Turn Your Cybersecurity Strategy Into a Marketing Superpower
01:19:33 Share

If you are a company that collects customer data, then you need to build what we call controls to be able to protect that. Target got breached through their HVAC system. They had an HVAC system that was connected to their corporate network. So it's like nuclear weapons, cybersecurity. This is how big of a deal it is. Everyone knows about don't click that bad link. Yeah. Now it's getting pretty darn hard. Cybersecurity is this constant marathon. We're just

constantly trying to stay ahead of regulations or in the worst case of bad guys who are trying to break in. A lot of times it's looked at as a cost center. So how can you make the experience wonderful? Security is fear, uncertainty, doubt. You're going to get breached. You're going to end up on the internet. This is just another way to earn trust with your customers. This is a way you can boost your sales. This is a way that you can

stand out on the internet from your competitors. The cybersecurity industry is built on trust, security and compliance and privacy. It's very much a loop and not a line. I'm talking to ChatGPT, but I'm using some sort of API or something that's leveraging that. How secure are these things as they stand? A lot of customer success folks are using AI in their everyday functions. You have a system that you're dumping a bunch of data into with not a lot of controls. We still will sign customers and find out that they're uploading

patient health records and financial data. We now have this battle with China and Russia. They're all battling on who has the better algorithms, who has the better LLMs, and we're all training it on data. When you think about these companies, what threats are they facing currently? What's out there that people do need to be aware of?

Welcome back to Experts of Experience. I'm your host, Lacey Pease. And I'm Rose Shocker. I produce Experts of Experience. And today we talked to Taylor Hursom, the CEO of Eden Data. Because here I was thinking, oh, AI is coming. AI is our biggest looming threat when it comes to cybersecurity. And that's not even the case.

Humans. Humans and human error. Yes. Still making little human mistakes. Yes. Coinbase is a really good example. And we got into the recent data breach with Coinbase with Taylor. I think I, until this interview, I really never thought about cybersecurity when I think about customer experience. I'm in the position to spend a lot of money with some companies and give you access to a lot of my data, a lot of my customers' data. So learning how to communicate with

and be transparent when it comes to cybersecurity and how you protect your customers' privacy is key. And I think not something I hear about very often. No, people don't talk about it a lot. And going back to we live in the age of AI now, like what's ahead for us is a lot more deception when it comes to

fake voices, fake faces, people like calling you with calling you and saying I'm your wife and it sounds like your wife and hey, wire me money. So with LLMs now, people are actually using ChatGPT and taking like healthcare data

And putting it in chat and asking it to reformat it as though like that's not a massive security problem. I didn't know that. I did not know that. And he even said like the free people are using like the free versions of things and giving it all of this super sensitive data. I didn't even think about that. I don't know that this is happening at large scale and really big companies. I hope not. I hope not. Though I'm sure there's the person who like works from home that's like on the side doing that.

But whenever you think about a smaller business or medium-sized business and what they need to look out for and what they need to prepare for, you do need to think about what other tools are my employees using on the side? Or what am I as a leadership team actually using that I should not be using? So we cover a lot of that in today's episode about how important cybersecurity is, why cybersecurity is everyone's job. So I'm really excited to be able to share that today since we haven't really covered that many entrepreneur stories on experts so far. True. And I love when these...

really impressive entrepreneurs talk about imposter syndrome. That was really cool to hear him talk about. At 28 years old, he was a chief security officer and he said it was really challenging to the point where he left. And he said something really succinctly, which I liked. He said, where there's risk, just add process. So the more people you have in your company, the more human error there is likely to exist. So there's plenty of risk, but what do your processes actually look like?

Yeah. Yeah. And I really like that because it takes away the assumptions of like, oh, my process is this way. Where do I need to put in a security step versus like, how do I just rewrite the processes and make it more secure from the get go? But before we get over to Taylor from Eden Data, I have a huge ask for all of you. Please hit that like and subscribe button. It means the world to us. And here's Taylor Hursom, CEO and founder of Eden Data. Taylor, welcome to the show.

Thank you so much for having me. I am excited to be here. It's an amazing setup. Yeah. Well, I'm excited because you're our second studio guest for this show. So number two. Oh, gosh. No pressure. You told me that at the beginning. Yeah, sorry. Yeah. That's amazing. I feel honored to be here. Yeah, of course. Of course. Well, I want to kick it off with just a description of what is even data because your company is a little bit newer. Yeah.

right? It's a little bit on the smaller side. People may not have heard of it yet. Absolutely. So give our listeners a taste of what is it that you're doing? Of course. It changes by the week, I feel like. But I did, I started Eden Data in 2021. And it's essentially a cybersecurity firm that works with a lot of venture-backed

startups, scale-ups, publicly traded companies in building cybersecurity compliance and or data privacy. So we can help with anything from people that are trying to align with a specific regulation to trying to protect their assets on the internet to aligning with privacy regulations in other countries. We do it all online.

And then we built it to be kind of like the outsource team. You know how lawyers, they'll typically have in-house counsel and then they'll outsource a lot of the technical stuff. That's how we try to treat ourselves as well of being that resource to existing team members and be the specialist that they need.

when they need it. Yeah, yeah, no, that's awesome. And I kind of want to get into the origin story of Eden Data a little bit because I think it's very interesting. But before we go there, a huge part of our audience is, you know, customer success leaders, business leaders, right? They may not be in the weeds on IT and cybersecurity. So could you give us like a definition of when you say we help with cybersecurity, what is cybersecurity? What does that even mean? Well, and for context, I

My background, I feel like, is arguably more on customer success than it is in actual hands-on keyboard cybersecurity work. But for the listeners, essentially, if you are a company that collects customer data and you're putting that somewhere, then you need to build what we call controls to be able to protect that. And so this could be things that are technical, having systems be scanned for vulnerabilities and having mobile device management deployed on your laptops. But it can also be things like

I just need to check to see who has access to the system every once in a while to make sure they still need access. I need to make sure that the person in finance is actually getting approvals before they're sending out massive checks, things like that. That's essentially what we're doing in a nutshell. And then you have a lot of these compliance regulations that you, there's optional and there's required. So HIPAA, a lot of people have heard of HIPAA. It's protecting...

protected health information, making sure that folks aren't selling my medical data on the internet. And then you have optional ones. A lot of SaaS companies out there are aligning with things like SOC2. That's probably the most popular. And that's optional. That's like an optional certificate that you can go put on your virtual fridge. But it's a security standard that checks for all different ways that you are protecting your customer's data with an application that you provide to that customer. Yeah.

So typically those customers have a SaaS solution, they're storing the data in AWS or Azure or Google Cloud. And you give that as a means to be able to create more trust between your customers to showcase, hey, I care about your data. And here's something that I went out and did that I didn't need to do in order to prove that. Yeah, I love that. Okay, we're going to dive a little bit more into all of that. I'll make sure not to get too nerdy on it though.

before we do, I want to talk about Eden Data and kind of your foray into cybersecurity because

I read on Medium that you wanted to be a chef. Oh, my goodness. You went to the way back machine. Yes, I did. Tell me about that. How'd you go from I want to cook to now I'm working in cybersecurity? Classic, like growing up, not knowing what you want to do with your life. I did love to cook. I got great influence from my grandparents early on. And so in high school, I took on a job where I was, I started at Chick-fil-A and then I worked up to a random Italian restaurant and

And then another Italian restaurant. And by my senior year, I was a sous chef and I was like getting out of school early to go cook at this restaurant. And so it gave me all this passion for cooking and I'd come home and I'd cook for my family and do all these cool things. But then it quickly became a chore of like,

I love to cook and I don't want to ruin that for myself. Yeah. And so I'm so thankful for that job opportunity because I had applied for culinary school. I was set on going to culinary school. And then I realized, I think I like this as a leisurely activity and not so much as a profession. So I pivoted and

And then I briefly went for physical therapy before. Yeah, I was in physical therapy and shout out to, I went to college in University of Montana as like a rebellious, I'm born and raised in Austin, but wanted to get away from my family. How far is Montana? You know, how many people are out there? It was an amazing experience, but they make you go through business school regardless of where you are.

what you're going for in terms of degree. So huge shout out to David Firth, my professor for MIS 270. He was the one that said, physical therapy is probably not the best profession. You would be better in business consulting. Why don't you just switch your major? It helps that I was like almost failing all my classes. Oh my gosh.

