A ThreatLocker Deep Dive with Brian Weiss (EP 779)

[Uncle Marv] (0:02 - 0:47)
Hello friends, Uncle Marv here with another episode of the IT Business Podcast recording live in Orlando, Florida at Zero Trust World 2025. And joined here by, let's see, new friend as of what, a year ago, Brian Weiss. Has it been a year?

I think so. So it's marred by one incident where he saw me in Colorado. Of course you're going to bring this up, sure.

It's more on me than it is on you where he walked up to me. I'm standing in line to check in and I'm talking to somebody and Brian's like, hey, how are you? Do I know you?

So my bad.

[Brian Weiss] (0:47 - 0:50)
When you're a celebrity, Uncle Marv, you know, you can't keep track of everyone.

[Uncle Marv] (0:51 - 0:53)
I'm not a celebrity at all. I'm just easy to recognize.

[Brian Weiss] (0:55 - 0:57)
Easy to remember too.

[Uncle Marv] (0:57 - 1:05)
Yeah, that's true. That's true. All right.

So you're here. Let me ask the same question I've asked everybody to start. What do you think of the conference?

[Brian Weiss] (1:06 - 1:48)
Yeah, this is my first year here. And yeah, I missed last year's unfortunately. And I'm actually impressed with it.

It's not like your average conference. It doesn't feel salesy. There's not a huge vendor pavilion.

There are a decent amount of vendors here, but it's not like overwhelming with vendors. And it's not just all about ThreatLocker either. It's really focused more around zero trust.

They've got a lot of cool hacking labs here that kind of dive into common playbooks, you know, threat actors might be using and how you would reproduce that and see it live in the real world.

[Uncle Marv] (1:49 - 2:27)
I'm really big on educating everyone on, hey, this is what we're protecting. Yeah, not really about, you know, this is what we do. But I mean, there's some of that.

But I was sitting in the media room for lunch with some other media folks who they cover technology, but they don't cover our space. And they're kind of new to ThreatLocker. And they were talking about what they were learning.

And that's what this conference really, to me, has set itself apart as, you know, being able to teach other people outside of our space. Here's what we do. And here's why.

[Brian Weiss] (2:27 - 2:53)
Yeah, I would say another difference too, that I actually like because we're in the co-managed space. So we work with enterprise is there is actually enterprise IT departments here that use ThreatLocker. It's not all just MSPs.

So it's a nice mix and change up to be able to get to network with other IT people that aren't just MSPs, right? They're also working inside of IT departments for larger enterprise.

[Uncle Marv] (2:54 - 3:13)
Now, part of your client base is enterprise. So that probably is a nice transition for you. It's probably easier for you to talk to them than it is for me.

So have you had those conversations and have you, you know, learned anything from them outside of, you know, what you've learned from your clients?

[Brian Weiss] (3:15 - 4:00)
Yeah, I mean, we're sharing ideas. I feel like enterprise IT, they're not too much different than an MSP, other than the fact they have a single environment versus multiple, but they tend to have similar challenges. I would say typically they're limited by budgets and team size more than anything.

When I hear about some of their challenges where they feel like they'd like to do more. And that also kind of rings true too for the MSPs because a lot of times we're limited on how much we can help a client based on their budget, right? And then a lot of times we have issues scaling properly or getting the right skill set because we don't have a big enough team size and we're trying to figure that out.

So. Right.

[Uncle Marv] (4:01 - 4:36)
Okay. Let's go ahead and transition to this because I can't find a better way to do it. But I was surprised to hear that this was your first year, but you are heavily into ThreatLocker.

So I'm about a year and three months in. So I love the product. Of course, it's a different perspective from a boutique MSP to someone like you, but tell me how deep you're into ThreatLocker, both from your MSP perspective and from your position on the advisory council.

[Brian Weiss] (4:38 - 4:56)
Yeah, that's a great question. We do have about 6,000 licenses that are deployed right now. We're looking to double that in the next few months.

As far as the modules go though, we are fully licensed for the unified package. We believe in every module.

[Uncle Marv] (4:56 - 4:57)
So that's everything, right? Yep.

