Reduce Security Costs with HacWare (EP 782)

Transcript

[Uncle Marv]
Hello friends, Uncle Marv here with another episode of the IT Business Podcast, and I am wearing my Florida Man Game shirt that I got. Yes, that is where I was this past weekend, and you can't wait for the video that I'm going to put out. I know some of you were already looking, hey, what happened at Florida Man, and I'm telling you, it was ridiculous.

Let's just say Florida Man Games was too much for me. I couldn't make it all day. It was too much.

It was too many mullets, too many non-shirt folks, too many tractors, too much weed. I can't explain it. I just cannot explain it.

All I can say is next year, if you are close to the Florida Man Games, you need to go. It was something. So I will have a full video on that coming up a little bit later in the week, and there's going to be some great pictures.

I got some great interviews, and yes, I did see and interview a lady with a pet iguana. You guys have made so much fun of me that that should probably be happening down here in Florida, and yes, it is. It happened, and I've got the whole story on that.

So that will be coming up. So for those of you that are not regular listeners or viewers of the podcast, that is not our usual entry, but that was such a big thing that I did over the weekend that I had to start with that. Also, for those of you that have been keeping track of my Office 365 migration, all I can say is still going.

There is one mailbox left to migrate. It is taking forever, and we're finding out more and more things every day about things that got missed, and it's your typical things. It's people that had archive folders that were not part of the mailbox but were actually exported PST files, and so they're looking for those.

If you were paying attention or if you did not know before, this is a hosted server in an environment that we have no control over. It's another provider that would not give us access to anything, no admin rights, no exchange access, blah, blah, blah. Could not get passwords for users, and that was a part of the managing partner of the firm that we're doing and the other tech that I'm working with, so I don't have full visibility into each person's profile and stuff, but I did go in and find these PST files that people were complaining about, that they were thinking that they were folders inside of the mailbox, and it turns out, like, most of you would probably have thought these are actually PST files that were separate from the mailbox that they thought were folders, so we've got to go grab those, and this should be coming to an end real soon, and my next story is going to be about another hosted exchange client that decided to change their domain and did not do their due diligence in all of that, but I will save that for another time, and that is going to do it.

Let me go ahead and bring to the stage the person that you are all here to see, and that is my guest, Tiffany Ricks with HacWare, and she will be coming on and chatting about a lot of things. She was a member of Pitch It two seasons ago, and I'm going to ask her about that. Tiffany, welcome to the show.

[Tiffany Ricks]
Hi Uncle Marv. How are you?

[Uncle Marv]
I am good. How are you?

[Tiffany Ricks]
I'm doing really well. Really excited to be here.

[Uncle Marv]
It's been a while, and I wonder what was your thought when I reached out to you and said, hey, time to be on the show?

[Tiffany Ricks]
I was honored, actually, that you thought about reaching out to me, and I was thinking, okay, this is great. I've been wanting to come on the show. I'm a big fan, and so I'm really excited that you reached out to me before I reached out to you.

[Uncle Marv]
Well, glad I did that. Glad I did that. For people that don't know, HacWare is a cybersecurity platform, and you burst onto the scene.

I'm going to say this, because you're not just in the MSP space with us. You are actually dealing with some other folks outside of the channel and all of that. You're semi-famous out there.

[Tiffany Ricks]
I don't know about famous, but as I think about this year, my goal is to leave a legacy of learning. For me, I like to share what I know. I'm also inquisitive, and so for me, it's all about just trying to make sure I am arming people with information.

[Uncle Marv]
Nice, nice. Now, I'm going to start with the weird questions right out of the bat, right out of the gate. You had talked on a show a while back about people that influence you and inspire you, and of course, names like Oprah, Jeff Bezos came up, and then you threw out a name that made me turn my head, Phil Jackson, coach of the Chicago Bulls.

Where did that come from?