For going from a straight A student in high school to going to like anatomy and biology. Oh, I was terrible. I was so bad. So bad. Yeah. I took anatomy in college and that's what turned me off to, I was going to be biomedical engineer. And I was like, I love math. I'm great at math. And then I sat, I remember like almost being in tears in my first anatomy class being like, there's just no way. There's no way I'm going to be able to memorize these. There's no way I'm going to be able to pass. And I went straight to my, um,

to the college like admin and I got switched to mechanical engineering because I was like, okay, I don't need to know body stuff. Yeah. Like, no, thank you. Did you have to do the cadaver as well? No, no, I didn't get that far. That's what ruined it for me. Yeah. No, no, thank you. So, so then, okay. So you've decided at that point, okay, I'm interested in business consulting. Exactly. And then how'd you get over to cyber? So that when I switched over, that was my, my junior year. And I, uh,

I like going from physical therapy with low grades to MIS. All my friends were getting internships at KPMG and Deloitte and EY. And I applied and nobody would even give me an interview. I just looked terrible on paper. So I basically gamified everything.

I went out and did all of these volunteer activities. I got more jobs. I boosted my grades. I was volunteering at the school doing all these things. And I got this incredible opportunity to, I got a full-time offer from Deloitte my junior year. And so I just was like, I've never heard of Deloitte. I've never been to Portland, Oregon, but sign me up. This is what you go to college for. So I signed up for that almost a full two years before I started. And

And then I blindly just accepted what they gave me, which they put me in what's called IT audit. So essentially working on the IT controls when you're auditing financial systems for these huge companies. And I was mostly like Fortune 100, life sciences and healthcare style companies. What was it like working with those types of large enterprise companies, especially right after college? You come straight out of college and now you're like working with these companies.

Fortune 100 brands to help them with their IT. Yeah. What was that like? It was a bit terrifying for multiple reasons. One of the scariest parts was that they really just throw you right in the deep end. And these customers are getting charged hundreds, if not thousands of dollars an hour to put basically what I felt like a college kid coming in there with no experience. And they were putting me on these engagements and you're interacting with C-suites at these at

these companies. And it was, it was basically like you, you sink or swim. They, they throw you into the deep end and they give you the coaching and somewhat, but otherwise you're isolated on these engagements. And, uh, and it's, it's a pressure cooker at, uh, at the big four, especially simply because they have so much turn in that first two years. Yeah. You either love it or you don't. And so, uh, it was a good wake up call for me, uh, because I was never good at like

detail. And this was something that I, so many work papers and you're, you're literally auditing the financial systems of these companies. You better be good at details. Yeah. So did you end up loving it or kind of like, where was the path for you after that? I realized I didn't answer the second part of your question of that. IT audit technically doesn't have anything to do with cybersecurity, but there's some overlap. So, uh, with, with IT audit, uh, you're still testing what we call controls to, to figure out, uh,

how people are protecting the financial systems that they hold their financial data in. And then I got an early opportunity at Deloitte where I was able to get on a cyber project. And that's right when cybersecurity started becoming a thing. Like what year was this? 2015 or so. And so by that time, you have the target breed

You have the Home Depot breach. You have a few. And cybersecurity was becoming very exciting. And it was still new. And so then Deloitte paid for all this training for me. And so I kind of got this early unfair advantage of being able to jump into an industry that was just budding. Still working with huge companies versus the ones we work with today. But it gave me the fundamentals because there's so much overlap in those industries between the audit side and the...

the cybersecurity side. So you, we, we explained to our customers now that you're always trying to protect yourself either against an auditor or a hacker. Like that's the way you look at it. Yeah. We all have to go through audits for various reasons. And, and so a lot of the fundamentals are the same. Yeah. So I was actually super thankful. It's not fun to be an auditor. Nobody wants, like nobody likes auditors. I don't think, but it was a good experience. Yeah. Yeah. Okay. And so then carry me through from that experience at Deloitte to, um,

Oh, I'm going to start Eden Data. Like what happened between Deloitte to founder of Eden Data? I wish that I had like this master plan that I could tell you about and that I had this all figured out. In your college dorm room? Yeah, yeah, yeah. I was no Mark Zuckerberg. Yeah, I actually, I always used to call myself a wantrepreneur because I would...

I would read countless books on entrepreneurship and I always told myself I wanted to be an entrepreneur, but I never took the risk. I never made the leap. And so right when in about the 2018 period, I got an early opportunity to become a chief security officer at a company in Austin. And so I took that opportunity, did it for a couple of years, hated it and quit my job.

And I had all these interviews and I was just thinking I was on top of the world. I was a little cocky, frankly. That was February 2020. And so everybody paused their hiring efforts. All my interviews dried up. I had just proposed to my now wife. I just bought a house.

Um, I, it was like all of these life events happened and then COVID hit. And so, uh, I was actually out of necessity trying to figure out how the heck am I going to put food on the table? And so I just did a bunch of research online and found upwork.com.

And that was for the folks that aren't familiar with it. It's essentially a freelancer website for all kinds of things. You can find video editing, you can find marketing, fractional sales. Yeah, we use it all the time. Yeah. Okay. So it's incredible. And it had cybersecurity opportunities on there. So a lot of like consultancy

consult me on SOC 2 basically. And so I was just offering my time on there by the hour until I figured out, oh my gosh, there's a massive opportunity here. And so I kind of gamified Upwork a little bit to where I was

offering my services for an expensive price and then dropping them a message and saying, I'll do this for free or I'll do this for really cheap if you just give me a five-star review. And so I built up like 20 to 25 five-star reviews. And then all of a sudden, I put out a million applications and

nobody responds back and except for the handful and then I get 20, 25 five star reviews. And suddenly I was in a bit of a pickle because everybody accepted at that point. And I had all these contracts that I needed to execute on. So it was a wild time. But

I was on Upwork for about that February to March timeframe of 2020. And then by August of that year, I was Googling how to start an LLC and launched Eden in January of 2021. Yeah. Okay. So can I jump in? What was the worst part or the most challenging part of being a CSO at a younger age? Like in my head, I'm like, oh, that seems kind of cool to be this young executive in the C-suite. But what...

What was the most challenging bit that made it hard enough that you wanted to just leave? Yeah, such a phenomenal question. So for perspective, I was 28 years old at that time and I just didn't know what I was doing. That was probably the most intimidating aspect. You can find a lot of information on the internet, but someone gave me an early opportunity and I

I just felt like I didn't want to squander it for multiple reasons. But the biggest reason was that the opportunity allowed me to be a little bit more, I guess, public. And so I was in front of a lot of people talking about business. And I had this very brief moment to be able to build a brand and kind of lean in. But it was terrifying.

terrifying because I just kept telling myself that it was imposter syndrome. So it was very much I shouldn't be here. I don't know what I'm doing. And then it was a good experience for me to figure out. I think a lot of people make up a lot of things a lot of the time. Yeah. And so you can do that at any age. Mm.

And so being able to understand that not everybody has it figured out, even folks that are twice my age, and then having confidence that, hey, I know as much about this particular topic or more than the person I'm talking to. That was something that I got to figure out through trial by fire, for sure.

Do you still struggle with imposter syndrome now? Oh, yeah. Yeah. I think I don't know if it's I imagine most folks do. But even now, I'm a first time founder and I feel like I got accidental success. And so you're you're constantly telling yourself like what some days I figure out I'm sitting there. I'm like, what am I supposed to be working on right now? Like, what am I supposed to be doing to move the needle? Because I'm just throwing darts at a dartboard. Yeah. But it

I think intuition goes a long way. And then I think that a lot of people just don't actually always know. They're just willing to take action. And that's a huge part of anyone's success. Well, action and risk from that intuition, right? I think we get stuck in these cycles of supposed to. What am I supposed to be? How am I supposed to be presented? What am I supposed to look like?

