Founder's Story - AI Is Both the Problem and the Solution—This Cyber CEO Explains Why | Ep. 224 with Scott Alldridge, President and CEO of IP Services
Episode Date: May 27, 2025We sit down with Scott Alldridge, President and CEO of IP Services and author of the Amazon bestseller VisibleOps Cybersecurity, part of a series that has sold over 350,000 copies. With more than 20 y...ears at the helm of a thriving tech business, Scott shares the critical lessons that have enabled his company to survive and evolve through seismic shifts in technology, from the early internet era to the age of AI.Scott discusses the importance of reinvention, the growing urgency of cybersecurity, and the dual threat/opportunity posed by artificial intelligence. He explains how AI is changing the cybersecurity landscape and why every company, regardless of size, must assume a breach as a foundational mindset. Scott also reveals the thinking behind his bestselling book series and how aligning a book with your business model can become a powerful driver of credibility and growth.We cover:What it takes to stay in business for over 20 yearsWhy reinvention is critical in techHow AI is both the solution and the problem in cybersecurityThe surprising rise of ransomware-as-a-serviceThe book strategy that helped him sell 350,000+ copiesPractical tips every business should implement today to avoid being hackedIf you're a founder, tech leader, or entrepreneur who cares about protecting your company and staying ahead of the curve, this is a must-listen.Resources:Get the book: VisibleOps Cybersecurity on AmazonConnect with Scott: scottalldridge.comCompany site: ipservices.comOur Sponsors:* Check out Northwest Registered Agent and use my code FOUNDERS for a great deal: https://northwestregisteredagent.com* Check out Plus500: https://plus500.com* Check out Rosetta Stone and use my code TODAY for a great deal: https://www.rosettastone.com
Transcript
Discussion (0)
So Scott, something that I've noticed that is a very, very hard thing to get in business
is to be in business for over 20 years.
I was reading some stats that most companies fail within two years, five years, and it's
like 90 something percent of companies do not exist after 10 years.
What has been something that you've done
that's been enabling you to be able to be in business
over 20 years?
Yeah, well, thanks for having me, Daniel.
And yeah, being in business for 20 years,
it's actually been a little longer than that.
I was actually kind of a teen entrepreneur
when I started 19, my first business.
But the big key there is basically being able
to reinvent yourself. And I think that's one of the
challenges that's really hard to do. Sometimes we get into norms
and we get very hyper focused and myopic and we really aren't
looking at what is the next potential shift in how we
deliver service or what services we are delivering. And of course,
in technology, it's an ever-changing world out
there. So we were constantly evolving and figuring out how to deliver the next generation of services.
So that's been a big part of the, I say, success quotient, if you will, for establishing and
longevity of 20 years of business plus. I imagine if you're in a technology focused business
and technology is advancing at a rate that's,
I don't know if we can even keep up mentally right now,
it's so fast, how do you stay at the front
and at the forefront?
I mean, you went through like the dot com era
all the way to now.
Yeah, the internet was just becoming a thing
when we first launched into some software, software retail stores that kind of
thing way back in the day. But the idea there staying up on stuff is it first
off when you you've kind of lived in this space and it really is your career
and it's what you do it is a little easier to you know assimilate new
information be able to take it in, understand it.
We live in a world of acronyms like a lot of industries.
So it's not quite as difficult to stay up on stuff if you're living it every day for years and years.
However, with that said, yeah, constant research, constant looking for kind of, you know,
working with organizations that do research that we partnered with.
I have a little sister division
that's called the IT Process Institute.
So we do some research and development,
really research benchmarking and prescriptive guidance,
which is a little bit where the books
and the thought leadership comes from.
So that helps us stay at the forefront,
and kind of at the tip, if you will,
of what is the latest technology landscape,
digital transformation, how are you ready for it?
And of course in today's world,
it's all about cybersecurity and artificial intelligence.
So how are you seeing the coming together now
more mainstream?
Because I'm sure it's been that way for a while,
but it's becoming more and more mainstream
and now you have gen AI and stuff.
And I'm sure there's so many cybersecurity threats
that are happening.
How are you looking at AI now, cyber security, those two things morphing and
merging as what could be a challenge or what could be a benefit?
Yeah.
So not to oversimplify it, but it's a little bit back to the anti-virus days
where we get an anti-virus piece of software to keep malware off our machines.
And it would do a really good job,
whatever flavor you use, there were lots of them out there,
Symantec, you know, antivirus, etc.
And then of course they'd have an update you need to do because they figured out, you know,
how to inject new malware that would go around the anti-malware and so it became a cat-and-mouse game.
And you know, that's a little bit where we're at modern day with, you know, cybersecurity and particularly, you know, AI, the, you know,
AI is can be used both for the good and the bad.
