Good News York by Growth Mode Content - GNY EP.101 | Cyber Security Awareness Month with Mike Lisi!
Episode Date: September 29, 2025Episode 101: Welcome Back to Good News York with Special Guest Mike Lacey from MalTech Solutions In this milestone 101st episode of Growth Mode Content, hosts Matt Masur and Mike celebrate surpassing ...100 episodes with light-hearted banter about weekends, favorite drinks, and memorable meals. They are joined by cybersecurity expert Mike Lacey from MalTech Solutions to discuss intriguing topics in the tech world, including the latest cybersecurity trends, their unique attack paths, and the importance of proactive security measures. Mike also announces his company's move to a new office space and details their upcoming cybersecurity awareness initiatives. The episode combines humor, personal anecdotes, and valuable insights to create an engaging experience for the audience. 00:00 Introduction and Episode Milestone 01:01 Weekend Recap and Personal Stories 02:47 Special Guest Introduction 03:35 Dining Experiences and Fine Dining Discussion 11:02 Cybersecurity Insights and Business Updates 19:52 Cybersecurity Awareness Panel 20:50 Basic Protection for Everyday Users 21:12 Windows Defender vs. Third-Party Solutions 24:23 CrowdStrike Controversy 29:33 Hack Dissection Podcast and New Initiatives 31:12 Moving to the Inspire Building 38:11 Bug Bounties and Breaking into Cybersecurity 39:01 Conclusion and Acknowledgements
Transcript
Discussion (0)
Instagram teen accounts have built-in protections for who can contact teens and what they see.
Learn more about teen accounts at Instagram.com slash teen accounts.
It's a gentle cruising. You start to see the village, almost like a painting.
Join me, travel expert Darley Newman, and Uneworld Boutique River Cruises L'Ik Balee to learn about river cruising in France.
As we have been sailing there for decades, we have been able to create deep connection with the local communities.
Local connections make exploring France easy.
Tune into the Travels with Darley podcast on IHeart
and wherever you listen to podcasts to hear about river cruising
and Unirold's 50th anniversary summer specials.
Hey, everybody. I'm Matt Mager from Growth Mode content.
Welcome to episode 101.
Can you believe it?
We surpassed 100. We didn't even quit at 100.
I was ready.
We're going all the way to at least 112 maybe.
Yeah.
That was a joke.
Matt Major here.
mildly awake on my, I don't know how many cup of coffee.
Joined always is my friend.
What's on the shirt today, Mike?
Oh, it's a Bill shirt.
I should have known as a Bill.
Yeah, yeah, yeah.
It says, where else would you rather be than right here right now,
which is kind of a Bill's mantra that before the game they started,
where else would you,
it's a speech Marv Levy gave the Super Bowl teams back in the 90s in the huddle.
It was very famous.
Like, where else would you rather be?
Bit by bit, I'm being indoctrinated in your weird.
I don't know how I feel like it.
I am propagandizing you daily.
You just don't know it, yeah.
Oh, geez.
How was your weekend?
It was awesome.
Yeah, yeah, yeah, yeah, it was great.
It was, uh, my parents came to visit.
I haven't seen them in a while.
The bills won.
Um, what else did we do?
I don't know.
I did a ton of shit.
Oh, we went to, uh, where did we go?
I don't know.
I'm not awake yet, but it had a good weekend.
I, uh, I did too.
I had family in from out of state.
We had a really, uh, sort of family reunion party.
My uncle retired, and he's moving to California.
Very nice.
And it was a good time.
But my cousins came up, who I haven't seen in a number of years,
and I kind of showed them around the area a little bit.
Yeah.
Took him to Beacon Skiff.
Very good.
That was where we started our day on Friday there,
and did the cider flights.
Okay.
Those were great.
I don't know if you've ever done that.
But I always think of them as having, like, the one hard cider,
and they have like a million.
sample them and it's...
Well, you're a big wine slushy guy.
Where would you rank cider?
Is that right underneath wine slushies for you?
Here's the thing.
I don't really...
The wine slushy I drink in the summer because it's warm, you know?
And I don't really drink much at all.
Yeah.
So I don't pound many of those things.
So it was really...
I don't know that I've ever ordered a, you know, a cider or bought a four-pack or anything.
Just because it's not necessarily my thing.
It was great to taste and see the different options they have.
I'm just not somebody that would drink, you know, an entire one.
I quit drinking at like the worst time because, I mean, they have everything.
You know, if I had quit in the 90s when there was like blue light, Mick light,
and then you got crazy with those magic hat.
Whoa!
I mean, now you got chocolate, marshmallow, pumpkin, pecan pie, like, whatever you want.
You could have a spaghetti dinner in a bottle.
We should also, before I tell you about the rest of my day,
we should also acknowledge our returning champion sitting so quietly and politely.
I know.
Also, one of the coolest, I'm going to say, don't let anybody else hear this, one of the coolest growth mode content podcasts that we make.
By far.
Hack dissection.
Mike Leasey's here.
Yeah.
What's up, buddy?
Hey, guys.
Thanks for coming back.
And we figured out he was technically our first guest because we launched at the Winter Fair.
And he came on the Winter Fair.
Yeah, that's right.
He was one of the OGs from the beginning.
100 episodes later, here he is.