And if you just shake that and you're like, there is no supposed to, I'm doing this for the first time, this company for the first time, I can literally do whatever. So how about, what do I want to do? Right. Right. And asking that question instead of what am I supposed to be doing? And you get caught up in these rules that, that you think society is set for you. I think we were talking about Upwork, like even Upwork, when you're applying for gigs, it only allows you to put a project or an hourly rate in there. And so I had to

I had to basically figure out how can I get folks to just pay me a monthly retainer instead of me charging my services by the hour or by a project. And so working around that system and not just accepting it at face value ended up being probably

arguably one of the biggest game changers for me because I started getting recurring revenue on Upwork, which then turned into our model today because I failed to mention this, but Eden offers our services as kind of a subscription style service, very similar to the companies that we sell to. And that has been a

A huge difference because you have it's the antithesis of kind of what I learned at Deloitte where it's like just charge everything by the hour. There's a finite end to everything. You're incentivized to take as long as humanly possible. That model just didn't work for me. But back to the original topic here of rules and expectations and just questioning those constantly. Yeah.

will take you far in life. Oh, for sure. For sure. Well, yeah. And what I like about this monthly retainer model, I find it really interesting is because cybersecurity is this constant marathon. Like we're just constantly trying to stay ahead of regulations or in the worst case of bad guys who are trying to break in. Right. So like they're not slowing down or stopping. So there is no end to their motives. Right. Right. So there shouldn't be no end to you being concerned or trying to

you know, create a really strong foundation for your cybersecurity and your company. So I think that that makes a lot of sense having this like monthly recurring model for sure. Yeah, absolutely. Well said. Even on the compliance side, if you were, we were talking about SOC 2 as an example, if you go and you align with that standard and you get audited against it and you pass, that's awesome. Except that that was for the last year and now you restart.

Everything that you had to do, you have to restart it and you have to prove on a continuous basis that you're doing the things you say you're doing and issue that report every year. So security and compliance and privacy, it's very much a loop and not a line. And so that, yeah, I like your perspective there. So what else are you doing at Eating Data that's different than maybe how these other big firms are doing things? Yeah.

Oh my goodness. So we, we very much, I came out of Deloitte with a, with a chip on my shoulder of like, they set a great foundation for me, but there were so many things that I just didn't love about how business was, was being done. And so I tried to, a lot of what we were building, I tried to think

Okay. What would Deloitte do? Let me do the opposite. And so the subscription is one example. You have like a little bracelet instead of like, what would Jesus do? What would Uncle D do? Yeah. So we also, our brand, if you go to the Eden Data website, like

we were very obsessive about not being the blues and the grays and the whites of the marketing world when it comes to being a consulting firm. And you have people in business suits on your website and whatnot. It's just so boring. And so we went with what could we do to stand out? We may have gotten a little carried away with that neon.

but now neon is like a big part of our brand. We send all of our employees neon signs that they have in the background. Like we did little things like that. So we, we very much focused on the brand and making it exciting. And then I think that the last thing that we're fairly, that we're really proud of is just that a lot of times security is fear, uncertainty, doubt. It's like vendors use it to say, you're going to get breached. You're going to end up on the internet. You better pay us a lot of money. And we've used it, uh,

as a mechanism to say, hey, look, this is just another way to earn trust with your customers. This is a way you can boost your sales. This is a way that you can stand out on the internet from your competitors by saying, look, I care about your data more than those folks do. And so that was a big accidental learning lesson pretty early on that allowed us to pivot and achieve success with it.

So from your perspective as the founder and the CEO, how are you thinking about customer experience for your clients too? Because it's like you talked a lot about brand and marketing and kind of how you set up the company differently. But how are you actually treating your customers differently? Oh, my goodness. I said, oh, my goodness again. But I'm like, this is another topic that just is so darn important to me. I have...

We've been obsessed over customer experience since the beginning because at the end of the day, we're selling a service that while it's needed, it's not very exciting. People don't care about cybersecurity and compliance. That's actually why they hire us a lot of times. And so to be able to make sure that they have a wonderful experience with us, I mentioned in the beginning, nobody likes an auditor.

Nobody likes a cybersecurity person as a close second, right? Because it's just not a very exciting topic. And a lot of times it's looked at as a cost center. So how can you make the experience wonderful? One of the things that we do is we are obsessive about how we gauge the performance of our employees based on the customer service that they're giving. So a lot of times it's easy to look at utilization and obsess over hours, but that's all...

the qualitative aspect of how are you...

How are you treating your customers? How are they responding in customer surveys? How are you making sure you're proactive about the things that are important to their business and pointing that out to them early and often? And then we do little things like making sure that we're sending new customers gifts and making sure that we're remembering kids' birthdays and trying to focus on ways that we can be more a part of the team rather than a consultant that's just sending an invoice every month. Those are just a few of the ways.

And then the last thing I would say is that we don't have it all figured out. We are certainly still expanding on how we're offering customer success. And so we are like as we plan out for 2025, we're hiring more customer success managers and we're looking at new ways to be able to touch our customers more often without just sending them a simple survey. Yeah.

So those are just a few. What's your guys' head count right now? Right now we're about 75 folks. Okay. And then how many clients are you guys serving? We have the last time, like across all of our services, we've surpassed the 500 mark. Yeah.

Oh, incredible. Okay. That's a lot. For a small headcount. For perspective, we have our subscription style customers that are long term. We have our penetration testing team. And then we also have one-off services, internal audit services and implementation services and all that fun stuff.

So then as you've grown from like, I'm on Upwork. Oops, I bit off more than I can chew. There's way more people like coming, saying yes, they want to work with me than I thought. This turned into a business for you now. How did you go from that step of I'm on Upwork to now I've taken them off, these clients off of Upwork. I'm working with them directly. Oh, I'm going to hire my first team member. Oh, now I have 75 team members. Like talk to me a little bit more about this like scaling process. Yes, it was very much, it felt,

during the time that I was just making it up as I went along, uh, in hindsight, I think I had it a little more put together. Like I put in a tremendous amount of effort to make sure that I was reading as many resources as I could and figuring things out. But I also, uh, back to that mentality of let me look at how other companies are doing it and figure out what I can, what I can borrow and what I should avoid. And so that was very helpful. Um, especially early on as I was trying to define our culture and define the people that we were hiring. But it,

in terms of how we were able to grow in the first place, the thing that we were able to be successful in is I basically said the cybersecurity industry is built on trust. And so

the average business is not going to go on the internet and say, I need cybersecurity services and then just hire the first vendor that they find. It's usually word of mouth. And so I went out when it was just me, myself and my dog and, uh, and try to build relationships with a few vendors. And so I cold messaged, uh,

like one of the top audit firms out there that was doing a lot of audits and likely had customers that need help getting ready for those audits. They put me on the map. They just respond after you pester them enough on LinkedIn. They do respond and then. Slide in those LinkedIn DMs just again and again and again. Yeah.

And then a huge shout out to, to draw to their, a great venture back scale up. That's been around for, um, about the same amount of time and they've just had massive growth. But early on in our trajectory, I messaged the founders and, uh, I just kept pestering them on LinkedIn saying, I want to be a partner. Uh, I can, uh,

A lot of times with partnerships, people are just saying, give me, give me, give me. I want leads from you and I want you to help me. And you got to focus on what your partner needs and just give. It's kind of the Gary Vee model of giving free value and then they'll take care of you. It's kind of like flipping customer experience right now. It's partner experience.

how do I have like a great experience with my partners? Yeah. Yeah. As for customer experience specifically, like you just need to obsess over what is it that my customer needs and how can I make it happen for them? And then your customer is going to be indebted to you for like that's that's one of the things that we figured out early, both on the partnership side and on the customer side. And for timeline wise, this is during COVID, right? This is all happening. Yeah. Like you're not able to meet up in person really with people and like build those types of foundational relationships. You're doing this all virtually.

Exactly. So 2021 time period is when we established some of our most successful partnerships and they're still with us today. And then that was a weird part of all of this is that coming from Deloitte, where I had to be on site every week with customers, not meeting most of my customers in person was just such a surreal experience. Them giving me money over the internet, like that's just a weird, but thankfully the world accepted that.