[Brian Weiss] (4:57 - 6:00)
That's everything. Well, except for some of the stuff that was announced today, which we'll figure out what that looks like. I do know the web control is likely going to have an additional cost because it makes sense that it's dealing with that extra traffic.

I believe everything else won't have an extra cost, but as far as ThreatLocker does so much, you typically start off with the allow listing, the ring fencing, right? Then you're moving to elevation. That's the path we've chosen.

Then we're going to network control. Actually, right now we're working on the Office 365 integration and getting all those policies set up for our clients. Then we'll move to network and data storage control.

They've got their SharePoint integration, which is also great for the storage control. It really allows you to have in the unified audit log all of your file movement across the whole organization, right? Whether it's on the endpoint or in SharePoint OneDrive, you can see it all in one place.

[Uncle Marv] (6:01 - 6:11)
Yeah. So real quick, because I noticed you, because network control, I would have thought, would have come before some of the other stuff. You did not implement that in the beginning?

[Brian Weiss] (6:12 - 6:37)
Not in the beginning, mainly because the products we were displacing with ThreatLocker needed to be addressed first because there was kind of this idea of, hey, we don't want to pay for two products doing the same thing. But you're right. That's fair because network control does have the ability to stop threat actors in their tracks, right?

Especially when it comes to laterally moving across the network.

[Uncle Marv] (6:37 - 6:42)
Right. Okay. All right.

So I probably stopped you in mid-track there.

[Brian Weiss] (6:43 - 7:57)
Yeah. I mean, we were discussing kind of where are we at with implementation and I was just explaining we don't have it fully implemented, but we know enough about all the modules where we've created a roadmap on how we want to implement it. And with our fully managed clients, our small business, by the way, it's just one package that we sell.

So it's like they're not getting part of ThreatLocker. Once we have it fully deployed, everyone gets the full stack. And even when we work with our enterprise clients, we really just sell it as a unified product.

I think for people listening out there too that might be thinking about the idea of piecemealing it, it is the cheapest, just buying the whole package. If you are going to piecemeal it, don't leave out cyber hero support. I mean, I feel like that's something that I've been pushing ThreatLocker to just require and not as an option.

They naturally aren't requiring it because they want to offer the flexibility. But I wonder if there's a lot of MSPs out there that might accidentally set themselves up for failure without having cyber hero support, at least the first year.

[Uncle Marv] (8:00 - 8:02)
So I don't have it.

[Brian Weiss] (8:04 - 8:06)
Well, have you done a full deployment yet?

[Uncle Marv] (8:07 - 8:19)
Not the entire stack, but I mean, I've got the application white listing, I've got the elevation, I've got the network and the storage.

[Brian Weiss] (8:21 - 8:45)
Okay, so we can dive into that. And I can explain my theory behind the value, but I'm curious, without cyber hero support, what do you feel like is there a, what's like the total cost of ownership around ThreatLocker as far as you've set it up? Are you personally dealing with the requests that come in?

And do you feel like you're getting to them in a timely manner?

[Uncle Marv] (8:45 - 10:29)
You know the answer to that. Yes, it's me personally dealing with that. So for those that don't know, by all practical purposes, I'm a solo tech.

I do have subcontractors, but I deal with all of the ThreatLocker stuff. And to be honest, I will say this, hands down, my noise level since implementing ThreatLocker is probably 50% less noise. I mean, our phones just don't ring.

And I only have one client that will have maybe more than one request a day for elevation support. And it's one of those typical clients where they get medical records and surveillance and stuff. And all of those are just so many different versions, you can't whitelist them all.

So other than that, it really hasn't been an issue for me. Now granted, I did a very long learning mode. And when I do have issues, we tackle it the best we can.

Now I have had to call for support, but maybe three times since I've had it, and they've been helpful. And a lot of it has to do with the fact that I wanted to be the one learning it. I didn't want to just leave it up to cyber heroes to take care of it for me.

I wanted to know what is happening under the hood. Why are these requests coming in? What can we do to alleviate them?

What changes do I need to make in my practice? That was stuff that I wanted to know. I didn't just want to leave it up to them.