We're going to get into a bunch of cool things with Mike and talk about all the stuff.
that he does for fun and what's coming up on his podcast.
Yep.
I just want to give a couple quick plugs before I get too far off track.
After Beacon Skiff, we went to Skinny Atlas because, of course, you know,
somebody comes to New York.
You've got to show him around Skinny Atlas.
Had lunch at the Lakefront Tavern pub, whatever it is, the local awesome.
Right there on the water.
Best chicken wings I've had in anywhere.
And I can't remember how long.
Well, you know that's my department.
Dude, old school, the way it's done right, fried with good hot sauce, like...
Were they saucy?
Like, you know what I mean?
You know when you get a plate of wings and they're dressed, but...
It's just grease at the bottom of the bucket?
Correct.
Yeah, yeah, yeah.
I like when they're saucy.
Yeah, no, it's real.
I like when they're swimming.
Listen, here's how you make wing sauce.
It's hot sauce and butter.
That's it.
You want it hotter or spicier?
you know, it's more or less butter.
Yeah.
People get too much more creative with that.
You've done it wrong.
I've come up with the wings that I make sometimes on football Sunday called
baked grilled and buffalo build.
And I have worked for years.
Of course.
I just tried to propagandize you.
Of course.
It is more,
yes,
it is,
you know,
you could do franks and butter and that's it.
But you,
there is,
I've been trying to dial this in for years to get the perfect because there's,
you know,
there's a million people that make different sauces and many of them are phenomenal.
But I'm just saying traditional OG wings.
sauce, done right, has two ingredients.
Do you remember Tony's pizza in Herkimer?
Yeah.
To this day, I have yet to find a mild sauce like theirs.
They're mild sauce.
That golden, yellow.
That might be the last time I had good wings other than in Skinny Atlas, but.
It's a good alehouse.
Got a shout out.
I'm telling you.
My family had some other things there.
They were phenomenal.
Just go there and eat is what I'm trying to say.
And then while we're on Go There and Eat, unbeknownst to me, it was Parents Weekend at SU.
So the city was flooded with things.
I wanted to take my family out to dinner somewhere.
And I saw, I'll, maybe I'll go to Noble Cellar.
You know, this is the nicest place in Syracuse.
So I've heard what I've yet to be there.
I saw this post.
Reached out to my friend Sarah, who happens to own the place and said, hey, can I, you know, book a table for us?
And she's like, well, I've been booked for weeks.
Sure, I got you.
And she got us a table for six of us.
It was the best meal I've probably ever had in a restaurant.
Fine dining, correct?
Yes, but I've been to places that were more expensive and more fancy,
not nearly as good of an experience, and as good of the food.
So listen, like every aspect, right, if you haven't been to the place, it's an old historic church,
they remodel it.
It's gorgeous inside.
They've got awesome video projections up that just,
blows my mind, but the staff from the host to the bartender to the waiter were not only like
incredibly knowledgeable as you'd expect in a place like that. You know, typically you get those people,
but they're also a little snooty because they're very high class. Sure. You know, serving you.
Incredibly friendly, also incredibly knowledgeable staff. All of them, it was mind blowing. And the food was,
we had this elk appetizer. Whoa. Dude, I don't even. Was it better than the camel jerky from the fair?
A thousand percent.
Okay.
I don't even know how to describe it other than it's unlike anything I've ever had before and it was phenomenal.
My cousin had a steak that is the best steak he ever had.
Wow.
Wow.
It was just absolutely, I can't say enough good things.
It's not a lie when people and you hear all these things rave about it.
Sometimes it's kind of nonsense.
It's not in this case.
This is the by far best restaurant in Syracuse, probably the best in New York.
Can I tell you what I loved about it?
I wasn't there.
But after you made that post.
So I checked out the website.
Yeah.
Right.
So good job.
It worked.
Here's what I love right off the bat.
They're kind of motto or, I don't know, whatever.
Approachable fine dining.
I love that.
I've never heard it phrased like that.
Yeah.
But sometimes one word can change because you hear fine dining.
And I've been to fine dining restaurants, you know, and it's obviously fantastic.
But there is always that almost that imposter syndrome when you walk into a fine dining place.
No matter how successful you get in life, you walk up to five dining restaurants.
you walk up to fine dining, you're like, do I really belong here?
When you hear someone say it's approachable fine dining, I immediately know, like,
these are not pretentious assholes.
They just know how to cook some damn good food.
Dude, and I'll be honest, it was a menu full of words that I had never seen before in my life.
Oh, yeah, you're like, what is this mean, honey?
At one point, we asked a waiter, like, what the hell is that?
He very non-judgmentally explained it to us, and it was great.
Because they're approachable.
It was phenomenal.
They even have a suggested, like, if you don't.
don't even you don't even want to dig in they have a suggested option for all your courses and
everything you can go just bring me the chef's recommendation tonight and they'll just set you up all
like i'd be afraid to do that because they'd be like send all the expensive shit out you know what's
funny i was like well i don't know if i want to do that no no they tell you exactly what what it is
yeah yeah yeah um but i was like i don't know if i want to do that so i ordered off the menu and
i realized that i ended up picking what they had suggested i should have met with it but you know
you're in a good restaurant you're going to spend some dough when you see the price on the menu
as market price.