And so it made it a lot easier for someone like me that didn't have the means in the early days to be able to be that high profile consultant on site. - So I wanna talk more about current threats that people and businesses need to be aware of, especially 'cause you work with smaller companies.

As well as like medium sized businesses, right? Yeah, all the way up. We have some publicly traded companies. Oh, wow. Okay. Up to, yeah, I think our biggest client has over 10,000 employees. Yeah. Wow. So like when you think about these companies, what threats are they facing currently? And I want to be mindful of what you just shared, which is you don't like to talk a lot about like the...

we call it the FUD. Yeah. If you're uncertain, need doubt, like you don't want to be, I don't want to lean into that too strong, but I do think it's good to be realistic and honest about like what's out there that people do need to be aware of. Yeah. And for what it's worth, the risks are there, whether we want to talk about them or not. But yeah,

Regarding companies as a whole right now, what's funny about cybersecurity is a lot of it is still related to the basics. So we had the Coinbase breach last week, actually. And if you go and you look at these data breaches. I didn't see this. So tell me more about that. What happened? Yeah, so I read one quick article on it. So I probably can't speak to.

Yeah, there we go. What I found was the breach was not due to technical vulnerability, but rather a human one. Cyber criminals exploited the trust placed in customer support agents by offering bribes to a few overseas contractors.

These insiders with legitimate access to customer support tools extracted sensitive user data. The attackers then used this information to impersonate Coinbase representatives aiming to deceive customers into transferring their cryptocurrency holdings. And we're writing a LinkedIn post for it later this week, but I can talk about...

million data breaches, Okta, the Home Depot breach, Target breach. There's a lot that are very much related to simple things. And so this is not that someone had a super sophisticated attack and followed them for months. There are some cases like that. SolarWinds is a prime example here in Austin. But

Most of the time, it's like someone forgot to change their password. Someone didn't enable MFA. Is it really that simple? Someone didn't get removed from a system. Target got breached through their HVAC system. Like they had an HVAC system that was connected to their Wi-Fi and then they were able to, or not their Wi-Fi, but their corporate network. And they were able to compromise through that. So the focus a lot of times is starting with the basics and

We're still in this golden age where security isn't viewed as valuable as like marketing or finance. And I think it'll get there, but it's certainly not there today. And so you don't usually get as much funding for it. A lot of people just kind of ignored it. I mean, just last in the last two years, there were not even half of the Fortune 500 having CISOs on their on their staff. Wow.

The world's still catching up that cybersecurity is important. So focusing on the foundational stuff already makes you a smaller target. But also like specifically is AI right now with the boon of AI, a lot of customer success folks are using AI in their everyday functions. And so with that, you now have...

an LLM, you have a system that you're dumping a bunch of data into with not a lot of controls, like we were talking about controls before. And so there's a big uptick in how do you focus on the cybersecurity behind these AI functions that you're using to ensure that you're protecting the data that's going into it, because it's a whole different ballgame than how we were doing business before. Well, now I'm thinking about like even chat GPT, like the amount of stuff, personal stuff that I

put into GPT to help me like solve my life, right? You know, you're like, oh man, I hope no one sees this. - Right. - But that's not even business stuff. That's not actual like healthcare information for someone or whatever, right? - Right. - But it's the same, a lot of these companies are using the same kind of foundations of these LLMs, right? So it may not be, I'm talking to ChatGPT, but I'm using some sort of API or something that's leveraging that, right?

So yeah, like how secure are these things as they stand? Well, first of all, I would shout out to you for understanding that at least for ChatGPT, like you're not just going and uploading massive amounts of health records. Yeah. Unfortunately, a lot of people are. Really? Yeah. With ChatGPT specifically, you have multiple subscriptions. So if you look at the fine print, like free version, that data is at –

it's accessible to that company and they can use it however they want. But we still, we'll sign customers and find out that they're uploading

patient health records and financial data. And they're saying, oh, can you organize this in a table? Well, you're uploading the original file of these poor people's dates of birth and social security numbers and such. So a lot of times it's simply just not understanding the value of what you're uploading and then not having any kind of controls around who has access to that. So I would like to think that OpenAI specifically

has a lot of incentive to make sure that they are not ending up in the news. And so they're going to throw massive amounts of money at security. But then a lot of these like these startups that are just adding AI functions. I mean, we went through this this whole last year. Probably every SAS subscription you have contacted you and said, Hey, we have a new AI function. Yeah. Ten times. Yeah, exactly. And so the the protection behind that, the

It's the Wild West right now. People are just blindly doing it because they're focusing on capitalism first, which makes sense. They have to operate as a business. But figuring out how do you protect that? There's the implications of, of course, personal data. And then there's also the implications that we deal with, with like nation state risks. We now have this battle with China and Russia and the USA. They're all battling on who has the better algorithms, who has the better LLMs. And we're all training it on algorithms.

data. And so now it's who has the better data set. And so being able to protect that data so that you're not giving a leg up to a nation state that has implied, you know, that harmful intent, like things like that adds a whole new element to all of this. Well, I mean, and speaking of the like stakes, like what's at risk with cybersecurity, we have another podcast called Big Ideas Lab that we talk to folks at Lawrence Livermore National Laboratory and they work with nuclear weapons. Oh my gosh.

Oh my gosh.

A China or Russia can get a hold of our security systems and break in. Right. So like and that kind of stuff is happening. So it is it's interesting because like from a military standpoint, we are like, I think, well prepared or we try to be at least. Right. We're definitely talking about it. But at the business level, which from like a China or Russia perspective, they still want to get that information from the businesses. It's not just from the military. Like there's plenty of valuable stuff within Russia.

a small company that they might want. So it is interesting to me that like we paid such big attention from a military standpoint to cybersecurity, but then like as little individual companies, we have not been doing that. We're not putting enough money there. We're not planning enough for our head, like something that I definitely wish more people would think about.

Very well said. They have these 10 person startups out there that have this intellectual property. It's their entire business and it's extremely valuable. So passing that off to China or Russia, you're just giving them an unfair advantage. So it actually just becomes more applicable. Or your competitors. It may not even be like these states outside of you, right? It could be like, oh, other business over here that's also trying to make a business that's similar to mine. If I'm putting in GPT, this idea that's novel-

Now, suddenly it's out in their data set. So that's not really hidden or novel anymore. Right. Like, so from an IP perspective, it's a nightmare. Exactly. And from a different example, what was it? Three, four weeks ago, Portugal and Spain, they lost power across the entire country. Oh, my God. And they're still speculating on what happened. Yeah. And there's there's.

all kinds of theories around malfunction. And I don't want to imply that I know everything about what happened there, but just think about if that were a lot of our infrastructure has very basic function in general and not a lot of protection from a cybersecurity standpoint. We're just now starting to figure that out. So taking down the power for millions of people like that on a whim, again, not implying that that was a cyber attack. They're still speculating, but

That's terrifying. Yeah. I remember, I think it was a year or two ago and like the AT&T towers went down for no reason. Do you remember this? And like, there's still no explanation released about like what happened. And I didn't have, I have AT&T, so I didn't have phone connection for like a whole day. Yeah. I'm like, no one's going to tell me what happened. No one's going to own up to something.

