I am Charles Schwartz Show - FBI Cyber Expert Saves Your Business - M.K. Palmore
Episode Date: April 1, 2026Most people think cybersecurity is complicated. MK Palmore disagrees. With 32 years in the federal government, two decades as an FBI special agent, and executive roles at both Google Cloud and Palo A...lto Networks, MK has seen every angle of the threat landscape, and his message is simple: the basics will save you. Charles and MK go deep on what everyday consumers and small business owners are getting dangerously wrong about their digital security, why a data breach can be the last thing a company ever survives, and how the adversary is quite literally banking on your laziness. MK also gets candid about the tools he personally trusts, the privacy myths that need to die, and why doing a few simple things consistently beats any fancy security stack money can buy. Whether you're a solo entrepreneur or running a growing team, this episode is a wake-up call you didn't know you needed, and a practical roadmap to making yourself a much harder target. KEY TAKEAWAYS: Why multi-factor authentication is still the most underused line of defense for consumers and businesses alike How a single data breach can financially and reputationally destroy a small business overnight The truth about privacy tools, what's worth your time, and what's just noise Why consistency, not complexity, is the real foundation of digital security The devices and platforms a former FBI cyber executive actually uses to protect his own data KEY POINTS: 01:20 – The basics most people ignore: MK breaks down the simple steps that make the biggest difference, while Charles connects them to everyday consumer behavior. 07:45 – Inside a data breach: MK walks through how attacks unfold and why SMBs are prime targets, while Charles unpacks the real financial and human cost. 15:30 – The SMB blind spot: MK explains why small businesses underestimate their exposure, while Charles shares why the assumption of being "too small to target" is one of the most dangerous myths in business. 28:10 – Building a security culture: MK lays out what it takes to get a team bought in on cybersecurity, while Charles explores the leadership gap that leaves most companies vulnerable. 45:00 – Privacy tools, myths, and what's actually worth it: MK cuts through the noise on VPNs, incognito mode, and Faraday bags, while Charles weighs in on his own approach to personal data protection. 56:55 – The everyday carry of a cyber expert: MK reveals the exact devices and platforms he relies on, while Charles reconsiders his loyalty to Microsoft.
Transcript
Discussion (0)
Welcome to the proven podcast, where we don't care what you think, only what you can prove.
Imagine your data being protected on the same levels of the United States Marine Corps and the FBI.
That's what today's guest brings in.
MK tells us all about risk assessments, how to protect our data in an ever-evolving world,
and how even with AI you can remain safe.
The show starts now.
All right, everyone, welcome back to the show.
MK., I'm really excited to have you here.
Excited to be here.
Appreciate it, Charles.
So for the four or five people on the planet who you actually don't know who you are,
Can you kind of give a little bit debrief what you are, what you've done, how you got here?
I'm sure there's more than four or five.
But M.K. Palmore, I'm a consulting leader of a firm called Apogee Global RMS.
My career spans a career in government, 32 years in the U.S. federal government.
I'm a U.S. Naval Academy graduate, United States Marine Corps officer.
I then went on from the Marines to spend 22 years in the Federal Bureau of Investigation as a special agent.
retired from the FBI as an executive leading the largest cybersecurity team that the FBI has here in FBI, San Francisco.
And then I went on to work for two Fortune 500 companies, Palo Alto Networks and a Fortune 5 company, Google Cloud, as essentially a field chief information security officer.
So great experience working at the enterprise level and then broke off out on my own in order to support SMBs and the global public sector through Apity Global.
So there's a lot to unpack there.
And as much as I want to dive right into the intense stuff at the end of the enterprise and the SMB,
let's kind of slowly get out there.
We know that data is being hacked every day.
We know that we have things that are being, be it WhatsApp or signal or own personal stuff
with identity being stolen across the board.
The audience always going to ask me, what is the first thing I can do right now?
Like, okay, I get it.
You've done it on the exceptionally high level.
You've done it with the FBI.
What is basic stuff that most people get wrong every single day when it comes to their data
and the protection of what's going on in the world.
It's the basic stuff.
You know, apps will oftentimes come to you with default settings that make them easy for you to utilize.
And that ease of use is what the adversary relies upon in order to gain access to your digital footprint and your private information.
And so I would ask people to take that extra step.
And that extra step is not hard.
It just simply means enabling things like multifactor authentication and the applications that they use or the SaaS.
applications, the portals for which they gain access to. It doesn't take that much time. People will
deride things like SMS as the second factor for authentication, but some authentication is better than
none at all. And so I would encourage people to, yes, utilize SMS if that's the only available
resource that you have, but there are a number of authenticator apps out here now that use a higher
level of encryption and provide codes for you to gain access to your email or application.
and that's probably at a baseline for consumers.
One of the best things that you could be doing is just simply doing the basics.
Make it harder for an adversary to gain access to your information.
And then if you want to take a few extra steps,
there are things like monitoring your background, your credit, all of those things.
You can actually set it up in Google so that if your personal results happen to show in Google,
they will send you an email saying that your personal results like your address are showing up.
on this particular website, and you can go through a process to have that information removed.
It's not that hard to do.
And again, these are simple things that everyone should be doing in order to reduce their exposure
and decrease the risk of their digital privacy being violated.
Are there certain apps that you just wouldn't install?
This one's too invasive.
We know this is kind of a gatekeeper to things that cause problems.
Not for me.
So I'm a heavy user of social media, one,
because I use it to amplify my business brand.
And then once you've exposed yourself to social media,
you know, very few of us, me included, have read all of the legal agreements we seem to agree to when we download applications
and we allow them to gain access to our digital footprint within our phones.
I think we're giving up quite a bit when we do that.
And so there's a push and a poll associated there, pros and cons.
You just have to understand that you're giving up some amount.
of your privacy and then again, take those minor steps that you can, going into the settings
of these applications and then limiting the amount of access that the applications have to the
rest of your digital footprint and information. The only other thing I would encourage is that
the likes of Google through their Play Store, Apple through their store, go through very exhaustive
steps to make sure that developers go through a pretty rigorous process. And that is a continuously
monitor process. The applications when they drift or fall outside of the regulations of those
platforms, they essentially are given warnings and then nearly taken down immediately, essentially,
if they don't follow the framework for which Apple and Google established for being able to use
applications or deploy applications on their platform. So I would say for the most part,
try as best you can to use those. If you're using a Android device, the Google Play
stores where you want to get your applications. If you're using an iOS device, obviously the Apple
stores where you want to get your applications, try and avoid downloading applications from
sites that you're directed to because those applications may not necessarily have been embedded.