[Brian Weiss] (10:31 - 10:56)
Yeah, maybe the fact that you're a solopreneur, I like that term, by the way, okay, lends itself to where, you know, maybe you don't have as many devices under management so that you might not see a delta or an issue. I'm surprised you're getting 50% less calls. And I'm curious, did you have a product before ThreatLocker that was handling anything like this for you?

[Uncle Marv] (10:56 - 11:48)
No, and I went through the process where I was considering CyberFOX. That's actually where I was going to go originally because I just wanted the elevation control. But it was when I got introduced to ThreatLocker and it was all the other stuff that came with it, I figured, you know what, I'm going to choose this because there's more upside down the road.

And that's not a knock on CyberFOX. So I know CyberFOX has not been happy with me, but it was just what I thought was best for my business going forward. And with all the things that are just now being announced, I mean, like you said, there was a total package being built around ThreatLocker that I'm already looking now at two other stack items that I can get rid of and consolidate under ThreatLocker.

[Brian Weiss] (11:50 - 12:16)
Yeah, I'm just trying to wrap my head around your situation. It's unique. Well, yeah, and you know, it's, I mean, an explanation around it.

I wonder, do you have a lot of things changing in your clients' environments at all? Or do you feel like, hey, now that you got all these whitelist policies set up, there's not much else new going on where it might trigger a lot of...

[Uncle Marv] (12:16 - 13:08)
No, there's not a ton of change. I mean, obviously there's the employee turnover. Probably the best way to explain it is most of my clients are law firms.

They don't change that often. Like, you know, they don't upgrade when they're supposed to. They're client billing programs.

I mean, that's part of it. And every time we go through an upgrade, yeah, it's some challenges. But yeah, my clients probably are not as dynamic as others.

The other part of that is I've got a relationship with my clients where they don't just do things on their own. So even my two co-managed situations, you know, I'm still the network administrator for those organizations. So your clients are well-trained is what I mean.

Well, they listen.

[Brian Weiss] (13:11 - 13:19)
So, you know, those are outlying factors that I, you know, I don't know that I'd be pushing you, feeling like you need cyber hero support based on what I'm hearing.

[Uncle Marv] (13:19 - 13:34)
But I thought about it because if I, you know, double my endpoints, you know, and I mean, and here's the truth. My endpoints are, as of today, I think I'm around 400 plus, which is a lot, but I've got the co-managed situations to help me.

[Brian Weiss] (13:34 - 15:22)
Yeah. Yeah. For us, just kind of diving back into my earlier statement, how I think it should be required.

And we just found out a scenario where maybe it's not required and talked about that. You know, for me, it's really, you know, we're a 12 person team. We manage only about 800 endpoints from fully managed, but we've got, you know, another 5,000 or so under co-managed.

And then we have VAR clients. That's like another 6,000 that we're trying to move to co-manage. And for us, what we were running into is, you know, and of those 800 endpoints, it's like 40 clients, right?

So you have 40 different environments that, yeah, you know, you spend the time in learning mode and you build out as much as you can, but then depending on how many apps the client's using, those apps need to be updated. So those are new policies to roll out. There might be changes happening maybe more frequently than others with certain clients.

And anytime there's a change, you know, there's an aspect. And what we were finding is IT teams get busy. And I love that they called that out on stage today.

IT is busy. They're not lazy. They're busy.

And so what can happen is work can stack up. Yes. And then you're trying to rush through it.

What we found is that we were approving things, you know, at certain layers where it was causing repeatable work down the road. And we found as we kind of course-corrected and said, you know what, let's not feel like we have to be the front lines here. Let's lean on CyberHero.

They're actually helping us craft a better hygiene within ThreatLocker.

[Uncle Marv] (15:22 - 15:24)
In the way that things get approved?

[Brian Weiss] (15:25 - 15:39)
And at what layer, right? Is it device? Is it, you know, group, organization, global, you know, like how much duplicate efforts might we have been shooting ourselves in the foot with because we could have processed things better?