[Tiffany Ricks]
Wow, that's been a while that I've talked about that. It was about Phil Jackson's leadership style. The way that he is able to lead some of the most brilliant, competitive people who are at the top of their game, the way that he's able to lead them and get it and rally everyone to compete at their highest level, and the way that he leads, it's an unconventional way, and he does it in his own way.

I'm a student of greatness, a student of leadership, and definitely, there should be Harvard classes, if there isn't any already, on his leadership style.

[Uncle Marv]
So now I've got to ask, was it because you were a basketball fan, a fan of the Bulls, or was he just in a list of great leaders that you happened to come across?

[Tiffany Ricks]
It was both. Growing up, I wanted to be the first woman in the NBA. Now, that's a controversial topic , but I love basketball.

I really thought that I was going to do it professionally. It was a pipe dream, but I really worked at it young, where I wanted to be a basketball player. At that time, growing up, the Bulls, they were that team.

It came from that, but then as I got older, just being a student of leadership and looking at how could this guy lead these great players, yeah, I wanted to know. So I started to look at it, look at his book, stuff like that.

[Uncle Marv]
All right. Did that surprise you as the first question?

[Tiffany Ricks]
Yeah, because that was a while ago. I was trying to think, because I recently talked about people who inspire me. It's always evolving and changing as I am at different points in my career.

Yeah, so it makes me want to go back and look up some stuff.

[Uncle Marv]
All right. So let's go ahead now and do the transition into the topic more people are going to be into, and this idea of cybersecurity. I want to start with the question right off the back, where we're hearing that the traditional cybersecurity platforms are just not working anymore.

I get where some people are talking about that, because as much as we do these monthly phishing campaigns, people are still getting phished. They're getting tricked in the campaigns themselves, and then they're forwarding emails that are scams, where they're like, is this a scam? Oh, I clicked on it.

I'm sorry. So let's start with that as the premise and talk about where HacWare comes into play.

[Tiffany Ricks]
Yeah, I think what's broken in this industry is that everything has evolved, and it's really evolved. The way that we consume information, the way that we learn, it's more engaging, and it's relevant information. And we have access to so much information now where I can just go down a rabbit hole and continuously learn something new.

And so the security awareness industry hasn't evolved and caught up to how people want to learn something new, learn something relevant today. And so with phishing simulations, the reason why you're getting low engagement on those tools is because they're behind the times. They're not teaching anyone new because we're leveraging templates that were created based off of phishing attacks that maybe happened 12 months ago, six months ago.

And so users have seen these types of templates before, and so their mind shuts off and they're not interested. But the way that we're differentiating ourselves is that we're learning, we're constantly pulling in real data from real attacks and teaching people new ways that cybercriminals are targeting them, the types of ways that they're trying to lure them in. And so that's the wow factor of our product, the phishing simulations, is because it's catching them off guard, it's challenging them, they're learning something new.

And then the training module, if they fail, is recommending short form content. So I just feel like the old way of doing phishing simulations of leveraging templates is broken. And then also, I was a security practitioner.

I ran these types of exercises. And in order to get that end goal where you're trying to make the phishing simulation seem as real as possible, that requires a lot of work from your team of creating these personalized content and trying to determine when is the best time to send it to the employees. No one has time to do that frequently, month over month.

And so we end up getting templates where everyone's getting the same campaign at the same time. And the end user is just bothered because they don't feel like they're learning anything new. And so that's one of the things that I feel like is the biggest issue with phishing simulations.

The other thing that I'll mention is anyone can get hacked. So we have to continuously send these tests to help people. I call it digital self-defense.

We have to teach people that they are a target, that these phishing simulations show them that they are vulnerable. And it helps them to test maybe what they may have learned in a video, put that to practice. And so they're highly relevant because if we didn't do that, then it's just a matter of watching some content that you learned, but you're not putting into practice.

And that's not how you retain that information and really create a muscle memory of when I'm in a high pressure scenario, I have to do this. I have to report this. I have to look out for this.