We never covered this. And it's the impact is, is insane. The, the CrowdStrike update that went wrong and took down all the airlines. Oh yeah. Yep. That was, that's, that's crazy. And then, yeah, it's just, it's not. So the stories are endless. Here I am doing fear, uncertainty, doubt, but back to your original question of risks. A lot of it really is foundational. So I do think that, that, that,

We talk about all these articulated attacks and sophisticated rather. And in reality, it's focused on the basics and it sets you apart quite a bit. Yeah. So whenever you're talking to new clients or people you're already working with, like how are you?

positioning this to them? Like, what are you saying? Hey, this is what you need to be prepared for right now. This is what you should be prepared for like in a year. Here's how we can support you and what you can do to like actually solve this. Because I don't want to just leave our listeners that like, there's this problem. So get a cybersecurity expert. Right. But like, what actually, how should we be thinking about this? What can we actually be doing? So we have this principle at Eden Data where it's very much focusing on when a customer comes to us, we have to assume that they don't always know what they need. Yeah. And so they...

a lot of times with security, a company will get contacted and say, hey, I need anti-malware and they'll sell them anti-malware. But we are focusing on, let's actually talk to them that knowing that this is not typically a topic that people understand deeply. Why don't we understand more about their business, understand what they're trying to accomplish, understanding why they are asking for,

what they are asking for. And then oftentimes the, the goalpost moves. And so, uh, in our sales discovery calls, we don't have presentations. We don't send them a huge pamphlet on all the cool things that we do. We just have a business conversation. We trained our sales professionals to be able to ask questions about what do you do as a company? What countries do you operate in? Uh,

Who is your customer base? Are you selling B2B? Are you selling B2C? Figuring out some of those foundations. And then from there, we're able to advise on, hey, this is actually what I think you need to align with. And again, it's like it's crazy how many come through asking for one thing and we pivot them to something else.

Or we tell customers, hey, you actually don't need us. You actually don't need this for X, Y, Z reasons because this landscape is so hard to navigate. There's so many freaking acronyms. It's ridiculous. So that's kind of our approach to a lot of this. And it's worked out really well because if you can tie cybersecurity and compliance and privacy to privacy,

business strategy, then you suddenly have buy-in from CEOs and CTOs and people that don't normally care about security as much or prioritize it. So what's interesting to me about everything you've just shared there is first off, the sales

strategy is brilliant because like from a customer standpoint, we're talking about customer experience. Like, oh, you actually hear me. You're actually listening. Right. And then you're actually giving me something that's going to solve this problem that maybe I didn't even yet identify was my pain point. But now you've helped me kind of figure out, oh, this is what I need. Right. Or, hey, we actually can't do that. But here's maybe someone else that could do this thing. Right. So you're actually listening. So from a customer experience standpoint, I think that's brilliant. I wish more sales teams would do that versus the like 60 slide deck of all of our features that

is probably like a bunch of acronyms that no one understands anyway, because they're not the expert in security. So I love that. Just want to commend you guys for that. And the other thing that you mentioned around helping tie the cybersecurity to

helping tie cybersecurity to like this executive leadership, right? You're actually helping people tell the story, right? So you're helping, you're training your sales team on like storytelling. Hey, this is how you present this to your leadership team to get buy-in. Here's why this is important. And I think a lot of cybersecurity companies, IT companies also struggle with this. Like it's really hard to bridge the gap of like, here's this technology

technology that you definitely need. And here's how to tell the story in a way that like executive leadership would actually hear you on why you need that technology. Exactly. If you're selling cybersecurity, a lot of times like it's a, it's a CTO or the head of DevOps or, or a CISO or someone that speaks this language that you're initially selling to, but everybody needs to buy in on this. And we're all speaking different languages around security. The CEO does not care about security in the same way that the CISO does. Yeah.

And so being able to to interpret that pig Latin in a way that that they can understand and that they can apply to their their metrics is quite important. And then also having more than you touched on just the our particular sales strategy related to customer engagement.

and buying. I, one of the things that I very much was surprised to, to understand as I, as I advise more and more companies is that sales and customer experience are oftentimes not tied together at all. And so then suddenly you're selling them one thing to try to get, uh,

what you think that they need, not to mention get your quota, get your commission. And then you hot potato that over the fence to customer success. That's trying to put a square peg into a round hole. And so having equal incentive for both parties to be able to work for the entire life cycle of a customer just seems like a no brainer, but it's a, it's a minority approach for a lot of our customers that we talk to. And I advise various companies on it. And it's, it's,

It's just wild to me because at Eden, we make sure that the sales team and the customer experience team are the same team. How do you do that? We have them, sorry, they're the same department. Yeah. And we make it to where if a,

customer is not sold something that they are happy with and, and, uh, retain with us for a long time, then, then both people suffer. But then if they, sorry, that's a very, that's a very blunt way to put that. Yeah. Yeah. Suffer is not the right word. Yeah. So we, we make it to where both parties are incentivized for the success of the customer, both today and a year from now. And so a lot of sales teams specifically will, will not, um,

benefit the sales rep when they do a renewal for example that seems so silly to me like there's there needs to be some kind of buy-in that that you as a company as a whole when you're trying to sell trust on the internet and build trust that everybody is bought in on that and everybody is showcasing that to the customer so if you've touched the customer a lot of times a salesperson has the the relationship and they can collaborate with the customer uh success uh

manager or customer experience leader and and be able to add value in help the the CX leader to meet their numbers as well. Yeah, it's just something I'm very passionate about because I don't understand why it's not structured that way. Yeah, yeah. Yeah, I don't get it either. And this is where

something that I've said a lot is that experience is everyone's job. So customer experience is literally everyone's job, right? Which while I was preparing for this interview, I was thinking about how cybersecurity is also everyone's job, right? Totally. Like from the anyone that's connected in your system in any way, we just talked about target with the HVAC, right? Like everyone needs to be trained on that. And I think at least what I've seen happening with larger companies is that cybersecurity training is like

15 minute video that you watch on onboarding. So I am kind of curious, like, how are you helping companies teach their employees about cybersecurity? Yeah. So I actually have a pretty non-traditional approach to security training in general, simply because of being in this industry long enough. What I've figured out is that humans make a lot of mistakes. And so this is not something that interests us. The cybersecurity is not the most exciting topic. We

how can we remove the risk from, like, how can we remove the human to remove the risk? That's the focus that we do. And so we do do cybersecurity training. It's the requirement for various compliance regulations and standards. And so people have to watch a video. We'll do live trainings. We'll do more interactive. We try to gamify things like a tabletop exercise. And it's like,

your laptop was compromised and or you left it at a Starbucks and it had all this big PHI file on it. What do you do? Yeah. And then we throw in different scenarios. We try to do that and make it more engaging. But at the end of the day, this is not like something that someone's going to get super fired up about in general. So how do you remove the human and create what we call automated controls as much as possible? Yeah. So.

Things like access management. You can manually go and review your users in a system and say, okay, John Smith here shouldn't be in here anymore. That requires a human to log in and look at all the users. Or you could just do what's called just-in-time privileges, which is like you give someone temporary access and it expires. And so they need access to this system temporarily to do their job function, and then it expires. They can't get back in, so therefore that account can't get compromised. Yeah.

That's how we treat. We basically remove the awareness part in some cases because we just think that humans should focus on the things that we're great at and take away the nuisance that is like cybersecurity. For sure. I love that. I love that. I love that perspective. So

Are you guys using AI? It sounds like you're using automations, but how else are you guys using AI to support that? We are. Yeah. So we're using AI in a couple of different ways. So we leverage a lot of there's a lot of amazing tools out there that are built by great companies that are incorporating AI to be able to identify threats faster, to remove threats. One of the biggest components of our industry is AI.

a lot of threats are false positives. So you get so many events happening on a system that, and it was humans scrolling through that before. And so a lot of people offshore that to contractors, which creates its own set of risks. Yeah. It's still human error potential, right? Yeah. But AI is getting better than humans at this. And so being able to just sift through and say, Hey, I should actually pay attention to, I just suddenly our CEO logged in to our

financial systems in India, and I'm sitting right next to him in Boston. Those kinds of things, being able to focus on those. And then also creating on our end, we have all these wonderful cybersecurity professionals that we usually hire pretty experienced rather than out of college. And so as you master your craft, you want to work on exciting things. You don't want to be sifting through a bunch of monotonous work and

work papers and policy building and such. So we focused heavily very early on on how can we remove the monotonous stuff, the things that we're not even, we can't even argue that our employee would be better at than AI, for example. And so we've built a lot of tools to streamline processes internally so that we can do things like project management and tracking our time and other productivity elements in order to give a better experience to the customer. So it's not just

For cybersecurity, you guys are using them, yeah, for your employees. How do I get my employee back some time so they can focus on this thing that's actually more interesting than logging time? Or inadvertently give the customer a better experience. So we split in how we look at AI. There's certainly other ways to leverage it, but those have been the big impact areas for us in the last year or so.