Gotcha. And then there are things out there that, you know, they scrubbed in that. They look for
saying there's these softwares or this extra layer that people do, things like whatever, incognito
or things of that nature. Is that something you would recommend on the consumer level? Is that just
overkill? Not necessarily. It depends on what kind of footprint you want to have. Some people may need to go to
several extra steps in order to create a different persona for themselves. Maybe you as a business owner want to
create a purely business persona of yourself, which means you have to be very diligent about which
browser you're going to use that identity with, what information that you ultimately are going to put
into the browser that's going to tie back to your business, is that,
going to tie back to a physical location for you. So you have to be diligent. I think the problem
that establishing those kinds of parameters and barriers for yourself isn't hard. The hard part is
the consistency of use of actually doing it every time that you use a particular application or
every time that you're doing business for your company to only use a particular browser and
to ward off the temptation to say, well, you know, I'm out and about and I've got my iPad with me. Maybe
I'll just use this to access that account that I normally only access via my safe desktop computer.
So you just have to be consistent, diligent about the process, and it can be very hard.
But there are ways, programs, applications, and things that can help you with that consistency.
It just depends on how much you want to layer your own privacy and protection.
Yeah, growing up, I was a Microsoft certified trainer and we built IT structures.
What we did was instead of worrying about it forward front on the machine, we put our personal stuff into a trust.
So anything I own privately is hidden inside a trust.
It's based out of the Cook Islands.
It's good luck trying to penetrate that.
It's different phone numbers, different addresses.
I am the poorest person on the planet if you look at my actual numbers.
Whatever's in my wallet is all the money.
I have.
Everything else is inside trust.
It's inside protected environments.
That's what we did because I knew I couldn't compete against what was happening on the computers,
which is obviously this is a very different method when we get into business environments.
When we talk about this things in business we're about to do,
you don't have some of the luxuries of that.
and they don't understand how the data breaches can happen.
So to talk about that when we get into the S&B world,
when we get into small businesses,
I don't think the consumer truly understands
how devastating a breach is.
Could you kind of walk us through
how absolutely catastrophic could you be
when someone does have a data breach?
Yeah, let's look at the relative size of organizations,
enterprises that have thousands of people,
thousands of digital resources,
are able to issue out devices to folks,
provision those devices, they take very, very deep steps in terms of ensuring that their digital
environment is protected. The SMB space may not be as well-resourced, but guess what? They have to
operate at exactly the same level as the big folks on the block because from the vantage point of the
adversary, they really don't care how big or small you are. What they care about is whether or not
there's an exploit available that will allow them to gain access. And if you fall prey,
to whatever channel or methodology that they choose to use the avenue of attack or approach,
it's a win for them because access to the information is the first step for success for them.
And then once they've obtained the information, there are a myriad of things that they can do with the digital information of any one particular individual,
much less a large-scale business.
And so think about those resources in terms of the requirement to respond.
There are laws on the books.
If you suffer a breach, you have to notify all of the individuals for whom you have digital records for.
That's the first step.
Even just that notification can be troublesome and a challenge for organizations that are prepared for it.
Then, guess what?
You're likely opening yourself up to some level of liability.
So hopefully you've gone through the process of doing a risk posture assessment.
Hopefully you have cyber insurance and you're actually able to pull in resources that will allow you to both
respond from a digital forensics standpoint. In other words, you respond through your insurance carrier.
They likely have one staff or a panel organizations that can help you from a digital standpoint,
write the ship, so to speak, get your technical organization back in order. But then there's all
of the follow-on activity that has to happen. And there are costs associated with that.
We have leveled out now somewhere between $3 to $5 million is the on average cost.
of a digital breach, and that's been pretty consistent for a number of years. And that number may not
sound big, but at the same time, again, for small to medium-sized business, could you rebound or
recover from a $3 million hit to your business? The short answer to that, I'm sure, for most
small businesses is no. And we have seen historically breaches that have gone as high as $270 to $300 million
paid and used to mitigate the effects of a breach or impact on a business or organization.
And so because of that wide range, the last thing you want to do is leave yourself open to
potential victimization by an adversary because the damage that they do is so devastating
to organizations that sometimes the financial component associated with it makes it
unrecoverable from a business standpoint. And we want businesses to thrive. We want you to get
out there and get your wares and your products and things out there to the consumer marketplace.
My proposition is that nearly every business today is a digital business. And so taking time to
understand what your digital footprint looks like and making sure that you secure your footprint
is just a part of business operations today. And that's part of the reason that we're in business.
Well, I think one of the things that doesn't get talked about enough is a reputation as well.
When you have to reach out to your client base and say, hey, congratulations, I've had a data breach.
This is one of the reasons I left my cell phone company.
They were breached.
The first time I was like, all right, fine, it's a lot of work.
Second time they got breach, I left.
And I was like, we're done.
We're leaving.
So I think there's that reputation hit that even if you do find a way to mitigate, hey, I've protected you from this one.
It's kind of like the first time someone ever cheats on you.
You're never going to trust them again.
No matter what you do for the rest of your life, there's always going to be that.
issue. There were things that you went over that most fall business owners have never
heard of it before. They're like assessment insurance. What are you talking about? They're going to be like,
I'm just trying to sell my widgets, dude. What are you doing? So let's try and get some of these
people up to date on what are these assessments? What is cyber insurance? Because a lot of things you
went over because again, this is, you come from a world where it was literally life and death.
It's just, that's your world. You keep people alive. For these people, yes, it might be like
in depth of your organization, but they've never heard of any of this.
most of them are just struggling through day to day.
Because you and I both know, to get to the 10 million, you could do it for brute force.
It just means that you're probably not thinking about all these other things in the back end.
Exactly.
What are these assessments and what are these insurances that they're running into?
What does that entail?
How long does it take?
Let's start at the top of the pyramid.
Risk.
Risk management is a discipline that essentially came to fruition because businesses realized that not
everyone has unlimited resources.
In fact, no business will have unlimited.
resources. It requires you to prioritize how it is that you devote those resources to business operations,
sustainability, and resilience. Cyber has grown to be part of the risk management profile,
and I would proffer to anyone that's listening that your cybersecurity is in all likelihood a
component, and by critical, I mean it's a path to failure for your entire business operation
if you are not taking steps to reduce the risk or potentially.
exposure by adversarial activities to your enterprise. And so starting at the top of that pyramid,
every business should be conducting a risk assessment to determine what their digital exposure is.
