these citizen developers. We have a lot more of this vibe

coding. we have a lot more of all these items that are coming up and they're

valuable. They're great ideas that are being empowered by a varied, empowering

tool. However, these all then become load bearing. These all become really baked

into what we have to be mindful of and, how we look at some of these different

roles, how we then look at, what we deliver not only as, let's say an I.T.

department, but even that of a business. So thus shadow AI, it's going to kind

of have a lot more items behind the scenes that become more load bearing than I

think we can even maybe immediately appreciate. and it's going to be something

for us to not only have to unpack as a business, but also unpack as IT

departments when these items become load bearing for our infrastructure, when

they become load bearing for how we as then a business deliver services to our

clients. And then how's it going to support it? and trying to unpack some vibe

coded item from Clyde. is going to be the challenging, it's not going to be

impossible. It's going to be something that can be discoverable, but it's going

to be no different than or very similar. I shouldn't say no different, but very

similar to that of, let's say shadow it. And I think that's what we're going to

start to see surface more and more in about eighteen months.

Phil Howard: Okay. So there's going to be a lot of kind of excess AI fat that we

need to lose.

Daniel Jensen: I would say. Yeah.

Phil Howard: I've already experienced it. I've already had this, because we're

small enough and we're nimble enough. And the first guy I hired was an

integrator for production. It was my IT guy, but he just happens to be really

freaking good with AI. And we were playing with it like five years ago. And back

then it was like, everyone's just like, oh, look, you can make a picture with,

whatever it was back then, it was like, oh, look it can kind of write articles,

And now I can see it a million miles away, which is annoying. So what I realized

is that when you said, load bearing. That's very scary actually, because there's

going to be people that prop up a good section of their business on something

that they coded like that.

Daniel Jensen: I mean, we already hear the horror stories of where, we have that

key man risk, that one developer that knows all the little nuances, all the

little details, and it's all sitting in that brain that hasn't been documented

out. Why is that going to be any different than shadow AI. Why is that going to

be any bit different than what's going to come to the surface? It's only going

to empower that, and it's only going to scale that in a worse factor.

Phil Howard: I'm like, look, your job is to replace yourself. And anything that

we have built there has to be crazy documentation, like a company wiki. It's got

to be brainlessly simple. It's got to be this, this and this. We can't go down

these rabbit holes of like. So that's kind of like the scary part for me. it's

like, look at all that we can do, but then look at how fragile we are. And then

Claude can just decide one day that we're going to not allow open claw. And

tokens are going to be charged this way and it's going to be completely

different. And then all of a sudden everything blows up. Oh, yeah.

Daniel Jensen: There's all kinds of items that because we're dependent on the

vendor, the vendor picks the rules and engagement, the anthropic or the open AI,

or insert your vendor of choice. They say what you can and cannot do. And then

if you become then hyper dependent on what the tool can do today, and then there

could be geopolitical, there could be a whole myriad of different reasons that

would influence of what you can and cannot do. It could even be, let's say

Europe says, hey, you can no longer do these certain items. Well, now you still

need Clyde to do that for you, but the vendor won't let you because then the

risk of the liability of, I'm using GDPR as a hypothetical for this, but could

theoretically prevent you from doing certain items that you need to. But as

denoted previously, with it being load bearing, that's going to bite you and

you're going to have to then, okay, can I take what I've built here, bring it

into a different tool. Well, now it's something that's governed from a liability

perspective and you can't use that. So now you have to hire in a whole bunch of

developers that have to unpack what was then fundamentally vibe coded. And

they're going to hate every bit of that.

Phil Howard: Oh, they're gonna yeah, they're just gonna be like, I've already

had it. I had to erase everything.

Daniel Jensen: And start from scratch.

Phil Howard: Yeah, it's kind of scary. We can't play around. Problem is it guys

are so curious. So we're just going to like play around with a lot of this stuff

and that can go way too far. So I do see that we're going to see more of that.

So I think if we're going to use AI as a tool, not a hammer, not the tool is not

the hammer, right? But it is just a tool that we must use without letting it

damage the vision of the company. I know we've been talking for a while here.

last question. If you could go back in time and tell yourself one thing on day

one of your it career, knowing what you know now, what would that be?

Daniel Jensen: So there's a couple.

Daniel Jensen: Items that come to mind, but I'll say the most critical. And it's

something that my team hears me say all the time. So it's kind of, makes me

smile as this is the first thing that really comes to mind. It's not what you

say, it's how you say it. And often you can be technically correct. You can say

what is technically true and give all the details. But the way you say it, how

you say it does not resonate with the audience. It doesn't matter if you're

right, but who cares if you're right, if you cannot influence that audience and

then be able to have; I love, the fact I'm looking at your logo right here.