So as we think about AI, like as we're moving forward, and so let's say I'm maybe a small business, right? Like maybe I've got 500 employees. What do I need to be prepared for in terms of security and the things I should look out for in the next couple of years as AI improves? What are you kind of preparing for? Oh my, yes. So the biggest threat that we're seeing right now is just figuring out

from reality in terms of like phishing emails everyone knows about. Don't click that bad link. Yeah. It's getting pretty darn hard. And so you can't expect for humans to be able to pick up on that constantly. And so there are a lot of great tools out there that will pre-scan, uh,

The links in every email and such, check the attachments, that kind of stuff. Those have been out for years and companies don't use them. They're getting more affordable. And so any size company should be adopting things like that. I try to look at the biggest risk areas. That's a big risk area. The other one that we've seen, we've seen a few sophisticated attacks around being able to...

train AI to sound like an executive and then try to get- Or your daughter. Yeah. Like, I need money, mom. Yeah, they've done that. Oh my gosh, yes. I mean, they've been doing that for years. One of my big inspirations for cybersecurity, my poor grandmother got a call and sent $8,000 in cash

thinking that I got arrested in Wyoming and we were able to get the cash back, thankfully. But that stuff's been happening for decades at this point. But now there's no way that my grandma could pick up on it when they take a video of me speaking on LinkedIn and make an AI version. It's just, it's terrifying. And so being able to have awareness that these things are happening and adding again, back to the word controls, like for, I

I wish I didn't have to say this, but there are a lot of companies out there still where the founder or some executive has full power to just transfer money whenever they want. And so being able to have some kind of checks and balances, no matter if it's like, we have checks and balances at my company and I'm the only founder, like there needs to be

multiple checks and balances on, okay, are you sure you want to make that wire? What is this for? Validate in a few different ways, that sort of thing. Just adding process where your risks are. Those are the biggest areas that I would say to focus on.

And then just focusing, like we've talked about standards, SOC 2 and ISO 27001 and all these cool standards that are fairly easy and getting more affordable to adopt in general. And those are great ways to not only make you look good to your customers, like we already talked about, but it's also just setting a baseline for yourself. It's like a workout routine. You're starting with the basics. Those are great basics. And they allow you to incorporate a lot of controls into your environment that allow you to

stay on top of at least the big areas of risk. Yeah. You mentioned a little bit earlier that a lot of these breaches that are happening are from things that are just small and could be prevented. So any basic tips from that standpoint of like change your password this often, like things that we probably as a team need to hear, because I know that like

Shout out to our CEO, Stephanie, who's upstairs right now. We've been using the same password to log into our accounts for like three years. So what's your basic tips for people? It's going to seem so basic to probably most of your listeners, but multi-factor authentication is a game changer. Just being able to have multi-factor authentication, that's easier than ever to set up. If a software solution that you're using today doesn't have MFA at this point, that's a problem. You should get away from it.

that's like it's par for the course now. And so then password managers, like there's so many password managers. You can get free versions. I don't recommend you do a free version, pay the $5 a month or whatever the case, or use the one. iPhone has an incredible password manager. Just using that and stop.

like saying like the name of your dog and the year you were born and an exclamation point. Just using randomized passwords goes a tremendously long way. And then the last thing is just like doing a general audit of your, this is on the business side and on the personal side. People forget what they sign up for.

And they forget what they're using. They forget to figure out what software solutions are being used and what's being uploaded into it. And I know it sounds tedious, but even just taking one application a week and saying, do we still need this? We're getting charged for it every month. And sales just imported this into our Salesforce. And now we're importing all of our customer data. Like,

There's a lot of that shadow IT floating around, both in our professional and personal lives, just going through and cleaning that up. It was such a long way. I need an AI tool that does that. And it's like, hey, by the way, Lacey, are you using this subscription that you signed up for two months ago? Right now it's our CFO who angrily Slack messages me and is like, are you still paying for this? And I'm like, oops.

It's a great idea. There's a couple tools that will scan your QuickBooks and whatnot and say, "Are you still using this?" But yeah, as you get bigger as an organization, there's just so much that slips under the rug. Yeah. Yeah. Is there any quirky, non-traditional thing that you do just as a consumer to protect just with everything that you know about what's going on in the world in terms of cybersecurity?

Ooh, putting me on the spot. Quirky. So I definitely do all of the basics. I, in terms of... I saw something recently. I forget who it was, but he talked about

as just turning off your phone once a day and turning it back on. Same with your laptop. I do do that. I forget that that's not, that's not typical. Yeah, it's not typical. That's a thing. I had no idea. The other one, well, my wife to death, but I have her use a shared password manager that we have that I can force her to use password manager so that she's not just using the name of her dog. And she's been using the same password for decades. That's my husband, yeah.

Yeah. Being able to like not take control, but be able to just kind of force some controls on her. Like, hey, these are some things we're going to do now as a family. That's another, I guess, quirky thing.

thing that I do. So I'm trying to think of if I have any other tips and tricks up my sleeve. Are you super analog in any ways, like with all the vulnerabilities that you're aware of? Are there certain things that you just you don't keep online or that you think other people shouldn't, despite the obvious? Yes, I'm not very big on social media. I have social media accounts, but I don't post a lot on my personal life on social media. Yeah.

Excluding LinkedIn. So LinkedIn, I'll do the professional stuff all day, but personal, I don't even know the last time I uploaded to Instagram, that kind of stuff I've been kind of private on. And then now I really encourage my friends that have kids to be very mindful of when they're putting things on the internet, just not making it public. That's a pretty, another control example. It's like just going through and cleaning up your friends and making sure, does everybody...

that sends you a friend request, need to be your friend, that sort of thing. Because we won't go into the details, but the risks are great there. So yeah, great question. The question I have now is,

Imagine I'm a Coinbase or a Target or whatever. How do I recover trust with my customers after something like this? Oh, my goodness. Yes. Oversharing is probably going to be the best strategy. This is purely my opinion. But when you damage your brand like that, it doesn't matter all of the complexities behind it. I think that one way to not do it is like...

Uber back in 2016. They had a lot of sketchy stuff going on with their data breach and the CISO being federally charged. But Uber threw him under the bus and didn't take any ownership when there was a lot of skeletons in the closet related to how they were funding cybersecurity, how they were treating the importance of cybersecurity internally as a culture, all of that. And so taking the approach of, oh, this is one person's fault and not

the companies is a silly move in my opinion. So basically coming out and apologizing, which it's crazy that I have to say that, but you can go look at a fair amount of data breaches. They just try to dismiss it and say it's not a big deal. This data is not that valuable. Customers don't understand this stuff. So any data breach, anything, even your shopping habits on Amazon, like

people are going to say they're going to have a knee jerk reaction that this is important. So coming out, apologizing, saying exactly what you're going to do, exactly what their risks are, and then sharing with them periodically like, hey, this is something else we incorporated. Here's some more things that we're doing to invest in your security. There are great companies that have done that in the event of a breach. I think CrowdStrike handled it quite well, for example. But Coinbase should absolutely be doing that over the coming months.

and not turn it into like another Equifax situation who's now been breached multiple times. What a joke. Yeah, or Wells Fargo. Oh my goodness, yes. Yeah, so for like larger companies, how are you thinking about, or how do you, what advice do you give to larger organizations on how to instill this culture of cybersecurity and this like mindfulness with what you share and how you're keeping data secure? Yeah.

