It’s our Halloween episode, and we’re covering the scary topic of medical device security with guest Gabrielle Hempel, aka @gabsmashh. Gabrielle talks about her experiences with medical devices and her unconventional path into information security.
Episode Highlights
Listen Now
Tune in to hear our discussion with Gabrielle Hempel.
📝 Full Episode Transcript ▼
Joe Patti (1:00:05) Okay, Adam, how are you doing today?
Adam Roth (1:00:08) I’m sorry, you’re talking to me? Yeah, I’m talking to you.
Joe Patti (1:00:11) I’m talking to you.
Adam Roth (1:00:12) You’re not talking to Deadpool that way.
Joe Patti (1:00:15) Yeah, well, this is the Halloween episode. And I guess that’s the closest you’re gonna get to a costume is the Deadpool hat.
Adam Roth (1:00:21) Which is very stylish. You mean the birthday edition? You mean the birthday edition? There’s two of us who had a birthday. Well, having a birthday. Where’s yours?
Joe Patti (1:00:29) My birthday was quite a while ago. My costume is, I’m like, I got my own motorcycle jacket. This is the closest I get to having a costume. So yeah. Yeah. I wasn’t gonna slick my hair back. That’s like too much.
Joe Patti (1:00:41) I don’t have that much spirit, what can I tell you?
Joe Patti (1:00:44) But we have a guest who’s definitely way more in the spirit than we have.
Adam Roth (1:00:52) I’m kind of embarrassed. Oh, for me? No, for me, cuz I’m the one that kind of said, let’s get costumes.
Joe Patti (1:00:58) Yeah, this was all your idea. And Gabrielle played along, our guest. I did. I played along and I’m not a costume guy. And you, well,
Joe Patti (1:01:09) you got chocolate martini, so that’s cool. You’re fine.
Gabrielle Hempel (1:01:12) I did have this at my disposal already, though. I did not buy it for the podcast, so.
Joe Patti (1:01:17) No, good.
Gabrielle Hempel (1:01:17) I don’t know whether that makes me weird or.
Joe Patti (1:01:19) No, that’s perfect, cuz we got no expense budget for costumes or anything. So we’re glad you didn’t spend anything.
Joe Patti (1:01:28) All right, so Gabrielle, why don’t you tell us a little bit about yourself and your costume if you’d like.
Gabrielle Hempel (1:01:34) Yeah, I got a cool back house. Look, it’s got like-
Joe Patti (1:01:38) It’s got like back wings and everything.
Gabrielle Hempel (1:01:41) Yeah.
Joe Patti (1:01:41) All right.
Gabrielle Hempel (1:01:42) It’s funny, each of us seen the look on the fifth, so I got twin 15-year-old boys and walked out of the room and they were like, what? Are you wearing one of them? Just like he walked out of the door and he went back in and shut the door. He was like, nope, not today.
Joe Patti (1:01:55) You know what that reminds me of? Reminds you of like a Roadrunner cartoon and like, like Wile E. Coyote gets the Acme bat suit and tries to fly. If we drink enough, can we get you to like, you know, to pull a roof or something?
Gabrielle Hempel (1:02:07) No. Well, I got mountains right outside my window. Like I live like up on the bench of a mountain. I could get some air.
Adam Roth (1:02:14) All right, I gotta stop this here. Full disclosure here, please do not train. These stunts are home.
Adam Roth (1:02:20) The people in this podcast are professionals on what they do.
Joe Patti (1:02:24) Yes, but we can’t professional. We have no, by the way, we have no costing budget and no health insurance for this. So, you know, what about those?
Gabrielle Hempel (1:02:33) Probably don’t want to. Well,
Joe Patti (1:02:38) we’re not very big on compliance. You know, we’re just trying to avoid copyright strikes here. So don’t don’t how many popular tunes, please.
Adam Roth (1:02:44) Let me put a teaser out there.
Adam Roth (1:02:49) What we recorded yesterday did require protective gear.
Gabrielle Hempel (1:02:53) Oh, what kind of protective gear we talking?
Adam Roth (1:02:57) Oh,
Adam Roth (1:02:59) I mean, have
Gabrielle Hempel (1:03:00) you done anything that requires a full hazmat suit yet? Because I can take you to some of those places.
Adam Roth (1:03:04) No, I’ve done that also as an EMT. But but but let’s just say it required headgear, gloves and a mouthpiece.
Joe Patti (1:03:16) And it wasn’t that I’m just going to the supermarket. That’s not how it usually goes.
Joe Patti (1:03:21) That’s not true.
Adam Roth (1:03:22) I usually go to the supermarket.
Gabrielle Hempel (1:03:23) People are looking very supermarket or going to for real.
Joe Patti (1:03:27) Seriously.
Gabrielle Hempel (1:03:31) But yeah, no, I’m Gabby Gabrielle. Whatever you want to call me. A lot of people only know me by my like Twitter handle, too, which is pretty weird.
Gabrielle Hempel (1:03:40) So I get called Gab Smash a lot. That’s my Twitter handle. I came from a whole group. That’s awesome. Like I used to power lift and like when I would finish like a PR lift or something, I don’t know. I just instead of Hulk smash, I would yell Gab Smash because it was funny. And then when I went to make a Twitter, I couldn’t think of a name and put that is my name. And now I don’t think I can undo it.
Adam Roth (1:04:02) So that’s great. You live in definitely on the internet. So
Gabrielle Hempel (1:04:07) yeah, I work in security. I’ve had a lot of different roles in security. My journey into security was pretty freaking weird. I think we were talking about that a little bit at some point. But yeah, why?
Joe Patti (1:04:20) I definitely want to hear about that because you know, well, we’ve talked on the show a lot. We kind of did the requisite. So how do you get into security? And you know, there are a lot of people who kind of my own experience or my own take is that a lot of people, especially the old timers came in through, you know, originally networking and then got into security and started doing more security stuff, more networking. That’s how Adam did it. That’s how I sort of. And I, you know, I kind of came in. I was more on the whole side as just the administrator doing, you know, taking care of computers and stuff. But yours was very different and very interesting. Actually much cooler than either of ours.
Gabrielle Hempel (1:05:00) Not really.
Gabrielle Hempel (1:05:03) It was really funny. I was actually on another podcast recently and it was the theme of the episode was how a lot of my career moves and like how I’ve moved into security has been built off of spite. Spite.
Joe Patti (1:05:15) All right.
Gabrielle Hempel (1:05:15) And being stubborn because people tell me I can’t do something or that makes me want to go do it. So.
Joe Patti (1:05:25) So. So that’s the trick. Okay. You definitely can’t jump off the top of the building.
Gabrielle Hempel (1:05:33) I mean,
Gabrielle Hempel (1:05:35) I haven’t tried yet.
Joe Patti (1:05:36) So I would recommend.
Adam Roth (1:05:38) I don’t want you to jump, but I have a funny feeling. If anybody I know told me not to jump off of a mountain.
Adam Roth (1:05:47) I have a funny feeling you would soar.
Gabrielle Hempel (1:05:48) But don’t do it, please.
Adam Roth (1:05:50) Wow.
Gabrielle Hempel (1:05:51) That’s a kind of compliment, whether it means I’m like actually like some sort of weird witch or something or like just very aerodynamic.
Joe Patti (1:05:59) He didn’t say with a broom. Come on.
Adam Roth (1:06:01) I think it’s a little bit of a little bit of both. But you know, and I’m kind of giving that PII a little bit. But since my birthday is on Halloween for me, I’m talking about, you know, I believe in witches, you know, I know witches are the theme of my birthday.
Gabrielle Hempel (1:06:23) I love I love witches. I my mom is super in a genealogy and we’re very, very Irish. Like my mom is a citizen, like just a very Irish family and she traced our lineage back way back into the day. But we were some very druidic people in Ireland. So that’s okay. Yeah. So I think it’s pretty rad. I’m like, all right, that’s that’s that’s cool. Maybe I have some powers or something that I need to try and await the weekend. I don’t know.
Adam Roth (1:06:58) You know, one year on my birthday.
Adam Roth (1:07:04) Oh, God, decades and decades ago, a balloon, it was not done by my family, floated down in front of my window. It’s a happy birthday. And it wasn’t my family that did it.
Gabrielle Hempel (1:07:16) That’s some horror movie shit.
Adam Roth (1:07:17) I’m telling you the truth. Can’t make it up.
Gabrielle Hempel (1:07:20) We love to swear on here. Yeah.
Gabrielle Hempel (1:07:23) Okay, it’s gonna make sure I’ve got the mouth of someone that lived in New York for a long time. So yeah, you’ll see how we are. Yeah, but they don’t like that here in Utah.
Adam Roth (1:07:35) Oh, because you know, you respect it’s a lot of Mormon, right? So.
Adam Roth (1:07:40) It was really scary to see that balloon because I was mortified. I like, yeah, dad, mom, you did that.
Joe Patti (1:07:47) Did it come out of the sewer? And was there a clown?
Adam Roth (1:07:50) I know that. I had bedrooms like my bedroom now. The window was in front of it.
Adam Roth (1:07:56) No, I didn’t see any clowns in this. Well, some of the D.E.P. workers, but that’s another story. Yeah, that’s right. Tell me them are my friends.
Gabrielle Hempel (1:08:03) So that’s wild. Yeah, stuff like that is like there’s some supernatural stuff that happens sometimes. I’m like, is that a coin? Like there’s no way. Like, I don’t know. There’s just weird stuff where I’m just like, but I’m also very much a skeptic in many areas of life. So I’m just I don’t know. I have an internal war with myself. Like, what do I believe?
Adam Roth (1:08:24) Are you a school? I know. I know we should be getting to astrology, but are you a Scorpio? I don’t remember.
Gabrielle Hempel (1:08:30) I’m a Libra.
Adam Roth (1:08:31) I’m a Libra. Just like my wife. Oh, God.
Speaker 4 (1:08:35) I don’t know what that means.
Joe Patti (1:08:38) But I’m a Libra. I don’t know what that means. But whatever.
Gabrielle Hempel (1:08:40) I’m not astrology either.
Gabrielle Hempel (1:08:43) I’m a Scorpio. I think it’s interesting, but it’s one of those things where like I won’t take it to heart, I guess.
Joe Patti (1:08:50) I think that’s for entertainment purposes only. That’s what I tell my daughter.
Adam Roth (1:08:53) You know what’s funny? That’s fine. My current job, I was doing some work in an area of New York City and a woman walked up to me and she said something weird like, are you a Scorpio? I might even be making this up. And I know I just gave them. Was it like Whole Foods? No, I’m not. No, no, no, no. This was on a street that we were helping to do some work. And woman walked up and goes, you’re a Scorpio. I looked at her like, do you know me? She goes, no, I don’t know you. I go, you just walk up to somebody and tell me you’re a Scorpio? She goes, yeah. She goes, you’re one of those stubborn types. I’m like, I’m not stubborn at all. What are you talking about? She goes, there you go.
Joe Patti (1:09:29) That’s such a scam. She probably did that to like a hundred people. You know, she’s with her husband.
Adam Roth (1:09:35) Her husband’s like, what are you doing to this guy?
Joe Patti (1:09:38) Oh, that’s it. I don’t know. Do you know why I probably– Did you end up giving her any money? Let me put it that way.
Adam Roth (1:09:44) No, I gave him my social security number because you said you would help me.
Gabrielle Hempel (1:09:47) Oh, there you go.
Adam Roth (1:09:48) That’s cool.
Gabrielle Hempel (1:09:49) Was she going to like hook you up with an Nigerian prince?
Adam Roth (1:09:53) I’ve already– or princess. And yes. Oh, sorry. Yeah, well, I mean, like, you know, it depends on your pronouns and stuff. But yeah, she did. We’re talking right now. I’ve been sending her money to come to New York. Perfect.
Gabrielle Hempel (1:10:06) Yeah. Nice. Just make sure, you know, if she asks for iTunes gift cards or whatever, you go to oblige.
Adam Roth (1:10:12) No, I did that my old job. I bought a couple of gift cards and I put it on my company credit card.
Adam Roth (1:10:19) Nice.
Joe Patti (1:10:20) Oh. So, Gadsmack, tell us a bit about your– Gadsmack. Gadsmack. Tell us a bit about your interesting journey into security.
Gabrielle Hempel (1:10:29) Yeah. So, my undergraduate degree,
Gabrielle Hempel (1:10:35) I studied neuroscience and psychology and not anything to do with computers. So, after that, I didn’t really know what I wanted to do. I knew I didn’t want to like keep going to school for that. It was interesting, but it was like too much chemistry classes.
Joe Patti (1:10:53) You had enough brain surgery. You were like, this is getting boring.
Speaker 4 (1:10:56) I’m done.
Gabrielle Hempel (1:10:57) I am good. I’m too smart for this. I know.
Gabrielle Hempel (1:11:02) So, yeah, I ended up working in pharmaceutical regulation for a couple of years doing studies, like regulation studies for the FDA and stuff like that. And with that, also worked on medical devices, which is kind of how my interest in security was peaked a little bit because I kept dealing with a couple of medical device manufacturers that had vulnerabilities in some of their devices.
Gabrielle Hempel (1:11:28) And that was not my area of expertise. I could talk all day about some of your compliance with pharmaceuticals and risk analysis and form consent and all kinds of stuff. But when it came to medical device vulnerabilities, everyone at my company was just like, how do we approach this? We didn’t even have a security team at that company.
Joe Patti (1:11:47) Oh, that’s frightening. I mean, what kind of devices were these? Like total life-saving things? Or, oh, this is going to be bad. I can tell. We’re waiting. We’re waiting.
Joe Patti (1:11:58) Yeah,
Gabrielle Hempel (1:12:00) the one that I worked on the most was a pacemaker,
Gabrielle Hempel (1:12:05) an internal defibrillator.
Gabrielle Hempel (1:12:09) So I think I’m trying to think of what else I think it was mostly pacemakers that I’ve worked with, like that had vulnerabilities at that point. There were a couple of infusion pumps as well, like what you see in hospital rooms that you give people drugs. And if you read on those read up on those, there’s a lot of hackers that have done some really cool work with some of those too. But like I know with the pacemaker stuff, it was actually the programmer for the pacemaker that had the vulnerability.
Gabrielle Hempel (1:12:34) But you could put anything you wanted on that and then just send it to the pacemaker, which was not ideal.
Joe Patti (1:12:38) Wait, you mean you could like upload whatever code you wanted to this like, like something?
Adam Roth (1:12:43) Well, I’m gabsmash. We spoke about this when we were first getting this episode together.
Adam Roth (1:12:50) And my father-in-law was having some serious chest pains and we were like, what is that? And whatever. I mean, I don’t want to get into too much with him, with his medical background. But we ended up finding out that the pacemaker was overclocked.
Adam Roth (1:13:09) And when we started asking who made these changes,
Adam Roth (1:13:12) nobody knew. So he ended up in the ER.
Adam Roth (1:13:16) They kind of tried to figure out which, because we know that the manufacturers allow multiple hospitals and multiple organizations to log in.
Adam Roth (1:13:27) And it wasn’t, they claim, I can’t see the data, a good account of who logged in, who did what. But we know the original setting was one and the other setting was another 10 beats per minute, which caused him discomfort and almost put him into cardiac arrest.
Adam Roth (1:13:46) And this is evident of how it works. And for those who don’t know how it works also, typically, if you have a pacemaker, they usually put a receiving station in your house and that receiving station sends data back.
Adam Roth (1:14:03) I believe via a kind of a Bluetooth, it’s not necessarily paired, but and then that unit that’s plugged in is usually cellular.
Adam Roth (1:14:12) And it sends the data back, but it’s bi-directional. So instructions are sent back to the pacemaker. So when you’re within range of the pacemaker,
Adam Roth (1:14:21) they can send a shock. I believe they can change the beats per minute. They can make it upper or lower as far as stuff. So everything’s remotely controlled. Are you serious? I mean, I’m not.
Joe Patti (1:14:33) I can see the benefit of that. But the idea of walking around the house and knowing someone’s got like a freaking remote control from my heart or something is like maybe I know too much about security. But that’s really the way these things are. And you have no control over that.
Adam Roth (1:14:48) It’s just someone else is running that. And I’ll default to GAP Smash. I love that name, by the way.