So the bad actors and the threat actors are using AI in ways they never have
before. They're getting really smart. They're able to launch multi, you know,
tiers and points of attack that they weren't capable of doing in the past.
And that is definitely creating challenges in cybersecurity and setup. However,
we also have the deployment of the proactive AI that's actually looking and defending in a much
faster, higher rate. So we're kind of back a little bit to the, you know, cat and mouse game,
chasing each other as to which one's doing what. But there, at the end of the day, good cybersecurity really is not necessarily about the next shiny toy or the next cool tool or even AI per se,
even though we're having to get better about AI itself, because even employing AI for other purposes in your organization can actually open up cybersecurity threats you may not have even thought about. So that's really kind of the tip right now
of cybersecurity is really, how do we know that the AI
that we're introducing into our organizations is secure
because everybody's trying to use it to be more efficient.
So long answer, but the short form is, yeah,
I think we have to utilize the latest technologies
to keep up with the bad actors,
but also understand that there are foundational layers
of security.
There's no point-based one thing you can do.
It's always layers.
We use a methodology called Zero Trust,
and there's multiple layers as how we deploy
Zero Trust to protect organizations.
I think it's good to have a business
that is always changing.
I think that, you know, if I look at
what companies have survived over long
periods of time, there's a lot of companies that have been dying the last few years and they're
not really companies that had changed or they didn't adapt. They just kind of continued.
But we're seeing, you know, tech companies and companies that are that are adapting very quickly
are the ones that are continuing to survive like you over 20 years in business.
So you're in business over 20 years and you're in cyber security and for some reason you're
like I'm going to write this book.
What made you inspired to even write a book and how that was going to play into entrepreneurship
or building your personal brand or whatever you hope to achieve from that book?
Yeah great question. The reality is, is that as I referred to earlier, we really had spun
back in the mid 2000s, kind of the IT process Institute to really research and benchmark
and deliver prescriptive guidance. There's kind of a lack of that. It's matured over
the years to some degree, but there's still in IT. It's kind of like Mike does it one way,
Sarah does it another way. What is really the best way? What is the best practice? And so that's
really where we camped with our research and borrowed research and partnered with research
to find out that there are some foundational controls, processes, and how you do things
that really drive high performance in IT management. Interestingly enough, a lot of that came back to this one study that said that all IT failure, downtime, you know, lack of
availability or issues in IT is core to it. And this is 75%, 80%, between them or
between there, depending on which study, is correlated to some unapproved,
unauthorized, untested change. So the working thesis became, let's do really
good change management around how we do IT and how we implement changes, where we allow them
to happen. And what we've come to find out more recently is that actually no
security breach will happen without a change or a need for a change. Either I
convince somebody by socially engineering them to become them or hack
in or I just brute-force hack in and I change something to be able to siphon
data to get personal data, you know, confidential data information, that kind of stuff. So that's
the background and kind of living in that world for many years and that research and kind of having
that insight really kept me thinking about how the earlier books and the core of what we call
IT processes and IT process efficacy, which is the third chapter of my book, still applies to
cybersecurity today. So I had this kind of brainstorm, we noodled on it for a couple
of years, spent about eight months to really author the next version of the VisibleOps
series of books. We did one called VisibleOps Security like over 10 years ago. This one's
VisibleOps Cybersecurity because we didn't call it cybersecurity back then. And in this
particular book, I get into some very specific applications, if you will, methodologies, zero trust, as I referred to before, really giving practical guidance for how small
companies and large companies can, at both sizes, right? Smaller enterprise can actually use these
methods to seriously increase their cybersecurity posture, make huge advancements. A lot of the
things I referred to are kind of 80-20 rules, if you you will 20% of the effort can give you 80% of the benefit and protection against the bad actors the threat actors really enhance your cybersecurity
So that's the background on the book generally speaking you write this book
Series you got the series now over 350,000 copies which is insane most people sell like 200 copies
So to sell
you know six figures of copies is very very challenging. What helped you in that
time because you're not like a full-time author that's only focused on
books. You got this business and then you have the book and then you have all
these things you know supplementing each other but what has been helping you in
terms of getting your book out there and getting it heard?
Yeah, there's an
the IT Process Institute and the series of books, the Visible Officer is really is somewhere of an
altruistic goal, raise the tide that floats the boats in terms of IT management, best practices, cyber security.
We want to help everybody do better. And so if they can glean something to book, so first off there's altruistic goal, right?
Just we really want to help
Businesses across the US and the globe really increase enhance against the bad guys
That's the first goal the second part of the book and what's kind of helped it
Is that it really is part and parcel to the types of services that we deliver
We kind of are the living breathing visible ops organization
That's kind of how we deliver our practice and our service around cybersecurity.
So it is, it helps my organization both internally,
my people read and learn from it.
We train in it.