So I have two answers to this. One is the element that we talked about at the beginning where using security as a sales function, as a brand builder, you can never be too big for that. There's a lot of companies that I've seen that take on this approach of we're so big and anyone will do business with us. Our brand's too big to fail. And it's simply not true. Like we can talk, we were just talking about Coinbase, for example. And so going and investing in security and then bragging about it on the internet, there's a lot of cool companies out there now that

that allow you to build basically like a security page on your website that just talks about all the cool things you're doing. And so we build that for every single customer now and even our largest customers simply because it's a great way to just put an additional merit badge on the internet saying, look, we're doing all of these things to invest in security. But then that depicts a culture externally and internally

But then you also have to realize that, especially for a large organization, most people there, whether you want them to or not, feel like a cog. And maybe that's a belittling term. I don't mean it as such, but it is certainly a, it's such a massive company that they're not going to have the same buy-in as the CEO, for example. And so how can you incentivize them with the carrot and not the stick, right? The stick is that if people are failing there, right now, this happens every day at enterprises, they, someone fails a phishing project

Yeah. And then they have to go through this horrible training and they're they're bitter and resentful and it's just a fun experience for anyone. Yeah. This makes me feel stupid. Yeah, exactly. Yeah. So I think the education element is still important. There's tools out there that can just prevent this from happening altogether. And so.

investing in those, but then also rewarding people for reporting links that are suspicious and, um, knocking out optional trainings on security. Like there's a lot of LMS platforms, learning management systems out there that, that give trainings on security. And there, there are some weirdos like me that, that love this stuff and, and work likely at your company. And so it's like, uh, how do you incentivize those people to, to want to, to care about this? Because then they're going to be the evangelists to others. Yeah. Uh,

So creating these little champions in your organization by rewarding them is something that very few enterprises do. And we really try to encourage it simply because no matter how hard you try, people are just not going to just wake up one day and be like, man, I love security. Well, I think if you kind of mesh it with their personal perspective as well, like, by the way, this is information that you can use in your personal life. Like if you're

a cog, quote unquote, in a machine at one of these really large organizations. I may not care fully about like, I mean, I feel like I have ownership fully in this company, but I'd have ownership in my own life. So if my education helps me personally, I think people will be more likely to put that cap on and like be eager to learn than if it was just

"Oh, this is this small little thing that maybe will help this big company that doesn't care about me." I love that. There's so much overlap between your professional and personal life anyway when it comes to security. Like, you got to protect passwords no matter what. Yeah. You got to keep data private no matter what. Those things are constants. And so I do think that if you even little things like we have one customer that just pays for the password managers for an entire family, for any employees and their dependents, basically. Oh, that's smart.

little things like that is a small expense for them in the grand scheme of things. Well, yeah, because if you think about it, if I can reason my way in with the husband, you know, like and get some information there, then it isn't too far to say that then, oh, the wife who works at this big company, maybe I can get information on her or what she's working on. Exactly. Yeah, it makes total sense. If his laptop's

uh, compromise and connected to the same home wifi as hers. Like there's a, there's, there's a risk. What about security for like, um, security cameras that you have, you know, like the ring doorbells. Like I've heard crazy stories while people hacking into those, the internet of things. It's they're so commoditized that it's almost impossible not to want to use them. Like people want security around their home. But the problem is, is that a lot of those cameras are coming from China and a lot of them are

also just small companies that are not investing in security. So going and looking, like the rings of the world are actually big conglomerates that rings now owned by Amazon. They are incentivized on security.

Same with Apple, same with Google. They don't want to end up in the news as compromised. And so you're taking a risk-based approach here of what would I do? Would I go with Ring or would I go with some little startup that just came out with security? What's that one? There was one that I I'm forgetting the name, but it seems like every week there's like a new Internet of Things style. Well, and you think it's a small company, but then it's actually owned by Amazon. Like, I think it's Waze. Oh, yeah. Yeah. Or Wise. Yeah.

Yeah, W-Y-Z-E, right? That one is actually owned by Amazon. I know, they've got a weird strategy with having multiple. I'm at Home Depot. I'm like, which one's most secure? All three of the brands, totally branded different.

All of them owned by Amazon. Yeah. Okay. One easy thing is just to look up where their headquarters is. I hate to say it, but if it's based in Russia or China, then you have to like, what is it worth at that point? And so just a US-based company that has a pretty big presence is how I recommend. But to answer the question succinctly,

I don't tell people to not use cameras. I would love like I'm nerdy and have a closed system that only I have control to that's not connected to the internet. But I don't think that's like a panic room where you've got the security system set up. I wish I was that cool. Maybe one day. Yeah. Yeah. I love that stuff just from the tech standpoint. I don't think anyone I don't think I'll ever have to use it, but it's just awesome to be able to nerd out on that and build like the most secure home network system and such. How's

here's home Wi-Fi. Like I've got Google Fiber. Yeah. So you have mostly the routers themselves and the modems. Like a lot of people today will rent their modems from their internet service provider. I don't recommend that simply because you're inadvertently just sharing all your data with them. And so that data ends up somewhere and then they have to be able to protect it. Doesn't matter how big your ISP is. Yeah.

I don't like that idea of, of that. Um, but then the, the wifi routers and modems themselves, um, a lot of folks are still buying those from China and Russia and such, uh, mostly China, uh, not, not Russia in that case, but, uh,

looking for a US based company again and looking for ones that come with security plans because like you'd be appalled. My parents included were running the they were rocking the the admin one admin one username and password of their router. Anyone can go connect to that. So that's not what you want to do. So just getting a basic like Netgear and Motorola. They have some like their cybersecurity

not compliant, but versions, the Nighthawks, and then give them all these cool names. Oh my gosh. I highly suggest like paying the extra 20 to $120 to get something that's- I would just do that for the name. I've got a Nighthawk watching over me every day. I mean, it looks cool too. It looks like a frigging spaceship. Yeah. Yeah.

Awesome. Okay, Rose, any lightning round questions to wrap up? Welcome to the lightning round, Taylor. Oh, dear. I'm going to throw a few questions at you. I love it. You can skip if you don't have anything for it. What's one cybersecurity myth that you wish could just die already? Ooh, besides that all hackers wear hoodies. I think that the other myth is that there's always the intention of...

wanting to steal data. The intention for cybersecurity, you have basically like three categories. You have like the capitalistic side of like wanting to make money. And so you have ill-intenders that are wanting to steal data and sell it. You have the nation state side, which is like causing

causing strife and causing pandemonium. And then you have folks that are literally just interested in security and are going and trying to break things on the internet to test their skills. And so being able to understand what your threats are and why they are threats is quite important. That's a myth that I feel like people still to this day just think everybody is some person in their mom's basement with a hoodie on. And it's a little more complicated than that. Sort of speaking of...

Is there a movie or show that you've seen that's felt the most realistic to you? Oh. Mr. Robot? Mr. Robot, for sure. They brought in a famous cybersecurity expert to consult on that show and he wrote the whole first season. I have not seen this. It's a good show. That one's pretty spot on. The one that terrified me the most was, goodness gracious, it's on Netflix. It's Ethan Hawke and Julia Roberts playing.

Oh, my God. Yep. I'm looking it up. It was kind of a weird style for filming, but it was such a great eerie movie of them escaping, I think, to the Hamptons when a cyber attack. Leave the world behind. Leave the world behind. Oh, that one. Yeah. Really, really. That scared me pretty bad. Oh, my gosh. Because it's this realistic, realistic, I'm saying realistic because it seems realistic, depiction of like what would happen if you just sort of knocked everything out. Yeah. Right? And didn't the Obamas help write this one?

I think they were maybe producers. I think so. I'll have to check that. But yeah, very creepy. They still have a book. The shipping container, that happened. Like those, what was the company? Maersk? Was it Maersk? This happened back in what, 2018 with the NotPetya attack of our entire shipping industry basically shut down overnight because of one bad piece of software and costing billions of dollars. Planes falling out of the sky. That was a terrifying movie. Tesla's, there's like

Like one white Tesla is just all running into each other. Yeah. Wild movie. Okay. Moving on. What's to a light heart, more light hearted question. What's your favorite nerdy gadget tool or productivity hack? Nerdy gadget tool or productivity hack. Ooh, I really love. Okay. First of all, shout out to Whoop. I have their newest Whoop band and then it just makes me obsess over my data and then I get overwhelmed.

and then don't do anything with it. Is that like the Oura Ring? I like to have the option. Yeah, exactly. And so they now have a medical grade version, which does a few. It's got like now you've got EKG or ECG. I get those mixed up and blood pressure and a few other things. So I really like that one. Doesn't it give you advice too, though? It's like, hey, based off this, this is how you should be behaving or cut, cut,

- Cut caffeine at this time or whatever. - Exactly, yeah. - Super practical. - It gives you a recovery score that's kind of like mind boggling. You say, oh, I got eight hours of sleep, but my recovery score is like 20. - Garmin has a body battery, which is like the same thing. And you're like, oh my God. - It's incredible. - I slept for eight hours, but I guess that glass of wine right before I went to bed really affected.

