Transcripts

This Week in Enterprise Tech Episode 564 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.


ou Maresca (00:00:00):
On this week in enterprise tech, Mr. Cruz Franklin, Mr. Brian C join me and in the era of digital threats, we're uncovering all the challenges and opportunities of cybersecurity recruitment. We'll talk about it. We're also going to dive deep in the heart of it and cybersecurity. Ever wonder how businesses are re-imagining their worlds with cutting edge technology? We'll, today we have Scott Evers from Involta. He's going to discuss the revolutionary world of Enterprise edge and the future of hyperscale cloud services. You definitely should miss it. Quiet on the set [00:00:30] podcasts you love from people you trust. This is is twi. This week Enterprise Tech episode 5 64 recorded October 6th, 2023. Data is bigger in Texas. This episode of this week, enterprise Tech is brought to you by Bit Warden. Hit the open source password manager that can help you stay [00:01:00] safe online, get started with a free teams or enterprise plan or get started for free across all devices as an individual user at bit warden.com/twit and by duo protect against breaches with a leading access management suite, providing strong multi-layered defenses to only allow legitimate users in.

(00:01:20):
For any organization concerned about being breached and in need of a solution, fast Duo quickly enables strong security and improves user productivity. Visit css.co/twit [00:01:30] today for a free trial and by our friends IT pro tv. Now a C I Learning acis New Solution Insights assist in identifying and fixing skill gaps in your IT teams visit. Go dot ACI learning.com/twit quit. Listeners can receive up to 65% off at IT Pro enterprise solution plan after completing their form. Based on your team's size, you'll receive a properly quoted discount tailored to your needs. [00:02:00] Welcome to TWI this week in enterprise tech. The show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this world's connected. I'm your host, Louis Marca, your guide through the big world of the enterprise, but I can't guide you by myself. I need to bring in the professionals and the experts start their value on Mr. Brian Chi. He's our network expert, security expert. He's all around tech geek and he is always busy. Bert, what's been keeping you busy this week?

Brian Chee (00:02:26):
I've been playing i o ot. I've [00:02:30] been using gear from seed laboratories. It's called the wheel node. Super super simple little device. It's under $9 each and then maybe double that when you start adding sensors. And the idea is I'm going to be deploying them at the central Florida fairgrounds so that we can get more intelligence in the HVAC system for expo halls without having to go and pay the HVAC company Mega [00:03:00] bucks ought to be fun.

Lou Maresca (00:03:03):
Now, you didn't get stuck in any buckets this week, right?

Brian Chee (00:03:06):
No, no buckets this week, but I did finish up the fiber optics that I was doing and of course as I got down to the last fiber, I grab it to go and lace it into the fiber tray and it comes off in my hand. So I had to cut 'em all off and start again. What a drag. [00:03:30] At least

Lou Maresca (00:03:31):
We're stuck in a tree, so that's good. Good week, good week all around. Well, we also have to welcome back Mr. Curtis Franklin. He's principal analyst at md and again, he's the man that has the pulse on the enterprise and again, always busy. Curtis, what's keeping me busy this week?

Curtis Franklin (00:03:46):
Well, this week some of the busyness has actually been due to good stuff. Eagle Eye viewers might note that I'm not in my normal office. I'm off in Atlanta where we're visiting [00:04:00] our son. That's been a pleasure. In the meantime, I've been writing a report on a particular company, a company called Enterprise, which does threat analysis in management that's as opposed to vulnerability or risk. So working on that, got several other reports coming up. Fortunately no travel on [00:04:30] the horizon, but plenty of time spent on Zoom calls. Zoom is the new black or something like that. I just spend all kinds of time on Zoom, but I think I'm happier you're doing that than staying on an airplane all the time.

Lou Maresca (00:04:49):
Well thank you Curtis. Speaking of lots of stuff going on, we definitely have lots to talk about. Now in the era of digital threats, we are uncovering all the challenges and opportunities of cybersecurity recruitment. You don't want to miss our conversation [00:05:00] because we have a mix of experience and wisdom there. As while driving deep in the heart of it and cybersecurity, we will be joined by Scott Evers from Volta to discuss the revolutionary world of enterprise edge and the future of hyperscale cloud services. So definitely stay with us because we have lots more to talk about, but first we have some enterprise news to send your way with our news blips. Atlassian has reported an exploit in its confluence server and confluence data centers. Attackers have taken advantage of a severe bug tracked as C B 20 23 22 515 [00:05:30] affecting versions from 8.0 to 8.51. If your confluence instance is public facing, it's definitely a potentially risky there, allowing attackers the highest privilege of admin level access.

(00:05:44):
Several clients have already reported incidents due to this zero day vulnerability. Atlassian quickly released updates for affected installations Now in an advisory, Atlassian mentioned that instances, especially those on the public internet are exploiting and exploitable anonymously. [00:06:00] They emphasize that just upgrading won't actually remove the intruders IT teams must identify compromises, remove unauthorized admins and assess damages. Atlassian also hasn't disclosed specifics about this issue, but assured that the cloud sites are unaffected. They've provided a security advisory, detailed affected versions, mitigation steps, and threat detection measures. A primary recommendation is restricting the external network access and preventing access to the setup star endpoints [00:06:30] on Confluence instances. Now, rapid seven added their insights as well, noting that the Compromise Indicators center around the setup star endpoints and their researchers highlighted that potential of the unauthenticated or authenticated remote elevation privilege gap that lets attackers establish admin accounts. Now I think that you need to take note here that it's not just an upgrade, that's enough here. You must also have that common practice as an IT or security professional that you quote assume breach, right? That the offenders are [00:07:00] already in the confounds of your network or they've already breached the service and that means you need to take the steps to lock things down, remove access, and basically stop the bleeding. And if you haven't already, make sure you go and update your service.

Curtis Franklin (00:07:13):
Alright, so from our good friends over at Dark Reading comes news that there are at least a hundred thousand industrial control systems or I C Ss exposed to the public internet around the world. And these control a host of [00:07:30] critical operational technologies like power grids, water systems, and building management systems. According to the article, researchers at BitSight reach the 100,000 number by inventorying reachable devices that use the top 10 most popular and widely used I C SS protocols, protocols like Modbus, K N X, backnet, Niagara Fox, and others. Now the researchers say these reachable and vulnerable systems represent a global risk to physical [00:08:00] safety stretching to at least 96 countries and the risk is not theoretical as malware built to subvert power grids and incidents like the Colonial Pipeline malware attack show, Pedro Amino principal security researcher at BitSight notes that there are few if any reasons for this type of equipment to be directly reachable via the internet.