Adam Roth (1:14:55) I’ll default to GAP Smash, but I don’t know if there’s a certificate. I don’t know if it’s telnet. I don’t know how you connect to it once you’re within vicinity. I mean, I don’t know how it’s programmed. I don’t know how you identify who is the right receiver. I know nothing about that. But I do know the basics. That is how it works.
Gabrielle Hempel (1:15:13) Yeah, I mean, it’s probably changed a lot since I’ve looked at them because I haven’t and I have one in the closet over there actually that I was going to mess with at some point. But I haven’t gotten around to playing with it yet. I keep saying, oh, that’ll be a good winter project. And then I have too much stuff to do in the winter.
Joe Patti (1:15:28) So you’ve got that in the closet. Who’s got the pacemakers? A random person?
Gabrielle Hempel (1:15:33) And I think the pacemakers in that box, too. I think it’s both the pacemaker and the programmer are still in the box.
Joe Patti (1:15:38) Oh, OK. I was just
Gabrielle Hempel (1:15:40) going to. No, no, no. I wasn’t going to sit here and say, no wonder if any of my neighbors have a pacemaker.
Gabrielle Hempel (1:15:46) A dead come here.
Adam Roth (1:15:50) No humans or any animals will be hurt during this testing.
Gabrielle Hempel (1:15:53) No, no, no, no, no, no. I would not especially having worked in the compliance part and knowing what what goes into human testing. Yeah, I’m good. I’m not I’m not touching that with a 10 foot pole. So but yeah, no. So it’s essentially I think back then it was Bluetooth. I think they’ve changed some of the protocols now. I’m really not sure what they are. I have to read myself back up on some of the new pacemaker programmers. But yeah, you could you could put any kind of code you wanted on there and there wasn’t really, you know, good access like Adam was saying to like good audit logging essentially as to who had done what with that controller or there could be multiple multiple controllers that worked with a single pacemaker things along those lines. So it gets really, really messy.
Gabrielle Hempel (1:16:40) And same with the infusion pumps were my favorite because they had hard coded credentials like a lot of the infusion pumps you see in hospitals have their credentials already hard coded, which is something that’s kind of fun to play with. If I’m ever in the hospital, I’m like, I wonder what this does. And then people are like, stop, don’t touch that.
Adam Roth (1:16:58) So that’s part of the credentials as part of it. I don’t know. That being said, Gabs, I have a lot of friends of mine who are wondering. And one nurse in particular told me that she was I’m trying to be careful how I said this. She was witness to some pumps that were changed.
Adam Roth (1:17:16) And what she alluded to was the suspicion that somebody hacked these pumps. But I was not part again, I want to be careful what I said, I was not part of the investigation. I have no expertise in these pumps. She was a nurse. They found that a lot of these pumps were changed. I don’t know what level how much, you know, it could have been a floor, it could have been a patch, could have been an upgrade. From what I’m aware, nobody died. But it was something that she was careful to say to me, but also a witness to it.
Gabrielle Hempel (1:17:51) Yeah, yeah, it’s one of the things where I think I don’t think it’s ever been a lot of the vulnerabilities were kind of caught before anything terrible could happen. I don’t know of any deaths that are directly related to any of these vulnerabilities, which is good.
Gabrielle Hempel (1:18:07) But it sucks that they exist either way. I mean, that’s just scary. Everything’s connected. I think, especially in the medical industry,
Gabrielle Hempel (1:18:15) I saw things have moved really fast, right? Think about the innovation just in medicine in the last 10 years or so. But that same security innovation hasn’t really caught up to some of that medicine, medical innovation, or at least the emphasis on security has not stayed, you know, neck and neck with the emphasis on the medical innovation. And that’s it started to fall behind, I think, in a lot of different critical infrastructure sectors. You could say the same about some of the energy sector stuff that’s out there. I’m sure EMS, like some of the EMS infrastructure, I’m sure you’ve seen it and have been horrified at.
Adam Roth (1:18:51) Thankfully, as an EMT, we’re in the field and we don’t have a lot of remote control to our equipment. Thank God. The only things that have been happening in these in previous years is that people would throw fake calls over radios. You know, not the same what we’re talking about. No, but terrible. And maybe send messages through the KDT or MDT’s, keyboard data terminals, mobile data terminals. But that was back then, different technology. But, you know, it’s funny, it’s not like somebody, a previous guest once sat in the coach of an airplane and was accused of taking over controls of the avionics of an airplane. I mean, that never happened.
Gabrielle Hempel (1:19:34) Was it Chris? Was it Chris?
Joe Patti (1:19:35) I’m not. Oh, please. Everyone knows who it is.
Gabrielle Hempel (1:19:38) Come on. He was just a keynote. So my company had our conference this past week and he was one of our keynotes. I was so excited. I got to actually sit and talk to him for like half an hour. And I was so excited because I have followed his work forever. I mean, you know, if you’re in security, you know who he is. Right. So I was so excited to get to meet him. My boss was like, I don’t even know who this person is. And I was like, you have to go talk to me.
Adam Roth (1:20:00) So did you tell me to be on the show?
Gabrielle Hempel (1:20:02) No, because we didn’t talk about I didn’t know he had been a guest on the show yet. So I’ll have to bug him. We were he were buddy, but best buddies on LinkedIn now. So I’ll have to. Oh, you and I would be FFS. We are. I can have more than one. It’s like Myspace.
Adam Roth (1:20:17) Myspace. I don’t even know. I spent my life. Oh, God.
Joe Patti (1:20:20) Wow.
Gabrielle Hempel (1:20:21) You know, we’re not old enough to date myself with.
Joe Patti (1:20:25) I thought you were trying to cater to us that think of we think of we were old to talk about Myspace, you know.
Adam Roth (1:20:29) So I used I used to talk to my friends on BBS’s or bulletin board services with a dial up back then. It was a 300 modem. Then I moved to 1200 and then I moved to 2400. And then I really took off and I got the 56 K. Wow. Wow.
Gabrielle Hempel (1:20:47) You know, the sound that that 1200 modem makes is the sound that my brain makes when I try to think.
Gabrielle Hempel (1:20:54) Whenever I try to think that’s just what I hear in my brain. I don’t know.
Joe Patti (1:20:58) Well, here’s here’s what scares me about this medical stuff. And I mean, I don’t know how it is, but, you know, OK, you got the hacker side and hopefully this stuff is secure. You can’t break into some of these stations. But even even the legitimate use. I mean, unfortunately, I’ve been spending a lot of time in hospitals lately like, you know, you talk about infusion pumps, you go to like a like a chemo or something. There’s like 20 people, you know, 20 pumps and all these things. You know, are they doing a good job of not even the security of it, but remembering which is which are they making? You know, how quality control do they have? Are they making sure that, you know, the right person is with the with the right one? If you’re saying they don’t even have an audit trail, I mean, if someone does get sick and they even trace it back for diagnosis, you know, did this person get the right thing? Did they get the right setting? That really that’s kind of freaking me out, to be honest.
Adam Roth (1:21:51) You know, think about that, right? You know exactly what you’re saying. And guess, correct me if I’m wrong. The fact that was changed is one big thing. The fact that no one detected it, at least in my father-in-law two months later, is even worse. What audit, what controls do you have to check to see what the settings are? And you know, and by the way, Gav Smash, I love seeing that.
Joe Patti (1:22:10) You love saying that. Oh boy.
Adam Roth (1:22:12) And Joe Smash.
Speaker 4 (1:22:13) You sure have a mother-in-law too, yeah.
Adam Roth (1:22:14) Yeah.
Adam Roth (1:22:17) Joe Donuts. So, um,
Adam Roth (1:22:20) what, I’m sorry.
Adam Roth (1:22:25) Joe Donuts. Joey Donuts.
Adam Roth (1:22:28) What’s even scarier is, is that, yeah, medical equipment is an issue.
Adam Roth (1:22:34) But what about if somebody is doing some kind of surgery, robotics, and somebody gets on that equipment? Now once, in one of the training sessions I’ve done, one of the well-known lecturers said that they were doing a red team, blue team or purple team, and they were by mistake, well not by mistake, they did it on purpose, but they didn’t know the IP. The IP was not putting a list of restrictions. And they got onto that server during the surgery. And when they kind of got access to the camera, they were like, “What the hell? Back off. Stop everything right away. Not the surgery, but no more work.” Because goth of the day, you crash that server in the middle of the surgery. That’s horrible. But, you know, on the other hand, what if you’re a hacker and you traversed to that server?
Adam Roth (1:23:27) You know? So it’s bad.
Gabrielle Hempel (1:23:29) The nice thing is, is a lot of hacker groups kind of have their own code of ethics. One that I saw a few years ago kind of in the field while I was working was there was a hospital that had been attacked.
Gabrielle Hempel (1:23:45) Once the hacking group realized it was a hospital, I think it was attached to a university somewhere,
Gabrielle Hempel (1:23:51) so they thought it was the university. Once they realized it was a hospital, they backed off, unlocked everything. They were like, “No, we’re not touching something that is touching actual human lives.” A lot of hacking groups, I think are out there for financial gain or IP or anything along those lines, but once they get to a point where they are harming physical people,
Gabrielle Hempel (1:24:11) that’s where they draw the line. Not saying that they’re good people either way, but I’m just saying. I have seen that before where they’re definitely, they will back off if they realize it’s a medical institution or something along those lines.
Joe Patti (1:24:24) Well, I’ve heard that too. And we’ve had people talking about that where they’re like, “They’re there to make money. They’re not there to kill people or anything.” However, we are seeing more and more ransomware attacks against hospitals. They used to be kind of off limits until they realized they could make a lot of money off them and they were really good target. And you got to think there that even if they’re not intending to hurt someone, they can make some big mistakes. And you’ve heard about these hospitals, now being, like I said, been spending time in hospitals, there are no more charts. There’s no more paper. There’s a PC in every room. Everything is with iPads and all. If stuff goes down, they can’t deliver care. They don’t know who they’re talking to or what their condition is or anything.
Adam Roth (1:25:08) Federally, there’s a mandate to do EMR, electronic medical records, but not everybody’s still doing it. They get them fined when they do. So there’s still a lot of paper records. However,
Adam Roth (1:25:19) eventually it’s supposed to end up as EMR. And the reason why also, I think, is a lot of entities are now sharing data with each other, whether they’re using Eclipse or what’s the other ones or– Yeah, they’re sharing data with Google too. Yeah, Epic, Epic, I’m sorry, Epic. Epic is one of the really big ones. Yeah, yeah. So I log into Epic and I’m putting 17 organizations together and getting data.
Gabrielle Hempel (1:25:44) Yeah, the fact that a lot of them don’t talk to each other is scary too. Like I feel like I’ve moved what, four or five times in the last like six or seven years. And it’s every time I get a new doctor, it’s like, all right, time to figure out a new system. Because I feel like none of them kind of overlap. You can’t transfer your records very easily. Oh, no. Things like that. But no, it depends on it. It really depends. Regionally, sometimes you can, but like moving across the country was just kind of a new ballpark it seemed like.
Joe Patti (1:26:12) Wow, because I remember in the old days when someone would move, you know, in medicine, you know, you go to a new doctor or whatever, and they’d be like, oh, oh, I need your records, who’s your old doctor? And they’d call them and they’d fax it over, which I guess sounds archaic, but sort of works, you know, but now I guess they got to deal with interoperability and formats and all that kind of stuff, you know?
Adam Roth (1:26:36) Yeah, some people will send the other doctor a link to log in as a temporary provider and they get access to your records. One of my doctors,
Adam Roth (1:26:51) I told him I was changing and he understood. And he said the one pager, he wrote himself with all the major, like, you know, these are the top hits. I’m like, that’s it? It’s really like the 60 pages.
Joe Patti (1:27:06) He wrote a one pager? Dude, I know you’re a mess. You need more than a page. Come on.
Adam Roth (1:27:09) Yeah, it’s true.
Gabrielle Hempel (1:27:11) But, I’m sorry. One of the crazy things, so once I left my job in medicine, I actually got more access to medicine in some ways. Like, I moved to security.
Gabrielle Hempel (1:27:24) I was part of getting into security was, you know, my stubbornness because I was dating a guy at the time who was,
Gabrielle Hempel (1:27:30) he actually had his own company in the tech space and they did all right. But he was a really smart person. He just wasn’t a good person. But he basically told me, he was like, I don’t, you’re not smart enough to ever work in something like security or even tech, honestly. I totally agree. And I was just like, okay.
Gabrielle Hempel (1:27:53) Serious? That’s kind of shitty. So, I went and did it anyway. But I got that, we talked kind of a little bit at the beginning about your average journey into security. And I got that from a lot of people. People would be like, oh, well, you have to start at help desk. And then you have to do sys admin. Then maybe you can do network stuff. Then maybe you can do security, but you can’t just go into security. People would tell me that all the time. And I was like, nah, there’s got to be another way.
Adam Roth (1:28:17) I’m going to tell you why that is. And I might say it’s a catchall for everybody. The only reason why I sort of believe in it is that a lot of people don’t have the structure to understand. So when I started doing work,
Adam Roth (1:28:34) as I used to, when I used to go take my original certification test, when I used to ride the horse to the attesting center, that’s how old it is.
Gabrielle Hempel (1:28:43) It was a horse, not a dinosaur.
Adam Roth (1:28:45) Come on, Gav smash. And by the way, start referring to me as chocolate martini.
Adam Roth (1:28:51) So,
Adam Roth (1:28:52) yeah,
Adam Roth (1:28:54) the beginning was, yeah, to kind of learn Microsoft. Because that was the only thing really back then, the big thing, right? Linux was around and Unix was around, I guess. Unix more in ZenX and Banyan vines, whatever. But then when I learned that, I started learning networking. And then this woman that was in networking said to me, you know, I know you want to get into the sexiness of networking, but you’ve got to get the baseline of understanding how things work. And you’d be surprised as a guy that was a hiring manager. And by the way, you talk about people talking about, you know, being smart enough, a certain person here that was my boss and it wasn’t you. So, you know, I got to hire everybody else on my team. I didn’t get to hire you. I’m stuck with you. Oh, God, we hear this every episode. Yeah, so that being said, I’m never going to forget you. But then you start learning networking and you learned about broadcaster means, and you learned about forwarders and you learned about ports. And then when you get to security, you kind of have to know all of that. It doesn’t mean that you weren’t capable of doing it, but a lot of people don’t have that, that, what’s the word, that drive, that ambition, that motivation to learn all the aspects of it. And I know that you’re a security person, but it doesn’t mean what’s right for most people is right for you. So that’s why I kind of see how people build up to that.
Gabrielle Hempel (1:30:16) And by the way, that’s how I did it. Oh, no. And I think that’s, that’s especially back in, you know, 20 years ago, that’s how it had to be because…
Joe Patti (1:30:23) Right. Yeah, that’s old school.
Gabrielle Hempel (1:30:25) The only field that security touched was tech.
Gabrielle Hempel (1:30:29) But the interesting, I think now when you look at it, security touches every field, whether you’re in medicine or finance or doing some critical infrastructure stuff, or any field that you’re in, there’s security as part of it, because everything’s just done so largely online at this point. And that’s why I think that now it’s a little bit friendlier for people to try and get into security different ways than maybe it was back in the day. There was kind of only one path back in the day, and now it’s like, okay, you can take a lot of different paths. But at the same time, like you’re saying as well, there’s, it takes a lot of self-starting and drive. And self-auditing is like really what I find myself doing a lot, because I went straight from not working in tech at all to being a security analyst.
Joe Patti (1:31:12) That is a little bit unusual, unless you… I know. …got some kind of training or got a degree or something.
Adam Roth (1:31:18) Which is why we know she’s a witch.
Gabrielle Hempel (1:31:19) I did a lot of self-study and like kind of brought myself up to speed in a lot of areas to the point where I understood what was going on. But they also told me, they were like, “You’re going to sink or swim. If you can’t figure this job out, like we’re giving you, we’re taking a chance on you essentially.
Gabrielle Hempel (1:31:36) If you do well in this role, then you’ll learn a lot and you’ll have that experience. If you don’t, then you’re just not going to do well. Like you’re not going to last here.” So it was definitely, it was a sink or swim role where I really had to work, improve myself. And it was for a consulting company, like one of just outside the big four. I was with Accenture. So worked 24 seven pretty much for a couple of years just to bring myself up to some speed. And I still, I self audit a lot. I still have a lot of gaps coming from not working in security to going into security. I learned security backwards is how I say it a lot of the time. I learned all the security stuff. I can talk all day about a lot of your security topics, malware, like encryption, things like that. If you ask me, like you were saying networking questions, I’m like, “Good
Joe Patti (1:32:27) luck.” Here’s the thing, you’re right. That’s the old school thing. Now there actually is training. There are even degrees when we started out, there was nothing like that. So you can get into it, although you jump right from something totally different to analysts. It’s still a little unusual.