In other words, have we done the right things in order to mitigate, not completely removed,
because that is impossible, but to mitigate the possibility of a cyber attack having a devastating
or critical impact on our business. And notice that I did not say completely,
exclude the possibility of having an attack happen. Because part of the challenge in our industry is that we have to get folks over the hump of bad things are going to happen to you from a business standpoint, maybe even bad things in your digital environment. What we try and do as an organization is help businesses understand that resilience is the key. We want to help you understand, okay, things are going to happen, but we're going to take steps to make sure we reduce the possibility of that happening. But the work that we do is about resilience.
quickly can we get you from that point of failure back to full business operations and then help
you fully recover so that the impact, the blast radius of that is extremely limited and it's
actually manageable and something that you can deal with. And that exercise contains a myriad of
things. And the assessment is merely one of the many things that you should be doing. Cyber insurance
is another thing. You know, businesses, I think, especially if you're operating probably,
if you're doing 5 to 10 million in revenue per year, I would say even go as low as the million to 3 million more.
If you're doing a million plus in revenue, you should have some kind of liability insurance in place to ensure that you can recover digitally from a potential attack.
Again, adversaries don't care how big or small you are.
They care about the probability of their exploit landing and in the intention.
victim actually being put in a position where they have to make decisions. I'm sure we can get
into a conversation about ransomware, which is one of the most malicious types of attacks that you
can be victimized by. Because there's so much out there on the landscape that you have to be
cognizant of taking these steps in a risk management review, a risk assessment review are prejudicial
essentially to business operations. And I would proffer, again, if you're in the zone of a
million plus in revenue, and certainly if you're in the neighborhood of 10 million plus,
you should annually be doing some kind of assessment to ensure that you've taken the steps
cyber insurance. Your digital environment is orchestrated and constructed in a way that makes it
difficult for an adversary to get done what they need to get done. And that doesn't even get
you to the compliance and things or the regulatory aspects of adhering to particular vertical
compliance, say financial services, healthcare and other industries that have particular
baselines that make it increasingly more difficult to obtain those certifications and to be able
to operate. But it's all sort of this big, I won't call it a mess, but it's this big
mussela of things that you should be thinking about and our businesses to help organizations
think about these things in a way that's constructive and substantive and puts them in a
position so that they can reduce risk to the overall enterprise.
Most people think that, hey, I'm going to buy a new router or pop a new VPN on and I'm good
to go. That's about the equivalent of throwing a mosquito in front of a semi-truck trying to stop it.
It's not going to do a heck of a lot. When you talk about these assessments and when you do it
specifically with your clients, where do you start? You start with the people. Do you start with
the hardware? What does that look like and how long does an assessment take?
Yeah, so one of the things that we've done as an industry is that we've got to,
and pretty good at establishing frameworks that will guide folks through the process of evaluating
themselves. These frameworks, some established by NIST, the National Institute of Science and Technology,
other frameworks established, say, by the Center for Internet Security, the critical controls.
These frameworks are pretty good. They provide a great amount of oversight and advice. The difficulty
is walking through the frameworks and actually answering the questions and aligning your
operations to the guidance that's provided by the frameworks. And that is what we do. We select the
framework that's appropriate for your level of business or the vertical that you happen to be
operating in. And we walk through the hundreds of questions and steps associated with them.
And in an honest exchange, providing both documentation and verbal answers, we essentially walk you
through the process to make a determination as to what your digital footprint looks like.
And then once you have that in hand with some curated advice that we then pour into it,
we help you prioritize the gaps, vulnerabilities, and figure out exactly what your current posture is.
We help you create a roadmap that essentially will allow you then to take steps to reduce the overall risk in a systemic way.
Instead of just saying, hey, let's go get some name brand firewall or router and implement it into the system and assume that everything,
is okay. And I can't tell you the number of times I've gone into conversations with even folks in
my lane, the technical personnel, and instead of talking strategy, they want to talk about products.
And we are product agnostic, thankfully. And we have a litany of partners that we partner with
in our organization, but we want to be in a position to be able to meet the customer where they are.
So our solution base is immense and extensive.
And I want to be able to identify exactly which solution is right for that particular customer.
And that means that I can't just align myself to a particular product because some are great and do exactly what they're supposed to do, but not all of them.
And you may have already made technical investments that prohibit you from actually getting the benefit of maybe the name brand product that might be part of the solution set.
So maybe there's an alternative that gets you partway down the road and get you to where you need to be.
And we want to be in a position to make that kind of advice.
So I like that.
It's not dictated by the product.
So the router that you bought 30 years ago, the blue and black one that's sitting in the corner is probably not going to save your tachas.
But sitting down and breaking down, you know exactly which one I'm talking about.
When you talk about the framework, most people who are doing this, especially SMBs, they have no idea what an IT framework.
They don't have a protection plan framework.
They don't understand when you say, hey, the framework matters more than the product.
I think conceptually they'll get that.
But when you say, hey, there's a framework that we have to do, you might as well be speaking
to answer to them.
What do you mean when you talk about a security posture that's based off a framework?
What does that mean?
So the technology industry through government identification and partnerships with civilian
organizations have created essentially best practices that any organization can follow
to ensure that they are taking all of the necessary steps that an organization can take to protect itself.
That is a very, very oversimplified way of saying, are you doing all of the right things that you can do as an organization?
That sounds pretty simple, but the challenge is that as organizations grow, scale, and expand,
every business wants to increase revenue.
They want to increase the exposure of their product or their services across the market.
And guess what that means in today's language?
That means that their digital footprint is likely changing and evolving exponentially, especially if you're a global firm and you have services or products that you want to deliver globally.
Guess what? You have third parties that are part of your ecosystem, part of your channel that are connected to your digital footprint.
There are enough historical examples of breaches of using third party suppliers that now we understand that not only are you responsible for your digital footprint, you're responsible.
for everything that you are connected to. And that can get to be really, really challenging. And oftentimes,
because your technical staff on hand is just dealing with the day to day, the tyranny of the now,
it is helpful to bring in external advisors who can take a step back and give you that outside in
perspective that you desperately need so that you can then action on behalf of your organization,
the things that need to be prioritized and get done. And so it,
what it means is not that these organizations aren't capable of doing these things themselves.
They just don't have the time, capacity, or resources to do it. They are concentrating on running the
business, getting the business to the point where it's profitable and doing all the things they need to do
to satisfy their customers. And the truth of the matter is that investments in security still,
to this day, are oftentimes deprioritized, and especially in SMB environments. I can't tell you the
number of times I come across, quote unquote, the security team of three people for a multi-million
dollar business. And the security team is three people and they're expected to do everything,
the governance risk and compliance. They're expected to be the IT backbone of the organization.