(00:08:24):
So the risk level seems like a soluble problem. In fact, [00:08:30] if systems are directly behind a firewall or otherwise not internet facing, then much of the risk of exploit is mitigated. The takeaway is that I C SS owning organizations can inventory their protocol use and use that as a variable to identify risk and inform their operational technology or i c s security strategies. Companies obviously want to take the most immediately immediate most direct action against the vulnerable systems [00:09:00] that are directly accessible from the internet directly in the line of fire, if you will. Now, while a hundred thousand sounds like a bad number and it is, it's worth noting that the level of i c s exposure has actually declined over time, even amid the move to smart OT environments and more digitization. For example, in 2019, the number of exposed i c s devices within the parameters of the study set it nearly 140,000. So the news isn't [00:09:30] good, but it's not as bad as it might be.

Brian Chee (00:09:37):
So my soapbox here comes to us from Wired magazine and the headline is Undersea cables are carrying scientific secrets, which is kind of off topic, but that's right.

Lou Maresca (00:09:52):
So

Brian Chee (00:09:52):
The article is talking about using large scale time domain reflectometry and interferometry to detect [00:10:00] minute movements in undersea cables in order to create a gigantic earthquake detection web. I'd like to highlight an older but potentially more flexible and less expensive detection system that not only can detect earthquakes but also tsunamis. The Aloha Cabled Observatory is 85 miles north of the island of Oahu and sits three miles underwater. Dr. Bruce Howe of the University of Hawaii School of Ocean Earth Sciences and Technology is the principal investigator for this project and has been pitching the concept [00:10:30] of adding some relatively simple and well understood sensors into optical repeater packages used on existing undersea cables. Instead of needing an extensive development to add O T D R capabilities to shore stations and to the optical repeater packages, the system could easily be added to the repeaters of near future cables.

(00:10:51):
Well, let's put this in the proper perspective. Several companies currently make a system that can be added to existing fences or buried underground. [00:11:00] This is for above water application. It uses the change in how light transmits through the cable to detect if someone is climbing a fence or walking across the ground. The concept has been around for decades and I've deployed such technology to help guard facilities around the world. The point I'm really trying to make is that we can already add earthquake and tsunami detection using tried and true existing technology. I'd like to also point out that tsunami detection is currently buoy based [00:11:30] and are anchored in relatively shallow waters. If we had mid ocean tsunami and earthquake detection, we could possibly double or maybe triple the amount of warning time for our shoreline populations.

Lou Maresca (00:11:47):
The C V E 20 23 49 11 vulnerability has been cheekily dubbed. Looney Tunables might not actually seem like an IT world ender, but its score A C V S S score is actually 7.8, [00:12:00] which means it's deemed important rather than critical. However, there's more to it that meets the eye. ZDNet describes vulnerability as residing in the G N U C library's dynamic loader leading to a buffer overflow or here's the kicker, it's present in virtually all distributions of Linux across threat research unit. The brains behind this discovery revealed that it could be an exploit and it could be on by default and installations of Fedora, Ubuntu and Debian versions the sole beacon of hope. Well Alpine Linux. [00:12:30] That's right. Alpine Linux remains unaffected. Now given this sheer breadth of its impact, this vulnerability makes it worryingly straightforward for attackers to gain root access on almost all Linux systems.

(00:12:42):
Putting it bluntly, this is bad news for our Linux community, right? Well, how do we get from get here? Right? This flaw traces back to actually April, 2021 with the glib C two point threes four release originating in that file and the dynamic loader. Now its trigger is the Tunables [00:13:00] environment variable. That's right. Clauses emphasis here is that it's its misuse can broadly undermine system performance, reliability and security. The potential of turning the overflow into an extensive attack could jeopardize numerous systems, especially that glib see's widespread Linux presence. Now the alarming part here, at least one exploit for this vulnerability is already in the wild. The question is what's the action plan? Well, of course patch and patch very quickly. [00:13:30] Industry bigwigs like Red Hat and Wound two, Debbie and Gen two have rolled out updates already. The base code here also has the necessary patch for the Glib C Library for those who can apply an immediate fix.

(00:13:41):
Red Hat offers a script to mitigate the vulnerability by terminating specific set U I D programs. Now our recommendation patch up activate mitigation scripts and shield any exposed IOT devices behind firewalls right away and in fact, in the words of the legendary poy pig. That's all folks. [00:14:00] Well folks, next up the bites, but first we have to thank a really great sponsor of this week in enterprise tech and that's Bit warden, the only open source cross platform password manager anywhere, anytime. In fact, even security. Now Steve Gibson has switched over and we know Steve has some serious high standards, so that's a good thing with Bit Warden, all the data in your vault is end-to-end encrypted, not just your passwords. In the summer of 2023 G two Enterprise Grid report, they solidified their position [00:14:30] as the highest performing password manager for the enterprise. Leaving competitors in the dust bit worn protects your data and privacy by adding strong randomly generated passwords for each account.

(00:14:42):
Go further with their username generator, create unique usernames for each account, or use any of the six integrated email alias services. You could log in with Bit Warn and your vault after using SS s o on a registered trusted device, no matter a no master password needed, this new solution makes it even easier for enterprise [00:15:00] users to stay safe and secure with Bit Warn transparently view, all of Bit Warren's code available on GitHub. I've looked at it now on top of being public to the world Bitt Warrenton also has professional third party audits performed every year yearly and the results get published right there on their website. Bitt Warrenton is open source security that you can really trust. They share private data securely with coworkers across departments or the entire company with fully customizable and adaptive plans. [00:15:30] Bit warden's teams organization option is $3 per month per user while their enterprise organization plan is just $5 per month per user.

(00:15:39):
Individuals always get bit warden's basic free account for unlimited passwords, upgrade any time to a premium account for less than a dollar a month or bring the whole family with their family organization option to give up to six users premium features for only $3 and 33 cents a month. This is cybersecurity awareness month. Keep yourself and help your friends and families stay [00:16:00] secure online with Bit Warden. Bit Warden offers a fully featured free plan for everyone, which now includes being able to use hardware security keys or pass keys as a form of two-factor authentication. Bit Warden envisions a world where nobody is hacked, is the only password manager offering the strong security option for free. Add twit or fans of password managers get started with bit warden's free trial of teams or enterprise plan or get started or free across all devices as an individual user at bit warn.com/twit.