Joe Patti (1:32:45) But at the same time,
Joe Patti (1:32:50) don’t feel bad that you have gaps ever. Because security has gotten so wide, you can’t know everything. I mean, even as a manager, I go and go and look at these things. I’ll look at a job description and they basically list, they’re like, “We want someone who’s not even done, but managed all these technologies.” I’m like, “Nobody’s done
Adam Roth (1:33:10) all of that.” I mean, let’s create everything. So yeah, so we want cyber security engineering needed, must have 20 years of experience,
Adam Roth (1:33:21) must understand networking, SPF, BGP,
Adam Roth (1:33:27) is able to speak Cantonese for our Cantonese people.
Adam Roth (1:33:31) The best is entry level, 20 years experience.
Gabrielle Hempel (1:33:34) Oh yeah. I see that all the time.
Adam Roth (1:33:36) I see a lot. 20 years in cyber? I mean, I know cyber’s been around longer than 20.
Joe Patti (1:33:41) Well, maybe not 20 for entry level, but you know.
Gabrielle Hempel (1:33:43) No, but I see a lot. We’re still like eight to 10 for entry level. I’m like, “Are you serious, dude?” Most people I know that have eight to 10 years of experience are pretty squarely senior level at this point.
Adam Roth (1:33:54) You know, I have a master’s in cyber security. Well,
Adam Roth (1:34:00) here’s a point. Joey was like, “What are you doing?”
Joe Patti (1:34:03) Aren’t you both special? No, you might have a background.
Adam Roth (1:34:04) Yeah.
Adam Roth (1:34:07) So I actually want to go for a PhD. Me too. So we’ll hang out together. But the reason why I want to do it is for only one reason. I want people to say, “Doctor,
Adam Roth (1:34:17) doctor, doctor, doctor.”
Gabrielle Hempel (1:34:18) Same. And I want to teach. That was the reason I got my master’s was mostly because I want to teach. That and I kind of wanted some sort of degree in cyber security because my undergrad was not at all and wanted to get that on my resume too. So I went to NYU.
Gabrielle Hempel (1:34:34) I did. It’s global security conflict and cyber crime is actually the name of the master’s program. But for all intents and purposes, it’s like global affairs on cyber security.
Joe Patti (1:34:46) Oh, you went to NYU in Brooklyn there?
Joe Patti (1:34:49) What was Poly?
Gabrielle Hempel (1:34:52) No, I was actually in Woolworth building. So I was squarely in Woodworth.
Adam Roth (1:34:56) Oh, 250 Woodway.
Adam Roth (1:34:58) 233 Woodway?
Speaker 5 (1:35:00) Yeah.
Adam Roth (1:35:00) Yeah. So the real NYU. Good for you. So there’s three things I want to say really quickly. I’m going to get a whale for that.
Gabrielle Hempel (1:35:08) From Brooklyn to the engineering school, right? Isn’t Tan and Brooklyn?
Joe Patti (1:35:11) Yeah, exactly. Yeah, that’s it. It used to be Brooklyn, Holly.
Gabrielle Hempel (1:35:13) The other schools, but it still was an MS. But I liked that it had the global affairs side of things too, because my end goal, right? I would love to either work for a while and then soft retire someday and go work for a Department of State doing really cool stuff in cyber security with some of the stuff that’s going on in the world. But I mean, short term, not short term, I guess, in private sector though. I want to be in that CISO kind of role. And I know a lot of people will roll their eyes and they’re like, “Oh my God.” I like having the blame for the time,
Speaker 4 (1:35:45) but I also like to do that picture of everything. I like understanding how all of the different pieces of a cyber security program work for it and what those outside pieces are that influence the cyber security program. And that’s why I kind of want to be in that role.
Joe Patti (1:35:59) Yeah. You know, I can understand. I mean, I can tell you a little bit from experience. I can understand wanting to get the CISO thing out of your system. It’s like, “Yeah, I want to sit in the big chair. I want to do this.”
Speaker 5 (1:36:08) Yeah.
Joe Patti (1:36:09) Yeah. I can tell you it’s a lot more fun to say that you’re the CISO than it is to be the CISO. I know.
Gabrielle Hempel (1:36:18) I’ve heard that from many people.
Speaker 5 (1:36:19) It’s not an easy job.
Gabrielle Hempel (1:36:22) Totally get that that’s the case. And I know it’s not an easy job, but I like the big picture strategy side of things. And right now I’m just biting my… I’ve only been in security for five years.
Adam Roth (1:36:33) That’s a lifetime. I’m ready for a lot of people.
Gabrielle Hempel (1:36:36) Yeah, but most it’s like, mostly that’s the issue I’m having right now. I’ve worked in engineering. I’ve worked in quite a few different roles in cybersecurity. I have a lot of experience, but at this point is the time. I don’t have enough time on paper yet to be in that director level role or anything along those lines.
Adam Roth (1:36:53) I’ll tell you this. I’ll tell you this. I want to go on a rant for one second. Right? Number one, my cybersecurity degree, even though I value the institution, really didn’t do anything for me other than challenge me. A lot of my learning came from my certifications that I went really hard into and I learned. And I spent a lot of time saying, “But before I make it, this is nothing wrong with getting a degree.” But a lot of people in my classes had no formal experience in cybersecurity.
Adam Roth (1:37:23) First of all, number one, God bless America. A lot of them were military. They were going on what they deserved. They got paid due to degrees and I respect that and I value them tremendously. But that’s what they did. They went into cybersecurity hoping to get into cybersecurity eventually when they got into the military. And I hope they do because there’s such a shortage of cybersecurity professionals. The second part of that rant is they’re hiring everybody these days because they don’t get enough cybersecurity people.
Speaker 5 (1:37:55) Not everybody.
Adam Roth (1:37:56) Not a bad way.
Joe Patti (1:37:57) That depends. Things have changed quite a bit. It’s actually been a lot of talk on LinkedIn about this that believe it or not makes some sense.
Joe Patti (1:38:07) The cybersecurity shortage is not at all levels. A lot of it is entry level, getting those people in. And it boils down to someone like yourself, Gab Smash, can do really well if you’re a self-starter and want to learn because a lot of these companies just don’t want to teach people. They don’t want to invest the time. They don’t want to invest the money. And they know that if they do, they’re probably going to skip out somewhere else.
Joe Patti (1:38:36) So there’s a lot of shortages there. But as you go to the more senior and especially the manager director levels, there’s actually a lot there. And until the market opens up a little bit, it’s going to be really tough to find opportunities there. Like a couple of years ago, if you had managed a security team for two years or something, you could be a CISO or you could be a director. They just needed anyone. And people would take a chance on you. Now that things are tight or not so much, but that’s going to change over time.
Gabrielle Hempel (1:39:13) Well, I still need that management experience. I have management experience way back in the day when I worked in retail and stuff, but it’s a different ballgame with security. And I don’t have that management experience in security yet. I’ve been an individual contributor at most of the roles I’ve been in.
Joe Patti (1:39:26) Well, I can tell you as a long time security manager, security people are pain in the ass.
Gabrielle Hempel (1:39:34) Oh yeah, I know.
Joe Patti (1:39:35) They are not. It’s like managing like a sports team where it’s not easy.
Adam Roth (1:39:43) The other thing I’m going to add as the last part of my rant is that a lot of the opportunities I have seen in cybersecurity is through a vast, your vast networking.
Gabrielle Hempel (1:39:55) And the people that are really good- Why do you think my LinkedIn looks the way it does?
Adam Roth (1:40:00) So the point I’m thinking is that, you know, you know, Joe and I have had this conversation about who do you add on LinkedIn, who do you don’t. And I’ve been selective, but I still have thousands of people. And when I look for opportunities, I typically start reaching out to people who I know and it has a going, you know, do you have any opportunities? And sometimes people reach out to me. And this is how I got my last position.
Adam Roth (1:40:27) The CEO of my current company, incredible guy, military guy, was asking me to join other organizations. And finally we came to the consensus that the right opportunity, the right time, everything worked out. But my position before when I worked for Joe was because my friend brought me in there. And the position before that, I believe, was because my other friend brought me in. So my point I’m making is, it’s not always easy when you start going to recruiters and God bless recruiters. But a lot of the opportunities you don’t want to get in management is somebody that knows you personally, that can vouch for you personally, that knows what your worth is, because a lot of times it’s more personal than not. We’re recruiters. I’m not saying there’s not good recruiters out there. There are. No, they aren’t. Some of the recruiters are trying to make money and they have a hard job. But there are recruiters out there that really know you and they can place you in the right opportunity. That’s what I’m talking about. You’ll get a management position when you want, but it’s gotta be somebody probably that you know that make it easier.
Joe Patti (1:41:28) Well, I can also tell you, just let me let you know, the best way to break into management is to get promoted into it. You know, because still it’s crazy. It makes no sense, but the top tech person on a team who knows absolutely nothing about management will get promoted to management. The supervisor
Gabrielle Hempel (1:41:45) will never– I feel like my last organization was not the place for that. My current organization is a fantastic place for that. They are very big. A lot of people have worked their way up from being support and are now managers and stuff like that. They’re just very big on promoting from within. They’re also, they listen to their employees, which I really like. If I come up with a suggestion for the program that I’m working in or whatever, I end up with a skip level with a VP and hang out and talk about that and then they implement it. And it’s really, it’s kind of cool to see that level of listening from management in a company too. So I feel like I’m in a good place to do that and potentially move into management there and then get my feet wet at that point. But yeah, it’s definitely one of those things where
Gabrielle Hempel (1:42:38) I’m just kind of biding my time at this point until I have the experience and stuff. But same like Adam, you were saying as well with knowing people. I think after that first cybersecurity role that I finally got with no experience. I worked there for a couple of years, worked my way up to a senior level analyst and stuff like that. And then every single job I think I’ve had since then has been through social media or word of mouth. Either somebody saw that I spoke at a conference and they liked what I spoke about and they wanted to talk about a role or somebody knew me, wanted to introduce me to someone. Every single role I think I’ve gotten since that first one has been on a personal basis somewhere, which is huge.
Joe Patti (1:43:21) Wow.
Joe Patti (1:43:23) So here’s the other big thing about going into management. This is a Joe’s School of Management. When you get into that, you got to learn to manage. Yeah. And you need to put the same kind of effort and whatever project into it that you did when you went into security and learned security. It’s not the same. By every management book, read it and realize that 90% of it is going to be crap. But yeah, learn from people.
Gabrielle Hempel (1:43:49) I’ve got a couple of them. What’s the one that I have? Oh, Extreme Ownership by the guy that was the Navy SEAL. That’s a really good one.
Joe Patti (1:43:59) I read that one recently. Jocko something, right? I think I read that one.
Speaker 5 (1:44:03) What is his name?
Joe Patti (1:44:04) Is that his name?
Gabrielle Hempel (1:44:04) I see. I can forget
Joe Patti (1:44:07) a name like that.
Gabrielle Hempel (1:44:08) Vision sucks. I know I’m the worst, but it’s really good.
Adam Roth (1:44:11) Willie, you’re a bat. That’s right. Division does suck with bats, aren’t they?
Adam Roth (1:44:17) They’re pretty much blind.
Gabrielle Hempel (1:44:18) Blind as a bat, you know. Oh, Gabe Smash.
Adam Roth (1:44:19) I’ll get you glasses.
Gabrielle Hempel (1:44:22) I, man, I need to get my brother just got Leesick and I’m so jealous.
Gabrielle Hempel (1:44:27) I want to get Leesick so I can see again.
Joe Patti (1:44:29) I’m too chickenshit to get Leesick. I’ve been avoiding these.
Adam Roth (1:44:32) I thought I got Leesick, but I’m afraid somebody will get access to the equipment and then shoot my eyes out.
Gabrielle Hempel (1:44:36) That was in a final destination, maybe.
Gabrielle Hempel (1:44:41) Don’t watch that one if you ever want to get Leesick. No. It’s pretty scarring, but he has a government job opportunity that he needs vision for. So, yes, he had to have corrected vision to go do that.
Adam Roth (1:44:53) So, nice.
Speaker 5 (1:44:54) I know.
Adam Roth (1:44:55) No, yeah, he sees. Not you see. He sees.
Adam Roth (1:45:00) So, there’s one other point that I read I missed. Sorry. I have to finish it. So, the other part
Joe Patti (1:45:05) is- Is this rant going to go on? We’re going to need another episode for this rant that just keeps going.
Adam Roth (1:45:08) No, this last part of the rant, I think. So, the other part is being in cybersecurity is kind of like being a doctor, right? You have a general practitioner.
Adam Roth (1:45:17) It’s not to take away from the school from doctors. So, I’m just, so you could be a general practitioner in cybersecurity, you know, and then someone will say, “Oh, we need a networking security engineer,” which is kind of what I was at one point. So, anybody who thinks they need to know everything in cybersecurity is wrong. There’s only one thing you need to know, especially if you’re managing people in cybersecurity, is you need to know you’re not the smartest person in the room. I was going to say, “Smartest guy.” You’re not the smartest person in the room. You just need to surround yourself with smart people. So, you need an endpoint engineer like Joe did in the past. You need a cybersecurity network engineer. You need maybe a cloud engineer. Those are the things that you need in bigger enterprise organizations. You need a lot of people that are kind of sort of siloed, but know a little bit of everything. So, there’s no way you can know everything. You can’t know networking and, you know, like there are people that want cybersecurity engineers to understand how do we, you know, take over routing protocols. I mean, who does that? It’s very rare that you find somebody. You have to be in a, like a major financial institution. You find somebody who does exactly that.
Gabrielle Hempel (1:46:26) Yeah. Yeah, no, I pride myself in consistently being the dumbest person in the room. That’s, I love it though. Like I don’t, I love being like my team at work, especially every single one of them is so good at like something very specific. And that’s what makes our team, the team at work awesome, because if there’s something very, like there’s one guy who’s like a DRHA architecture wizard. Wow.
Adam Roth (1:46:56) So like, and you have a question.
Adam Roth (1:47:00) DRHA in, in, in, in operating systems, like, you know, servers or a DRHA in networking or DRHA in cloud, because they all three different things too.
Gabrielle Hempel (1:47:10) Yeah.
Gabrielle Hempel (1:47:12) Mostly having to do with our product since we’re a SIM tool. So, anything surrounding our product that has to do with like our architecting it in a DRHA environment. He’s very good with, there’s like another person who was a support manager for years and years and years. So any like weird question I have about the tool, I can be like, Hey, have you ever seen this? And chances are he’s like, yeah, I have. Here’s how you fix it.
Adam Roth (1:47:32) Just one point I want to say, so Joe usually does this for those who are watching that are not normally in networking and cyber, DRs, disaster recovery, HAs, high availability. And what makes this important is if you’re a person that’s using a computer and you’re trying to connect to a website or something, and then you see that you pretty much have access to that website all the time. If one server goes down, the other server gets up. If one router goes down, the other router comes up. So that high availability means you pretty much have 99.99% availability.
Gabrielle Hempel (1:48:05) Yeah. Like all of my certifications were done in AWS, either architecting or security. And that’s a big hallmark of that exam too, is just understanding how to create infrastructure. So that like, if your availability zone in one area goes down, that it’ll just fail over to another one and not having a ton of angry people calling that their website’s not working all the time.
Adam Roth (1:48:28) That’s why makes Amazon so attractive these days and Google and.
Joe Patti (1:48:32) Well, you got to design it right. But then realize also it’s not quite as redundant as they say it is. They haven’t had an outage in a while, but in any case, now here’s the other thing. Here’s the other bit of bad news. Okay. I’m going to get a little, a little philosophical. Remember all those, all those skills that you build and all these things that you do now, they have a finite lifetime.
Adam Roth (1:48:55) Yeah.
