Chat Log
00:04:32 Derek Gabriel: mmm snot
00:04:35 Brooke (She/Her) Smith: Petri dishes of loveeee
00:08:34 Rob Danser: Hey, maybe you could bring up the topic of Cyber Security Training at some point. We use a mix of fCIOs presenting the material and have some clients that utilize KnowBe4. We are moving more and more clients to KnowBe4. But, we struggle to get clients to invest the time in the training. Also, we would like to come up with a benchmark as an acceptable percentage of client staff that have completed the training. Obviously, the target is 100%, but this isn’t realistic. Perhaps you have already discussed this topic at nauseum with the group. If not, maybe it’s a good topic for a meeting in the future.
00:09:29 Shawna Barrick: Yes we use KnowBe4
00:09:33 Derek Gabriel: you can bring a horse to water...
00:09:39 Michael Britton: You really going to say FCIO and not tell us what magic F means?
00:10:10 Jen Marcenaro: "Fractional" :)
00:10:28 Odin Fuhrman: yes what does the F mean!?!?!
00:10:41 Odin Fuhrman: oh ok Fractional...
00:10:50 Odin Fuhrman: anyone else use that?
00:11:01 Derek Gabriel: it means Fabulous!
00:11:08 Brooke (She/Her) Smith: I find a LOCAL example of failure …. when it's a company they know it peaks interest a bit more... https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/
00:11:33 Derek Gabriel: a champions program is key, but still that doesn't always work
00:12:02 Shawna Barrick: We have a ton of clients with Cyber Security Insurance and the training is required as part of that run list.
00:13:32 Derek Gabriel: assuming you can get HR to care about devoting the time ;)
00:14:08 Brooke (She/Her) Smith: Yeah HR and CISO have to work together to implement... getting clients to include CS Training as a part of AUP/Employment agreements....
00:14:18 brandi: Hey Hey now, we're not all bad ;)
00:14:22 Derek Gabriel: we also position it as workforce development, which is another HR buzzword, so they pay attention
00:14:50 Ashli Clubine: Probably me and my 3 year old...
00:15:21 Rob Danser: Ashli- No worries! God do I understand that life
00:17:06 Derek Gabriel: they're too busy!
00:18:56 Nadeem Azhar: easy to implement as part of onboarding via HR
00:19:11 brandi: yes agreed
00:21:50 Ryan W.: I've had a lot of success leading with a carrot and not a stick. We've created an "incentive" where we provide a $10 gift card for each client and their users as a part of a drawing for users who complete their monthly training. We planned ahead and built it into the price of the SAT.
00:24:49 Brooke (She/Her) Smith: @Ryan incentives (carrots) are the ONLY way forward after the changes in work life balance we found with pandemic for most businesses...
00:28:59 Brooke (She/Her) Smith: We just hired an after hours service desk person
00:29:50 Jorge Viveros: I think this will depend on your agreement structure
00:30:01 Derek Gabriel: ^ yep
00:30:29 Brooke (She/Her) Smith: Yes and Yes. Expectation set first -- anything outside that $$$
00:31:17 Jared Belcher: Project team if they are Salary, then give them comp time (if they aren't too busy). If they are busy, then give them overtime. Project teams generally have to do a lot of work after normal business hours in my experience to avoid disruption.
00:31:23 brandi: Isnt it the expectation that the Project team often work outside of regular business hours.
00:31:35 Jared Belcher: Make sure you bill in the extra money for projects that will need to be done after hours.
00:31:36 Derek Gabriel: hard to say without data, but if it's all escalation stuff, that's a different issue than if it's just customers wanting work done outside business hours
00:33:06 Brooke (She/Her) Smith: that get
00:33:15 Brooke (She/Her) Smith: 'built into labor for the project too
00:33:45 Jared Belcher: Billable for that in our world if it's after hours
00:34:28 Jen Marcenaro: same with us
00:34:34 brandi: same here
00:34:37 Jared Belcher: Same with us - emergency is covered after hours
00:34:38 Michael Courts: We have an on call rotation for 5 hours after normal business hours and 1 hour before normal business hours. All calls go through an answering service and the tech prioritizes the work. After hours work is billed at a slightly higher rate.
00:34:44 rmcpherson: same here
00:34:49 Jen Marcenaro: we do the oncall rotation as well.
00:35:23 Brooke (She/Her) Smith: @Michael we ALSO have the oncall rotation... this new hire is going to be additional and geared towards medium to higher level support...
00:35:51 Jared Belcher: On call rotation - our Techs, Tams, Projects and vCIO (ME) are all on the call rotation. Hourly gets overtime, Salary get some comp time.
00:36:22 brandi: We also give TOIL for our salaried engineers if they do work after hours
00:37:30 Derek Gabriel: like a floating holiday for someone who works on a holiday
00:38:29 Derek Gabriel: right, no hari-kari If you eff up
00:38:38 Jen Marcenaro: HAHA
00:39:26 Brooke (She/Her) Smith: I have a questions about business apps and 2fa... how are you going about getting clients to think about this?
00:39:30 Jorge Viveros: Both - Have your internal policies, get your customers to a free to them
00:39:38 Jorge Viveros: agree*
00:40:43 Jared Belcher: We do the same.
00:44:22 Brooke (She/Her) Smith: Mine goes in the clients "DNA" note -- do they have an AUP and/or Cyber Ins...
00:45:38 Brooke (She/Her) Smith: unless the client's standard is higher than ours... can happen especially with .GOVs
00:46:57 Derek Gabriel: @Brooke - I've been having great success recently sharing some hack videos. Underscoring that MFA can be the difference between a phishing message turning into a breach or not. I think it helps a lot for them to actually see how easy a breach can happen. It's a very abstract conversation otherwise... https://ignitetheday.com/behind-a-hack-this-is-how-simply-your-business-can-be-hacked
00:49:08 Derek Gabriel: Disaster Plan: Cry
00:49:24 Brooke (She/Her) Smith: TY Derek -- I think it's overwhelming!
00:51:27 Derek Gabriel: you're going to get pushback on EVERYTHING ;)
00:52:08 Jorge Viveros: OATH, FIDO2, FOBs for OTP
00:52:48 Derek Gabriel: passwordless
00:52:53 Jorge Viveros: ^^
00:53:11 Derek Gabriel: conditional access policies can be used on trusted networks as well...
00:53:28 Brooke (She/Her) Smith: We can lock some down by IP and have been working through that in some instances...
00:53:41 Derek Gabriel: but these are the nerdy portions of it, and I avoid this in the convo with clients. It's a security conversation and it's like no third option
00:53:45 Derek Gabriel: you're secure, or not...
00:54:11 Michael Courts: I had a facility where the biometric finger print reader had to be removed because the nurses would not remove their gloves.
00:55:49 Odin Fuhrman: BOOM!
00:56:03 Rob Danser: Boom Indeed!
00:56:23 Derek Gabriel: eyeballs, faces, pins, phones, apps, tokens
00:57:00 Michael Courts: the only constant is change.
00:57:04 Derek Gabriel: 💯
00:57:16 Rob Danser: https://members.trumethods.com/step/there-is-no-third-option/
00:57:43 J.Mac Brown: Your user account does not have the proper role assigned to access this content. One of these roles required: "Inside Sales", "Outside Sales", "Owner". Please contact your Company Administrator.
00:57:49 Jared Belcher: Can you make that link available to vCIO role?
01:01:21 Jared Belcher: Sounds good!
01:01:34 Brooke (She/Her) Smith: Happy days ahead all -- I will be camping soooo likely not calling in !