(00:16:30):
[00:16:30] That's bit warden.com/twi and we thank Bit Warden for their support of this week in enterprise tech. Well folks, it's time for the bites. Now there is a unique conundrum happening in shaping the world of cybersecurity recruitment. That's right, recruitment. While there's a glaring shortage of trained professionals out there, automation is steadily taking over those essential entry level tasks. Now, this shift actually makes it really challenging for potential [00:17:00] threat hunters to acquire hands-on experience. Now, recent data from cyber seek in collaboration with partners like NIST and CompTIA reveals that job postings demanding prior cybersecurity experience soared at a rate of 2.4 times faster in the overall economy over the past year, however, the supply is very strained. Only 65 cybersecurity experts are in the workforce for every a hundred open positions. Now let's think about this in summary. It's a whopping 769,736 [00:17:30] job openings in just a year ending this September.

(00:17:36):
Now CompTIA Apley highlighted the significance of these findings. In fact, they emphasized the need for more dynamic approaches to recruitment and career development, recognizing the challenges ahead. The industry fact is the man isn't just the cybersecurity domain. That's right. Employers are eyeing potential recruiters with cybersecurity security skills for roles like auditors, cloud architects and tech support engineers. But there's a [00:18:00] twist here. Reps from Tanium believe many employers set unrealistic expectations, sound familiar while they argue that degrees aren't mandatory for most cybersecurity roles. Instead, they've had success actually hiring individuals with diverse backgrounds like including teachers, mechanics, emphasizing curiosity and problem solving skills. Now, rep from Cardinal Ops that echoes this sentiment suggesting a broader search criteria for hiring managers. He recommends considering candidates with backgrounds in fields like history, fraud, [00:18:30] investigations, and even music. Why? Because it's the traits like analytical thinking and Ken eye for detail make an excellent cybersecurity professional. That means there's definitely demand in the market and it's adaptability and open mind that might just bridge the gap with a talent gap here and we'll see what's going on. I do want to bring my co-host in because they have lots of experience here. Bert should organizations be looking for essentially a specific mindset here for that creative recruiting.

Brian Chee (00:19:00):
[00:19:00] Realistically, like any highly skilled profession or job or whatever adjective you want to use, a lot of this is stratified. You're going to have some people that need a lot more experience than others depending on the type of job. I'm a big, big fan of academics and I've worked at a university for quite a while and a four-year degree program, I think in my opinion, [00:19:30] concentrates on critical thinking. It's not designed to get you ready specifically for a specific job, but teach you the critical thinking skills. Now, one of the things I wanted to suggest to the hiring world is there used to be a lot of concepts like practicum and internships and if we have a market that is severely lacking in people with experience, [00:20:00] maybe it's time the private sector tries to work hand in hand with academia. And that's what my lab did at the University of Hawaii.

(00:20:08):
So I actually specifically started looking for retired or disabled law enforcement professionals because they have the right mindset for the investigation. And I saw many, many, many positions [00:20:30] where the grizzled old police detective that retired and had to walk with a cane was overlooked. And I keep thinking, gee, that person probably solved all kinds of crimes. That's basically cybersecurity. I'd rather teach them the skills than having to start and convince, say a young person right out of a community college [00:21:00] that I'm sorry it's That's wrong. That's right. I want to have someone that already knows right from wrong and has the investigative skills. So anyway, I'm going to stop my soapbox, but I truly believe that a public private relationship is something we need if we want to start filling these job gaps.

Lou Maresca (00:21:24):
Right, right. Now, Curtis, what about you? Do you think that the [00:21:30] whole concept of diversity that they're calling out here and thought and experience often leads to maybe more applicable people to kind of fill these roles, people that can essentially broaden their thought process when it comes to specific cybersecurity strategies, that kind of thing?

Curtis Franklin (00:21:46):
Yeah, I think cybersecurity is one of those areas where you can make an objective argument for the benefits of a diverse workforce. If you look at cybersecurity [00:22:00] and where our biggest problems have come from, it has been through a lack of imagination. Someone will always say, we never imagined that anyone would do this thing. Great example would be Target. This is several years ago. But if we recall the huge target exploit that came in [00:22:30] from an H V A C contractor, that whole thing started with the I C SS thermostats and no one on the target security team ever imagined that that would be a point of vulnerability. To the extent that everyone on your security team looks alike and comes from the same background, it tends to maximize [00:23:00] the possibility that you'll have these blind spots. So I think you're exactly right. The most important thing for entry level tier one analyst is going to be a mindset.

(00:23:16):
Someone who is curious, who's good at solving puzzles, someone who looks at patterns and sees what's different. All of these things. The real problem that I hear when I talk [00:23:30] to cybersecurity professionals who are bemoaning this workforce lack is the disconnect that comes between security managers and hr. Because security managers often will say, oh, I'd love to have someone who has taken part in half a dozen capture the flag exercises. I'd rather have someone who was good at capture the flag than someone who had [00:24:00] a fairly generic certification. But when the job openings get to hr, they start looking at ways that they can make a first cut on the stack of resumes that come in. And the easiest way to do that is through credentials, diplomas, certifications, things like that. And let's also [00:24:30] be realistic here, and Lou, you mentioned this in the entry to this, an analyst with a couple of years, two to three years experience in most decent sized cities can be making mid hundred thousand dollars salary.

(00:24:52):
And when you see a job offering that's looking for a tier two analyst with seven years experience, including specific [00:25:00] experience in cloud and endpoint security and full stack this and all the starting salary, $63,000, that's a position that's going to go unfilled. Unless you can find someone whose family has tied them tightly to that community, you're not going to draw some wind. So there are a number of points of disconnect in the whole puzzle, but the [00:25:30] important thing is that we have a gap of somewhere between 300 and 500,000 individuals between the number of openings that exist for trained cybersecurity professionals and the number of trained cybersecurity professionals. And if you talk to people at comt, I s C squared cyber know before any of the major training companies, they admit that this is something where there simply [00:26:00] is no way to train ourselves out of this shortage. We simply don't have the training capacity and the pipeline to do it. So we've got to figure out other ways of getting people into those positions and frankly, some technology to help the people who are there be as effective as possible.