Yeah.
You know?
I had an embarrassing experience at a fine dining place.
I didn't even realize it was happening, but I have a very weak stomach.
And I,
I've had a tug of war with seafood over the years.
Like,
I came from, you know, Hercimer.
I didn't eat seafood.
I didn't like seafood.
Your idea of seafood was a four-eyed food.
I found out, yeah, yeah, exactly.
My idea of seafood was a one-eyed perch from the Mohawk River.
Yeah.
But I found out that it's like,
over the years my taste had changed,
and I'm like, why do I like muscles,
but I can't eat, you know, sea, whatever.
The point is, it's ocean fish for me that I like.
It's anything that's not, not on purpose.
You don't like freshwater fish.
I don't like freshwater fish.
All right, fine.
What about like shrimp and stuff like that?
Yeah, yeah, I can do it.
As long as it's not too fishy, you know?
I understand.
And we were at fine, I took my wife and I are at a fine dining restaurant,
and this table next to us orders some sort of special.
And it's a, bro, it's a fish.
Yeah.
Like its eyes are still, it's ed.
And I, and I'm watching her.
eat it and I start, oh, I start, you know, and my wife's like, stop it, stop it. She's doing that
stop. And I'm like, I can't stop. And so, you know, like switch chairs with her. So whatever, I stop
looking. It's a gentle cruising. You start to see the village, almost like a painting. Join me,
travel expert Darley Newman and Uneworld Boutique River Cruises L' Week Bali to learn about
river cruising in France. As we have been selling there for decades, we have been able to create
deep connection with the local communities.
Local connections make exploring France easy.
Tune into the Travels with Darley podcast on IHeart
and wherever you listen to podcasts to hear about river cruising
and Unirworld's 50th anniversary summer specials.
At Arizona State University,
we've made online education better, smarter, and more personalized
so you can go further in your aspiring field.
I decided to pursue medicine once I realized that ASU did have the online program
for biological sciences.
You're still required to learn the same curriculum.
You're still being tested on the same content that anyone would be tested on in person.
The comprehensiveness of the program prepared me so well for medical school.
Explore over 350 plus programs at ASUonline.asu.edu.
My wife's food comes out.
She had ordered the same thing as that, right?
But the waitress sets it down and the head is cut off.
And she goes, miss, just want to let you know, we saw the reaction of your husband.
So we went ahead and cut the head off the fish.
And I was like, thank you, and also I am so fucking embarrassed.
Wow.
I didn't know anyone was watching me dry heaved, but it ended up working out.
That's hilarious.
Yeah, she or my wife tells it.
She tells it better from her point of view because that was oblivious, go figure.
I'm more concerned that I can't think of what I did this weekend.
Might be wild that married to you.
I couldn't even.
Oh, bud.
She deserves something.
Nobel Peace.
Talk to our guest.
Yeah, Mike.
Fuck us.
Let's talk to you.
No, you're fine.
We are sponsored by ads.
Spansored? We're spancored. We're sponsored by ads on the go. Get ads on the go.com. Shout out, Zach, we love you.
Zach is the man. So speaking of good news, Mike's got some great news about his business.
He's got some little expansion plans and new locations plans. Tell us about it, but it's been crazy.
Yeah, since the first time that I talked with you guys back in February. You know, we were getting going.
We were about to close on our fourth year. You know, we're almost done to five. And everything's just been upwards trajectory ever since then.
And so, yeah, we're going to be opening up and moving into an office space now instead of just everybody being, you know, located across the country.
I work from my basement.
So we're going to be down in the Inspire Hub downtown now.
That's fantastic.
Dude, you deserve it.
You are such a great person, but you're so good at what you do.
And for those of you that don't know, he's got a great show called Hack Dissection, right here powered by us, growth mode content, which we're going to shoot after today's episode.
You work for Maltech Solutions.
That's your company.
For those listening or watching that maybe haven't checked you out yet,
what exactly is it that you and the company do?
We help companies assess their security by emulating bad guys.
So we get to pretend to be the bad guys, try and break in,
and then let them know exactly how we did it so that they can protect themselves.
I brag about you to friends all the time.
When they ask about work, and I'm like, we have these clients and, you know,
we have some realtors.
then we got this guy.
They hack into shit.
You got to hear these stories.
They've gone into banks and stole gold bars.
It's like real life movie.
It's like, yeah, it's like Ocean's 11 real life.
And I tell them horrible.
Like, I don't give it justice your stories, but I try to convey them.
It is really cool what you do.
I mean, to be, to get paid to not only do what you're great at, but to be like,
I get to just like pretend be a criminal and not get arrested.
That's the best part.
That's the best part.
That really keeps me into it, is doing the quote-unquote illegal things legally.
Yeah, and you're helping people.
Yeah.
In fact, even just this past week, we were working with a financial institution, and they had just implemented all these changes to their software.
And the whole approach was, hey, I'm somebody.
I'm working to get a loan.
I'm going to log into your web application.
I'm going to fill out the paperwork.
And so I was pretending to be one of those customers.