We actually have some online certification training
for visible ops you can actually have access to.
So there's a lot of things that are around the book
that kind of feed off of kind of the ecosystem.
But also we early on had partnered with several vendors, larger vendors,
HP, Red Hat, some of those types of vendors to help us promote the books.
And so they actually would buy thousands of copies of them and help promote them
through conferences and through different activities that they were doing to
promote their businesses because a lot of the principal concepts and and the principles of the book are
really
very
Sympatic, you know
Sympatico if you will they they complement the service the types of software and services around security
Really gives the research and the backdrop to promote the type of services that those vendors
Actually provide so that's the vendor relationships also help really promote the book as well,
besides, you know, being a part of our business.
And of course things at some point take on a little bit of a, if you will,
viral. And so my book just became an Amazon bestseller.
It's starting to get a little viral now.
So we're seeing that activity kick up like we've seen with the other books and
hopefully start to really take off over the next few months.
This is a very unique perspective on a book.
As many people, they write a book
and they hope it builds their personal brand
because maybe they wanna speak.
But the fact that you're taking the book
and then leveraging that within the organization
and then also connecting that to other corporations,
that's a very unique spin.
When you think about cybersecurity,
what right now do you
feel are like the biggest threats that businesses need to know about?
So a couple of things there, I could talk on and on about this one. But the first thing
I would say is that no business is too small. The last couple of years, they're going crazy
downstream to small organizations, you know, companies that maybe only do 500,000 worth of sales,
believe it or not.
So a lot of belief out there is,
well, we're just not a target, we're too small,
they wouldn't want, they're not interested in us,
but they are.
And they'll take five grand, 10 grand.
The other thing is that they're highly sophisticated,
not only using AI,
but ransomware franchises is a real thing.
You can actually sign up for a franchise,
they give you a tool set
if you're a smart high schooler with computers, you try to hack in, you get maybe a little bit into their
network. You can then partner with the franchise. They'll come in and then they split the proceeds
on the ransomware. It's that sophisticated. Then when you go to pay, they don't just have you pay
some way. They actually send you their call center and their call center will take your payment.
They want to convert typically crypto currencies into dollars
because they don't want to be traced.
So this is the world we live in.
The threats are everywhere and they're going way downstream.
One of the first principles we talk about
with all companies that we work with is assume breach.
Because if the bad guys really do want to get in,
they generally will find a way to get in,
about 99% chance.
That's why we see some of the big, big corporations
that have every tool deployed
and all the experts in the world,
and yet they're still getting hacked for millions of dollars.
So the point is we start with a soon breach,
which means you have to have backup and restore
and what we call immutability,
where your backups are not even connected to your network.
They're privately securely encrypted and stored
so that when the bad guys get in,
what they typically will do is not only encrypt your current systems, but they'll find where your
backups are. They'll encrypt those and then people can't restore and then you're stuck and you have
to pay. So the first principle and I'll just give the one is working on true business continuity,
business disaster recovery, business backup and restore with immutability, air-gapped backups.
That's a really important
principle. But there's a couple of things right there. No business is too small. That's
the world we live in now. And every business should have tried and true immutable separated
backups that are tested regularly.
I watch these YouTube videos where these hackers hack into these scam call centers. And then
they they actually reverted back to them. It's very interesting.
Yeah, I'm shocked and I've listened to these calls
and the sophistication I've been,
it's happened to me before.
I thought the same thing, like, no, I'm too small.
No one's gonna reach out to me and they did.
And it took like a year before I even knew
that we were sending money,
that the money was going to the wrong person, not us.
It was a disaster.
So Scott, I could see that not only corporations, that we were sending money that the money was going to the wrong person not us it was a disaster so uh
scott i could see that not only corporations other it companies but even businesses need to read the
book and cyber security might be you know one of the things that we need to focus on that we are
not focused on we're always profitability hiring, but many times business owners are just not focused
on these threats.
But Scott, if you wanna get your book,
hopefully, there it is, the visible ops.
Maybe you'll sell another half a million.
That'd be great.
Yep, thank you for the time.
I really appreciate the inner healty.
How can people get the book?
Yeah, so my author's website is scott aldridge.com S C O T T A L L D R I D G E.com.
And from there, I've got links to the IT Process Institute to IP services, my
company. But you can order the book right there through an Amazon link that's
there. You can go to Amazon and just type in visible off cybersecurity.
It'll pop right up. So Amazon's the best way to really get the the book Scott. This has been great. Thanks for sharing today. I learned something
I'm gonna go back now and see what changes I can make and I might need to just read that book Scott
I think I need to read it
I hope everyone who's in the industry gets to read it too
And we can all be we can all feel safer and not keep belonging these people
You know to continue being a threat to us.
But Scott, this has been great and thank you for joining us today on Founder's Story.
Awesome. Thank you.