Brian Chee (00:26:22):
What do you think, Bert? Is there another pipeline that can improve the training here that can help with this type of thing? [00:26:30] Actually, I think there's a pipeline that a lot of people are ignoring. I worked at a computer science program at the University of Hawaii and one of the things we wanted to do, we wanted to more classes. We wanted to hire people to teach. One of the problems I had trying to fill this gap was cyber professionals are making too much money they don't want to teach. [00:27:00] So that was one problem. The other problem is we didn't have the resources nowadays for any decent four-year university to do a cybersecurity program, you almost have to have a cyber range and if you want to have red versus blue with white judging and so forth, cyber range is not cheap. So [00:27:30] one of the things I like to throw out is one, write your Congress critters.

(00:27:38):
Congress needs to think really, really hard about providing tax incentives for private industry to help the academic world start putting more people out. If more universities were able to go and pump out kids that had some hands-on [00:28:00] play, red team versus blue team on a cyber range, suddenly we've got at least a little bit of experience under the belt when they start hitting the workforce. I also strongly encourage the academics, grab those retired police detectives or F B I agents and so forth, get the Leos involved because they've got a great set of skills to try and teach the next generation. [00:28:30] And until we start doing that, I don't think we have a prayer of catching up.

Lou Maresca (00:28:37):
And one interesting talk about untapped potential here, I feel like a lot of these are talking about the fact that they trying to recruit, and obviously I can tell you from experience that recruiting nowadays is hard trying to find obviously people externally, like you said, being very creative and how you're pulling candidates. And I want to get your guys' thoughts on this is a lot of organizations tend to not think about potentially training [00:29:00] their internal organization people who have the potential internally to work with maybe already standard professionals there and have them grow into these roles. Do you think that the need is so dire right now that they're not willing to do that? What do you guys think?

Scott Evers (00:29:17):
Lou, can I jump in here?

Lou Maresca (00:29:19):
Yeah, absolutely. Scott, welcome.

Scott Evers (00:29:21):
So one of the problems that has existed in security in the 20 plus years I've been in it is that a lot of enterprise [00:29:30] security organizations grew out of networking organizations. So they're entirely focused on perimeter defense, what's going on in the network and the infrastructure layer. Application security has always been a second class citizen, but given the fact that with the advent of cloud, everything's becoming software defined, C I C D is real release velocities of a hundred releases a month are real. Having your app dev teams more invested in the security process is a huge gap [00:30:00] and a huge need. And I also think it's fertile ground, especially when you're talking about retooling and retraining your internal staff. So it's probably easier to backfill a competent application developer who has moved in security into security than it is to find a good cloud security person, so to speak. So I think a lot of organizations should be looking at their senior development staff and saying, Hey, who here has shown an aptitude or a passion for security and can we grow them into one of those roles?

Lou Maresca (00:30:30):
[00:30:30] Yeah, I really like that. I like that a lot. In fact, we have lots of examples of this where I work where we will have individuals, we will look at their skill sets

Scott Evers (00:30:38):
And

Lou Maresca (00:30:38):
Then look at the problem sets in front of us and then offer them an opportunity to go

Scott Evers (00:30:42):
And

Lou Maresca (00:30:42):
Bridge their knowledge gap and go learn about some new stuff to try to build things. And AI is one of them. A lot of times we have some AI gap and security is also another one.

Scott Evers (00:30:53):
Curtis,

Lou Maresca (00:30:54):
You work with a lot of organizations out there, talk to a lot of them. Is this something that they're considering? Is the internal processes?

Curtis Franklin (00:31:00):
[00:31:00] Oh, very much. And most of the leading training organizations have training packages specifically intended for this and they encourage it. Many of them in fact will make the initial trainings. It's three to nine courses, for example, available free for people who are interested in sort of trying it out to see if it's something [00:31:30] that they're really interested in. So there's a tremendous amount of interest in this. A lot of companies are exploring it, although you start to get into the internal dynamics of the companies because Lou, I'll say put this in yours. Let's say you've got a cracker crackerjack developer. How excited would you be to have them come to you and say, I know that I'm a really good [00:32:00] developer and make a great contribution, but what I really want to do is find bad guys, so I'm going to be leaving your team to go off into another building to do something else.

(00:32:10):
You're probably going to be only so excited about that. I mean, sure, you'll put on a happy face, say Good for you. This is great for the organization all the time going crap, I've got to find a new developer. So there is a dynamic there that has to be seen. Realistically, I will [00:32:30] say that another thing that is happening, you have, I had a conversation out at Black Hat with CompTIA and they are starting to do some things where basically they will identify people outside of cybersecurity and try to get them into a cybersecurity path. They make this available to them and then they get companies looking for cybersecurity [00:33:00] professionals to sponsor that person's training with the understanding that at the end of their training, they go to work for the company that sponsored them. And CompTIA, or since I've heard about this from other organizations, the organization will say, we guarantee that on day one they are ready to work and we also guarantee that they will be there for [00:33:30] a year to pick a random length of time. So you get the training organization that's also in some ways acting as a talent recruitment firm. And I suspect we're going to see more of that kind of hybrid training, talent recruitment thing going on again because we have such a shortage and it's so critical that companies on both sides of the equation are willing to look at [00:34:00] creative solutions to make things better.

Lou Maresca (00:34:04):
Indeed, indeed. Well, thank you guys. I appreciate this. Good topic. Great topic, and I appreciate you jumping in, Scott, we'll definitely get back to you in just a moment. We have lots more interesting stuff to talk about with you as well. But before we do, we do have to thank another great sponsor of this week, enterprise Tech, and that is Duo. Duo protects against breaches with a leading access management suite. Strong multi-layered defenses and innovative capabilities only allow legitimate users in [00:34:30] keep bad actors out. For any organization concerned about being breached that needs fast protection DUO quickly enables strong security while also improving user productivity. Duo prevents unauthorized access with multi-layered defenses and modern capabilities that thwart those sophisticated malicious access attempts and increases authentication requirements in real time when risks actually arise there. Dual enables high productivity by only requiring authentication when needed. Enabling [00:35:00] Swift, easy and secure access, they also provide an all-in-one solution for strong N F A passwordless single sign-on and trusted endpoint verification duo helps you implement zero trust principles by verifying users and their devices. Start your free trial and sign up today at css.co/twit. That's css.co/twit and we thank DUO for their support of this week in enterprise tech. [00:35:30] Well, folks, it's my favorite part of this show actually. We're going to a guest to drop some knowledge on the TWI ride Today we have Scott Evers, enterprise architect of Involta. Welcome to the show, Scott.

Scott Evers (00:35:41):
Hey, thanks for having me. It's good to be here.