And then I found out, you know, by tweaking a few things and poking around.
a little bit, not only was able to see all that customer's information, but every loan
that's in the system, all the banking information, all those things, which was pretty much their
worst nightmare, right? Those are the things that they were like, this is by far the thing that we're
most concerned about. So we called them up. We let them know exactly what they did. They had a fix
deployed that day. And then they said, oh, we're going to go back and we're going to look through our logs
and see if anybody else has abused this. So we know if there's been any sort of compromise.
but they're like, this is exactly why we have you to catch these things before.
So it was like an injection thing?
It was basically like that.
Yeah, I mean, not to get in too much stuff, but they're using a special database software.
And there was just a way to get around the queries that they had.
So then we could arbitrarily decide what we want to go out there.
Are most of your clients, are they hiring you on the ground floor when they're starting?
Or is it usually when they've encountered some issues in this?
then they want you to test. When is usually the jump point for that? It's across the board.
Like for this financial institution, we've been working with them for three years. And then
between last year and this year, they had a big software change, a big update, which necessitated
that. This week, we're working with a startup out of the, you know, on the West Coast. And
they had just started building up their platform and everything. And they're getting some
customers. And those customers are like, hey, we want to make sure your stuff's secure.
So can you show us? And they're like, well, not yet. But we will find somebody that can
stuff out and do that. So we're working with them. And I mean, just really across the board,
we've been working with, you know, huge Fortune 500s and little tiny startups. It's just,
anything in between. So, Mike, you kind of made me think of something as you're talking about
these startups and things like this. As you're doing these tests, is there a set of standards or
some sort of certification or something like that that you provided these folks that they take to
their investors and in the public and say, you know, we've met this security standard? I know there's
a lot in the industry, but is there anything in particular that, you know, that you would do for a startup, that sort of thing?
It's really dependent on the industry and things that they're in because different industries have different regulations and things that they need to abide by.
So we work within the areas that were authorized to do stuff for. So for instance, for companies that take payment information, credit cards, they have to abide by PCI regulations, which means that you need like a special assessor to do that.
So we don't do that assessment part, but we can do.
the audit, that security part, and then pass it to their assessor to say, like, yep,
you're abiding by all those regulations.
When we're working with folks like the startup or with other types of companies, we basically
just do our work against different sorts of known methodologies.
Like web apps, we use like an open standard called OASP for network types of testing.
We use the penetration test standard.
So that's something that everybody can look into and just understand, hey, this is what we
went through, this is the rigor that they, that they underwent, and then here's the results.
Yeah.
And then typically what we'll offer for those customers is like a letter of attestation that says,
like, hey, here's who we are, here's what we did, here's some general information about
what we found, and then our essential, like essentially our feedback on where things are at
and whether or not they fix those things.
So they can give that to a customer and basically say like, hey, this has been looked at
by a third party, and that hopefully makes their customers happy to sign up.
Yeah.
Yeah. One of the other things that I know you do because it's something we partner on is training, right? So a big part of cybersecurity is, as most folks might know, is just everyday people understanding what the risks are and how to avoid them and things like that. We at your local IT department, we've got a number of IT clients who have those requirements from various agencies and insurance providers and things like that. And it's something that we just believe in. So we started out, you know, there's no.
of different ways you can provide this or check the box, so to speak, for a lot of these companies.
But it's kind of worthless, like? A lot of it is cartoon videos that aren't all that engaging
that people sort of half listened to. And again, it checks that box, but did they even listen to
anything? No. So, you know, we started thinking, well, let's do some real sessions with real
people. And then also, let's just bring in some real experts. So we've partnered with Maltech
and they're able to deliver a live, in-person cybersecurity training on a variety of topics that people actually pay attention to and appreciate, which is the best part.
I can't tell you how many of those things like, oh, I've got to go on these trainings, you know.
It's like a safety training if you work in construction and things like that.
This, they come out feeling like they genuinely learn something.
And the best part is these tips and things like that that you're providing folks aren't only of value at work.
You know, these are, you're telling about dangers and things like that that everybody's facing in their everyday life protecting your finances and your personal email accounts and things like that.
So first of all, I want to say thank you for doing that.
And just really tip my hat because our clients have been just overwhelmingly excited and pleased with these things, which is never something you hear about a training.
Yeah, that's a tough part, though, is it's hard to make those things really engaging unless you have that live element of it.
And you're able to have that back and forth, capture some of those questions because not everybody's technical.
The hard part with that is the scaling side of it, right?
That's why you see a lot of those cartoons or those pre-recorded videos and things because in order to hit a thousand companies, it's very difficult.
But when you're working with local companies, smaller organizations, smaller footprint like that, I think it's you end up with a better result.
And I just want to give a shout out to Alan on our team for handling that because he's been just great at putting that material together,
in some real world resources
and just presenting all that to the folks
at the organizations that you've provided.
I'm glad you said that because October
is Cybersecurity Awareness Month.
Oh.
Yeah.
See?
I'm doing it.
I'm making people aware of the awareness.
So Mike,
how can we as non-Maltech solution employees?
How do we get in on the aware?
Like, what do you do for Cybersecurity Awareness Month?
What do we do?
How do we bring awareness?
That's like our thing, right?
We've got to have our own month
to let everybody know what we do.
Yeah, damn right.
So, yes, October, cybersecurity awareness month.
So typically what you'll see is a lot of organizations similar to Meltech,
just offering up just advice and tips and just similar to like we put on for Matt's customers there.