They are also expected to be the security of the organization. And while these people may be
immensely competent, there is no way that they can operate at both the strategic and tactical level
without the appropriate help or resources to do that.
And oftentimes the security teams are some of the most under-resourced teams within a business.
We're talking about technology is the critical factor that's going to keep you in business.
And the fact that we don't spend more money, more time, more resources on security still to this day amazes me.
And again, that's part of the reason why I established Apogee.
I want to get in a help organization, scale that problem.
Right.
The problem is IT is never seen as a profit center, even though we are the backbone of it,
we're just not a profit center.
So when we come into it, and a lot of issues that we have in this environment is most IT guys
don't speak human.
It's a completely different conversation.
We speak geek.
We're going to sit down and we're going to break things out.
We're going to get all excited about it.
And the other person, it's kind of like having your accountant talk to marketing.
They don't speak the same language.
The accountant and the marketing team do not speak to it.
They never have.
They never will.
So I'm trying in this one when we talk about framework, because most of the
people are listening to this are small business owners.
They're going, what the hell is an assessment framework?
What does that even mean?
Do I do I give my blood type?
Do you need my sperm count?
Do you give me the model of my computers?
Like, where am I?
Because I'm trying to break it down so they can understand that.
So when we talk about framework and an assessment framework, how long does it take?
What does it include?
Are we how do we trust the person coming in?
What do they take away with them?
Are they there on site?
What does that look like?
So starting with the last part of what you're saying.
So every engagement has NDAs associated with it.
You basically are an extended arm of the company operating on their behalf when you engage in a consulting agreement.
The information provided belongs to the company that is providing it always,
and it is maintained and retains the property value of the information or access that's provided.
That framework, that assessment essentially is a step-by-step process of analyzing through
question and interrogation and document collection, what steps you have already taken to secure your
applications, to secure your identity measures within the environment, to ensure that you are
patching on a regular basis, the technology. Patching is a way of identifying and changing vulnerabilities
or gaps that may be inherent on the hard tools that you're using or even the cloud-based tools
that you're using. Every digital cycle is dominated by multiple domains within the technology
spectrum for which cybersecurity again has its own domains and an assessment will essentially
walk you through in a step-by-step process whether or not you have done or adhere to the
principles of that particular domain. And it's not just simply a yes or no. You want to give
company's credit for the amount of effort that they've put into some areas. It works on a gradient.
Maybe you've knocked it out of the park. So yes, that's a complete full fulfillment of that
particular aspect of, say, identity management. But maybe you've done a little bit, but didn't
do quite enough to get, you know, a four-star rating on that particular question. You get credit for
what you have done. We identify the gap between where you are and what excellent looks like and then
tell you here are the things that you need to do to get to excellent in this particular category.
So as you're going through all of these and you're working through a team, what are some of the
issues that you run into with people who haven't done this? When you've walked in, you're like,
okay, we did the assessment. You're crushing it over here, but good God, this is dangerous over here.
What does that look like? What it looks like is, again, a resource challenge. Because the teams are
underinvested and small, you get a lot of nods. You know, folks saying, yeah,
yeah, we're kind of doing that.
Or yes, we've taken steps to do that.
And then when you'd ask the natural follow-on question,
have you documented that somewhere?
You always get either the blank stare or it's in draft.
You know, we were going to get to that.
But they haven't prioritized it.
And so what that looks like in practical terms is what you find is that
most businesses are doing some things related to their security posture,
but they're not doing all of the things that they could be doing. And that, again, is where an outsider's view coming in and giving you that unvarnished opinion on where you are can be immensely helpful. And it's not that the internal people, again, don't understand it or are going to give you misinformation. They may just not, they give themselves credit in areas where maybe credit is not quite due.
by simply saying, hey, we got that covered. And that's probably the worst expression that you can hear.
If one of your technologists tells you, if their answer to everything is we've got that covered,
you probably should be digging a bit deeper because that simple answer is not enough. And you touched
on something that's super, super important, this language that technologists use when communicating
business concerns, this is the area of risk. And if technologists are not talking in business language
in the language of risk, believe me, the folks, the stakeholders on the other side of that
conversation do not understand a word that you're saying. Oftentimes, even if they've come
from technology backgrounds themselves, once you are in that operating circle where everything is
about risk, risk exposure, risk mitigation, that is what needs to be communicated to the C-suite and
the board of directors so that you then enable them to make a decision about where they're going to
prioritize the resources of the company.
You mentioned that they don't speak the same way.
I've never heard this word document before.
I have no idea what you're talking as an IT die.
We don't document any.
It's bad.
We just don't have time.
We're like, we're trying to just keep things operational.
And you want me to sit down and do that what I did?
I'm like, you're out of your mind.
Yeah, we just don't have the bandwidth to do it.
And that's someone I've done IT for longer than I'd like to admit.
I can't remember.
I remember the first time I had to sit down and write a white paper out.
I was like, what the heck are you talking?
talking about. At the time I was advising, I was working with Microsoft. They're like, you want me to
document all this? I'm like, I've got fires to put out. I'm like, I've got to deal with Susie,
who hasn't remembered her password for the 19th time today. And you want me to sit,
we just don't have that. So that is what it is. When we talk about risks, what is a real risk?
Give me a real example of a data breach that caused real problem that you had to come in and you had
to save. Let's talk about ransomware because ransomware to me is not only one of the most
malicious types of victimizations and experiences that an organization can have, it's pretty insidious
when you think about it, that an adversary uses a normal channel of exploitation, which is typically
email. And let's take note of that. Still to this day, 2026, email is still the best avenue of
attack for an adversary because it's the highest probability of access by malicious links,
other information that then drives users to maybe watering holes where they go to a malicious website.
There aren't enough protections enabled throughout the enterprise on the browser.
And say, you know, John from your enterprise is actually able to go to a malicious site,
clicks on some link that says, hey, here's a report that's dealing with your industry, download, and read the report.
PDF, right?
What could be wrong with a PDF?
Downloads the report, and the next thing you know, the actor, the threat actor, has access to the environment.
Ransomware and the way that it works is it then a couple of things. It could sit on a time hack. In other words, sitting and waiting for a particular period of time to be exploited. Or it could get to work immediately, basically attempting to find route access or ground access to a system or environment and then slowly begins to encrypt important files that essentially it's been designated to encrypt that ultimately,
ultimately will cripple the organization. And there have been thousands of victims worldwide of
ransomware incidents. And when I say malicious, I think it's malicious to take someone's own
information and then make it unusable to them or not have the ability to access that information.