Joe Patti (1:48:56) About two months,
Joe Patti (1:48:58) but you know, you got to be looking forward to what’s going to be here next. Cause you know, as we look at our very depressingly long careers, you know, things have changed quite a bit and it’s amazing in security because the things that, you know, we’re working on even, you know, that were hot two years ago are not so hot. And now AI came from out of nowhere. Now it’s like, Hey, I, you know, the world. So, you know, you got to keep as seductive as it can be to be, I want to be the ultimate expert in this. It’s like, okay, you can be for a while for now, but you got to keep moving.
Gabrielle Hempel (1:49:34) You know, I am not one to speak in absolutes, but I, the one I will say is if you’re not willing to continue to learn or adapt to a changing environment, then you will fail in security.
Adam Roth (1:49:45) Yeah. It’s an everyday learning experience. And that’s what I see a lot of my friends and colleagues do. Oh, I don’t know this, boom, boom, boom. But I’m going to argue with Joe because AWS, Amazon, Azure, their products change. Sometimes within two months or a month or three months and they change the names and they change the way and they change the licensing. Oh, it’s E five. It’s E three. It’s E two. It’s E 1000. You know, that lies. You need to keep up to date like you’re saying constantly. So yeah, Joe’s correct. The overall technology. You just said the same thing I said. What are you working with him?
Adam Roth (1:50:20) Was I?
Gabrielle Hempel (1:50:21) Yeah. Crap. I know. Now you got to find a new angle, man.
Joe Patti (1:50:24) You just want to argue with me.
Adam Roth (1:50:28) Joe, I did all my arguing fighting yesterday.
Gabrielle Hempel (1:50:31) Just trying to find something to argue about.
Adam Roth (1:50:33) Oh, you want to fight?
Gabrielle Hempel (1:50:34) Yeah, I do. All right, come down. We’ll go to the gym. I’ll be there. I’m down. Let’s do it.
Joe Patti (1:50:39) Okay. We know how to film it. We’re good at it now.
Gabrielle Hempel (1:50:42) So I’ve been in the ring. I lived when I was in Connecticut. I lived like right across the street from a place that did like crossway kind of stuff. And then they also had an MMA school there because it was during the pandemic and I literally didn’t have anything else to do or go anywhere else. I would walk across the street every day and train at these places.
Adam Roth (1:50:58) So part of the teaser is that we did three rounds of boxing. That’s going to come out eventually. And one hour after hours. And I can respectfully say.
Adam Roth (1:51:13) When I did the three rounds yesterday,
Adam Roth (1:51:16) I lost.
Adam Roth (1:51:18) I got my ass kicked. Was somebody half my age?
Gabrielle Hempel (1:51:20) Hey, that’s important though, to be able to admit that.
Joe Patti (1:51:23) I give you a lot of credit for doing it because I was just standing there holding the camera.
Speaker 5 (1:51:27) Yeah, that’s a lot, man.
Adam Roth (1:51:28) Like that’s three rounds, three minutes, nine minutes, total fighting.
Gabrielle Hempel (1:51:32) Dude, three minute rounds are rough. Like that sounds easy until you get in there and you’re like, like usually after two minutes, I’m like, I’m going to die.
Adam Roth (1:51:39) Like I was being a wise guy. I was keeping my hands down and trying to say, hey, come on. Yeah, let’s go.
Gabrielle Hempel (1:51:43) Okay. Yeah, we did two minute rounds and that was that is the longest two minutes of your life.
Adam Roth (1:51:50) He was half my he was half my weight. And I wonder the bad things about me is when I get in the ring, I tend to use a lot of my weight, like a move people or come in. And I said, let me just regular fight. Let me regular fight. And I even went up to my trainer friend owner and I said, it’s very humbling because when I don’t use my weight, you’re going to kick the shit out of me every single time.
Gabrielle Hempel (1:52:13) So that’s something I really had to learn with MMA stuff is like Tae Kwon Do, especially being a tall person, I was always really good at the kicks and I put distance between me and a person and kick and like I’m able to keep them kind of at legs length, if you will, like, because that’s what I do best. So getting into MMA and being forced to get comfortable with being up close to someone and up in your zone and using your hands a lot more was really different.
Adam Roth (1:52:44) So Tae Kwon Do and I sparred a lot of it was just point sparring, right? You’re like, point, stop. Yeah. And then but doing three minute rounds, I’m sitting there looking at the clock, I call it over.
Speaker 5 (1:52:57) Yeah, please.
Adam Roth (1:52:57) I’m like, let me look so stupid in front of Joe, in front of Joe’s son, in front of my wife, in front of the gym, in front of the millions of people that are going to watch us on our podcast.
Adam Roth (1:53:08) Millions.
Gabrielle Hempel (1:53:08) I’ll say it out there. We’ll get it to a million.
Joe Patti (1:53:12) Let’s get it there, Adam. Adam, you showed more heart yesterday than I can. Then when I used to work for you. You say.
Adam Roth (1:53:20) And what? I’m challenging Ryan Reynolds to three two minute rounds.
Joe Patti (1:53:25) Well, Ryan, I’m sure he’s going to see what when he watches every episode as he does, watches this one, you know, that you got the Deadpool hat on. So, you know, oh, actually, we have a new segment on the show. We’ve been trying to get Ryan Reynolds on on the show. That’s like Adam’s, I don’t know, aspirational guests. So what’s the what’s the Ryan Stalking report for this week? You’ve been Jason Emadol or we’ve
Adam Roth (1:53:50) been no, but we have an attorney. Remember, they said if I’m not successful, then it’s not Storkin. That’s right.
Joe Patti (1:53:55) So so far you’re in the clear legally.
Adam Roth (1:53:57) So I found his email address, I believe, and I emailed a lot of the people that work for him. And I know they read it, but they had not responded.
Gabrielle Hempel (1:54:05) You try reaching out to Blake,
Adam Roth (1:54:07) his wife. Yeah, then that’s really going to be stalking. But no, no, I know.
Gabrielle Hempel (1:54:14) I know of her. I know they were all at the Chiefs game because they’re all friends with.
Speaker 5 (1:54:18) Oh, yeah.
Joe Patti (1:54:19) Oh, yeah. We can get to him through Taylor Swift. That would be much easier.
Speaker 5 (1:54:22) Yeah, easy.
Gabrielle Hempel (1:54:26) There’s like a whole like degrees of Kevin Bacon here. I went to college. I went to college with Travis Kelsey. I was I don’t know him, but like I went to UC the same time that he did. He was on our football team when I was there.
Adam Roth (1:54:39) So so his his the 14000 degrees of separation. Taylor Swift has an Israeli bodyguard. I have Israeli friends. My Israeli friends are on the IDF. One of my Israeli friends, our Israeli friend, might have the capability through a certain group within the IDF, maybe be able to find the Israeli bodyguard. That Israeli bodyguard can go back to Taylor Swift. Taylor Swift can go and disclose laterally.
Joe Patti (1:55:13) Okay, this is kind of like, you know, it’s kind of like it’s kind of like pen testing. You know, you got to keep just moving from one. To the next lateral movement. We’re we’re lateral moving through Ryan’s.
Adam Roth (1:55:25) I really emailed them. Some of these people that work for maximum effort live in Brooklyn.
Joe Patti (1:55:33) Oh, there you go.
Joe Patti (1:55:35) Well, you know, you know, everyone who lives in Brooklyn, you got to know someone who knows them.
Gabrielle Hempel (1:55:38) I don’t think I have any like cool connects with him. The only like, my only claim to fame is on Twitter.
Gabrielle Hempel (1:55:45) John Saina follows me on Twitter for some reason. Don’t know why.
Gabrielle Hempel (1:55:48) It is actually John Saina. He went. Really? He went. He went. It’s the only reason the kids think I’m cool.
Gabrielle Hempel (1:55:57) But he went on like this following spree of people and info suck for some reason. So there’s like a handful of people that work in our industry that he follows for. No, and I thought it was a joke at first and I clicked on his profile. I was like, Oh God, that’s actually like, so
Adam Roth (1:56:10) Joe, I’m surprised Joe didn’t don’t get mad at me. I email a certain very famous celebrity.
Adam Roth (1:56:18) And I said something nasty that was that was involved with our.
Adam Roth (1:56:24) Business. What?
Joe Patti (1:56:26) And you tell me about this.
Gabrielle Hempel (1:56:29) Joe was like, I do not recall that.
Joe Patti (1:56:30) So you know, I’m just about the whole knowledge of what
Adam Roth (1:56:33) I’m going to say is. Oh,
Joe Patti (1:56:36) geez. Remember that? What? Anyway, he’s
Speaker 4 (1:56:43) like, let’s pivot.
Joe Patti (1:56:44) Yeah. Next topic.
Speaker 5 (1:56:46) Yeah.
Joe Patti (1:56:49) Actually, especially since we’re now since we’ve done the stalking update.
Joe Patti (1:56:52) This kind of brings us to last call. We’re kind of getting to the end here.
Adam Roth (1:56:56) Well, you said last cold. We didn’t even talk about what alcohol did we.
Gabrielle Hempel (1:57:00) I can tell you what I’m drinking. I filled my cup up really. I know I’m like trying to detox now, but I’ve been traveling for work for the last two weeks. You know how much I’m during. I’ve been doing more than the last two weeks and I think I have in the last year.
Joe Patti (1:57:09) Wow. Congratulations. All right. Thank you. What do you have there?
Gabrielle Hempel (1:57:14) I have basil hayden on the rocks. So drinking some bourbon today.
Speaker 4 (1:57:20) Have you ever had basil hayden?
Joe Patti (1:57:21) I have never heard of basil hayden. I thought I’d at least heard of most.
Gabrielle Hempel (1:57:26) It is a really good bourbon.
Gabrielle Hempel (1:57:29) I love to send you some because my brother lives in Kentucky and I was, I’ve always been a whiskey person, but I was exposed to some of the really good bourbon that they have there because it’s everywhere and the bourbon trail is there and all kinds of stuff. You know, we should do a security cocktail hour and do the bourbon trail.
Joe Patti (1:57:47) Yes. On the road. There we go.
Gabrielle Hempel (1:57:49) Because it would be fun to trail the bourbon, but to be hilarious to see the two New York guys in the hills of Kentucky because it is just.
Joe Patti (1:57:58) Oh, we blend. Don’t worry.
Gabrielle Hempel (1:58:01) An adventure.
Joe Patti (1:58:02) I am sure you do.
Gabrielle Hempel (1:58:03) Yeah. I am sure you do.
Adam Roth (1:58:06) Once I open my mouth, they know exactly where I’m from.
Gabrielle Hempel (1:58:09) Yeah. And it won’t be a little bit like people in New York or people in. Kentucky are awesome, but like, yeah, it’s just funny and very different.
Adam Roth (1:58:17) Different culture. For one of my companies, I had to travel to Arkansas, though it was interesting because when I went to the airport, the woman said, Oh, can you use the kiosk? She worked for the airline and I’m like, she goes, where are you going? I go, Arkansas. She goes, is that an international destination?
Adam Roth (1:58:34) And then the guys, well, be honest.
Joe Patti (1:58:35) So metaphorically, I don’t know.
Adam Roth (1:58:37) So the guy next to me, she’s sitting there going.
Adam Roth (1:58:43) I go, no, it’s a state called Arkansas. She’s like, never heard of it.
Joe Patti (1:58:48) And they’re flying.
Adam Roth (1:58:49) That’s so New York. She was like a kiosk or airline person at the line that says, can you go to the kiosk, please?
Gabrielle Hempel (1:59:00) I don’t know, man. People in New York don’t realize that places outside of New York exist sometimes.
Joe Patti (1:59:04) Oh, I know. They exist. It’s true. Well, some stuff exists.
Gabrielle Hempel (1:59:07) Like, it depends on the person. There’s definitely some people that like New
Adam Roth (1:59:12) York is the center of the universe. It is the center of the universe. We know that already. So that being said, when I did go to Arkansas, this is what I was bringing up. I’m like, how are you doing to go? Oh, what’s up, New Yorker?
Adam Roth (1:59:23) I suck it up in my mouth. Oh, where are you from? I bet you’re from Brooklyn. I’m like, no, I grew up in Queens, lived in Brooklyn and now I’m in San Juan. They’re like, yeah, but you’re from New York. I can tell. Even the UK, they made fun of me. Why die? Why die?
Joe Patti (1:59:37) So here’s a quick, funny story. We had a little issue with a vendor. We were dealing with a call center. Adam was on call. And so he gets the call, whatever. And there’s this big blow up. The information doesn’t go through, whatever. We have a problem with this alert. So I got to get involved. I talked to the manager and I’m like, what the hell is going on? What’s the deal? And the analyst on the phone who was in Canada claimed that he couldn’t understand Adam’s Brooklyn accent.
Joe Patti (2:00:14) He got an earful for that. You know, like what?
Adam Roth (2:00:16) Yeah, but I’m the one complaining that I don’t understand him.
Gabrielle Hempel (2:00:20) Still take calls with your girl because I’m going to start prank calling you.
Gabrielle Hempel (2:00:25) Okay.
Gabrielle Hempel (2:00:26) What is everyone else drinking?
Adam Roth (2:00:30) French 75 in Mickey Mouse cup. Mickey Mouse cup. Wow.
Joe Patti (2:00:35) I finished mine, but I was drinking a scotch because we’re doing bourbon shortly. We got another recording to do.
Gabrielle Hempel (2:00:42) So I want to get into scotch and I met a very nice gentleman from Wales when I was at a conference last week. And we had a long conversation about the best beer on earth, which is Guinness. And also, you know, whiskey and stuff like that. But he’s a scotch connoisseur. And he was telling me all these kinds of scotch to try that. I don’t remember what any of them are.
Joe Patti (2:01:03) Scotch connoisseur. It’s God, it’s very complicated. You know, I mean, I want
Gabrielle Hempel (2:01:08) to try it. I like whiskey and whiskey bourbon are my favorites. So like scotch is naturally kind of like the third horseman there, right? Third musketeer, but
Adam Roth (2:01:15) I was going to try to be fancy and say, you know, you’re drinking guano.
Adam Roth (2:01:22) I don’t know if you know, guano. That’s that shit.
Speaker 4 (2:01:24) Yeah.
Joe Patti (2:01:25) Yeah. Oh, that’s disgusting.
Speaker 4 (2:01:26) I’m a bat. Why would I not know what that is?
Joe Patti (2:01:28) It’s that cannibalism. I don’t know. Have
Gabrielle Hempel (2:01:33) you heard of that coffee, though, that they make out of like it’s like certain monkeys eat the beans and then shit them out and they make coffee out of the beans that they take out of their shit and supposedly like the best coffee in the world. I’m not eating monkey shit. Yeah, it’s really expensive. It’s one of those things where I was like, I think I heard about it in Singapore when I was there. And I was like,
Adam Roth (2:01:56) I’m going to have to try.
Gabrielle Hempel (2:01:58) If I would like try that, like, I don’t know. I’m kind of curious.
Joe Patti (2:02:01) You know, that sounds like a bar bet that some marketing guys get together and they said, what is the most ridiculous, most disgusting thing we can get people to pay a premium for? Yeah, monkey shit. Why not?
Gabrielle Hempel (2:02:11) So like last weekend, we were in Southern Utah and we rented some side by sides, you know, those like crazy, like off-road, like little things that people use. We had some of those and we were in Southern Utah and we were on the dirt bike trails. And I’m the one, like you should not ever go with me on one of those because I’ll be like, if we roll it, we’re fine as long as we don’t like die. Right. So but we kept taking it off of dirt bike jumps. My boyfriend’s like, are you serious? You want to do this? And I was like, yeah, let’s do it. Like, what are you scared? And like, obviously, you know, when you say that to someone, that’s just egging it on, especially for someone as competitive as he is. So we went over a couple of jumps. Definitely tipped, did not roll, but tipped a couple of times. And the night ended with one of my friends. We found this little lake thing that definitely had like quicksand at the bottom.
Adam Roth (2:03:01) Oh, God.
Gabrielle Hempel (2:03:03) And I was like,
Gabrielle Hempel (2:03:05) you should try and drive yours through that. And one of my friends, he just bought a new machine. And those things are expensive, right? Like they I don’t know if you know how much they cost, but they’re like 10 grand. I’m much 35.
Adam Roth (2:03:13) Oh, I thought they were expensive.
Gabrielle Hempel (2:03:15) They cost like what a car costs. Like literally, I just bought a new SUV and my SUV costs that. So it’s like, why why are people spending 35, 40 grand on a tomb buggy?