And I wonder how much of it's placebo of like, oh, well, it's telling me that my recovery is at 20%. So therefore I feel like crap. I feel like crap. Yeah. And then I love my Remarkable tablet. Yeah. I've been supporting Remarkable since the beginning. I love their stuff. I'm obsessed. I really do think handwriting things helps me retain information. Oh, for sure. Oh, for sure. You're building a SEAL Team 6 of security pros. What quality is non-negotiable?

They have to bring their own batteries. That's something that we say a lot at Eden. It essentially just means like you have to be able to bring your own energy and you have to be excited about the things that you do both professionally and personally. And I don't mean like I'm not like

so concerned about the personal side, but I think that a lot of your work-life balance ties together. And so having people that are positive and bring a lot of energy to conversations is important, but more importantly is having people on the team that constantly need to be reassured and constantly need to be, um, uh,

uplifted, it becomes a cancer. It's just unfortunately you have to always be juicing them up and you're inadvertently giving your own energy for that. So we look for that in interview processes and I'm usually the one that will

do the interview that decides the battery element. And we've had people make it all the way through. And then I say, nope, this is not, this is not it. How do you, so how do you kind of like sniff that out, I guess? I think it's about the only thing I'm good at it. Like for interviews, I'm terrible at taking notes. I'm terrible at following processes, but yeah.

Usually I'll just start asking questions around their personal lives and saying whatever you're comfortable with and getting shifting topics pretty frequently and then figuring out how they respond to all these different things and getting them to. I don't love when people are like crapping on their previous employer, for example, and asking people like, what is something that you're obsessed with right now? If someone does not have an answer for me.

That's not a good look either. It's like I want people that are passionate about things that they do outside of their work. And so those are all little things that I look for. But the energy level is like fairly easy to pick up on very early on in an interview. And one thing I've gotten better on is like ending interviews early if I feel like someone's not got the batteries or if they do. Like there's people that I'll talk to for five minutes that you have the job. Yeah. Like that's I think that that's such an important quality.

had a lot of misses in the beginning on hiring. Everyone does. Yeah. But that one has been tried and true for us the last two years, especially. What's one mistake that you're glad you made?

Um, I, I actually look at leaving Deloitte as early as I did as a mistake and that worked out really, really well for me. Um, I, I'm so thankful for that. I shouldn't have taken that job. I thought of it as a mistake for the longest time and, uh, it ended up being just such a huge reward, uh, and, and putting me on a path to where, um, I, I felt like I was, uh, able to, to learn and grow from. So that's probably the, the biggest one.

All right, last one. What's one experience you've had as a customer lately that's left you impressed? Ooh, I get to interact with a lot of customers.

I'll do two-pronged answer. One is some of our customers are just so dang cool and they are changing the world. I don't get to talk about all of them as much as I would like because some of them like to keep it under wraps on cybersecurity, but we have a really cool customer, Kind Body. They're changing the world in the fertility space. Every time I talk to these companies and how they're changing the world, I just think,

gosh, I'm not what I'm doing is not cool enough. Like they are so cool. So there's that element. And then we had one customer more recently that I just had an incredible experience to be able to see how they interacted with one of their customers because we get brought in on a lot of sales discussions to say wearing the security hat and saying,

you should sign up for this service because we are keeping it secure and you're all the ways. And so I get to see, I get to be a fly on the wall recently with an AI company that we support that is blown up Silicon Valley in a good way. And they are, the way they, it

It was like a master class on sales and interaction with with this customer that had recently signed up and was needing help through the platform. I learned a lot from it and took a bunch of notes and then asked them after the fact if I could steal some of their playbooks. It was just like it was incredible.

Very cool. What was the name of that company again? That one I'm not allowed to say. Oh, okay. I'm sorry. I should have used the one that- Kind Body. Yeah, Kind Body was a great example. Yeah, gotcha. Yeah, Kind Body. Shout out to Function Health or another really cool brand here in Austin. So things like that, when they make acquisitions, they just made an acquisition a couple of weeks ago. We get to like celebrate in that and it's probably the coolest part of my job. I think that-

working with those fortune 500 companies back in the day, I had a harder time like resonating with what they were doing simply because I felt like such a small cog in the wheel. Whereas these, these folks, I get to interact with the founders every day and see the passion that they, they have. And this is for companies that are thousands of employees now too. And, and being able to talk to those founders and,

see how their, their vision has changed. That kind of stuff I could talk about till the cows come on. Do you share those wins with your team? Cause I feel like it's a great way to keep passion and morale up as you guys grow. Yeah. We have an announcements and a recognition channel. And then we, we meet every week as a team, um, across the board. And so we, we make it, uh,

an agenda item to make sure that we're covering all of these because otherwise I become like selfishly, it only happens to me if I'm on these calls and I don't share it with these folks. They don't, there's that kind of founder to founder trust where I get to see a lot of this stuff that my employees don't get to. And so being able to share that they're kind of making that impact, even if they're not directly seeing it is very important in our culture. Yeah.

Okay. One final question for you. We've asked everyone that we've had on the show this question. Okay. I don't know if we prepared you for it. So we need a moment to think about it. Okay. What's one experience you've had as a customer, maybe with like a local business that you would like to shout out? Franklin Barbecue. So it's very popular. But my very first experience with that was I went to a event here in Austin and got to be served a

by Aaron Franklin himself and ended up having this like 10 minute dialogue with him talking about barbecue and I could see the passion. It was like this incredible experience. I got swag and I was just like, now everybody, all my friends come to Texas and they say, what's the best barbecue? And I don't even care what the right answer is. It's just Aaron Franklin's barbecue for me simply because of that experience. So I'm new to Texas. So I haven't, what is Franklin's barbecue? I haven't heard of it. Oh my goodness. Yes. Okay. So he's,

I was about to say the OG. He's not the OG. But Aaron Franklin doesn't have a culinary background. He basically started making briskets with a cheap Academy electric smoker because he was passionate about it. Turned it into a food truck. Turned it into one of the most successful barbecue joints in Texas and in the nation at this point. And so they're right there on the east side. And to this day, you still have to stand in line. Yeah.

They'll hand out beers and such even if it's 730 in the morning and no judgment. And it's just an incredible experience. But the barbecue is like very simple and he just focuses on quality instead of like having super sophisticated rubs and ingredients and such. He just focuses on high quality and it really is truly incredible barbecue. Hmm.

I'm hungry. It's lunchtime. That sounds great. I love that. I guess, you know what? I do have another food example too. Your chef is showing. Yeah, I know. So little fun fact, I actually just bought a little farm in Maine.

Congrats. That's amazing.

It was an awesome, awesome venue. But being able to go there, meet the chef, have this incredible experience, but telling them that like, oh, we're thinking about buying here and like them sitting down with us and telling us about Maine for 45 minutes and and and then giving they sent us home with like pasta and things to make. And it was just like an incredible experience through and through.

I don't know if for customer experience, I always recommend the book Unreasonable Hospitality. Yeah. And so this kind of ties into that. It does not matter what profession you have, but I think the food industry applies in so many different ways. Yeah. And this was a prime example of that. That was another really cool recent experience. Oh, I love that. I love that. Well, Taylor, this has been fantastic. I have loved our conversation. I am now starving. So thank you for that.

And I hope we can cross paths soon. I am so honored to be here. And I can't thank you enough for the dialogue. Where can our listeners find you? Oh, my goodness. LinkedIn would probably be the best one. Yeah, LinkedIn. And then I am on X as well. I don't post as often there, but LinkedIn. And then my email is taylor at edendata. So drop me a line anytime. Pitch slap him. Yeah.

Awesome. I can't thank you enough for the experience. And this was an awesome dialogue. I had a lot of fun. So thank you for the listeners for taking the time to listen to us. Of course. Awesome. Thanks, Taylor.