Lou Maresca (00:35:43):
Now, first I would like to say I really enjoy talking to enterprise and solution architects because they are the people who are in the trenches. They work with customers to take them, to lead them in the right direction, take them to the right success, and to kind of overcome their unique challenges. But [00:36:00] I know we have lots to talk about there. But before we get to that, we have a complete spectrum of experiences when we come to our audience and some of them love to hear people's journey through tech and their origin stories. Can you maybe take us through a journey through tech and what brought you to Involta?

Scott Evers (00:36:14):
Sure, and I'll try to keep it under three hours because it's a long and diverse background, but to be honest, I actually had career aspirations of being a physicist. So my degree is in physics, but I wanted to grow up to be [00:36:30] Sheldon Cooper, but while I was in college, I had to fight the collegiate IT department because the only way they would let you on the campus network was if you were running Windows three one. I've dated myself quite a bit and I wasn't about to downgrade from Windows 95 to Windows three one. So I spent an embarrassing amount of time trying to figure out how to bypass and get on the network with Windows 95 managed to do that, [00:37:00] but that sparked my passion in it.

(00:37:05):
When I was still in college, I ended up getting a part-time job as a mainframe operator of all things for a large local employer delivering backup tapes around the facility, handling print offs of reports. It wasn't very glamorous, but I got my foot in the door with this IT organization did well enough at that position to parlay that into an internship, which [00:37:30] in my early days of it I thought I want to be a system administrator. I have no desire to be a developer pounding outlines code all day. Surprisingly, my internship was exactly that. It was software development. So we had a number of consultants in doing development for an internal application at the time, and when that contract budget ran out, they had no one to take on the burden of maintaining [00:38:00] and enhancing that code base. So they kind of stuck me, the intern in to garner what I could from those consultants and really take over that code base and management of that application upon their departure.

(00:38:14):
So that's how I got my foot in the door and my start of my career. So did a fair bit of AppDev in the early days, but because of the systems I was working on, they were security based systems. [00:38:30] We weren't allowed or we didn't have the desire to have the traditional support teams within the organization have access to those systems. So I ended up being my own D B A my own I A S administrator actually was the first active directory administrator for the company. This is in 1999, so a long time ago or maybe early 2000. Yeah, early 2000. So did system administration as well as app development. I like to tell people I was the [00:39:00] originator of DevOps even though what I did was nothing like modern DevOps, but I did development and operations. So worked on that solution and in that space for quite a while in my early career, started out using the Microsoft technology stack.net development I and SQL Server.

(00:39:21):
We ended up acquiring a commercial application to replace our homegrown code base at some point, which [00:39:30] the application was basically a framework on which to build a new application. So ended up doing a bunch of Java development in those days, some Oracle database administration as we switched technology stacks. So got the full gamut of those experiences years and years ago. But then because of those applications were all security based, I got pulled into our security organization never. And this is where I have passion for developers becoming security professionals [00:40:00] because I've sort of lived that path and walked that path and I think it's a great transition to make, but ended up doing some layer seven gateway administration, a P I Gateways, WAFs, et cetera. And because of those rotations, ended up getting a security architecture role within that organization, and that was right around the time that public cloud really started to become a thing. So my [00:40:30] first public cloud project was helping migrate the organization from Lotus Notes as a productivity suite to G Suite, which you can imagine was quite the transition. But as the security architect assigned to it, I had to identify risks, understand what the proper configuration of that platform was, identify and help to build mitigations to those risks, et cetera, et cetera. So that kind of sparked my passion [00:41:00] for public cloud services. So shortly after that started to do a fair bit of work with a w s, some other SaaS based and PAs based solutions.

Lou Maresca (00:41:12):
You have quite the background here. I would say that I was definitely right when it said you guys are the ones that definitely can go in and jump in the trenches and help find security and other issues. Now speaking of identifying risks, I'm always curious, are you seeing commonalities? Obviously most [00:41:30] organizations have a bunch of unique challenges, right? They all have their unique challenges, whether it's moving to hybrid cloud, moving to the cloud, digital transforming, securing things, that kind of thing. Are you seeing some commonalities across the spectrum of just what most organizations are challenged or what kind of facing challenges they have

Scott Evers (00:41:48):
Specific to security? I think it hearkens back to my comments earlier, and that is a lot of security organizations are ill-prepared to handle a software-defined world. So [00:42:00] I come from a background where a policy's written before anything is deployed to production security has to review it. They have the big battle acts to be able to say, no, this isn't going live this week. And that model obviously doesn't scale when you start to talk about increased release velocities when you start to talk about C I C D. So I think DevSecOps is a big gap in a lot of organizations to this date. Even though the concept's been around for years, [00:42:30] it's not something that most organizations have really gotten their head around. I think in general, I see a lot of organizations struggling to move forward and innovate and take advantage of new technologies that the market is presenting while still maintaining all of the legacy that they have to deal with. So there's this strange dichotomy of I've got a thousand applications in my organization all running on VMs in my data center, but then again, [00:43:00] I have these analytics opportunities to go leverage cloud services to garner this great insight to do ai. Everyone's talking about AI these days, right? So how do they balance those and how do they operate as that multimodal organization I see as a common challenge.

Lou Maresca (00:43:18):
Now, going back to what you were saying, most organizations obviously grapple with the need for speed responsiveness. Going more specific into technology, how do you measure the future of what we call operating at the edge? Do you see [00:43:30] some way of effectively integrating, let's say hyperscale cloud services to edge operations? What do you see there? How can organizations do this?

Scott Evers (00:43:39):
Well, it's interesting because most enterprises have been operating at some definition of the edge for their entire history, right? If you have an on-prem data center in your facility, that's a definition of edge. The challenge is when cloud became prominent in the industry, everyone wanted to centralize into cloud [00:44:00] because of the ease of use, the ease of adoption, the potential for it to be cost effective, stable, all those ilities that we associate with cloud and they started to ignore or abandon their existing edge footprint. Now they're starting to realize that hey, not all workloads are a good fit for a centralized cloud environment. Some have to operate at the edge or are better to operate at the edge. The problem is, in today's market, the cloud-like experience that has drawn [00:44:30] people to cloud providers doesn't exist at the edge. So you may be able to do a fair job as an enterprise of managing your workloads and your deployments and your infrastructure across your locations, but you're going to invest a lot of time, resources and focus into doing that. There's not a provider out there that can necessarily give you the easy button to manage your workloads distributed across your locations [00:45:00] in quite the same way you could do it in a centralized cloud environment,

Lou Maresca (00:45:03):
Right? We definitely have a lot more to talk about here and I do want to bring my co-host back in. But before we do, we do have to thank another great sponsor of this week in enterprise tech, and that's our friends at IT pro TV who are now called a C i Learning 94. 94% of CIOs and CSOs agree that attracting and retaining talent is increasingly critical to their roles. And we just talked about this with today's IT talent shortage. Ensuring your team skills are up to date is more important [00:45:30] than ever. 87% of companies say they have skill gaps in their employees. It's not easy figuring out the skills gap. It can be almost overwhelming, but listen, it doesn't have to be a C i Learning now offers insights, a revolutionary skills gap analysis tool to guarantee you that the training you're providing is actually working now in a quick one hour assessment, A C l learning's insights will allow you to not just see, but understand and fix the skills gaps on your IT team.