Joe Patti (2:03:25) And drive it into quicksand. That makes sense.
Gabrielle Hempel (2:03:27) You know, but I was like, you should see if you can drive it through the lake and not get stuck. And he was like, okay. And he got stuck. So I have a picture of it. It’s really funny.
Gabrielle Hempel (2:03:37) I can pull it up and show it to you actually on here because that’s hilarious.
Gabrielle Hempel (2:03:40) But it’s a picture of it in all of its glory, setting in the water. Um, beautiful scenery, though.
Adam Roth (2:03:50) Nice. Oh, wow.
Adam Roth (2:03:53) I, I, I, um, I did a doon buggy in the Middle East. Oh, they’re so fun. It went to a desert and stuff. My family was really cool. And then you pick a place to eat lunch and we ate lunch and it was very nice. The problem is people don’t realize when you’re renting a doon buggy and you’re going in the desert, you got to wear goggles. Yeah, we had to get goggles because my goggles were covered. Yeah. Covered. I had to keep on wiping. I had to stop wiping my goggles. Stop wiping my goggles.
Gabrielle Hempel (2:04:24) Even out there, it was like that just with the red dirt and stuff. It’s Utah’s crazy because I live up North. So I’m actually like on the bench of a mountain. So, um, I live like half an hour from Snow Basin. So lots of skiing and fun stuff out here. But then if you go, that’s three hours South just all the mesas and we ride outside of Zion. So it’s a cool state. If you like doing stuff outdoors, if you guys are ever out here and want to get into some trouble, let me know.
Joe Patti (2:04:48) Yeah, we do our outdoor stuff, you know.
Gabrielle Hempel (2:04:50) Yeah.
Joe Patti (2:04:51) Rooftop bars, you know.
Adam Roth (2:04:53) Well, we rent a doon buggy. I’ll come out there and then we’ll go to the gym and fight.
Adam Roth (2:04:58) Sounds good.
Joe Patti (2:04:58) There we go. All right. Fighting on the road. Okay.
Gabrielle Hempel (2:05:01) Or you can go out there and fight.
Adam Roth (2:05:04) That’s what I’m saying. Nature fight. Yeah, nature fight. Let’s get in there. We’ll get like four cones, big tall cones.
Gabrielle Hempel (2:05:09) We can do it on the edge of a cliff.
Adam Roth (2:05:10) That’s it. No, why I won’t do it because– In
Joe Patti (2:05:14) the middle of nowhere, unsanctioned, uncivilized.
Adam Roth (2:05:17) So if I hit you, you would just be able to fly off the cliff. Yeah. If you hit me, I’m going to plummet to my death.
Gabrielle Hempel (2:05:24) Well, you can put a parachute on you or something.
Adam Roth (2:05:26) Yeah. Safety first. I can’t even operate on remote control.
Adam Roth (2:05:35) I think we’re there, right, Joe? We did some good episode here, huh?
Joe Patti (2:05:38) All right. Location shoots. There we go. We need a sponsor.
Adam Roth (2:05:42) Okay.
Joe Patti (2:05:42) Get Ryan on the horn.
Adam Roth (2:05:44) All right. ryan goonbugies.com.
Joe Patti (2:05:46) There we go. All right.
Joe Patti (2:05:50) Gabby, Gabsmash, thank you so much for joining. This has been a blast.
Adam Roth (2:05:54) Oh, a lot of fun. She has a– what’s a cool plant in the back? I have like 12 of those.
Joe Patti (2:06:00) A plant?
Gabrielle Hempel (2:06:00) She has one like a succulent or one of these guys. Is it an aloe plant? Is it an aloe? Yeah.
Adam Roth (2:06:06) I love aloe plants. So the aloe plant– I know we were supposed to end it right here, but the aloe plants have pups, Joe. They have pups. They have pups. So they have little pups in the plant, and they keep on reproducing. So we’ve been trying to give away aloe. Do you want one?
Joe Patti (2:06:20) Is that like the thing they put in Chetkov’s ear that made him like, you know– No, that wasn’t aloe.
Gabrielle Hempel (2:06:25) The aloe plants are awesome, though, because if you ever have sunburn, like you can break off a leaf of the aloe plant and just like rub the gel on you, and it’s the same thing that’s in the sun– like aloe after sun aloe, it’s the best.
Joe Patti (2:06:35) I was going to say, why do that when you can go to the drugstore, but whatever.
Adam Roth (2:06:39) It’s better. Because I keep on reproducing, and I have now– I have like 10 aloe plants in my house. The one aloe plant’s like this big.
Joe Patti (2:06:46) You’ve got an invasive species, man. You better watch out. It’s going to take over.
Gabrielle Hempel (2:06:50) You guys got lanternflies? We can have invasive species.
Adam Roth (2:06:54) Oh, yeah, we got those. Those things are nasty. Don’t bring them here. I’ve been eating them in order to stop them. Oh, god. All right, now you gross me out.
Joe Patti (2:07:01) Okay, all right. On that note, don’t eat lanternflies.
Joe Patti (2:07:06) Okay. Gabby, thanks again for joining. We’ve had a blast.
Gabrielle Hempel (2:07:09) Yes, thank you.
Joe Patti (2:07:11) Happy Halloween, everyone.
Adam Roth (2:07:13) Yeah, happy Halloween, Gabsmash. That wings. That wings.
Gabrielle Hempel (2:07:18) I can’t show them while here. There you go.
Speaker 4 (2:07:19) All right.
Joe Patti (2:07:20) Take care.
Gabrielle Hempel (2:07:22) All right. See ya
[0:05]: okay Adam how you doing today I’m sorry you’re talking to me yeah I’m talk I’m talking to you I’m
[0:11]: talking to you you don’t talk you don’t talk to Deadpool that way yeah this is the this is the
[0:16]: Halloween episode and I guess that’s the the closest you’re going to get to a costume is the Deadpool hat which is
[0:22]: very you mean the birthday Edition there’s two of us who had a birthday or having a birthday where’s yours my
[0:29]: birthday was quite was quite a while ago my costume is I’m like you know I got my old motorcycle jacket this is the
[0:34]: closest I get to having a costume yeah I wasn’t going to Slick my hair back that’s like that’s like too
[0:40]: much I don’t have that much Spirit what can I tell you but we have a guest who
[0:46]: is definitely way more in the spirit than we
[0:51]: are I’m kind of embarrassed for me no for me cuz I I’m
[0:57]: the one that kind of said let’s get costumes yeah this was all your your idea and Gabrielle played along Our
[1:04]: Guest did I played along and I’m not a costume guy and you well you got
[1:09]: chocolate martini so that’s cool you’re fine I did have this at my disposal already though I did not buy it for the
[1:15]: podcast so oh good I don’t know whether that makes me weird or no that’s perfect
[1:20]: because we got we got no expense budget for costumes or anything so we’re glad you didn’t spend
[1:27]: anything all right so Gabby why don’t you tell us a little bit about yourself
[1:32]: and and your costume if you if you’d like so yeah I got a cool back oh look it’s got like oh it’s got like like back
[1:40]: wings and everything cool all right it’s funny you should have seen the look on the like so I got twin 15-year-old boys
[1:46]: and like walked out of the room and they were like what are you wearing like one of them just like he walked out of the
[1:51]: door and he like went back in and shut the door he was like nope not today you know what that reminds me of reminds me
[1:57]: of like a Road Runner cartoon like a like Wile E. Coyote gets the Acme bat suit
[2:02]: and tries to fly if we if we drink enough can we get you to like you know roof or something well I got mountains
[2:09]: right outside my window like I live like up on the bench of a mountain I could get some air all right I got to stop
[2:14]: this here uh full full full disclosure here please do not try any of these stunts at home uh the people in this
[2:21]: podcast are Professionals of what they do yes well we have yeah professional we
[2:27]: have no uh by the way we have no costume bug and no health insurance for this so you
[2:33]: know tun we’re not very big on compliance you
[2:40]: know we’re just trying to avoid copyright strikes here so don’t don’t hum any popular tunes please let me put
[2:45]: a teaser out there um what we recorded yesterday did
[2:50]: require protective gear oo what kind of protective gear are we
[2:58]: talking why you making have you done anything that requires a full hazmat suit yet because I can take you some of those places no I’ve done that also as
[3:05]: an EMT but but but um let’s just say it
[3:11]: required headgear gloves and a mouthpiece I and it wasn’t Adam just
[3:18]: going to the supermarket that’s not how it usually goes that’s not true either I usually go to the supermarket people dep
[3:25]: on which Supermarket you’re going to for real yeah seriously
[3:31]: but yeah no so I’m I’m Gabby I’m Gabrielle whatever you want to call me a lot of people only know me by my like
[3:37]: Twitter handle too which is pretty weird um so I get called Gabsmash a lot
[3:42]: that’s my Twitter handle came from a whole J that’s awesome like I I used to power lift and like when I would finish
[3:50]: like a PR lift or something I don’t know just instead of Hulk smash I would yell Gab Smash because I thought it was funny and then when I went to make a Twitter I
[3:57]: couldn’t think of a name and put but that as my name and now I I don’t think I can undo it so well that’s great
[4:05]: you’re living definitely on the internet Gabsmash so yeah I work in security I’ve
[4:10]: held a lot of different roles in security my journey into security was pretty freaking weird I think we were
[4:16]: talking about that a little bit at some point but um yeah well I I definitely
[4:21]: want to hear about that because uh you know well we’ve talked on the show a lot we kind of did the requisites so how do
[4:26]: you get into security and you know there are a lot of people who kind of my own experience or my own take is
[4:34]: that a lot of people especially the old-timers came in through uh you know originally a networking and then got
[4:39]: into security and started doing more security stuff more networking like that’s how Adam did it um that’s how not
[4:46]: 100% sort of and I you know when I kind of came in I was a you know more on the host side it’s just the administrator
[4:52]: doing you know taking care of computers and stuff um but yours was very
[4:57]: different and very interesting actually much cooler than either of ours not really some of it it was it was really
[5:04]: funny I was actually on another podcast recently and it was Mo the theme of the episode was how a lot of my career moves
[5:10]: and like how I’ve moved in security has been built off of spite spite all right and being and being
[5:18]: stubborn um because when people tell me I can’t do something or that makes me want to go do it so so
[5:26]: so that’s the trick huh okay you you definitely can’t jump off the top of a building kidding I
[5:33]: mean I haven’t tried yet so I I would recommend I don’t want you to jump but I
[5:40]: have a funny feeling if anybody I know jump no jumped off of a
[5:46]: mountain I have a funny feeling you would soar but don’t do it please wow
[5:52]: try to compliment whether it means I’m like actually like some sort of weird witch or something or like just very
[5:58]: aerodynamic well he didn’t say with a broom I mean come on you know it’s I
[6:03]: think it’s a little bit of I think it’s a little bit of both but you know and I and I’m kind of giving out pii a little
[6:09]: bit but since my birthday is on Halloween um for me I’m talking about you know I believe in witches you know I
[6:17]: you know witches were the theme of my birthday I love I love witches I my mom
[6:26]: is super into genealogy and uh we’re very very Irish like my mom is an
[6:32]: Irish citizen like just a very Irish family and she traced our lineage back
[6:38]: way back in the day but we were uh some very druidic people in oh really Ireland
[6:45]: so that’s intense okay yeah so I think it’s pretty rad I’m like all right
[6:51]: that’s that’s that’s cool maybe I have some powers or something that I need to try and awake awaken I don’t know
[6:57]: so you know one one year on my
[7:03]: birthday oh God my decades and decades ago a balloon it was not done by my
[7:09]: family floated down in front of my window that said happy birthday and it wasn’t my family I did it that’s some
[7:16]: horror movie [ __ ] I’m telling you the truth I can’t make it up are we allowed to swear on here yeah you can do
[7:22]: whatever you want okay whatever you want I just got to make sure I’ve got the mouth of someone that lived in New York for a long time so yeah so the
[7:32]: point yeah but they don’t like that here in Utah that’s oh cuz cuz you know you
[7:37]: respectfully it’s a lot of Mormon right so but um it was really scary to see
[7:42]: that balloon cuz I was mortified I like d Dad Mom you do that did it come out of
[7:48]: the sewer and was there a clown I had a bedroom it’s like like my bedroom now the window was in front of
[7:55]: it no I didn’t see any clowns in this well some of the DPW workers but that’s another
[8:01]: story some of them are my friends so that’s wild yeah stuff like that is
[8:07]: like there’s some Supernatural stuff that happens sometimes where I’m like is that a coin like there’s no way like I don’t know there’s just weird stuff
[8:13]: where I’m just like but I’m also very much a skeptic in many areas of life so I’m just I don’t know I I have an
[8:19]: internal war with myself like what do I believe so are you a we I know I know we
[8:26]: shouldn’t be getting to uh astrology but are you Scorpio I don’t remember I’m a
[8:31]: Libra I’m a Libra just like my wife oh God two of
[8:37]: you I don’t know what that means but whatever not astrology either um I’m a
[8:45]: it’s interesting but it’s one of those things where like I won’t take it to heart I guess I think that’s for
[8:50]: entertainment purposes only that’s what I tell my daughter she you know what’s funny F my current my current job I was
[8:56]: doing some work in in an area of New York City and a woman walked up to me and she said
[9:02]: something weird like are you a Scorpio I’m not even making this up and I know I just gave you Whole Foods no no no no this was on
[9:11]: a this was on a street that we were helping to do some work and one walked up and goes you’re a Scorpio I looked at
[9:17]: her like do you know me she goes no I don’t know you I go you just walk up to somebody tell me you’re a Scorpio she
[9:22]: goes yeah she goes you’re one of those stubborn types I’m like I’m not stubborn at all what are you talking about she
[9:27]: goes there you go dude that’s such a scam she she probably did that to like a hundred people you
[9:33]: know eventually she’s with the husband and her husband’s like what are you doing to this guy oh that’s a I I don’t
[9:39]: know you did you end up giving her any money let me put it that way no I gave
[9:45]: him my my social security number CU you said you would help me oh there you go better was she going to like hook you up
[9:50]: with a Nigerian prince I’ve really or princess and yes yeah well I mean like
[9:57]: you know it depends on your pronouns and stuff but yeah she did we’re talking
[10:02]: right now I I’ve been saving her I’ve been sending her money to come to New York perfect yeah nice just make sure
[10:09]: you know if she asked for iTunes gift cards or whatever you got to oblige no I I did that my my old job I bought a
[10:15]: couple of gift cards and I put it on my company credit card
[10:20]: nice so Gabsmash tell tell us a bit about your G tell us a bit about your
[10:28]: interesting Journey into security yeah so my undergraduate degree
[10:34]: um I studied neuroscience and uh
[10:39]: psychology and not anything to do with computers so um after that I didn’t
[10:45]: really know what I wanted to do I knew I didn’t want to like keep going to school for that it was interesting but it was like Too Much Chemistry classes you had
[10:54]: enough brain surgery you were like this is this is getting boring I’m done I am good toart was interesting but no uh so
[11:02]: yeah I ended up working in pharmaceutical regulation for a couple years doing um studies like regulation
[11:09]: studies for the FDA and stuff like that and um with that also worked on medical
[11:14]: devices which is kind of how my interest in security was piqued a little bit um
[11:20]: because I kept dealing with a couple of medical device manufacturers that had vulnerabilities in some of their devices
[11:28]: and that was not my area of expertise like I could talk all day about some of your compliance with like
[11:34]: Pharmaceuticals and like Risk analysis informed consent and all kinds of stuff but like when it came to medical device
[11:40]: vulnerabilities we like everyone at my company was just like how do we even like approach this like we didn’t even have a security team at that company oh
[11:47]: that’s frightening I mean like what what kind of devices were these I mean like total life saving things or oh this is
[11:54]: going to be bad I can tell I tell from that look
[12:00]: um yeah the one that I worked on the most was a pacemaker um man wow an
[12:07]: internal defibrillator and so um I think I’m trying to think of what else I think
[12:12]: it was mostly pacemakers that I worked with like that how vulnerabilities at that point there were a couple of infusion pumps as well like what you see
[12:18]: in hospital rooms like you give people um drugs and if you read on those read up on those there’s a lot of hackers
[12:24]: that have done some really cool work with some of those too but like I know with the pacemaker stuff it was actually
[12:30]: the programmer for the pacemaker that had the vulnerability um but you can put anything you wanted on that and then
[12:35]: just send it to the pacemaker which was not ideal um wait you mean you could like upload whatever code you wanted to
[12:42]: this like like s it well gab smash I we spoke about this when we we were first
[12:47]: getting this episode together yeah and my my father-in-law was having some serious
[12:53]: chest pains and we were like uh what is that and whatever I I don’t want to get
[12:59]: into too much with with him with his medical background but we end up finding out that the pacemaker was
[13:08]: overclocked and when we started asking who made these changes nobody knew so he
[13:14]: ended up in the ER they they kind of try to figure out who which because we know that the
[13:20]: manufacturers allow multiple hospitals and multiple organizations to log in and
[13:27]: it wasn’t they claim I I can’t see the data uh a good account
[13:33]: of who logged in and who did what but we know it the the original setting was one
[13:38]: and the other setting was another 10 beats permitted which caused him discomfort and almost put him into
[13:43]: cardiac arrest W and this is evident of how it works and for those who don’t know how
[13:50]: it works also typically if you have a pacemaker they usually put um a
[13:57]: receiving station in your house house and that receiving station sends data back um I believe via kind of a
[14:05]: Bluetooth it’s not necessarily paired but and then and that unit that’s plugged in is usually cellular uh and it