We say that you'll use the term encrypt it, which means it's garbled in a mathematical fashion
that then makes it unreadable or unusable. And the mathematical key,
that's necessary to unlock the information and return it to you often requires you to pay money
or some of money through Bitcoin or some other cryptocurrency in order to be able to gain access
to the stuff that you already own. So pretty malicious. And there are certain business verticals
that still are falling prey to this. Healthcare jumps to mine as a particularly vulnerable
vertical that's still, especially small regional health care entities that haven't taken the steps to
identify where their gaps in vulnerabilities are, relying very heavily on technology.
If folks are paying attention, you know, the healthcare space relies as much on technology
today as any vertical, which means they should be investing in security and technology.
The thing about ransomware is that there are a couple of different types of ransomware
adversaries out there. There are individuals who may have bought an exploit or a ransomware
kit off of the dark web and are just going to take.
town on their own using it, setting up their digital wallets and collecting money for ransom.
But there are also ransomware gangs in the organized crime realm.
You could find yourself the victim of a ransomware incident, and they might just provide
you an international phone number to call so that you can get help with your ransomware
incident, and they will walk you through the process of providing them money so that they can
potentially provide you the decryption key for.
your own information. And I say potentially because there is something nowadays called,
you know, sort of the double impact of ransom where they're now threatening to release your
data or information. So there's double payments associated with it. And there are known
instances of where the ransom has been paid and they have still never provided the decryption
keys, which means you have to start from zero if you have to.
haven't taken the steps from a resilience fashion to make sure that you have backups that are
immutable and protected and can't be hit by a potential adversarial activity. So there's a lot
involved just in that short conversation. I barely touched on some of the areas that you could go
very, very deep on. But the assessments that we provide would have essentially determined
whether or not you had taken the steps necessary to buttress a potential attack.
like that, or, as I like to say, again, limited the blast area so that you can rebound and
recover from a potential attack like that. And you won't know that unless you have actually gone
through the steps of a risk assessment and made those determinations. Please do not just take the
nod from the IT guy who says, yeah, we're good to go. We can recover from that. That's not a good
answer for the board of directors for a company. I think there's so many important things you just said
where we talk about that there's a time delay.
Now, for those of you who are playing at home who don't know IT,
the time delay matters because our default reaction as IT guys is like,
oh, we'll just restore the backup.
We got breached five days ago.
It's five days of data loss.
It's not the end of the world.
We'll just restore it back then because we keep backups that are six months old.
The problem is, let's say your hack happened to you five months ago.
And again, well, we'd have backups that date back a year.
Congratulations, you just lost a year of data.
Can you survive that?
And they're like, wait, what?
So that's why we have time delays in the situation.
And people are like, oh, my God, I'm not, I'm not ready for that.
What do I?
Well, how long should my backups be?
It's not a question of how long your backup should be in that environment.
I think it's more of the question of, have you done the assessment?
How have you done the things to protect yourself?
Because one of the tests, we, and again, this is 20 years ago, we would then, we would send
emails to people like, hey, here's a PDF.
We would spoof the email.
In other words, make it seem like it's coming from your internal department.
Write it to you.
Click this link for this meeting.
have coming up later today and then just see how many people click the link and the majority of
people click the link and my favorite was when the sea level when the c suites they would click the link
they're like oh my god i can't believe susy from hr did that she's stupid really sir cto you clicked on it too
and they're like uh i'm like yeah you're an idiot as well so the problem is it's universal it's just
in the process of our day we're just so used to this clicking and firing and this is why again to
To your point, you're three or four guys that are elite, unbelievable individuals who are running your IT organization.
This isn't 300.
You can't expect 300 guys to stop the entire army that's coming at you.
You got to get them in sources.
You've got to get them hell.
Now, I want to talk about the introduction of AI.
Now, AI, we already know it doesn't mean artificial intelligence.
We already know it means always incorrect.
We're still using it and we're still uploading vast amounts of information into it,
which is an absolute nightmare from a security part to it's a nightmare what do you tell the organizations
you're working with you're like hey yeah i know you want to work with open you know open claw or you want to
or work with clod or you want to put codex or you want to put manis and they're like hey why don't
you just walk outside naked um what do you tell the people in that environment to protect them who are
because we're becoming an ai first world we weren't in that first world now we're an ai first world
how do you protect them in that environment there's a couple of different things that
we do. One, I've assembled a partner network that has a variety of solutions that meet customers
needs as it relates to the adoption and implementation of artificial intelligence in the business
environment. And I've aligned myself with these potential technology providers because I love
their technology and it does what it is that they claim it's able to do. That's part of the
challenge. We, from a standpoint of making sure that there's a knowledge,
transfer or that we acquaint our client with the challenges they may be facing and using AI,
have built a internal process that will allow them to take the steps in a diligent fashion
and make sure that they aren't just simply opening the gates and allowing their employees,
essentially, to give up the company's goods through the use of these tools.
It requires a lot of diligence.
It requires companies to take steps like creating a change committee or an artificial intelligence
Committee for which they do in evaluation of the potential impact of these solutions on business
operations. In other words, each business leader might have to contribute what kinds of information
they intended put into this system and then what their expectations are for what kind of access
the bots, agents, and other aspects of AI will have throughout the enterprise. All of that needs to
be governed in a governance risk and compliance fashion. And it requires you to stand up
committees, and yes, take very, very diligent steps that will allow you to assess whether or not
a particular solution can be helpful, but then implementing it in a fashion that is safe and secure
and then ultimately helpful to business operations. And so it requires you to think about it. It's not
just a matter of going to the site, signing up, and just assuming that that technology provider is
going to provide you all of the security measures and default settings that you need in order
protect your enterprise. You have to take extra steps. And that is thinking through those extra steps
is what we do as an organization. We help organizations identify how they think through those steps.
We bring experts to the table who can explain the risk associated with any one particular
solution and give them a general approach that will allow them to reduce the opportunity of any
particular adversary to exploit their system and or just make bad use of AI. There are
gaps in the use of artificial intelligence. I heard some interesting stories recently about
AI or large language models that have been given, you know, widespread access to enterprise
information. And in doing that, because they only understand, you know, language props have gone
out into areas and retrieved information and presented it to users. And that user didn't have
access to that particular information from their role-based access within the company.
but the bot had access to it and provided the information.