[Uncle Marv] (15:40 - 15:57)
That was probably a big key when I understood that I could elevate stuff to a global level because all my clients, you know, all the third-party apps that everybody uses, you know, Adobe and stuff. Yeah. Instead of doing it by environment, do it globally.

That helps.

[Brian Weiss] (15:58 - 16:24)
So and, you know, what we were doing is kind of weekly review of what was going on. And we're like, why is this workload not minimizing or why do we feel like we're repeating these? And we realized, OK, we need to course-correct.

And it was a matter of, well, do we do the training? Do we still do this in-house or do we just lean on CyberHero? I kind of look at it as kind of a commoditized service similar to a sock.

[Uncle Marv] (16:25 - 16:25)
OK.

[Brian Weiss] (16:25 - 17:12)
Right. Like we're not going to have an in-house sock. We're going to outsource that.

And then when it comes to keeping policy shaped well for our clients with ThreatLocker, ThreatLocker knows best how to do that. Right. And so I completely appreciate your approach of wanting to know how to do it all so you're not having to use them as a crutch.

I think that's valuable, too. But you kind of mentioned yourself, if you grow a little more, you want to weigh, you know, where is your time most valuable, valuably spent, you know? And if you do start getting tight on time, do you want to let these ThreatLocker alerts stack up, potentially frustrate a client because they're not getting, maybe you're not getting to them as fast as you used to.

Right.

[Uncle Marv] (17:12 - 18:09)
Yeah. Let's pivot real quick to some of the things that got announced today. And for the first part of the presentation, I thought that it was really just enhancements of stuff they were already doing.

You know, of course, you know, upgrading technically the unified threat reporting and stuff, making it faster. That's all great. But the things that really popped out to me was the web control in the user store, which I kind of thought the application whitelisting was sort of that.

But putting together, the camera just changed, putting together a user store where if a user requests a new app and then they have the option to look at here's all the apps that are already approved for them to be able to go in and download it, install and do all that stuff. That's huge.

[Brian Weiss] (18:10 - 21:28)
That's extremely huge. And what I love for that is it really covers a gap that we've been trying to figure out how to fill really around building an application policy for the client. Right.

You know, in an ideal world, you're detecting all the apps that a client's using and you're meeting with them to help understand, first of all, who's responsible for managing these apps. Right. There's some client managed apps that you might never touch, like online banking or something.

Right. Like you're never going to manage that. But, you know, it's in use.

You mean like the Panini checkout? Yeah. So like what's all out there?

You know, who's responsible for managing it from an onboarding, offboarding perspective? And is it even allowed? Right.

And if it is allowed, is it allowed for everyone? Is it allowed for certain departments or, you know, and it's hard to spend the time getting all that done and working with your client or even getting them to want to show up to the meeting sometimes. And so in comes ThreatLocker and you're like, all right, fine, I'll just build out what's allowed, not allowed in ThreatLocker and I'll just enforce it that way.

Right. Well, part of this application policy process that we're involved, we should be involved with our clients is really that allows us to pass over the understanding of what apps are allowed or are not allowed to management of the client. And then ultimately, the management manages the employees and helps them understand that.

So in a typical scenario, you have an employee that feels like they need one app without realizing there's another app that the company already uses to perform that same task. And where is that communication for the end user? Right.

Well, now we can automate that whole process in ThreatLocker. So we can we can now predefine and give access to apps that are allowed that the user may not have had originally and cut down on a lot of end user frustration of wanting to blame I.T. because they can't get their work done or going to the manager, which then gets upset. They got interrupted by an employee about I.T. and then the manager's mad at you. Right. You know, even the managers don't want to deal with I.T. Right. And so, yeah, I love that kind of nope.

Sorry, this is blocked. But here is what you can use to get the same job done. And it doesn't require a phone call.

It doesn't require a phone call. And it's all logged. And I think it complements.

Well, I mean, not everyone's using company portal from Intune. Right. But that's if you ask what would Microsoft do.

Right. Well, Microsoft has something similar where ThreatLocker takes it an extra an extra layer is it's also helping shape policies around those. Right.

So, you know, Microsoft's company store just gives you access to the app. Well, that's going to get blocked by ThreatLocker. They don't have a policy to allow that app.