[14:12]: sends the data back but it’s bidirectional so instructions are sent
[14:17]: back to the pacemaker so when you’re within range of the pacemaker they can send a shock I
[14:23]: believe they can change the beats per minute they could up or make it upper lower as far as stuff so everything’s
[14:30]: remotely controlled are you serious I mean no I’m not I can see the benefit of
[14:36]: that but the idea of walking around the house and knowing someone’s got like a freaking remote control for my heart or something is like maybe I know too much
[14:43]: about security but that that’s really the way these things are and and you have no control over that it’s just
[14:49]: someone else is running that I Thea the Gabsmash I love that name by the way um
[14:55]: I’ll defa the Gabsmash but I don’t know if there’s a certificate I don’t know if it’s telet I don’t know how you connect
[15:01]: to it once you’re within vicinity I mean I don’t know how it’s programmed I don’t know how you identify who’s the right
[15:07]: receiver I know nothing about that but I do know the basics that is how it
[15:12]: works yeah I mean it’s probably changed a lot since I’ve looked at them because I haven’t and I have one in the closet
[15:18]: over there actually that I was going to mess with at some point but um I haven’t gotten around to playing with it yet I
[15:24]: keep saying oh that’ll be a good winter project and then I have too much stuff to do in the winter so well you’ve got that in the closet who’s got the pace
[15:31]: maker a random person and oh I think the pacemaker is in that box too I think it’s a both the pacemaker and the
[15:37]: programmer are still in the box oh okay I was I was just gon no no no I wasn’t gonna sit here and I wonder if any of my
[15:44]: neighbors have a pacemaker hey D come here another dis no humans or any
[15:52]: animals will be hurt during this testing no no no no no no no I would not
[15:57]: especially having worked in the the compliance part and knowing what what goes into human testing yeah I’m good
[16:02]: I’m not I’m not touching that with a 10ft pole so um but yeah no so it’s
[16:08]: essentially I think back then it was Bluetooth I think they’ve changed some of the protocols now I’m really not sure
[16:14]: what they are have to read myself back up on some of the new pacemaker programmers but um yeah you could you
[16:20]: could put any kind of code you wanted on there um and there wasn’t really you know good access uh like Adam was saying
[16:27]: too like good logging essentially as to who had done what with that controller
[16:32]: or there could be multiple multiple controllers that worked with a single face maker things along those lines so
[16:37]: it gets really really messy um and same with the infusion pumps were my favorite because they had hardcoded credentials
[16:44]: like a lot of the infusion pumps you see in hospitals have their credentials already hardcoded which is something
[16:51]: that’s kind of fun to play with if I’m ever in the hospital I’m like oh I wonder what this does and then yeah people are like stop don’t touch that
[16:58]: like so credentials is part of it I don’t know that being said Gabsmash I have I
[17:03]: have a lot of friends of mine who are nurses and one nurse in particular told me that she was I’m trying to be careful
[17:09]: how I say this she was witness to some pumps that were
[17:15]: changed and what she alluded to was the suspicion that somebody hacked these
[17:22]: pumps but I was not part again I want to be careful what I say because I was not part of the investigation I have no
[17:29]: expertise in these pumps she was a nurse they found that a lot of these pumps were changed I don’t know what level how
[17:36]: much if you know it could have been a floor it could have been a patch it could have been an upgrade from what I’m
[17:42]: aware nobody died uh but it was something that she was um careful to say
[17:48]: to me but also a witness to it yeah yeah it’s one of the things where I think I don’t think it’s ever
[17:55]: been a lot of the vulnerabilities were kind of CAU before anything terrible could happen I don’t know of any deaths
[18:01]: that are directly related to any of these vulnerabilities which is good um
[18:07]: but it sucks that they exist either way I mean that’s just it’s scary everything’s connected I think
[18:12]: especially in the medical industry I saw things have moved really fast right think about the Innovation just in
[18:18]: medicine in the last 10 years or so but that same security innovation hasn’t
[18:23]: really caught up to some of that medicine uh medical Innovation or at least the emphasis on security has not
[18:30]: stayed um you know in neck and neck with the emphasis on the medical um
[18:37]: Innovation and that’s it started to fall behind I think in a lot of different critical infrastructure sectors you could say the same about some of the
[18:43]: energy sector stuff that’s out there I’m sure EMS like some of the EMS infrastructure I’m sure you’ve seen it
[18:49]: um and I’ve been horrified at just thankfully as an EMT we’re we’re in the
[18:54]: field and we don’t have a lot of remote control to our our equipment thank God
[19:00]: the only things that have been happening these in previous years is that people would throw fake calls over radios you
[19:07]: know not the same what we’re talking about and no but and maybe send messages through the kdt or mdts keyboard data
[19:15]: Terminals and mobile data terminals but that was back then different technology but you know it’s funny it’s not like
[19:21]: somebody a previous guest once sat in the coach of an airplane and was accused
[19:29]: of taking over controls of the avionics of an airplane I mean that never happened huh was it Chris I’m not oh
[19:37]: please everyone knows who it is come on dude he was just a keynote at so my company had our conference this past
[19:43]: week and he was one of our Keynotes I was so excited I got to actually sit and talk to him for like half an hour and I was so excited because I have followed
[19:50]: his work forever I mean you know if you’re insecurity you know who he is right so like uh I was so excited to get
[19:56]: to meet him my boss was like I don’t even know know who this person is and I was like you have to go talk to me so cool did you see did you guys did you
[20:01]: tell him you going to be on the show no cuz we didn’t talk about I didn’t know he had been a guest on the show yet so I’ll have to bug him we were we’re we’re
[20:09]: Bud best best buddies on LinkedIn now so I’ll have to BU Oh I thought you and I would be ffs we are I can have more than
[20:15]: one it’s like Myspace you get a top eight Myspace I don’t even Myspace my exist my god wow am I myself am I old
[20:24]: enough to date myself with us I thought you were trying to cater to us that thinking we’re thinking we were to talk about myspace you know whatever so I
[20:30]: used I used to talk to my friends on bbs’s or bulletin board services with a dialup um back then it was a 300 modem
[20:37]: then I moved to 12200 and then I moved the 2400 and then I really took off and
[20:43]: got I got the 56k wow you know the sound that that
[20:48]: 1200 modem makes is the sound that my brain makes when I try to think whenever I try to think that’s
[20:55]: just what I hear in my brain I don’t know well look here’s here’s what scares
[21:00]: me about this medical stuff and I mean I don’t know how how how it is but uh you
[21:06]: know okay you got the hacker side and hopefully the stuff is secure you can’t break into some of these stations but
[21:12]: even even the legitimate use I mean unfortunately I’ve been spending a lot of time in hospitals lately like you
[21:17]: know you talk about infusion pumps you go to like a like a like a chemo W or something there’s like 20 people there
[21:24]: you know 20 pumps and all these things you know are they doing a good job of not even the security of it but
[21:30]: remembering which is which are they make you know what kind of quality control do they have are they making sure that you
[21:36]: know the right person is with the with the right one if you’re saying they don’t even have an auto Trail I mean if someone does get sick and they even
[21:43]: trace it back for diagnosis you know did this person get the right thing did they get the right setting that that really
[21:49]: that’s kind of freaking me out to be honest you know think about that right exactly what you’re saying and G correct me if I’m wrong the fact that was
[21:56]: changed is one big thing the fact that no one detected it at least in my father-in-law two months later is even
[22:01]: worse what order what controls do you have to check to see what the settings are and you know and by the way gab
[22:09]: smash I love seeing that he love saying that oh boy W and Joe smash to yeah yeah
[22:16]: we call we call it Joe Donuts so um don’t that that’s I’m sorry
[22:24]: um Jo Donuts Joey Donuts um what’s even scarier is is that yeah
[22:31]: medical equipment is an issue but what about if somebody is
[22:37]: doing some kind of surgery Robotics and somebody gets on that equipment now once
[22:43]: in one of the training sessions I’ve done one of the well-known uh lecturers
[22:49]: said that they were doing a red team blue team or purple team and they by
[22:54]: mistake well not by mistake they did it on purpose but they didn’t know the IP the IP was not putting a list of restrictions mm and they got onto that
[23:02]: server during the surgery and when they kind of got access to the camera they’re
[23:07]: like what the hell back off stop everything right away not the surgery
[23:13]: but no more work CU God forbid you crash that server in the middle of a surgery that’s horrible but you know on the
[23:20]: other hand what if you’re a hacker and you traversed to that
[23:26]: server you know so it’s it’s bad the nice thing is is a lot of hacker groups
[23:34]: kind of have their own code of ethics um one that I saw a few years ago kind of in the field while I was working was
[23:40]: there was a hospital that had been attacked um once the hacking group realized it
[23:47]: was a hospital it was I think it was attached to a university somewhere so they thought it was the
[23:52]: University once they realized it was a hospital they backed off unlocked everything they were like no we’re not
[23:57]: touching in something that is touching actual human lives you know like a lot
[24:03]: of hacking groups I think are out there for financial gain or IP or anything along those lines but once they get to a point where they are harming physical
[24:10]: people that’s where they’re they draw the line um not saying that they’re good people either way but I’m just saying
[24:17]: like I I have seen that before where they’re definitely they will back off if they realize it’s a Medical Institution
[24:23]: or something along those lines well I’ve heard that too and we’ve had people talking about that where they’re like you know yes that they’re there to make
[24:30]: money they’re they’re not there to kill people or anything however we are seeing more and more ransomware attacks um
[24:37]: against hospitals they they used to be kind of off limits until they realized they could make a lot of money off them
[24:43]: and they were really good Target and you got to think there that even if they’re not intending to hurt someone they can
[24:49]: make some big mistakes and you know you’ve heard about these Hospitals now me like I say I’ve been spending time in hospitals there are no more charts there
[24:55]: are no there’s no more paper there’s a PC in every in every room you know everything is is with iPads and all if
[25:02]: stuff goes down they they can’t deliver care they don’t know who they’re talking to or what their condition is or or
[25:08]: anything federally there’s a mandate to do EMR electronic medical records but not everybody still doing it they
[25:14]: getting fined when they do so there’s still a lot of paper records however eventually supposed to uh end up as EMR
[25:22]: and the reason why also I think is a lot of entities are now sharing data with each other whether they using um eclipse
[25:30]: or what’s the other ones or um yeah sharing dat with Google too yeah epic epic I’m sorry epic one of the really
[25:36]: big wies yeah yeah so I I log into epic and I’m like putting 17 organizations
[25:42]: together and getting the fact that a lot of them don’t talk to each other is scary too like I feel like I’ve I’ve moved what
[25:49]: four or five times in the last like six or seven years and it’s every time I get
[25:55]: a new doctor it’s like all right time to figure out a new system because I feel like none of them kind of overlap you can’t transfer your records very easily
[26:02]: oh no things like that but no it depends on it really depend regionally sometimes you can but like moving across the
[26:09]: country was just kind of a new ballpark it seemed like so wow cuz I remember in
[26:15]: the old days when someone would move you know in medicine you I go to a new doctor or whatever and they’d be like oh
[26:21]: oh I need your I need your records who’s your old doctor and they’d call them and they’d fax it over which I guess
[26:28]: sounds archaic but sort of works you know but now I guess they got to deal with interoperability and formats and
[26:35]: all that kind of stuff you know some yeah some people will send the other doctor a link to log in as a as a
[26:44]: temporary provider and they get access to your records uh one of my
[26:50]: doctors I told him I was changing and he understood and he s the one pager he
[26:55]: wrote himself with major like you know these are the these are these are the top hits I’m like that’s it but they
[27:04]: send very he wrote a one pager dude I know you’re a mess you need more than a page come on yeah it’s
[27:10]: true but go Ahad I’m sorry one of the crazy things so once I left my job in
[27:18]: medicine I actually got more access to Medicine in some ways like I moved to security um I was part of getting into
[27:25]: security was you know my stubbornness because I was was dating a guy at the time who was um he actually had his own
[27:32]: company in the tech space and they did all right but
[27:38]: um they he he was a really smart person he just wasn’t a good person but um oh
[27:43]: he basically told me he was like I don’t I don’t you’re not smart enough to ever work in something like security or even
[27:48]: Tech honestly to and I was just like okay are you serious that’s kind of
[27:55]: shitty so um I went and did it anyway but I got that we talked kind of a little bit at the beginning about your
[28:01]: average JY into security and I got that from a lot of people people would be like oh well you have to start at help desk and then you have to do sis admin
[28:08]: then maybe you can do Network stuff then maybe you can do security but you can’t just go into security people would tell me that all the time and I was like n
[28:16]: there’s got to be another way I’m going to tell you why that is and and I and I
[28:21]: I might saying it’s a catch roll for everybody the only reason why I sort of believe in it is that a lot of people
[28:28]: don’t have the structure to understand so when I started doing work as I used
[28:35]: to when I used to go take my original certification test when I used to ride the horse to the testing center um
[28:42]: that’s how old it is was the horse not a dinosaur come on gab Smash and by the
[28:47]: way start referring to me as chocolate martini so so yeah the be the beginning
[28:55]: was you had to kind of learn Microsoft because that was the only thing really back then the big thing
[29:01]: right Linux was around and Unix was around I guess Unix more and Zenix and Banyon Vines whatever but then when I
[29:10]: learned that I started loading networking and then this woman that was in networking said to me you know I know
[29:15]: you want to get into the sexiness of networking but you got to get the Baseline of understanding how things
[29:21]: work and you’d be surprised as a guy that was a a hiring manager and by the
[29:27]: way you talk about people talking about you know being smart enough a certain person here that was my boss and it
[29:33]: wasn’t you said you know I got to hire everybody else on my team I didn’t get to hire you I’m stuck with you oh God we
[29:39]: hear this every episode yeah so that being said I’m I’m never going to forget y but then you start learning networking
[29:44]: and you you learned about broadcast domain and you learned about flers and you learned about ports and then when
[29:50]: you get to security you kind of have to know all of that it doesn’t mean that you weren’t
[29:56]: capable of doing it but a lot of people don’t have that that um what’s the word that drive
[30:03]: that ambition that um motivation to learn all the aspects of it and I know that you’re a security person but it
[30:09]: doesn’t mean what’s right for most people is right for you so that’s why I kind of see how people build up to that
[30:16]: and by the way that’s how I did it oh no and I think that’s that’s especially back in you know 20 years ago that’s how
[30:22]: it had to be because right yeah that’s old school the only field that security touch was Tech but the interesting I
[30:30]: think now when you look at it security touches every field whether you’re in medicine or Finance or doing some
[30:37]: critical infrastructure stuff or any field that you’re in there’s security as part of it because everything’s just
[30:42]: done so largely online at this point and uh that’s why I think that now it’s a
[30:48]: little bit friendlier for people to try and get into security different ways than maybe it was back in the day there was kind of only one path back in the
[30:54]: day and now it’s like okay you can take a lot of different paths but but at the same time like you’re saying as well
[31:00]: there’s it takes a lot of self-starting and drive and self- auditing is like
[31:06]: really what I find myself doing a lot because I went straight from not working in Tech at all to being a security analyst and that is a little bit unusual
[31:14]: unless you I know got some kind of training or got a degree or something why we know she’s a witch I did a I did
[31:21]: a lot of self-study and like kind of brought myself up to speed in a lot of areas to the point where I understood what was going on but
[31:27]: they also told me they were like you’re going to sink or swim if if you can’t figure this job out like we’re giving
[31:33]: you we’re taking a chance on you essentially uh if you do well in this role then you’ll learn a lot and you’ll
[31:39]: have that experience if you don’t then you’re just not going to do well like you’re you’re not going to last here so
[31:45]: it was definitely it was a sinker swim roll where I really had to work and