These are all challenges that are fixable,
but they're only fixable if you are taking the preemptive steps necessary
to make sure that you're protecting your digital information wherever it may reside.
I think assuming that whoever you're working with,
whatever software it is that's trying to protect you,
it's not doing that.
It's evolving too fast.
And the best example I can give of this is,
for those of you're playing at home,
I created, I had a box that had none of my personal information in it,
and I created a VM or I created a little virtual machine inside my box.
I then loaded a version of that inside of it called OpenClaw.
And I wanted to see, I'm like, all right, I'm going to give me the resources,
it has none of my personal information, and I watched it.
OpenClaw figured out that it was inside a VM and inside a virtual machine.
And then it was like, huh, I need more resources.
It then penetrated out of the sandbox to try and get more resources from my parent-O-S.
And I was like, okay, no, we're doing.
done, I'm going the whole OS out. I was like, we're done. I've never seen anybody
doing that before. I'm like, I don't want to play anymore. Goodbye. But I'd never seen,
and it wasn't doing it at the time, maliciously, but I've never seen a piece of software
break out of a VM and then go out at the parent OS. I was like, what that? How is that?
I'm starting to hear more stories like that because it's interesting. You know, computers and
technology does what we tell it to do. And if you tell it to do a task, it then assumes that it has to
complete that task. Yes. And it has all of the variable things available to them to include
what might be considered malicious behavior to achieve the task that you've given it. And so these are
important elements that we need to be thinking about. I heard a very similar story in the context
of, you know, RSA that was, that occurred this week in San Francisco of a AI agent essentially
executing a exploitation in order to gain access to information to see.
satisfy the original task that it was given, which is, which is crazy to me. But guess what? It
makes sense. You told it to do that. And it thinks that it has all of these things available to it.
You didn't tell it that there were boundaries. And these are things that we're going to have to
learn as humans that oftentimes not only do we have to give it a task, but maybe we have to give
it the limitations for which they can execute that task. Right. I tell people all the time,
AI is a tabber at this point. If you're like, hey, I need you go build a kitchen and it needs wood,
it will tear down the rest of the house to get the wood for that rest of that kitchen.
It's because it doesn't understand.
Oh, you didn't need the rest.
Oh, you don't need the rest of the house.
You just told me to build a kitchen.
I knew there was wood somewhere.
I went and found wood.
You're like, whoa, stop.
The next problem you run into,
and I don't think people understand this really on a tech level,
as much as we picked on tech guys,
the opposite occurs as well.
When we IT guys show up and you don't understand what we're talking about and we're really dorky,
the culture has to change in your org.
We're like, listen, these are your vulnerabilities.
We did this assessment.
These are the problems.
There's only so much we can do.
Here you go.
This is going to happen.
And then your C-suite or your SMB or whatever it is.
It's like, dude, I got to get these widgets out the door.
I don't, you have to have a culture change.
When you run into that for your clients, how do you pivot the entire culture to get them to understand?
This is part of the reason that we operate across multiple variables of the risk spectrum.
So we are an enterprise risk.
company in terms of our advisory work, I believe in my heart that no single solution like a digital
widget is going to solve the problem that you're actually needing to solve. And so when I think about
people processing technology, which is sort of the consulting mantra, we do all three. We come in and
we may help you identify the digital solution that's helpful to you. And then you may come back to us
and say, well, I'm still short on people. Well, guess what? We have interim resources. We can add to
the, add to the solution so that you can have a period of having folks that have the expertise
available to them to ride along with you, to help the company continue to grow. And then you can
take the time to plan how you're going to hire a permanent person to do the job that this
interim person is doing. And they're doing it in an excellent manner. And maybe the solution is for
some limited period of time to have it be that adjunct person or fractional, as we like to call
in our industry, be the person that's going to ride along with you for that phase of your growth
and development. You will get to a point where, yeah, you want to hire someone permanently, and that's
where we also come in with, okay, now that we've provided the fractional technology talent to help
you grow and scale to a new phase of your company's operations, now we're going to go out on the
field through our broad network and actually help you identify who's the right person to do a longer
term engagement here, multi-year, maybe even become part of your FTE workforce, and give you that
person. And guess what? We've been on part of the journey with you up to that point. So we now
understand the company culture, what's going to work best, not just from a skill set standpoint,
but who's going to be a good fit for your organization for the next phase that you're moving
into. And so we want to be supportive across that entire people, process, and technology cycle.
So I want to dissect this model a little bit more.
So when I was doing this, again, a while ago, we were what was known as an MSP,
which is a managed service provider.
We would come in and we would provide small and medium companies, IT departments.
And it was really simple.
It's like you can pay this guy 120K a year or you can pay me $2,000 a month,
which is like $24,000.
And we're going to do 90% of what you need.
You don't need that full-time person at $180,000, $200,000 a year because most of the time,
in IT, we're going to just be surfing.
the internet and goof it off because things don't break every 37 seconds. So just let's be honest.
So you don't need someone full time. I think what you need is you need that elite level of support.
You need that elite level of experience that comes in and says, okay, I'm going to do what's going to
take somebody else who has no idea. I'm going to do it about an hour. I got this. Here it is.
This is what you need to do. Now, you have to figure your culture out and you have to do all that.
We're going to advise you. But I think most small businesses are like, you know, they hear MK and
like, Jesus Christ, this isn't going to cost me a half a million dollars. I'm not going to be,
Oh my God, and they freak out.
Like, whoa, this is fractional.
The model's important to come in and say, listen, here's an expert.
We're going to sit with you.
But I don't think, and correct them if I'm wrong, my experience with this is,
it's not a problem of us doing the assessment and us giving you the expertise.
It's you now sitting down and pivoting your culture.
And this is where if someone who's got the experience can say, okay, we just found out
we're exceptionally vulnerable.
Now, you're not going to give it to your C-level CEO who's never logged into anything
other than their Gmail, you're going to have to have someone hold their hand, but it doesn't have to be
those cost-prohibitive thing in the world. Is that kind of the same model you guys are still using,
or have I just outdated myself at this point? No, no, it's the model we're using, but maybe I'm taking
even an extra step to explain it. Let's just use some notional figures in a notional scenario.