And so this knocks that out kind of one stone. Yeah. Nice.

So what were some cool things that you thought about when you when you were thinking about the user store?

[Uncle Marv] (21:29 - 23:02)
Well, that was just it. It was just having a repository of already approved apps that they could just go and grab. You know, it still doesn't it still doesn't alleviate the QuickBooks problem that we always have.

But, you know, for organizations where a new user comes in and they have all these apps in their head that they've used and they're like, well, I'll just download and install this. The best way to counter that is to have a store and then have the business already aware that when a new user starts, part of that orientation package should include the computer part that says, if you need apps, look here. That makes it so much easier.

So that was the first thing that came up the user store, the web control. I'm kind of interested in. I don't know.

I guess from my perspective, it did not translate when Danny was explaining it, although I know that he was saying that there's that thing again. Um, that we need to go beyond DNS and have a combination of that with application slash web listing kind of the same way. So that'll be interesting.

What are your thoughts?

[Brian Weiss] (23:03 - 25:22)
Yeah. So this is filling a gap for us. You know, I don't know that I've ever been a hundred percent happy with how we're handling DNS filtering.

It got even harder now that everything's encapsulated in HTTPS, because you have to be able to catch the traffic at certain layers to even view it, you know, and in some cases even slow down the traffic, it's got to unencrypt the packet, read it, you know, re-encrypt it. So that always seemed kind of clunky. And there's like single points of failure there, right?

I mean, if you can do it by proxy, I've seen it done that way, but that's a single point of failure. You do it by DNS, that's a single point of failure too. And what I love about ThreatLocker's approach is they already have this network control module built into their agent, right?

That's inherent in the system, you know, keeping an eye on network traffic. And so what they've done is they're actually taking this need for proper DNS filtering and control and using the network control component, which isn't a proxy or a DNS change at that point. And then what does that do?

So where's the value there? I mean, when you think about ring fencing, we've now, you know, and with one of their other feature updates they have today, Insights, where it shows the process tree and everything of what it's trying to do, it now shows what websites it's calling out to as well. Because applications aren't necessarily reaching out to IP addresses, which network control can see and handle.

They're also, you know, most of the time they're reaching out to DNS because you don't want to be locked into a certain IP, right? We all know why DNS exists. And so now we're able to understand even a better fingerprint of what an application's doing in regards to what websites it's reaching out to, and then build better ring fencing policies based on that.

So if we ever see an application reaching out to some new website that it shouldn't be, you can block that, right? There's the traditional DNS filtering capabilities like categorization. We saw that, right, where you can block categories, malicious sites, parked domains.

[Uncle Marv] (25:22 - 25:28)
Which is your typical, you know, control that's been, you know, built into firewalls for a long time.

[Brian Weiss] (25:28 - 27:08)
Yep. And then the other thing is, so the web control is tech, you know, I gave Danny a hard time about this and he quickly fired back, but I said, you know, technically your web control modules that default allow. Did you catch that?

And he's like, oh, you could make it default deny. And I'm like, oh sure, the clients would really love that, right? Yep, they would.

But that being said, it also has the ability to learn, right? So if you did want to, with a traditional DNS product, you're never going default deny, right? That's just asking for trouble, right?

There's no way. But what if you had the ability to learn everything that needs to be accessed and then to set up a default deny around that, right? Or, you know, they're going to be building this out further, but let's say you have a client that doesn't want G Suite accessed at all, right?

They just know this shouldn't be accessed. Well, G Suite doesn't just use one URL, right? It's got multiple different ones.

It's a cloud platform, right? So they'll eventually have this baked in where you can just toggle G Suite you want to block. But for now, you could literally learn all the sites G Suite's using and then create a single policy around just blocking G Suite, right?

So the traditional DNS filtering products, when you're dealing with your whitelist, blacklist, it's URL by URL. Individual, very cumbersome to manage. And so the minute you think about wanting to block G Suite, you got to figure out all the URLs it's using and then enter them one by one.

And then they're not really grouped together to tell you, oh, these are all here because of G Suite, you know what I mean?