(00:45:57):
Now, this is the solution IT managers [00:46:00] have really been waiting for. Now with insights, identify specific skill gaps in your employees and see where your team's weaknesses actually lie. Empower your team with personalized training to fill those gaps. Generic blanket based training is always waste time and money. We know that insights offer detailed solutions, support and strategy by issuing recommendations and training plans for individuals and your whole team. Compare results against other organizations so you know where you stand, test skills and close the gaps with practical [00:46:30] labs that allow trainees to focus on the skills they need most. A C I Learning helps you retain your team and entrust them to thrive while investing in the security of your business. More than 7,200 hours of content are available with new episodes added daily and a C L Learning stomps its competitors with a 50% higher completion rate.

(00:46:52):
These are the training solutions your business has been waiting for. Future-proof, your team and company with insights from a ACI learning [00:47:00] visit, go dot ACI learning.com/twitch. TWIT listers can receive up to 65% off an IT pro enterprise solution plan. After completing their form. Based on your team's size, you'll receive a proper quote discount tailored to your needs, and we thank ACI learning for their support of this week. Enterprise Tech. Well, folks, we've been talking with Scott Evers, enterprise architect of Involta. We talk a lot about enterprise computing, edge computing, but I do want to bring my co-host back in because they have a lot of experience

Scott Evers (00:47:29):
The industry [00:47:30] and I'm sure they have some questions. Let's go first, Curtis. Bert,

Curtis Franklin (00:47:35):
I'm happy to take off first. And Scott, you've got some interesting things you're talking about. One of the things that I'm curious about over the past few years, we've heard an awful lot about data sovereignty. Not only that data exists under the control of a company, but where the storage devices physically sit is [00:48:00] an important consideration for many jurisdictions when it comes to legal and regulatory issues. Is this something that you still have a lot of conversations about or is data sovereignty now at a point where it's a solved problem that just kind of happens because everyone knows what it's all about?

Scott Evers (00:48:22):
Absolutely. It's definitely a challenge that some of our customers face, and I have these conversations on a fairly regular basis. [00:48:30] Part of my background, I worked in the defense industrial base, and so us export controls was a big data sovereignty issue. So if I have a schematic for a weapon system that can't leave the grounds of the United States, so been familiar with that for a large part of my career. I think at the national level, a lot of the sovereignty issues have been addressed thinking about I have a desire to adopt a [00:49:00] particular cloud provider. They happen to exist in that region or that geographic boundary. And so it's largely a non-issue for me, but I think where we're seeing organizations still struggle is within the United States when we get to state level data sovereignty requirements. So for example, Texas is notorious for liking to do business in Texas, and not all the hyperscalers have regions in Texas.

(00:49:25):
So there's a particular customer I worked with that [00:49:30] their market is state governments and they wanted to do business with Texas while their application stack was targeted towards a w s. So they had a real challenge because A W SS doesn't have a region in Texas, so they actually had to re-architect their application stack and back away from that and containerize it to give 'em that portability. And so they had to sub-optimize their architecture in certain regards, couldn't take advantage or depend on certain platform [00:50:00] services they would've liked to have consumed because of their data sovereignty requirements

Curtis Franklin (00:50:06):
With that. And you mentioned the hybrid environment, and I think hybrid has now become pretty much standard for a lot of organizations. The idea that everything you do is going to live on one cloud service provider is just not realistic, but from the cloud service provider standpoint, how aware do you have to be about the [00:50:30] requirements and the capabilities of other cloud providers in order to help your customers be successful?

Scott Evers (00:50:41):
I think, let me maybe pivot a little bit on my response and answer a slightly different but related question. I think a lot of organizations that I work with when they think about approaching cloud, which cloud provider is right for me? How am I going to move? [00:51:00] It's an IT organization who's never really thought about individual applications. They serve infrastructure, they serve operating systems to their application team brethren, and they're looking at moving or adopting cloud services from that perspective. But at the end of the day, a cloud fit assessment really comes down to the individual workload. So you should be analyzing the application and what really [00:51:30] makes sense for that application. Does it belong in a hyperscaler? Does it belong in a private cloud? Does it belong on-prem? What advantages can I realistically garner and how do I need to do that? Can I do a lift and shift? Do I have to refactor an application? Kind of that six R's methodology of analyzing your workload before you move.

Curtis Franklin (00:51:52):
Well, when you're analyzing the workload, one of the things that in my world we end up talking about a lot [00:52:00] is the notion of shared responsibility when it comes to security. And that's something that I still hear companies being confused about where the lines are drawn between the part of the overall infrastructure that I'm responsible for as a customer versus what my provider is going to take care of on their end. First of all, is this something that you [00:52:30] still have conversations about with customers? And second, is it something that you think is going to be a conversation for the long term, or are customers beginning to understand where those lines logically lie?

Scott Evers (00:52:46):
It is something I still have conversations about on a fairly regular basis, and unfortunately, I don't know that there will ever be a clear cut answer. It'll never be a completely solved problem. And [00:53:00] quite honestly, it is driven by compliance and legal liability, right? No attorney worth assault is ever going to give an absolute statement, especially in a public forum to the general industry to say, this is what you're responsible for, this is what you must do. But ultimately, at the end of the day, that's what organizations are left to figure out. What must I do to maintain compliance? What must I do to effectively mitigate any sort [00:53:30] of liability risk that I may have? And absolutely you can rely on your service providers, your cloud providers, and that shared responsibility model to help you get there. But when it gets into the detailed questions around, okay, I'm consuming for example, S three or Azure object Storage, they're responsible for firewalling off that service. They're responsible for protecting against sort of internet [00:54:00] driven data breaches, but I must configure the service correctly. I must not enable public access. Those are pretty clear delineations, but when you get into the details of, well, what happens if I think I configured it properly according to their documentation, but someone still gets access, who's on the hook for that? And that's something that will likely continue to be litigated and argued about for the foreseeable future.