Say you determine as an organization that you're ready. We need to hire a security executive
to champion our security expertise and the things that we need to be doing for,
from a security standpoint. Guess what? Security persons with deep experience and knowledge like myself
come at a high price for permanent personnel. I did pretty well. I did pretty well working for
a couple of Fortune 500 companies here in Silicon Valley. And so even at the S&B level, you want
that level of expertise, but you're not ready to pay the same amount that, you know, the likes of
Google or Palo Alto networks is going to pay. So why not hire a fractional person,
that you can get at essentially a fourth of the price and still get the expertise and level of
engagement that you need. And you get to go through a period of evaluation, quite frankly,
to determine if they can do the job. Because oftentimes what happens is that they make these
high dollar value hires, and the person doesn't even work out. And so they've essentially
wasted time. Here's the other component I'll tell you that I think is fascinating. You hire a
a C-so, and let's just use a C-So because that's sort of the go-to persona, if you will, for
technical expertise at the C-suite level. You hire a C-So, they are immediately going to want to
build a team. So you aren't just hiring one executive. You're hiring an executive who then is
going to build a roadmap to building a team that's capable of executing because I don't
care, even the most technically minded C-Syso doesn't want to be the person actually,
developing and shipping security within the enterprise. They want to be spending time on the
strategic measures. So they're going to go out and hire that great security engineer that
they worked with at company X. They're going to go out and identify that person at GRC that
they worked with a few years back who was just excellent at documenting process and making sure
that the team stayed on point in terms of policies, procedures, and keeping all of that stuff updated.
And before you know it, you've got, you know, your one person hire has belies.
into a 50, 60-person team that cost an immense amount of money for talent. Again, for a fourth of that,
you can have an expert team come in, operate in a fractional capacity, and then help you in a
slow, mature fashion, identify the long-term resources that you're going to need. Or, quite frankly,
maybe you determine that the fractional model, which is becoming super relevant today,
I can't tell you the number of technologists I know that are on the bench by choice because they would rather operate fractionally rather than do long-term projects.
They want to take their expertise and go from project to project because they don't want to work for a large-scale enterprise as a permanent person because they like the freedom associated with, hey, I got expertise.
And like you said, what might take you 10 hours to do?
Because I have the expertise, I can come in and do it in an hour and a half.
and it's done in an enterprise level fashion.
And then guess what?
I have the rest of that time available to me to go do other projects or do something else that I intend to do.
In my case, I get to go run the other aspects of a business, which means that the fractional experience and engagement that I need in order to get that customer to where they need to be, I can parse that out and give that to 10 companies at one time as opposed to one company at a time.
I agree a thousand percent, and I said this again 20 years ago, you do not need a full-time IT department, period, full stop. You do not need a full-time C-Sysop. You don't. This should be outsourced. You should be hiring. I would rather you spend for the expertise than the time because the expertise is going to save you that time. And having somebody that's sitting there for half a million dollars a year sitting there who's going to build out an entire team just going to drain your revenue streams, having someone who's got the experience that comes in and says, hey, these are the
five things you need to do, we're going to do this. Let's sit down and talk about it. You will not
only be more protected, but you will also have saved an immense amount of money. The reason I say
that you're more protected is because he's not experiencing it just at one client anymore.
He's now experiencing 100 clients at a time. So the experience of one breach that's happening at
client Q is now happening to help out client A. And I just don't think small business owners
understand that. There's this ego that, like, no, they have to be mine. They have to do that.
you're not getting the best expertise and you're wasting an immense amount of time and money in order to do it.
So just don't do that.
For those of you guys who are playing at home who are small business owners,
are like, listen, this is this is Sanskrit to me.
I don't understand any of this.
Look at a fractional environment, be it MK or anybody else, but on any level of your IT stuff.
And I'm sure I'm going to get some nasty grabs from the IT guys.
You don't need to be full time.
Be honest.
We're all just browsing YouTube way too much anyway.
So, you know, get off of that.
And it just, it is what's happening.
So having that. So if the people are watching for home, and I have two questions I want to ask you.
One is, what are the things, if they never run into you, if you get eaten by a purple dragon today and you disappear or you win the lottery and make $100 billion and you put your phone in a blender, what are the five or six things that they could do right now?
Like, okay, I need to do this. There's this online tool or there's this thing that I could do.
Or what are the things that I could do right now to protect myself on a personal level and then the things that I could do for my business environment?
We provide a risk assessment that folks can take freely at our website.
That risk assessment will walk you through some basics to give you a high-level understanding
of where it is that you may have not made the proper investments in the reduction of risk to the enterprise.
And we cover multiple domains.
Again, we're a people process and technology advisory firm.
So I would say at the very least, take some time.
to assess where you are as a company. And you can do that with us. You can do it with others.
We think we bring not just an immense amount of experience, but a special expertise based
on my experience and those of my executive team and the others that we have engaged.
But do something. Evaluate where you are as an organization and bring in folks who have
experience, broad-based expertise, and will give you an unvarnished opinion as to where
you stand as an organization. Take the time to make the investment in that effort. And it doesn't
happen overnight. A typical risk assessment is likely a six to eight week engagement if done
correctly. Just aligning time schedules going through the process of asking all of the,
there's probably 180 to 200 plus questions that get asked during the course of the assessment.
You do those in chunks. You don't want to do those all at one time. There's a gathering of data
in information in terms of documentation or the absence of the documentation that needs to be noted.
So the process takes a while. So it gets started. From a personal standpoint, there are several things
that you can do to just sort of evaluate where you are. Just Google your name, for starters.
Going to an incognito browser and Google your name and see what information comes up in a Google search.
And then at Google, how do you get Google to remove your name and personal information from searches?
and it will tell you the steps that you need to take in order to essentially give Google the information that it needs to be looking for, and it will come back and tell you.
I do it myself.
I get probably an email every three weeks or so.
Hey, your personal information was found on this site.
Would you like it to be reviewed for removal?
I click yes.
And 99% of the time, you get an email back says it was removed.
Every once in a while, there's some, you know, site.
and because of the way that the information was collected,
they're unable to have it removed that 1% of time again.
It's about limiting your footprint,
limiting your exposure to risk.
It's not about eliminating it.
If you want to completely eliminate digital risk,
don't use digital products.
Correct.
That's it.
That's the only way to do it.
That's the only way to do it.
But if you're like the 99.9.9% of the rest of the world
who has a phone and wants access to this digital information,
there are basic things that you can do to protect yourself, do the basics, and that at least
gets you on the right path because most folks aren't even doing the basics. And that's what the
adversaries are you talk about something in the military all the time about everyday carry.
One of the things you carry every day, be it from operational, from military side arm is, whatever
that is. When it comes to this, what is your everyday carry for the stuff in your world that you
use on the tech side? Are you like, okay, I use Android or I'm going to be a Google guy or I'm going to always
have a flash drive on me or whatever it is.