[Uncle Marv] (27:08 - 27:23)
Right. And if they change, you don't know they change. I mean, that's a monumental task.

You don't want to have to have to check every so often to say, hey, did they change? Because they might move a server and not tell you.

[Brian Weiss] (27:24 - 27:44)
I think the other thing that's cool about web control, just because I'm a single source of truth guy, is it all shows up in the unified audit, right? So you can think about if you've got network control enabled, all that extra visibility you're getting around network traffic, it's just missing the DNS aspect of that. And now that adds that.

[Uncle Marv] (27:45 - 28:08)
All right. So now let's get to one of the controversial things where even Danny at one time wasn't believed to by many to be incorporating an EDR type device into his platform. And here we are with ThreatLocker Protect that is...

[Brian Weiss] (28:08 - 28:09)
Or Detect.

[Uncle Marv] (28:09 - 28:09)
Detect.

[Brian Weiss] (28:09 - 28:10)
Yeah.

[Uncle Marv] (28:10 - 28:22)
Which is, it's now, I mean, yes, in the early days, it probably was, yeah, I'm not going to use it. But now it looks fully grown up. What do you think?

[Brian Weiss] (28:24 - 29:16)
So yeah, Danny's original position on EDR is that, you know, it wasn't really needed with the ThreatLocker platform because it literally prevents the actions from happening that you would need an EDR for in the first place, right? I think it speaks volumes when he talked about the fact that he calls his MDR team, the configuration police, because most of the alerts they're getting from a SOC perspective, like a traditional third-party SOC that's managing your EDR for you, right? Providing MDR services.

They could have been prevented with a configuration change in ThreatLocker. So, you know, ThreatLocker does, you know, how it's different is it lives more in the protect pillar, right? Whereas traditional EDR really just lives in the detect and respond pillars.

[Uncle Marv] (29:17 - 29:29)
And so I explained it to my customers this way. If the alarm inside your house went off because a burglar opened up your bedroom door, that's a little too late, don't you think?

[Brian Weiss] (29:29 - 29:34)
Yeah, yeah, completely. Like how did the burglar even get in there in the first place?

[Uncle Marv] (29:34 - 29:54)
If your doors were locked, your windows were tied, you know, the alarm was on the window as opposed to, you know, your bedroom, that'd be a whole better thing. And then it's like, well, if you're in a data community, then they've got to get through the guard gate. So that's kind of how I've, it's probably not the best explanation, but they understand it.

[Brian Weiss] (29:54 - 30:37)
Yeah. And I, so I think what happened is as Danny was building out this MDR team, and as they were trying to understand and look at like, what are we actually getting as a SOC to address? He mentioned today, 70% of its configuration fixes that could be done.

That other 30%, I would imagine, is identifying the fact that while ThreatLocker is a default deny, there are a chain of allowed policies you could have set up, right? Where if they were, if certain actions were performed in a certain order, it's indicative of a threat actor playbook, right?

[Uncle Marv] (30:37 - 30:37)
Yeah.

[Brian Weiss] (30:37 - 30:52)
And so, so you might, while you might have the individual things allowed, right? I can, I can run PowerShell, right? You can do these individual things.

The minute you start stacking them up in a certain order, it looks malicious.

[Uncle Marv] (30:52 - 30:52)
Yes.

[Brian Weiss] (30:53 - 31:23)
And so what, what he's really added to really bring that kind of EDR technology and where I feel like we can call it true EDR, but again, it does so much more than a, than a true EDR is the fact that you can now start to build that perfect mousetrap of understanding, hey, even though these things individually are allowed, I know that if they happen in a certain order or a series, that might be malicious.

So we want to detect if that's happening and then respond.

[Uncle Marv] (31:23 - 31:24)
Yes.

[Brian Weiss] (31:24 - 31:24)
Right.

[Uncle Marv] (31:25 - 31:40)
Well, kind of a behavioral monitoring as well. All of these things, like you said, in and of themselves individually, but if they're put together in a certain way, then there must be a certain behavior that's happening that you've got to monitor.