Curtis Franklin (00:54:29):
Very good. [00:54:30] Well, Scott, I'm ready to turn you over to Brian, but before I do, I've got one more critical question to ask. We keep referring to hyperscale architectures. To what extent do you think we call them hyperscale? Because we've all got tired of trying to remember the next larger Greek prefix for size.

Scott Evers (00:54:52):
I just use it as shorthand for saying Amazon, Microsoft, and Google, right? [00:55:00] When you talk about them 30 or 40 times a day like I do, you got to abridge that. But yeah, I'm not sure that directly answers your question, but yeah, it's just my shorthand.

Brian Chee (00:55:15):
I wanted to go pivot a little bit and start as an industry. We have been bellyaching about lack of staffing, lack of people trained how we want. Now, [00:55:30] when I just got out of college, I'm going to show my age here, I was recruited by electronic data systems of Ross Perot fame, and they had a program, if they hired you, you'd sign a $20,000 promissory note. Once you go through their school, then you're a junior engineer, they knock down some of the promissory note, you become a regular engineer, knock down the promissory note, and when you run a project by yourself and it gets completed, they [00:56:00] wash it and tear it up. Is this the kind of thing we have to do because you guys do a lot of services. When I first read the description, it sounded more like a general consulting firm, but you guys got started in co-location as an industry. So here's the actual question. As an industry, do we need to take those kinds of radical approaches to get people into the vacancies [00:56:30] that we desperately need?

Scott Evers (00:56:34):
I don't think so. And I'll say Ross Perot, they really broke the mold with that guy. So I'm not surprised that he had a promissory note as part of his onboarding process. But there's nothing worse than an organization than an unengaged employee. So if you have some sort of penalty for them moving on, of course you'd like to retain your employee base. [00:57:00] You make investments, especially early in individual's careers, into building their value and upskilling them, and you want to be able to harvest that value. But the way to do it is with the carrot rather than the stick, because if it's the stick, you're going to have them be disengaged and you're better off if they're not there. To begin with. Involta, one of the many services we offer is outsourced service desk function. And so we use that in a lot of cases as a feeder [00:57:30] for recent graduates to come in and get into the industry and then upskill 'em and build 'em from there and try to move them into more advanced roles within the organization.

(00:57:43):
A lot of times that works and it works well. Sometimes it's a competitive market out there. People will have opportunities and they'll leave. What we like to see though, more than anything is if an employee departs, they come back. So we always try to leave on good terms, and [00:58:00] we've seen a fair bit of that. I think a great thing about Involta is our culture. We really invest in our people. We make them feel welcome. We make them feel important and enabled and empowered within the organization. And that really, the grass is always greener on the other side. But what we've seen is certain individuals, high performing individuals, go chase an opportunity, understand that maybe the grass isn't really greener, [00:58:30] the culture may be lightning in a bottle, and then they want to come back and we're happy to have 'em. So I think really, how do you make your organization an attractive place for people to spend their careers? And once you've got that nut cracked, you don't need to come in with a stick.

Brian Chee (00:58:49):
Okay, well, how about this. How about I ask you to peer into your crystal ball, and if you could talk directly to the kids, [00:59:00] the people that are coming into our industry or changing industries, what kinds of things should they be looking at? What kinds of homework should they do? What are the skill gaps that you're seeing in your new hires?

Scott Evers (00:59:20):
I've said it before, but I'll say it again. DevOps DevSecOps, right? And one of the [00:59:30] things I do is I participate in a local community colleges advisory board, their industry advisory board. And one of the agendas I've pushed with them is that, okay, in your system administration coursework, in that program, you're definitely training people well on current technologies that are big in industry, VMware, [01:00:00] Cisco, whatever the case may be. But if they're point and click run, the occasional command system administrators when they graduate, they're going to be competing for an ever shrinking portion of the job market. And there are a lot of very seasoned people out there, a lot of experienced, very qualified administrators out there in the environment that are going to be competing for these jobs. And someone with a two year [01:00:30] degree or a certificate who's early in their career is going to struggle to compete with those. Where the gap is, is someone who can automate those processes. So if you understand Terraform, Ansible, chef Puppet, pick your technology and you can be a force multiplier within a system administrator organization to do more with less time, you're going to give yourself a leg up over potentially someone who's got 20 years in the industry.

Lou Maresca (01:01:00):
[01:01:00] Well, with anything, with any grade show, time flies, and this one's no excuse. Definitely. For sure. Scott, thank you so much for being here. We really appreciate you being here.

Scott Evers (01:01:09):
Thanks for having me, guys. Great conversation.

Lou Maresca (01:01:12):
Well, before we let you go, we do want to give you a chance to maybe tell the audience at home where they can learn more about Involta, where they can get in touch with you.

Scott Evers (01:01:20):
Yeah, involta.com. I'm sure there's a way of publishing my contact information, but hit involta.com. You'll get a sense for who we are as [01:01:30] an organization, the plethora of things we do, and the ways we can help.

Lou Maresca (01:01:35):
Thanks again. Well, folks, you've done it again. You sat through another, the best thing, enterprise and IT podcast in the universe, so definitely tune your podcast catcher to twi. I want to thank everyone who makes this show possible, especially to my wonderful co-host starting with everyone. Mr. Brian Chi Bert, what's going on for you in the coming weeks, and where can people find you?

Brian Chee (01:01:54):
Actually, this is one of the things I'm playing with. It actually has a wheel node [01:02:00] inside. It actually plugs directly in, and that's a passive infrared sensor. So I can actually count the number of people walking by in a hallway or something, and I can also grab temperature and humidity. And that was a very simple, very, very inexpensive occupancy sensor because we needed to go and find out are we actually leaving the air conditioning on in the top floor of a building [01:02:30] for no one? So iot doesn't necessarily need to be complicated. The wheels system that I'm using is actually drag and drop, and then I use Node red to harvest all the data and then push that up to Google spreadsheets. Lots of fun, and this is going to be, yeah, sorry, Lou, I see you making faces. It could just as easily be into the Microsoft Cloud, Azure easy.