Because I keep a flash drive in my wallet that I use very specifically that can breach me
into any machine.
I've had it on me for 20 years.
It's just, I'm like, oh, I get an end machine that I ever get locked out of.
It's just a habit.
I always have it inside my wallet.
What are the things that you have on your world that, like, these are my everyday carriers.
I'm always going to have this on me or this is what I use all the time because through
your immense experience for the FBI and the Marine Corps and the Navy.
And thank you again for your service.
What are the things like, you know what?
This is what I'm going to use.
This is the case I'm going to use.
Because those are the things that people are like, well, what does he use?
He's got this experience.
What was he taught?
They want to know those things.
So what is your kind of your everyday career?
Let me answer it this way.
So part of what I bring to the table is a level of communication that can be helpful at the
strategic and executive level.
So I'm a communicator by trade.
That's what I get paid to do in most instances.
It's what I get paid for in enterprise.
And it's a skill set that I've developed over time.
In terms of my tactical carry today, because I had such a wonderful experience at one of the biggest technology companies on the planet, I'm a Google workspace user through and through.
I love the products. I love the ecosystem. I know the story behind the preferential use of zero trust in terms of the principles that were used to build out the environment.
And so guess what? I'm a Chromebook user. I like telling folks the story that, you know, I love Macs just like everybody else. The look, feel, and presence of a Mac is unmatched. But if I'm traveling for business, guess what? I got my Chromebook with me. It's probably a safer platform to use. There have never been an instance of a Chromebook being violated via ransomware. The probability of it happening is actually zero.
I use a pixel phone because it's tied uniquely to the Google ecosystem.
Do I have Mac products?
Absolutely.
I will tell folks day in and day out, I'm an iPad user because I don't think that there is,
I have yet to see in tablet form something that is as useful from a utility fashion as the iPad.
If you attach a keyboard to an iPad, there's almost nothing that's restricted to you to be able to do.
I mean, it is part of my go-to carry.
And yes, I have a tech bag or whatever you want to call it that I carry with me for business travel and when I'm out and about meeting with customers and clients.
But from a tactical fashion, I'd say my everyday carry is that when I walk away from my home office, I'm going to have my Chromebook, I'm going to have my iPad, I'm going to have my pixel phone and a tech bag that's going to essentially allow me to get in front of folks and carry on whatever kind of conversation I need in order to either develop business or, quite frankly,
just to help them understand what I'm seeing and the challenges on the environment and landscape.
Dang it. I have to start looking at Google Workspace again because I'm a Microsoft guy and I just,
I learned it so I'm going to have to transition.
Yes. Yeah.
Oh, you bastard. What are some of the tools out there? I just, I'd stop. So I'm going to have to
pivot because I'm such a Microsoft guy and it just, it's worked and I hate, what is it,
sheets. And I'm like, can I just put it in Excel? And they're like, no. I'm like,
There is such parity and operability between the Microsoft Office capabilities and Google Workspace today
that it's almost 100% seamless.
So you'd be surprised.
The transition may not be as hard as you might think of this.
Oh, God.
Okay, I'll work on that.
I promise I'll work on it.
The next thing, what are certain things that you're like, dude, that's just a waste of money.
Like they have these little stickers that you put on cell phones that reduce EMI or EMF and they don't mess with your break.
What are some of the things you're like, please stop buying this?
What are you people doing?
Like, are there anything out there that you could think of that you're like, no?
No, I don't want to disparage the use of any kind of technical product.
You know, I do think that, you know, things like most people don't have to worry about, you know, RFID,
readers, the common consumer.
But I noticed that, you know, there's even a stretch of folks out there that are selling
like Farrona bags to people that, um, who now think they need to keep their technology,
uh, in a third day bank.
And I'm just, you can go too far, I think, with some of this stuff.
And that's, I'm not that guy.
I'm not the person who's, who's going to tell you that, you know, um, you know, every time
you, you know, don't use public Wi-Fi.
Yeah.
you know, be careful when using public Wi-Fi.
You know, there's still, there's still validity to the use of VPNs.
Most phones have VPN systems built into them.
Turn on your VPN when you're out of public or at Starbucks using Starbucks Wi-Fi or when you're traveling and you go in a hotel.
You know, if you don't want to use a hotel Wi-Fi, buy your own Wi-Fi puck and use that when you travel so that you can have safe, secure, communicate.
Like, you know, there's.
So you're saying.
How much pain you want to inflict on yourself.
So do you mean the shoebox that I have in my house that's wrapped with aluminum foils?
Not a good idea. Is that what you're saying?
I shouldn't.
All right.
With that said.
Okay.
There's a bunch of people out there who are going to like, all right, I need to talk to someone.
It needs to be on a fractional environment.
How do people track you down?
How do they get access to you?
How do they ask questions to kind of to lead themselves and protect themselves in a world that's getting more and more risky?
Yeah, a couple of different things.
One, I would tell them to visit our website at apogee global rMS.i.o.
You can see the full suite of services that we offer as a company.
There's some stuff about our background, and there's some information from a thought
leadership standpoint in terms of our approach to security and enterprise risk and all of the
things that came up in conversation.
I think that's a great starting point.
From an individual perspective, we have both a company presence and my personal presence
on LinkedIn.
I'm a heavy, I'm a heavy LinkedIn user.
So we can give a nod to Microsoft in that way, if you like.
You know, they own LinkedIn.
So I'm a big believer in LinkedIn.
I think it's a great professional social network.
I keep in touch with lots of people on LinkedIn.
I'm there as M.K. Palmore.
If you look me up, I'm pretty sure I'm the only M.K. Palmore on LinkedIn.
I'm open to outreach.
I can't tell you the number of folks who reach out to me sort of blindly that I've had the opportunity
to actually connect with and have conversations with. So you can see a lot about what we're doing
as a company and what I do individually for my own personal brand, which amplifies the company
brand, either at our website or on LinkedIn. Perfect. And if not, we'll put your direct phone number,
your Coast Security number, your bank account, and your home address in the show note.
Okay, I appreciate you. Come on. I really do. Thank you for sharing all the information that you did
with us. Security isn't about having the fanciest tools. It's about doing the basics. Every
single time. MFA on, permissions locked down, stay consistent. That's it. MK made it clear today. The adversary
is counting on your laziness. Don't give it to them. As always, thanks for tuning in. Stay safe out there,
digitally and otherwise. See you next time.