Sure.
Just things that everyday people can keep top of mind in order to protect themselves.
And as part of that and in conjunction with us moving into that new space downtown,
what we're doing is we're working with Center State CEO and the,
inspire folks to put on like a cybersecurity. It's a gentle cruising. You start to see the village,
almost like a painting. Join me, travel expert Darley Newman and Uneworld Boutique River Cruises
L'Ik Bali to learn about river cruising in France. As we have been setting there for decades,
we have been able to create deep connection with the local communities. Local connections make
exploring France easy. Tune into the Travels with Darley podcast on Eyeheart and wherever you listen
to podcasts to hear about river cruising and Unirold's 50th anniversary summer specials.
Have you or a loved one ever suffered from an exploded head due to an extreme energy drink?
Hi, this is Larry Deathstein, attorney at law. Every day, thousands of Americans pound extreme
energy drinks and literally explode their heads right off. At Deathstein and Partners, we fight for
you. So take action today. It's stopped by the Deathstein and Partners office, where we only
serve liquid death's new sparkling energy.
A better for you energy drink.
There's nothing extreme about it.
With only 100 milligrams of caffeine,
that's equal to a cup of coffee.
Plus, liquid death energy has got zero sugar.
And none of that freaky stuff,
like sucralose or aspartame.
When it comes to extreme energy justice,
Deathstein and partners will fight to the death.
Also, if you're not near our office,
you can still try liquid death, sparkling energy
at fine retailers like...
7-Eleven or learn more at liquiddeaf.com.
Where?
Liquiddeath.com.
Awareness panel at their new facility, both to promote the facility and all the sweet,
like, layout and the whole place that they have there.
And then also to just let anybody that's local, any of those business owners, any of those
folks that really want to learn more, they can talk to folks like myself and Brandon, who we
had on last month on my podcast, and then Paul the month before, like the three of us and a few
others are all going to be out there to just talk about what we do, how companies can learn from
that, and just really make it more of an educational experience. We're not pitching what we're doing.
It's just here's some things that you can do to protect yourself, whether it's in business,
whether it's, you know, on your personal life. And hopefully it just helps folks out. And if
they need more help, then obviously they'll know where to go. But I love it. Yeah.
What's a basic thing that everybody who, like I have a laptop here. What's a basic thing that
everybody should have for basic protection.
You know, firewall, is it Norton?
Is it, you know, we get inundated with these emails.
And it gets, it gets overwhelming because you don't know if you're fully protected.
It's making me cringe.
Exactly.
No, but that's why I'm asking.
Help them out, Mike.
What's the everyday thing that everybody should have?
Honestly, if you're working on Windows, Defender is going to be generally sufficient
enough for most people's use.
You don't need to go, the built-in Windows Defender is going to be enough protection for
most folks.
If you need to go above and beyond, then there's some of the,
those third party things like Norton or whatever.
But they're really not as needed anymore because Markov's been staying on top of that.
And I see Matt nodding his head a little bit.
So, you know, if you need to go further than that.
Defender's where it's at.
Then you can look into, you know, the additional technologies to like, you know, watch for anomalies and all that stuff.
But for folks at home, they're not going to see that.
And so Defender, that's built into these systems.
You don't have to do anything?
Don't have to do anything.
And even at the corporate level, I'm going to cancel my Norton subscription.
Defender, and typically sometimes we'll beef it up a little bit.
So there's some additional packages in the corporate level that give you even more protections to Defender.
So again, that's still the basis.
And then we also provide some third party kind of endpoint protection.
But that's a tool that honestly monitors Defender.
And still that becomes the best.
And I don't know why this didn't happen long, long time ago, but Microsoft finally figured out that we need this and they baked it in.
and for that reason I feel like is why it performs better than every other for years we had to have these antiviruses and these third-party tools and they always caused more problems it seems than they caught.
Yeah.
Maybe once every two years they caught a virus and every other time they bogged down your machine or they're sure, you know, or they just harassed you to renew it all day long, you know, even after you did renewing, they were a nightmare.
And now we have a nice solution out of the box that they probably were fielding so much customer service,
shit over, you know, issues that they're like, why don't we just bake this in and get rid of the
problem? 100%. I mean, that isn't too far from the truth for some of those things. Like, number
one, going back to the third party things, you have to give those other technology so much
like permission into your system in order for it to do its job, right? It needs to be able to look at
literally everything that the computer is doing, which is a lot of potential risk there if there's
any sort of compromise that system or if there's anything you can find there. So Microsoft also
also has done a good job at doing that. But it's also just like from folks in the security industry
that have been hammering on like, hey, get your shit together. Like you're doing this and it's not a
secure way to do it. And then they're just going to, you know, here's the way that they can be
abused. Then eventually Microsoft will start implementing these changes. And I don't remember exactly
when it was, but over the course of time, they finally decide like where they're going to be a little bit more
proactive on that and start building some of this stuff in. And that really helped protect people a lot
better than, you know, just having to go and find all this stuff separately. That's awesome.
So, Mike, I got to ask you, this is going to get a little bit into the weeds for some of our
viewers. And I apologize for that. But for those that don't necessarily completely understand,
Mike and I, our roles in the technology world are quite a bit different, right? I'm an IT. I'm almost like
your general physician where Mike is like your brain surgeon, right? And not me. Mike Leesey, we're talking about.