[31:51]: prove myself and it was for a consulting company like one of just outside the big four I was with Accenture so
[31:57]: um worked 24/7 pretty much for a couple years just to bring myself up to some speed and I still I self- audit a lot I
[32:05]: still have a lot of gaps coming from not working in security to going into security I learned security backwards is
[32:11]: how I say it a lot of the time I learned all the security stuff I can talk all day about um a lot of your security
[32:18]: topics malware um like encryption things like that if you ask me like you were
[32:23]: saying networking questions I’m like God good luck like here’s the thing
[32:28]: you’re right that’s the old school thing you know now there actually is training there are even degrees you know when we
[32:34]: started out there was nothing like that um so you know so you can get get into it although you jump right from uh you
[32:40]: know something totally different to analyst is still a little unusual um but
[32:45]: uh yeah but you know at at the same time don’t feel bad that you have gaps
[32:51]: ever because security has gotten security has gotten so wide you can’t oh
[32:57]: yeah know everything I mean I mean even even as a manager I go and go and look at these things I’ll look at a job
[33:03]: description and they basically list that like we want someone who’s who’s even not even done but managed all these
[33:08]: Technologies I’m like nobody’s done all of I mean czy yeah everything I mean so
[33:14]: yeah so we want um cyber security engineer needed must have 20 years of
[33:20]: experience um must understand uh networking OGB you know SPF BGP uh is
[33:27]: able to speak Cantonese for out Cantonese people um the best the best is
[33:32]: uh entry level 20 years experience oh yeah I see that all the time lot like 20
[33:38]: years in cyber I mean I know cyber’s been around longer than 20 maybe not 20 for entry level but you know no but I
[33:44]: think a lot like we it’s still like 8 to 10 for level and I’m like are you serious dude like most people I know
[33:49]: that have 8 to 10 years of experience are pretty squarely senior level at this point um you know I I have a masters in
[33:56]: cyber security and I well it’s but here’s a point and and Joey was like
[34:02]: what are you doing aren’t you both you the background yeah what you do you got so I actually want to go for a PhD me
[34:09]: too so we’ll hang out together but the reason why I want to do it is for only one reason I wanted people to say doctor
[34:17]: doctor doctor doctor same and I want to teach that was the reason I got my masters was mostly cuz I want to teach I
[34:22]: uh that and I kind of wanted some sort of degree in cyber security because my undergrad was not at all and wanted to
[34:30]: get that on my resume too so I went to NYU um had I did it’s uh Global Security
[34:37]: conflict and cyber crime is actually the name of the Masters program but it’s a for all intensive purposes it’s a global
[34:43]: uh like Global Affairs and cyber security oh you went to NYU in in in Brooklyn
[34:48]: there what what was ply yeah no I was in a I was actually
[34:54]: Woolworth Building so I was squarely all right 220 22 233 Broadway so yeah
[35:01]: yeah yeah so the real good for you wow so there’s three things I want to say really quickly not for that anyway from
[35:08]: Brooklyn’s the engineering school right isn’t T yeah exactly yeah that’s it used to beook of the other schools but it
[35:15]: still was an MS but I liked that it had like the global Affairs side of things too cuz like my my end goal right like I
[35:21]: would love to either like work for a while and then soft retire someday and go work for Department of State doing
[35:28]: like really cool stuff in cyber security with some of the stuff that’s going on in the world but I mean short term not
[35:35]: short term I guess like in private sector though like I want to be in that like CISO kind of role and I know a lot of
[35:41]: people roll their eyes and they’re like oh my God I like having the blame on me a time but I also like that picture of
[35:48]: everything I like understanding how all of the different pieces of a cyber security program work together and what those outside pieces are that influence
[35:54]: the cyber security program and that’s why I kind of want to in that Ty role believe yeah you know I I can understand
[36:01]: I mean I can tell you a little bit from experience I can understand wanting to get the the seeso thing out of your system it’s like yeah I want to sit in
[36:07]: the big chair I want to do this yeah yeah I I I can tell you um it’s it’s a
[36:13]: lot more fun to to say that you’re the CISO than need to be the CISO I know
[36:18]: I’ve heard that from many it’s not an easy job totally get that that’s the case and I know it’s not an easy job but I like I
[36:26]: like the big pi strategy side of things and um right now I’m just biting my I’m
[36:31]: only I’ve only been in security for 5 years so that’s a lifetime almost already for a lot of people yeah but
[36:37]: most like most like that’s the issue I’m having right now I’ve worked in engineering I’ve worked in quite a few different roles in cyber security I have
[36:43]: a lot of experience but at this point it’s the time like I don’t have enough
[36:48]: time on paper yet to be in that like director level role or anything along those line I’m going tell you this I’ll
[36:54]: tell you this I want I want to go on a ramp for one second right number one my cyber security degree even though I
[37:01]: value the institution really didn’t didn’t do anything for me other than challenge me a lot of my a lot of my
[37:08]: learning came from my certifications that I went really hard into and I learned and and I I spent a lot of time
[37:14]: so the point I’m making is there’s nothing wrong with getting a degree I a lot of people in my classes had no
[37:20]: formal experience in cyber security I’ve first of all number one God Bless America lot of them were
[37:27]: military they were going on the uh what they deserved and they got paid to to doe to the degrees and I respect that
[37:33]: and they and I value their them tremendously but that’s what they did they they went into cyber security
[37:39]: hoping to get into cyber security eventually when they got out the military and I hope they do because
[37:45]: there’s such a shortage of cyber Security Professionals the second part of that rant is they’re hiring everybody
[37:51]: these days because they don’t get enough cyber security people not every
[37:58]: no that that depends things have changed quite a bit there’s actually been a lot of talk on LinkedIn about this that
[38:04]: believe it or not makes makes some sense you know the the cyber security shortage is not at all levels you know a lot of
[38:11]: it is you know yeah is is entry level getting those getting those people in
[38:17]: and and it boils down to like you know someone you know like yourself Gap smash can do uh you know really well if you’re
[38:24]: a self-starter and want to learn because a lot of companies just don’t want to teach people they they don’t want to invest the time they don’t want to
[38:30]: invest the money and they know that if they do they’re probably going to you know skip out somewhere else um you know
[38:36]: so there’s a lot of you know shortages there but as you go to the uh you know
[38:41]: more more senior and especially you know the the direct you the manager director
[38:47]: levels there’s there’s actually um a lot there and until the Market opens up a
[38:52]: little bit it’s going to be really tough to find out opportunities there I mean
[38:57]: like a a couple years ago if you had you know managed a security team for like
[39:02]: you know two years or something you could be a ceso or you could be direct they just needed anyone who who and and
[39:08]: people would take a chance on you now that things are tighter not so much but that’s going to change over time you
[39:13]: know well I still need that management experience I have like management experience like way back in the day when I worked in retail and stuff but it’s
[39:19]: it’s a different ball game with security and I don’t have that management experience in security yet I’ve been an
[39:24]: individual contributor of most of the roles I’ve and so well I can tell you I
[39:30]: can tell you as a longtime security manager security people are pain in the ass oh yeah I know they are not it’s
[39:37]: like it’s like managing like a like a sports team or you know yeah it’s it’s
[39:42]: not easy the other thing I’m going to add as the last part of my rant is that a lot of the
[39:48]: opportunities I have seen in cyber security is through a vast uh your vast
[39:55]: networking mhm and the people that really think my LinkedIn looks the way it does so the point I’m making is is is
[40:03]: that you know you know Joe and I have had this conversation about who do you add on LinkedIn who do you don’t and
[40:09]: I’ve been selective but I still have thousands of people and when I look for
[40:14]: opportunities I typically start reaching out to people I know hey how’s it going you know do you have any opportunities
[40:21]: and sometimes people reach out to me and this is how I Got U my last position um
[40:27]: my my the CEO of my current company incredible guy military guy was asking me to join other organizations and
[40:33]: finally became to the consensus that the right opportunity the right time everything worked out but my position
[40:41]: before when I when I when I worked for Joe was because my friend brought me in there and the position before that I
[40:47]: believe was because my other friend brought me in so my point I making is it’s not always easy when you start
[40:53]: going to recruiters and God bless recruiters but but a lot of the opportunities you’re going to want to
[40:58]: get in management is somebody that knows you personally that can vouch for you personally that that knows what your
[41:04]: worth is because a lot of times it’s more personal than not with recruiters I’m not saying there’s not good
[41:09]: recruiters out there there are no some of the recruiters are are trying to make money and they have a hard job but there
[41:16]: are recruiters out there that really know you and they can place you in the right opportunities that’s what I’m
[41:22]: talking about you’ll get a management position when you want but it’s got to be somebody probably that you know that
[41:27]: make it easier well I can also tell you just let me let you know the best way to break into management is to get promoted
[41:34]: into it you know because because still it’s it’s crazy it makes no sense but the top Tech person on a team who knows
[41:41]: absolutely nothing about management we’ll get promoted to management or supervisor or whatever I I feel like my
[41:47]: last organization was not the place for that my current organization is a fantastic place for that they are very
[41:53]: big like a lot of people have worked their way up up from being support and are now like managers and stuff like
[42:00]: that they’re just very big on promoting from within they’re also they listen to their employees which I really like um
[42:05]: if I come up with a suggestion for uh like the program that I’m working in or whatever like I end up with a skip level
[42:13]: with a VP and hang out and talk about that and then they implement it and it’s really it’s kind of cool to see that
[42:20]: level of listening from Management in a company too so feel like I’m in a good place to do that and potentially move
[42:26]: into management there and then going get my feet wet at that point but um yeah
[42:32]: it’s it’s definitely one of those things where um
[42:38]: I’m just kind of biding my time at this point and until I have the experience and stuff but same like you know Adam
[42:44]: you were saying as well with knowing people I think after that first cyber security role that I finally got with no
[42:50]: experience I worked there for a couple years worked my way up to a senior level analyst and stuff like that and then uh
[42:57]: every single job I think I’ve had since then has been through social media or Word of Mouth um either somebody saw
[43:04]: that I spoke at a conference and they liked what I spoke about and they wanted to talk about a role or somebody um knew
[43:11]: me wanted to introduce me to someone like every single role I think I’ve gotten since that first one has been like on a personal basis somewhere which
[43:18]: is huge so wow um so here’s the other thing
[43:25]: think about going to management this is Joe’s Joe’s School of Management when you when you get into that you got to
[43:30]: learn to manage yeah and and you need to put the same kind of you know effort and
[43:36]: whatever project into it um that you did when you went into security and learned security it’s not it’s not the same but
[43:43]: by every management book read it and realize that 90% of it is going to be crap but yeah but yeah you know learn
[43:49]: from people I’ve got a couple I’ve got a couple of them what’s the one that I
[43:54]: have oh EX extreme ownership by the guy that was the Navy SEAL that’s a really good one I read that one recently Jocko
[44:01]: something right I think I read that one what is his name is that his name see yeah something similar to that you
[44:07]: forget a name like that vision sucks I know I’m the worst but it’s really good it’s wait wait you’re a bat that’s right
[44:14]: Vision does suck with bats aren’t they they’re pretty much blind blind is a bat you know game smash you know I’ll
[44:20]: get you glasses I man I need to get my brother just got Las sick and I’m so jealous uh
[44:27]: I want to get Lasik so I can see again I’m too chicken [ __ ] to get Lasik I’ve been avoiding I thought I get Lasik but
[44:33]: I’m afraid somebody will get access to the equipment and then shoot my eyes out that was in a a final destination
[44:39]: movie don’t watch that one if you ever want to get Las it’s pretty scarring but
[44:45]: he has a government job opportunity that he needs vision for so yes he had to
[44:51]: have corrected Vision to go do that so nice I know no yeah he sees not you see
[44:58]: he sees so there’s one other part that I rant I missed sorry I have to finish
[45:04]: this rant so the other part is is this rant going to go on are we going to need another episode for this rant that just k no no this the last part of the rant I
[45:10]: think so the other part is being in cyber security is kind of like being a doctor right you have a general
[45:16]: practitioner um not to take away from the school from doctors so I’m just so you could be uh a general practitioner
[45:24]: in cyber security you know and then someone will say oh we need a networking security engineer which is kind of what
[45:29]: I was at one point so anybody who thinks they need to know everything and cyber security is wrong there’s only one thing
[45:36]: you need to know especially if you’re managing people in cyber security is you need to know you’re not the smartest person in the room say smartest guy
[45:42]: you’re not the smartest person in the room you just need to surround yourself with smart people so you need an endpoint engineer like Joe would Joe did
[45:49]: in the past you need a cyber security networking engineer you need um maybe uh
[45:55]: a cloud engineer those are the things that you need and bigger Enterprise organizations you need a lot of people
[46:01]: that are kind of sort of siloed but know a little bit of everything so there’s no way you can know everything you can’t
[46:07]: know networking and you know like like there are people that want cyber security Engineers to understand how to
[46:14]: you know take over routing protocols I mean who does that it’s very rare that you find somebody you have to be in a
[46:21]: like a a major financial institution they find somebody does exactly
[46:27]: that yeah yeah no I uh I pride myself in
[46:33]: consistently being the dumbest person in the room that’s I don’t do it yourself no I I love it though like I I don’t I
[46:41]: love being like my team at work especially every single one of them is so good at like something very specific
[46:48]: and that’s what makes our team the team at work awesome because if there’s something very like there’s one guy who’s like a Dr ha architecture or
[46:55]: wizard oh wow yeah so like anytime I have a question drha in in in in
[47:03]: operating systems like you know servers or drha in networking or drha in Cloud
[47:08]: because they all three different things too yeah uh mostly having to do with our product since we’re a Sim tool so
[47:15]: anything surrounding our product uh that has to do with like architecting it in a drha environment he’s very good with
[47:21]: there’s like another person who was a support manager for years and years and years so any like weird question I have
[47:27]: about the tool I can be like hey have you ever seen this and chances are he’s like yeah I have uh here’s how you fix
[47:32]: it just one point I want so Joe usually does this for those who are watching that are not normally in networking and
[47:39]: cyber Dr is disaster recovery ha’s High availability and and what makes this
[47:45]: important is if you’re a person that’s using a computer and they trying to connect to a website or something and
[47:51]: then you see that you pretty much have access to that website all the time if one server goes down the other server
[47:56]: gets up if one router goes down the other router comes up so that high availability means you pretty much have
[48:04]: 99.99% availability yeah like all of my uh CER most of my certifications were
[48:09]: done AWS either architecting or security and that’s a big Hallmark of that exam
[48:15]: too is just understanding how to create infrastructure so that like if uh your availability Zone in one
[48:21]: area goes down that it’ll just fail over to another one and not having a ton of angry people calling that their
[48:27]: website’s not working all the that’s what makes Amazon so attractive these days and Google and Micosoft to yeah
[48:34]: well you got to design it right but then realize also it’s not quite as redundant as they say it is they haven’t had an
[48:40]: outage in a while but in any case now here’s the other thing here’s the other bit of bad news okay I’m going to get a
[48:46]: little uh a little I don’t know philosophical remember all those all those skills that you build and all
[48:52]: these things that you do now they have a finite lifetime time with you yeah about two months yeah not two months but you
[48:58]: know you got to be looking forward to what’s going to be here next cuz you know as we look at our very depressingly
[49:06]: long careers you know things have changed quite a bit and and and it’s amazing insecurity because the things
[49:11]: that you know we’re working on even you know that were hot two years ago are not