[Brian Weiss] (31:40 - 32:07)
Yeah. And, and it could be an insider threat, right? You still, you know, so we hope it's not that we hope it's someone that had, you know, was their account was compromised and it's a threat actor.

But I think, you know, insider threats are a thing too. Uh, and they brought that up actually in, in the dark web session they had here, Colin did a great job of kind of explaining the dark web and how there's employees selling their credentials to access to company data.

[Uncle Marv] (32:07 - 32:08)
Yeah.

[Brian Weiss] (32:08 - 32:23)
You know, and at that point, other than maybe conditional access, you know, where they're, they're, they're coming from a different location, it looks just like the employee getting, right. And there's really no brute force attempt or anything because the credentials were just handed over.

[Uncle Marv] (32:26 - 33:01)
So I'm sorry, I'm watching your wife in the audience there. She looks bored. She's very happy over there.

What are you talking about? She smiles now. Are they good?

You know, I need to approve those before they go out. Yeah. All right.

And for the audience that's, uh, watching we're, no, we're, come on. We do live. This is, this is how we do.

We're posing for a picture now. All right.

[Brian Weiss] (33:01 - 33:02)
That's my beautiful wife, Michelle.

[Uncle Marv] (33:03 - 33:04)
I can't see her.

[Brian Weiss] (33:04 - 33:10)
Well, just in case you're wondering, uh, what's happening now?

[Uncle Marv] (33:10 - 33:31)
Uh, it must be a break coming up there. All right. Well, uh, I think I've asked all the questions I could think of.

I mean, we didn't even talk about the, the three 65 feature they added there, but, uh, what else is happening for you guys now? Actually, let's go this way. You flew from the other side of the country.

[Brian Weiss] (33:31 - 33:33)
Yes. San Luis Obispo, California.

[Uncle Marv] (33:33 - 33:35)
So are you making a vacation out of this?

[Brian Weiss] (33:36 - 33:56)
This one? No. Um, and the only reason is because we just moved into a new office literally last week.

And so we need to get back to getting settled in the new office. Okay. Um, and then we also didn't bring our daughter.

Typically, if we're going to make a vacation out of it, we'll bring our daughter with us. Um, so, uh, maybe next year.

[Uncle Marv] (33:56 - 33:56)
Okay.

[Brian Weiss] (33:56 - 33:58)
It's definitely a vacation spot, right?

[Uncle Marv] (33:59 - 34:05)
Yeah. It's Florida, but I mean, you have all that stuff over there too.

[Brian Weiss] (34:06 - 34:21)
Yeah. Yeah. I, I do.

Well, I like the humidity. So it was funny as I came here and I did not bring enough warm clothes because I was thinking, Oh, you didn't check the weather. Well, I just assumed Florida doesn't get cold.

[Uncle Marv] (34:21 - 34:39)
I don't know. February hot. Yeah.

We, uh, this is February. I have to explain to people. We have our winter, our primary winters in January, and then we have a cool season.

And then we have a secondary drop-off of usually one or two days in February. And this was it.

[Brian Weiss] (34:40 - 34:40)
Okay.

[Uncle Marv] (34:41 - 34:48)
And then, you know, we'll be, we'll be in our spring from now and until the end of March. And then we go into summer.

[Brian Weiss] (34:49 - 34:49)
Yeah.

[Uncle Marv] (34:50 - 34:51)
Actually rainy season then summer.

[Brian Weiss] (34:52 - 35:04)
Yeah. I do. I do like that.

It's in Florida. I mean, there, um, there's other California. I don't know if there's really too many event locations, uh, that, that I see pop up.

Do you see conferences in California?

[Uncle Marv] (35:05 - 35:07)
I ignore anything west of the Mississippi.

[Brian Weiss] (35:08 - 35:08)
Yeah.

[Uncle Marv] (35:09 - 35:24)
So I, I I've been alerted to Dallas this year and Denver because of the PAX eight event. I go there every year. But other than that, I, I, if it's west of the Mississippi or if I've got to change planes to get there.

No, no.

[Brian Weiss] (35:25 - 35:34)
Yeah. And you're lucky because most of the events tend to be over here. You know, I'm the one always having to fly across the United States.