You've Been Heard: having yourself actually be heard and understood, through

that and how you say it is, so key. I had so many times I have interfaced, with

other folks that what they're saying is one hundred percent true, but they are

not able to influence the audience to then drive that meaningful change. And

when I look back to younger me, I was right a million times. But the way that I

was communicating, the way I was articulating myself, the way that I was trying

to, drive meaningful change and how I was saying it, I was not being heard. So I

would say that kind of top of mind, it's not what you say, it's how you say it.

And really understanding that because it's one of those fortune cookie items

that you can just read. But until you really kind of appreciate the potency of

that, that's how you drive meaningful change. And I think at the end of the day,

we just want to do a good job. We want to drive meaningful change. And when we

are sitting back and watching the same struggles happen time and time again, and

it's circular and you're kind of wondering, why am I in this hamster wheel and

not able to drive that meaningful change? It's often how it's being said, not

what is being said.

Phil Howard: Very powerful. because if more people could learn that sooner, and

let the egos get out of the way a lot of times, because I do think that a lot of

times it's ego that could get in the way of that. and I just know from my own

personal experience, my own failures, probably be able to go a lot further

faster together.

Daniel Jensen: Even sometimes antagonizing the business. Why don't they

understand these items? What's not not their role. they're specific to what

they're delivering. And looking from a team dynamic and looking at so that you

kind of put the metaphorical shoes on of the other party and understand what is

important to them. Understand what resonates their way. That's why I was saying

earlier, the user experience is really, really key. You can deliver the best VDI

experience that you feel is best, but until you actually understand what is

necessary for that employee, that customer, that end user, it kind of doesn't

matter because you could give them a Ferrari, but at the end of the day, they

just want that Toyota Camry that has am FM. But then the other guy, he wants the

Ferrari and understanding that and then being able to communicate that, so key.

Phil Howard: You said something earlier that was really, kind of tells me that

you understand the point of view of executive management. And you said key man

risk. And most people won't say key man risk if they don't understand business

and they don't understand business terminology, right? But from a C levels

perspective or from a CEO's perspective, he sees it, he sees marketing, he sees

sales, he sees everything that goes down to the bottom line. And he's seeing,

customer acquisition cost and all these different things from that standpoint

where the CFO does as well. And they look at it as well, what level of key man

risk is there inside of it? And what is it if they're a good. That's what the

question was. I was going to ask you earlier is what good business leaders have

you seen versus bad ones? But if they're a good business leader, then they're

not going to let it be the blocker department or anything like that. It again,

not a hammer. It's a means to get to the business goal. And if you've got good

IT leaders in place, then they understand that as well. And they understand

terms like key man risk, which is great.

Daniel Jensen: I would say it's also looking at it as a means to enable the

business, not just from the lens of so often denote it as a cost center? I like

to say kind of keep the lights on to make sure. Three sixty five paid, make sure

that we have our end users have their access, but no, look at it from a way of

how can we use the tooling that it delivers to then enable the business. And

changing that framing, that's where the real digital transformation actually

happens.

Phil Howard: And the positives of AI as well, right? Absolutely. Negatives. But

in reality, that's where it can really take something like AI and implement it

from a standpoint of, marketing, growth, advertising, all kinds of numerous

things that they could enable other departments to do their jobs better, faster.

Because I'm still seeing a bunch of garbage come out of marketing departments,

and I see marketing departments using AI wrong. And it's just the same as

everything else. The new unlock. I can see it a million miles away. But this is

where it could really help other departments. yeah. It's enabler. business force

multiplier.

Daniel Jensen: And it's understanding that tooling, and we as it are the

translators, we are the ones that help the marketing team, not just use, the

tongue in cheek, language that you would find on LinkedIn, but actually then

understand, okay, marketing, what are you trying to sell here? okay, then let's

leverage this, maybe look at a way to to use it that actually garners real

utility, real value. But for us to be able to deliver that, us being it, we

first have to understand and then being able to have that conversation, as

opposed to just like, oh, well, here you go marketing, here's your copilot

license, here's what you need. It's taking the time to have those conversations.

Phil Howard: To your budget, by the way, you're going to.

Daniel Jensen: Yeah, yeah, that's not going to the marketing budget. that's all

in it cost. Absolutely.

Phil Howard: Yes. There you go. Daniel Jensen, You've Been Heard.

Daniel Jensen: I appreciate it. this has been a treat on, on my side here. Thank

you sir.