He is a very much special.
I'm the guy in the waiting room of the brain surgeon.
I want to ask you your perspective on Crowdstrike at this point.
For those that don't know, they are a very popular kind of third-party security provider.
These tools, it's not exactly safe to say that they're quite like Norton, but for people to grasp their mind.
Corporate level security tool.
They're responsible for the biggest technology outage in the history of mankind.
Was this that thing not long ago?
Their update broke everything to the point where, yep, most devices had to be manually repaired.
Guys in airports were climbing ladders to reset computers.
The airports, that's right.
Yeah, yeah, yeah, yeah.
All kinds of crazy things.
I am of the opinion that that was a deal breaker.
And I wouldn't ever put Crowdstrike on a client's computer ever at this point.
There's other folks that believe, oh, you know, it's just one mistake.
And they're still the best and strongest provider and all these other things.
Do you think I'm crazy for being over it after that one biggest mistake in the history of computing?
I don't think that you're entirely wrong, although I think that CrowdStrike provides a really valuable service to a lot of organizations.
So whether it's Crowdstrike or whether it's another company that's doing it, you might run into the same types of problems.
So I think what companies have to do is evaluate even that part into their risk evaluation, right?
They need to take into account like, hey, if we're going to rely on this other third party, what do we do when shit hits the fan for them?
Yeah.
And they're down or they take us down.
How are we going to deal with it?
Because that's never happened to that extent that we saw with that incident.
So I think it opened up some eyes with it.
But at the same time, I don't think you're getting around it.
Yeah.
You're going to have to have something that, again, has that level of access into the systems.
And should it get compromised or should there be like a failed update or something?
something like that, you're going to have to have something in place that says, like, how do we,
how do we deal with this?
I'm totally with you.
I'm just, to me, that was sort of the deal breaker with that particular company, you know,
and not to, you know.
Again, this is just my opinion.
I know a lot of folks that, like I said, they still love it.
I just, the way I look at it is there's never been a breach in history that's caused this
sort of damage.
So when our, when our protection, you know, is causing more damage than any bad guy has to date,
Like, maybe I'm going to look somebody else.
I'll give you a consumer perspective because I have no idea about what you guys do, right?
Look, here's a simple way to put it.
I remember in the 80s and 90s, there was a rumor that there was an employee that had got caught peeing on all the chicken at the Purdue chicken factory.
To this day, I won't eat Purdue chicken.
Wow, okay.
So now apply it to CrowdStrike.
I mean, if I was in that world, I did pee on everybody's computer.
They basically peed on everybody's computer.
Yeah.
So, I mean, that's kind of a, I mean, from the guy doesn't know what you guys do with the ins and out.
No, I, uh, that's a PR nightmare because it's like Taco Bell running out of ground beef.
Like, that's their one job, right?
CrowdStrike is to protect you.
You had one job.
You had one job.
And, and, and they not only failed, but it was at a monumental level that you didn't even know was possible.
I mean, you know, there is also that if you look at the eternal optimist, they'll never do that again.
True.
I mean, at least we'd like to think that they put some protections in.
And so that sort of catastrophe would never be possible.
But getting in there, sort of was supposed to be, right?
All of their competitors have learned a lesson from that, too.
Like, hey, are we potentially susceptible to the same type of issue?
So hopefully that makes everybody a little bit safer in a little bit.
Yeah.
How does it even happen?
Like, is it a, it was a bad update.
Yeah.
Bad update that automatically rolled out to every system.
And it compromises the machine in such a way that it couldn't auto repair it.
So you had to manually go in and basically delete the,
It broke it.
Good.
But nobody, there was no hackers.
No, no.
Oh, okay.
It was not like an actual malicious compromise.
It was just an...
It's almost worse.
The software that's supposed to keep you safe, bro.
I mean, in a way, it's kind of worse, right?
Because you're like...
That's the way I looked at it.
Again, we did it.
I genuinely, and this is why I wanted to ask,
I actually, I genuinely appreciate Mike's much more reasoned professional security expert
take on this because it is a little more rational than mine.
Mine is a little bit more emotional.
But, you know, we love to where we're at.
You'd be the one like dealing with all that for all of your customer.
You're going in and having to make it actually fix all that stuff.
It's hard not to be emotional.
Yeah.
Well, and also with something like that, knock on wood,
that no product we've used has ever caused something like that.
But, you know, the way our model work, we don't charge by the hour or anything like that.
We're flat rate.
People play a flat per month.
So we keep things in good order.
So if we had to do that and we had to touch every computer of every client manually,
I mean, this happened a year ago.
We'd still be doing it.
I'm just thinking of the PR team.
Like, well, how do you...
What's your first step in recovering from that?
I mean, that's bad.
Well, first of all, they all got raises.
Yeah.
Says the computer.
All right, guys.
Mike, what else has happening in the cybersecurity world
that we should talk about?
Or even better yet,
what is coming up on the hack dissection podcast
that we should know about?
Well, yeah, we're going to be recording right after this.
We got Graham back in the office.
He's been out for a few months.
Love great.
Basically staying busy.
So I wanted to make sure we get him back in.