[Uncle Marv] (35:34 - 35:58)
It feels like Orlando, Atlanta, Chicago, probably the biggest three. Um, I wouldn't mind, you know, I've talked to people and thought, why don't we have conferences in St. Louis? That's the middle of the country.

Everybody should be able to fly there, but I don't know if St. Louis was built out to be a conference town and outside of the arch. What, what do people go there to see?

[Brian Weiss] (35:59 - 36:19)
Well, that, that might be a good thing sometimes. I mean, like I questioned the conferences they have in Vegas. There's just so many distractions there, you know, um, especially people that don't, that rarely go to Vegas.

So they actually going to go to this conference and not get distracted and go off and do something else, you know, I wouldn't, but yeah.

[Uncle Marv] (36:20 - 36:31)
So I've already been told that if I ever do go to Vegas for a conference, the wife is coming with me, which is odd because she's already been there. I haven't. Oh, you haven't been to Vegas?

I've not been to Vegas. Oh, wow.

[Brian Weiss] (36:32 - 36:53)
No, it's, um, we took my daughter, uh, this last time we went, she's, she's, she was 13 at the time. Um, and you might wonder when you took your kid to Vegas, teach her to gamble early and be responsible. It's there, you know, she, she's into performing arts.

So we went there and took her to all the shows.

[Uncle Marv] (36:53 - 36:53)
Yeah.

[Brian Weiss] (36:53 - 37:00)
Yeah. There you go. So entertainment wise, you know, depending on what type of entertainment you're into, it's not just all gambling, you know?

[Uncle Marv] (37:00 - 37:12)
Well, I've heard that about the shows, all the people that have their residencies there and, and, uh, I don't know, but those are, those costs extra money. Don't they? It's not like Disney where you get a, you know, all in one access pass.

[Brian Weiss] (37:13 - 37:18)
That's fair, but they aren't as expensive as like going to a Broadway show in New York.

[Uncle Marv] (37:18 - 37:18)
Okay.

[Brian Weiss] (37:18 - 38:15)
You know, and, and the production value is pretty good in Vegas. You get a pretty, pretty good show. You know, they're typically, I think they're all indoors, right?

They better be. Yeah. And, um, so, so, you know, for me, I'd say, you know, live entertainment is a big one for us when we go to Vegas.

Um, I don't really gamble too much if I do, it's Texas hold them poker, but then I'm like sitting there at a table, like there's just so much other things to do. There's great food there. So, you know, if you're talking about, um, trying a variety of food and not having to break the bank, you know, it's not really expensive.

Um, yeah, I'm not a foodie, so I don't worry about that. Okay. No foodie.

I'm trying, how else can I attract you to Vegas? Um, the, I mean the nightlife, I mean, I guess that's a, you know, if you're a night owl, I'm old man, I don't go out. Yeah.

I'm just not doing a good job here.

[Uncle Marv] (38:16 - 38:17)
We'll continue this discussion.

[Brian Weiss] (38:17 - 38:19)
Don't hire me Vegas to try to get people to come.

[Uncle Marv] (38:21 - 38:35)
All right. Well, uh, I see people piling in for the, uh, the break here. And actually I'm looking at my thing here.

I've got to go. I've got to go interview Danny. Oh, so that would be awesome.

See what I can get out of him. He's got to be tired.

[Brian Weiss] (38:36 - 38:46)
Ask him about his Ironman suit. Oh, okay. That he he's dreading having to get into.

He's told me he'll wear it for 10 minutes, 10 minutes.

[Uncle Marv] (38:47 - 38:58)
That works. All right. Well, Brian, thanks for stopping by and we'll have to continue, uh, more conversations later and, uh, good insights on the, the Threat Locker stuff.

[Brian Weiss] (38:58 - 39:03)
Yeah. Thanks for having me. I'm glad I could share and help rise the tides out there.

[Uncle Marv] (39:03 - 39:18)
That's right. All right, folks, that's going to do it. And I'll be back with at least one more interview.

Maybe two. I saw some people hovering around the booth, uh, but continuing our coverage here at Zero Trust World 2025 in Orlando. We'll see you soon.