[49:17]: so hot and now ai came from out of nowhere no every was like he you know the end of the world um so you know you
[49:23]: got to keep as as seductive as it can be be I want to be the ultimate expert in
[49:28]: this it’s like okay you can be for a while yeah for now but you got to keep moving you know I am not one to speak in
[49:35]: absolutes but I the one I will say is if you’re not willing to continue to learn or adapt to a changing environment then
[49:42]: you will fail insecurity yeah yeah it’s it’s an everyday learning experience and
[49:48]: that’s what I see a lot of my friends and colleagues do oh I don’t know this boom boom boom but I’m going to argue
[49:53]: with Joe because because AWS Amazon Azure their products change
[50:01]: sometimes within two months or a month or three months and they change the names and they change the way and they change the licensing oh it’s E5 it’s E3
[50:08]: it’s E2 it’s E1000 you know that Li every you need to keep up to date like
[50:13]: you’re saying constantly so yeah Joe’s Joe’s correct the overall technology said the same thing I said what are you
[50:18]: working yeah you agreeing with them was I yeah crap I know now you got to find a
[50:24]: new angle man you just want to you just want to argue with me you want to show your Joe I did all my arguing fighting
[50:31]: yesterday New Yorker just trying to find something to argue about oh you want to fight yeah I do all right come down
[50:36]: we’ll go to the gym I’ll be there I’m down let’s do it oh okay we know how to film it we’re good at it now so it’s
[50:43]: been a while since I’ve been in the ring I lived when I was in Connecticut I lived like right across the street from a place that did like crossray kind of
[50:49]: stuff and then they also had an MMA school there and because it was during the pandemic and I literally didn’t have
[50:54]: anything else to do or go anywhere else I would walk across the street every day and train at these places so part of the
[51:00]: teaser is that we did three rounds of boxing that’s going to come out eventually on one of our after hours and
[51:07]: um I can respectfully say when I did the three rounds
[51:15]: yesterday I lost I got my ass kicked by somebody half my age hey that’s important though
[51:22]: to be able to admit that I give you a lot of credit for doing it because I was just standing there holding the camera
[51:27]: yeah that’s a lot man like that’s three rounds three minutes nine minutes total fighting dude three minute rounds are
[51:34]: rough like that sounds easy until you get in there and you’re like like usually after 2 minutes I’m like I’m going to die like I was being a wise guy
[51:40]: I was keep my hands down trying to say come yes go okay thanks we did two minute rounds and that was that is the
[51:47]: longest two minutes of your life he he was half my he was half my weight and I and one of the bad things
[51:54]: about me is when I get in the ring I tend to use a lot of my weight like I’ll move people or come in and I I said
[52:01]: let me this regular fight let me regular fight and I even went up to my trainer friend owner and I said it’s very
[52:08]: humbling because when I don’t use my weight you’re going to kick the [ __ ] out of me every single time so that’s
[52:14]: something I really had to learn with MMA stuff is like tawo especially being a tall person I was always really good at
[52:23]: the kicks and I put this between me and a person and kick and like I’m able to keep them kind of at legs length if you
[52:29]: will like because that’s that’s what I do best so getting into MMA and being forced to get comfortable with being up
[52:36]: close to someone and in up in your up in your Zone and using your hands a lot more was really different um so ta
[52:45]: window when I sparred A lot of it was just point sparring right you’re like boom Point stop yeah and then but but
[52:52]: doing three minute rounds I’m sitting there looking at the clock like is it over yet please I’m like let me not look
[52:59]: so stupid in front of Joe in front of Joe’s son in front of my wife in front of the gym in front of the millions of
[53:05]: people that going to watch us on our podcast Millions I’ll share it out there we’ll get it to a
[53:11]: million let’s let’s get it let’s get it there Adam Adam you showed more heart yesterday than I can I us
[53:20]: say what I’m challenging Ryan Reynolds to three two-minute r
[53:27]: well Ryan I’m sure he going to see what when he watches every episode as he does watches this one you know that that you
[53:32]: got the Deadpool hat on so you know um oh actually we have a new segment on the show but we’ve been trying to get Ryan
[53:39]: Reynolds on on the show that’s like Adam’s uh I don’t know aspirational guest so what’s the uh what’s the Ryan
[53:46]: stalking report for this week you’ve been a chasing him at all or we been no but we have an attorney remember they
[53:52]: said if I’m not successful then it’s not stalking that’s right so so far you’re in the clear legally all right so I
[53:58]: found his email address I believe and I emailed a lot of the people that work for him and I know they read it but they
[54:05]: have not responded did you try reaching out to Blake his wife yeah then that’s
[54:10]: really going to be stalking but you weird you know no I know of her I know
[54:15]: they were all at the Chiefs game because they’re all friends with oh yeah oh yeah you know we can get to him through
[54:21]: Taylor Swift that’ll be much easier easy wait wait wait wait wait wait wait though there’s like a whole like degrees
[54:28]: of Kevin Bacon here I went to college I went to college with Travis
[54:34]: Kelce I was I don’t know him but like I went to UC the same time that he did he was on our football team when I was
[54:39]: there so so here’s Here’s the the the uh 14,000 Degrees of Separation Taylor
[54:46]: Swift has an Israeli bodyguard I have Israeli friends my Israeli friends are on the IDF one of my Israeli friends our
[54:55]: Israeli friend might have the capability through a certain group within the IDF
[55:01]: maybe be able to find the uh Israeli bodyguard that Israeli bodyguard can go
[55:07]: back to Taylor Swift Taylor Swift can go and and this goes laterally okay this is kind of like uh
[55:16]: you know it’s it’s kind of like it’s kind of like pen testing you know you got to keep just moving from one to the next
[55:23]: lateral movement we’re laterally moving through Ryan’s uh I really emailed I really emailed them some of these people
[55:29]: that work for maximum effort live in Brooklyn oh there you go well you know
[55:35]: you know everyone who lives in Brooklyn so you got to know someone who knows them I don’t think I have any like cool
[55:40]: connects with him the only like my only claim to fame is on Twitter John Santa follows me on Twitter for some reason
[55:47]: don’t know why um it is actually John Cena he wow God bless really he went he
[55:53]: went it’s the only reason the kids think I’m cool um but he went on like this following spree of people in infosec
[55:59]: for some reason so there’s like a handful of people that work in our industry that he follows for you know and I thought it was a joke at first and
[56:05]: then I clicked on his profile and I was like oh God that’s actually like so Joe I’m surprised Joe didn’t Joe
[56:13]: didn’t get mad at me I emailed a certain very famous celebrity and I said something nasty
[56:20]: that was in that was involved with our business this what and did you tell
[56:27]: me about this Joe like I do not recall this Joe you know disav all knowledge of what
[56:33]: what I’m gonna say is Canada oh jeez remember that what anyway
[56:42]: uh he’s like let’s pivot yeah um next topic no yeah actually especially since
[56:49]: we’re now since we’ve done the stalking update um this kind of brings us to last call we’re kind of getting to the end
[56:55]: here oh you said last cold we didn’t talk about about alcohol did we I can tell you what I’m drinking I
[57:02]: filled my cup up really and I’m like trying to detox now man I’ve been traveling for work for the last two weeks you know how much I’ve drank I’ve
[57:07]: drank more in the last two weeks than I think I have in the last year wow congratulations all right thank you what
[57:13]: what do you have there I have Basil Hayden on the Rocks so drinking some
[57:19]: bourbon today have you ever had Basil Hayden I have never heard of Basil Hayden I thought I’d least heard of most
[57:26]: bourbon it is a really good bourbon um I will have to send you some because my
[57:31]: brother lives in Kentucky and I was I’ve always been a whiskey person but I was
[57:36]: exposed to some of the really good bourbon that they have there because it’s everywhere and The Bourbon Trail is there and all kinds of stuff you know we
[57:43]: should do a security cocktail hour and do the Bourbon Trail yes on the road there we go one
[57:49]: because it would be fun to try Bourbon but two it would be hilarious to see the
[57:54]: two New York guys in the hills of Kentucky because it is just oh we blend
[58:00]: don’t worry an adventure I sure you do I
[58:05]: am once I open my M they know exactly where I’m from yeah and well they love it like people in New York or people in
[58:12]: uh Kentucky are awesome but like yeah it’s it’s just funny very different different culture one of my companies I
[58:19]: had to traveled to Arkansas though it was interesting because when I went to the airport the woman said oh can you
[58:25]: use the kiosk she worked for the airline and I’m like she goes where you going I go Arkansas she goes is that an
[58:31]: international destination and then the guy well be honestly say metaphorically I don’t know
[58:37]: so the guy next to me just sitting there going mhm I go no it’s a state called Arkansas
[58:46]: she’s like never heard of it and they’re flying there so she was a she was like a a kiosk uh
[58:54]: Airline person at the line that says can you go to the kiosk please I don’t know
[59:00]: man people in New York don’t realize that places outside of New York exist sometimes oh I I know they exist that is
[59:06]: true well some stuff exists it depends on the person there’s definitely some people that like New York is the center
[59:12]: of the universe it is the center of the universe we know that already so but that being said um when I did go to
[59:18]: Arkansas this is what I was bringing up I’m like how you doing to go oh what’s up New Yorker the second open my mouth
[59:24]: oh where you from I bet you’re from Brooklyn I’m like N I grew up in Queens lived in Brooklyn and now I’m in ston
[59:32]: they like yeah but you’re from New York I can tell even the UK they made fun of me why why so so here’s a quick funny
[59:39]: story we had a little issue with a with a vendor we were dealing with a uh with a with a with a call center ad Adam
[59:46]: about that Adam Adam was on call and so like he gets the call whatever and
[59:52]: there’s this big blow up the information doesn’t go through whatever we have a problem with with this alert so I got to
[59:58]: get involved I talk to the I talk to the manager and I’m like what the hell’s going on what’s the deal and the um 1:00:06 analyst on the phone who is in Canada claimed that he couldn’t understand Adam’s Brooklyn 1:00:13 accent he got an earful for that you know like what the I’m complain about I 1:00:18 understand him go take calls in PR roll because I’m gonna start prank calling you yeah you 1:00:23 can prank call me okay I’ll be like I’ll be like what is everyone else 1:00:29 drinking French 75 in in a Mickey Mouse cup nice a Mickey Mouse cup wow well 1:00:36 finished mine but I was drinking a scotch cuz we’re uh we’re doing bourbon shortly we we got another recording to 1:00:42 do so I want to get into scotch and I met a very nice gentleman from Wales 1:00:47 when I was at a conference last week and we had a long conversation about the best beer on Earth which is Guinness and 1:00:53 um also you know whiskey and stuff like that but he’s a scotch connoisseur and he was 1:00:59 telling me all these kinds of scotch to try that I don’t remember what any of them are not a scotch connoisseur it’s 1:01:06 God it’s very complicated you know I mean there’s all this stuff I want to try it I like whiskey and whiskey bourbon are my favorites so like Scotch 1:01:12 is naturally kind of like the third Horseman there right third musketeer but I was going to try to be fancy and 1:01:19 say you know you’re drinking guano I don’t know if you know what guano is but that’s 1:01:25 yeah yeah oh that’s disgusting I’m not bad why would I not know what that is is that cannibalism I don’t know 1:01:33 but have you heard of that coffee though that they make out of like it’s like certain monkeys eat the beans and then 1:01:40 [ __ ] them out and they make coffee out of the beans that they like take out of their [ __ ] and it’s supposedly like the best coffee in the world I’m not eating 1:01:47 monkey [ __ ] yeah I know it’s really expensive it’s one of those things where I was like I think I heard about it in 1:01:52 Singapore when I was there and now it’s like I’m going to have to trust you up 1:01:59 if I would like try that like I don’t know I’m kind of curious that sounds like a barbett that some marketing guys 1:02:04 get together and they say what is the most ridiculous most disgusting thing we can get people to pay a premium for yeah 1:02:10 monkey [ __ ] why not so like last weekend we were in southern Utah and we rented some side by sides you know those like 1:02:16 crazy like off-road like little things that people use we had some of those and 1:02:21 we were in southern Utah and we were on the dirt bike and I’m I’m the wor like you should not ever go with me on one of 1:02:28 those cuz I’ll be like if we roll it we’re fine as long as we don’t like die right so but we we kept taking it off of 1:02:34 dirt bike jumps and my boyfriend was like are you serious you want to do this I was like yeah let’s do it like what are you scared and like obviously you 1:02:41 know when you say that to someone that’s just egging it on especially for someone as competitive as he is so wow we went 1:02:47 over a couple jumps definitely tipped did not roll but tipped a couple times 1:02:53 and uh the it the night ended with uh one of my friends we found this little Lake thing 1:02:59 that definitely had like quicksand at the bottom oh God and I was like you 1:03:06 should try and drive yours through that one of my friends he just bought a new machine and those things are expensive right like they I don’t know if you know how much they cost but they’re like 35 1:03:12 Grand how much 35 oh I I thought the expense they cost like what a car costs 1:03:17 like literally I just bought a new SUV and my SUV cost that so I was like why why are people spending 35, 40 Grand on 1:03:24 them dune buggy and drive it into quicksand that makes sense you know but I was like you should see if you can drive it through the lake and not get 1:03:30 stuck and he was like okay and like and he got stuck so I have a picture of it 1:03:35 it’s really funny um I can pull it up and show it to you actually on here because that’s hilarious but um a 1:03:42 picture of it in all of its Glory sitting in the water um beautiful scenery 1:03:49 though nice oh wow I I I um oh man I 1:03:55 invented a dune buggy in the Middle East oh fun went through a desert and stuff 1:04:01 with my family was really cool and then you pick a place to eat lunch and we ate lunch and uh it was very nice I um the 1:04:08 problem is people don’t realize when you’re renting a Dune buggy and you’re going in the desert you got to wear 1:04:16 goggles we had to get goggles cuz and my goggles were covered yeah covered I had 1:04:21 to keep them WIP I had to stop wipe my goggles stop my goggles even out there it was like that just with the red dirt 1:04:27 and stuff it’s Utah’s crazy cuz I live up North so I’m actually like on the bench of a mountain so um I live like 1:04:33 half an hour from Snow Basin so lots of skiing and fun stuff out here but then if you go that’s 3 hours south just all 1:04:40 the Mesa and we ride outside of Zion so it’s a cool state if you like doing stuff Outdoors if you guys are ever out 1:04:45 here and want to get into some trouble let me know yeah we we do our outdoor stuff you know yeah rooftop bars you 1:04:52 know New York I’ll come out there and then we’ll then we’ll go to the gym and fight sounds good there we go all right 1:04:59 fighting on the road okay or we can go out there and fight that’s what I’m saying nature fight yeah nature fight 1:05:06 was get in there we we’ll get like four cones big tall con we do on the edge of a cliff that’s it no when why I won’t do 1:05:14 in the middle of nowhere unsanctioned uncivilized so if I hit you you would just be able to fly off the cliff yeah 1:05:22 if you hit me I’m going to Plum it to my death we can put a parachute on you or something yeah I safety first I can’t even 1:05:30 I can’t even operate a remote control I think we’re there right Joe we 1:05:36 we we this a good episode here huh all right location shoots there we go we need a 1:05:42 sponsor get Ryan on the horn all right Ryan dune buggies dcom there we go all 1:05:49 right Gabby Gabsmash Thank you so much for joining this has been a blast a lot 1:05:56 of fun she has a she has a what’s a clo plant in the back I have like 12 of those a plant what oh she has succulent 1:06:02 or one of these guys Alo plants is an aloe yeah I love Aloe plants so the Aloe 1:06:09 PL I know we were supposed to end it right here but the Alo eplants have pups Joe they have pups they have pups so 1:06:14 little they have little pups in the plant and they keep on reproducing so we’ve been trying to give away aloe do 1:06:20 you want one is that like a thing they put in Czech off’s year that made him like you know no that Al plants are 1:06:25 awesome though cuz if you ever have sunburn like you can break off a leaf of the aloe plant and just like the rub the 1:06:31 gel on you and it’s the same thing that’s in the sun like Aloe after sun Aloe it’s the best I was going to say why did why do that when you can go to the the 1:06:38 drugstore but whatever you keep them reproducing and I have now I have like 10 Aloe plants in my house the all one 1:06:45 Aloe plant’s like this big you got invasive species man you better watch out it’s going to take over you guys got 1:06:51 Lantern flies we can have it in we got those those things are nasty I’ve been 1:06:57 eating them in order to stop them oh God all right now you’re gr okay all right 1:07:02 on that note the lantern flies Okay well Gabby thanks again for 1:07:08 joining we have had a blast yes thank you happy Halloween everyone yeah happy Halloween G smash 1:07:16 wings that wings I can’t show them well here there you go all right take care 1:07:22 all right see y 1:07:33 yeah