He's already wired up in our lobby out there.
He was wired up in the parking lot when I pulled.
He's got his crazy glasses.
It's got the monitor display and everything on there.
He's doing some work, actually, while we're doing this, trying to break in.
Mike's keeping him productive over here.
Yeah, we're going to peel back the curtains a little bit and talk a little bit about what we do.
Awesome.
Some of the attack paths that we do when we're doing these engagements for customers.
and also how we've flipped the script on some of those
and built some new services out for corporations
and companies that are looking to have that ongoing insight
as to what's affecting them, right?
So one of the things that we do a lot for every engagement
is scan the dark web for credentials, right?
Anybody that's like dumping this stuff on the web,
we have access to all of these different breach repositories
and all this breach data and all this stuff.
And every time that we do an engagement with a customer,
we're going to go and scan that to say like, hey, do we have any credentials that we can use to attack this company with?
Nice.
But that's only a point in time, right, when we're doing that assessment.
So one of the new things that we launched is the ability to keep an eye on this stuff all the time
and then proactively let customers know, like, hey, there is a new breach.
Here's the data that was in there.
It affects you.
So here's what you should do about it before something might happen.
That's great.
We're going to talk about the offensive and defensive sides of those.
those paths.
Yeah.
Before we go, I want to, I noticed, so you guys, you're moving into the Inspire building place.
Hub, I think it's called, yeah.
Which is great.
We talked about that.
Congrats.
But you are hosting a panel there.
And then I wanted you to talk about what you're doing for local businesses.
I think it's great.
Yeah.
So like I mentioned a little bit earlier, we're going to get that panel together for the,
anybody in, basically in the community.
Maybe you did talk about it.
That wants to learn a little bit about that stuff.
What's the date on that, buddy?
To be determined, we had one day in mind.
It ended up having a conflict, so we're working to finalize that.
It's going to be later in October, so we have some time to promote it and let everybody know.
I've yet to be to the new place yet.
I understand they have a big kind of theater meeting-gathering space.
And I remember the old one at the Tech Garden was phenomenal.
What's that room like?
What's the new space?
It's beautiful.
Yeah?
They did such a phenomenal job.
It's got just a huge open kind of theater space.
Two large projection screens in there.
Right now, when I saw it last, there's a bunch of desks and stuff,
so you can have like seating there for training or things like that.
But I think the capacity is maybe like 200, something like that for it.
So we could get a lot of...
I think it gets a little bit bigger than the old one was.
Yeah, and it's, like I said, it's just beautiful in there.
That's awesome.
Yeah, it's going to be great.
And then I'm hoping to do some regular community things in that space to just talk about what we do, what businesses can do.
Essentially what we do on the podcast a little bit.
Sure.
Just have some in-person meetings and things from organizations.
That's great.
We got a lot of mutual friends there are going to be your neighbors in the office space there, right?
I was there for the grand opening back on the 19th and just running into friends left and right.
They're like, yeah, we got office here too.
We got up.
So it's going to be just fun to run into them.
That's great.
Just on a regular basis.
I started a business well over a decade now in the previous Tech Garden.
And it's a really neat space.
And it's really cool to see what they've done with it and expanded it.
And I'm excited for you, man.
Well, thank you.
I'm really looking forward to having some actual offices.
You can meet clients and it's not like, let's go to coffee shop,
library or something.
It's like, hey, come to my office.
How many employees do you have right now?
How big is the company?
Total is seven employees, a mixture of full-time, part-time.
and then just like some, yeah, as needed folks that do it secondarily.
But yeah, it's growing.
I might be needing to add to that team now just based on where everything's at right now.
We're rooting for you, man.
We love you.
That's the thing.
You know, the home office is convenient.
But after a while, like you said, it's nice to sort of have a place to go and then leave.
You know what I mean?
And if you want to just be done working for the day, you can go, okay, I left the office for the day.
And now I'm just home.
It's not all it's cracked up to be.
That working from home thing, it's,
We all love it, but like, there's a limit.
Yeah.
You know, like, your home, you know, a lot.
Right.
And you're, you, it sounds great, but it's, it's nice to just get out, go somewhere else.
Fresh air and other humans are nice once in a while.
Yep.
Every now.
It's a cyber security guy.
You know, Mike's supposed to be hiding in his hoodie in the corner somewhere.
Yeah, yeah, yeah.
That's usually, yeah, that's usually where it is.
I'm in the basement, but the thing I'm not looking forward to is I've, like, curated the background in my office,
the basement for all the Zoom calls.
Yeah.
And now I've got to figure something else out.
See, that was my whole thing.
It was a place for more of my decor that I could get out of the house.
I put it here.
Yeah, yeah, yeah.
Oh, man.
Anyway, our good friend, Mike Lacey, Maltack Solutions is the name of the company.
Mike, what's the websites or the socials and all that fun stuff?
MaltekSolutions.com.
Our new product, like I said, breach monitor, that's breachmonitor.
That's breachmonitor.
Nice.
You can find us on, you know, LinkedIn.
We're on X.
Not super active on that one.
Mostly on TikTok and stuff,
we're doing a lot of those shorts and everything.
Thanks to Mike and Danny and you guys are taking care of us about that.
In fact,
I think Danny mentioned we're going to drop our latest episode today.