(01:02:58):
But the whole idea [01:03:00] is I'm trying to lower the bar so that organizations like the Central Florida Fairgrounds can afford to go and make their environment smarter without having to spend a lot of money. So I've got a community college kid that I'm trying to convince that he needs to bone up on a lot of the emerging topics, and we're going to try and see how well he can do this and see if he really did [01:03:30] study in his no JSS classes. Anyway, if you want to hear about this kind of goofiness that I'm doing, I'm still using Twitter, A K A X. My handle is A D V N E T L A B advanced net lab. That's the leftover for my university Hawaii days. I also would love to hear your show ideas, comments, questions, and so forth. I am Seabert, spelled C H E E B E R T at twit tv. [01:04:00] You can also use twit at twit tv, which we'll go and throw that email to all the hosts. We'd love to hear from you. We'd love to hear your show ideas. Everybody be safe.

Lou Maresca (01:04:11):
I love that. Cheaper work harder, actually work smarter or not harder. I love that. Thank you very much. Well, we also thank you very own, Mr. Curtis Franklin. Curtis, what's going on for you the coming week? Where can people find you?

Curtis Franklin (01:04:22):
Well, I've got a new report on insurance and cyber insurance as part of managing risk coming out [01:04:30] for our subscribers at Omnia. I will also have a couple of small things coming up on LinkedIn. Speaking of which, if people want to follow me, they can do so on LinkedIn where I am mysteriously listed as Curtis Franklin. I am also on X as KG four G W, and on Mastodon kg four gwa@mastodon.sdf.org. Would love to hear from members of [01:05:00] the TWIT Riot. If you've got questions, concerns, just random thoughts about cybersecurity in the enterprise, please look me up on one of these social media services and let me know.

Lou Maresca (01:05:15):
Thank you, Curtis. Well, we also have to you as well, you're the person who drops in each and every week to watch and to listen to our show, to get your enterprise. Goodness. We want to make it easy for you to watch and listen to catch up on your enterprise. News. So go to our show page right now, twit tv slash twice. [01:05:30] There it is. You find all the amazing back episodes. Of course, the show notes, cos information, guest information, but more importantly there next those videos. That's right, right there. You'll get those helpful. Subscribe and download links. Support the show by getting your audio version, your video version of your choice. Listen on any one of your devices or any one of your podcast applications on all of them, so definitely subscribe and support the show. Plus, another way to support the show is you may have heard Club twit.

(01:05:55):
There it is. It's a members only ad free podcast service and you get it. Bonus TWIT plus [01:06:00] feed that you can't get anywhere else. And it's only $7 a month. And there's a lot of great things that come with Club Twit, but one of them is exclusive access to the members only Discord channel, A Discord server, lots of channels on there. You can chat with hosts, producers. There's lots of separate discussion channels, lots of special events, so lots of fun stuff. Join Club twi, be part of that movement. Go to TWIT tv slash club twi. Now, corporate group plans are also available. That's right, corporate group plans for Club Twit. It's a great way to give your team access to our Ad Free Tech podcast [01:06:30] and it starts with five members at a discount rate of $6 each per month. And you can add as many seats as a like there.

(01:06:35):
It's a really great way for your IT teams, your developers, your tech teams to stay up to date with all of our podcasts. And it's just like the regular membership as well. You can get access to that twit discord server as well as that TWIT plus bonus feed. And of course also remember there's family plans. That's right, $12 a month, you get two seats, $6 each per month. So lots of great options. Definitely join Club twit at TWI tv slash club twit and after you subscribe [01:07:00] and download the links, of course, impress your family members, your coworkers, your friends with the gift of TWI because we have a lot of fun on this show. We talk a lot about fun tech topics and I guarantee they'll find it fun and interesting as well. So definitely share the gift of TWIT with them. And if you're available on Friday, 1:30 PM Pacific Time, we do this show live.

(01:07:18):
You can watch livestream that's at live TWIT tv. Come see how the pizza's made, all the behind the scenes, all the banter before and after the show. We have a lot of fun. So definitely join us live. And if you're going to watch the show live, you might as well jump into the amazing [01:07:30] I R C channel as well. We have an IRC chat room you can go to. The webpage is IRC TWI tv and you can log into there right away and you can jump into the Twit live channel and we can be with all the folks in there. So lots of fun stuff as well as you watch the show live, I definitely want you to reach out to me because I want hear all your show ideas. I want to hear all your tech ideas, everything. Just hit me up at x.com/lu.

(01:07:51):
I'm also Lou MPM on Threads. I'm also Lou at Twit Social, so lots of great ways to hit me up. Of course, also LinkedIn as [01:08:00] well, if you want to message me there. I got lots of great conversations last week from people. There's definitely hit me up there. If you want to know what's going on during my normal work week, definitely check out developers.microsoft.com/office. There it is, the latest greatest ways for you to make your Office Suite more productive for you by customizing it. And of course you have, if you have Microsoft 365 right now, you can open up Excel. And on the automate tab, on the automate tab and Excel on the ribbon there, you'll see the automate tab. You can customize your office experience by recording macros and actually code in JavaScript [01:08:30] TypeScript and generate power, automate flows with that. Be able to edit your documents and bring data into your documents by using this automation.

(01:08:38):
So just like Brian was talking about. So definitely check that out because we have fun and interesting stuff there as well. I want to thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this week at Enterprise Tech each and every week. We couldn't do show without them, so thank you for all their support over the years. Of course, thank you to all the staff and engineers at twit and of course, thank you to Mr. Brian Chi one more time because he's not only our co-host, [01:09:00] but he's also our Tyler's producer. He does all the show bookings and the plannings before the show. So thank you Bert, for all your support. And of course, before we sign out, thank you to the editor for today because they can cut out all of our mistakes. Thank you very much. Plus our TD for today, the talented Mr. An Pruitt. Thank you for all your support, sir. What's happening this weekend, twit?

Ant Pruitt (01:09:20):
Hey, thank you Mr. Lou. Well, this week it was a lot of fun, particularly in Club Twit. I had a good time being able to sit down with the one and only Mr. John Scalzi [01:09:30] got an advanced copy of his book and was able to do an interview with this prolific New York Times bestselling sci-fi author. And I got to tell you, that interview was a lot of D gum fun, and I hope to continue to do more interviews like that. But yeah, check us out, twit tv slash club twit baby.

Lou Maresca (01:09:52):
Fantastic. Thank you, man. Well, until next time, I'm Louis Mariska. Just re, you want to know what's going on in the enterprise? Just keep twiet

All Transcripts posts