Nice.
Make sure you check out Hack Dissection, Mike's amazing podcast.
Absolutely no shade to anybody else.
I just did it.
I'm a tech guy, so take that with a great.
It's the most interesting podcast we produced currently.
It really is because.
It's something that we all have either encountered or are going to encounter or we have a fear of encountering it because technology is a part of everyday life.
I just like listening to peeking in on the recording session and hearing these guys go on about some topic and seeing Mike's eyes behind the board just be cross-eyed.
Because I'm blown away.
Is this English? Are these words these men are speaking?
When Graham pulls out these fucking gadgets, man, that are just like unlocking doors with remotes and like walking by people and they have these machines.
where you can you can scan someone's bank card in their in their pocket.
I mean, it's just...
Do you watch McGuver when you were a kid, Mike?
I did.
He was my idol, my literal idol.
I like Magruber, but I can ever think of is, you know, there was a couple of...
I remember one episode in particular, this facility had the most high-tech crazy security system ever,
and they wanted McGiver to be the guy who tested it to see if he could break out, actually.
With a paper clip and a piece of...
Well, that was a thing.
So he shows up, but he doesn't have any tools.
And they're like, well, your guy doesn't have any tools?
Nope, that's why he's the best.
Yeah, yeah, yeah.
And, of course, he does get out of the thing.
Yeah, yeah, yeah.
He always gets it.
These guys do that shit for a living.
I don't know, man.
It's amazing.
It's awesome.
What other job can you try something out and not get in trouble?
You know what I mean?
Like, he gets to break in without any repercussions.
Like, imagine being like a fire department being like, go set that place on the fire.
We got to go.
But I just want to throw this last thing at you, Mike.
Is it true or false that back in the day, the way a lot of folks got jobs, were sort of doing these things, I want to say rogue.
So they would go and find a vulnerability just on their own, go to the company and say, hey, I found this.
Would you like me to help you fix it?
And in many cases, the companies would be receptive.
In some cases, where today they're angry and now they see that as nefarious.
You still have both sides of them.
Okay.
You have some companies that just do not want to hear about it.
Even in instances where I've brought it up and I've been testing stuff for a customer, it's like, oh, they're using this third party thing and it's got shitty security.
And I go to them and they're like, oh, that's like an upgrade to have the security stuff.
It's just not there.
They're just, they're completely pushing back against it and just not even interested.
And then I've had the other ones that are just like, oh, thank you so much.
You know, really appreciate it.
We're going to get these fixed.
We'll let you know.
We'll let you know.
Are people as individuals still breaking in?
to the field by doing some of this sort of, I don't know if you call it white hat, sort of white hat,
type of stuff?
In the way that they can do it now is through things called bug bounties where companies will
basically say, like, hey, we're going to not prosecute you if you stay within the scope
that we're defined and you let us know everything that you come across.
And in fact, we'll pay you too.
So you can build up a essentially a resume of those types of findings and then potentially get
a job from that just by being able to go through.
through that way. I wouldn't recommend just
having that, you know, just going after
a random company. Yeah. And just being like,
hey, we found some stuff. Do you want it?
It's a good way to, you know, find yourself on the
other side of a lawsuit. So go the legal
route. Do bug bounties if you want
if you want to try this stuff out. That's the advice
of the day. I shouldn't just break in someone's house and
sit on their couch and when they come downstairs be like
your front door, not good.
It's unlocked.
But go bills.
But go bills.
Yeah, it wouldn't work.
I'm Matt. He's my.
He's Mike. He's also, Mike.
Thank you for joining us on Good News, York.
Well over 100 episodes. This is awesome.
It is awesome.
Well over a million views.
It just continues to climb on Facebook and TikTok.
Danny's video unseated.
That's still going.
On the way here, I was seeing comments popping up, dude.
It's incredible.
So thank you to everybody who's been sticking along and like it and sharing and following and all that happy stuff.
And especially to our man, Zach.
at ads on the go for being our sponsor.
Love ads on the go. It's driving our picture around upstate New York.
And a quick plug, GNY Sports, my side sports show, my side quest.
Yeah.
Powered by kind of an arm of GNY, Good News York, airing weekly at this point.
It's going to ebb and flow and change.
But we launched the first episode last week, so we'll be looking for that as well at Good News York.
Awesome.
All right.
We'll see you later.
Peace out.
It's a gentle cruising.
you start to see the village, almost like a painting.
Join me, travel expert Darley Newman,
and Uniworld Boutique River Cruises L'Ik Bali,
to learn about river cruising in France.
As we have been sailing there for decades,
we have been able to create deep connection
with the local communities.
Local connections make exploring France easy.
Tune into the Travels with Darley podcast on IHeart
and wherever you listen to podcasts
to hear about river cruising
and Unirold's 50th anniversary summer specials.
You're listening to the Travels.
a podcast right now, driving, working out, walking the dog. If you're into podcasts,
chances are you have something to say too. With RSS.com, starting your own podcast is free and
easy. upload an episode and we distribute it to Apple Podcasts, Spotify, Amazon Music, and more.
Track your listeners, see where they're from, and start earning from ads just like this.
If you've been thinking about starting a podcast, this is your sign. Start your new podcast for
free today at RSS.com.