And so that's what the phishing simulations bring.

[Uncle Marv]
All right. So how much of this was actually born out of your time as an ethical hacker? I mean, is it something where you're taking what you were doing back then and putting it into a learning aspect now to teach people like, hey, this is what the hackers are doing.

This is what you got to watch out for.

[Tiffany Ricks]
Absolutely. 100%. I built this product really to streamline our work that we were doing.

So I owned a consultancy, companies hired us to figure out how a cyber criminal could get in. It was time and time again, people were the way that we could get in through phishing simulations. But the time that it took to build out the type of campaign and who to send it to, it just took way too much time.

And as you know, having a business where your people are your biggest cost, it just didn't make any sense for us to keep creating this manually. And so I have a software background, I over-index on automation. And so I was like, we could build something that can automate our workflows, save us time where we're not wasting our time on the setup and just look at the reports and the insights and then go from there.

And so that's where HacWare was born was we were trying to solve our own problem.

[Uncle Marv]
All right. So I've got two questions that they're not going to sound related, but the first one is going to be, I understand that HacWare is also designed to where it helps companies reduce their costs for cyber security training. So let me start with that.

How are you reducing costs? Because most of us, I think, have a pretty low cost if we were talking a couple of bucks a person, maybe five bucks a user.

[Tiffany Ricks]
Yeah. So there's a couple costs that you should be considering. There's the cost of the tool.

And so the cost of the tool, the way that we charge is we're charging you only for what you're using. And so you don't have to buy a big pool of licenses if you're not going to use them. You're going to get charged on a monthly basis if that works for you.

But there's usage pricing that we offer. But the other thing also that companies should consider is the amount of time that your team is spending running the tool. And so if you're leveraging a manual product that's going to require someone to build the content, run the content, remind the users to complete their training, that is a labor cost that we're trying to help you offset with our automation.

Because what we've seen is that we've been able to reduce the time where if you had someone running this product full time, they're coming into our platform typically maybe once a month to look at reporting. And we've just released automated reporting, which is also going to handle some of that automation. The other cost that you should consider is the cost of, well, what if we're not doing anything and a cybersecurity incident actually happens for these end users?

And so the cost of trying to respond to that incident, there's a lot of cost. As you know, firefighting, if you get ahead of that, you're on the offensive side and you're doing something to try to get the people involved in the fight, we're going to potentially reduce our incident side of the house. And so it's not just that one cost of the tool, although we're working with our partners on how they can leverage our product from a usage standpoint, but there's a bigger conversation here.

[Uncle Marv]
Okay. And now I want to go back to the thing we talked about where you said that we're sending out templates every month, the users are all seeing the same template. I'll be honest, I had a client where...

So all the secretaries sit in cubicles and they talk amongst themselves. And as soon as somebody gets one, they're like, look out, today's the phishing test. Although I've got a tool where it's supposed to randomize and they don't get it all at the same time or the same day and stuff like that.

So I understand that HacWare can personalize this for the client or the user and stuff. Explain to me how that works.

[Tiffany Ricks]
Yeah. So we're one of the first who leveraged... Gen AI is a big talking point now, but we were one of the first who built what is called a generative AI phishing simulation platform.

And so the way this product works is in four steps. First, we have the mining capability where it needs to understand how is a cyber criminal targeting the organization. So it's a crawler, it goes out, it finds the phishing data and it'll classify it.

So now we have a data set of, these are the types of attacks that are targeting organizations. Now we need to know, we need to gain user insights and understand and find the teams, the team members. And so we integrate with Microsoft 365 to pull in the users dynamically for training.

And then it tries to do an analysis to understand, has this user been a part of a breach already? We're looking at times of day, like a marketing tool. So we're looking at the times of day that it will be the best time to send this person an email.

It looks at what role they work in, in the organization, in their leadership. And so now we have insights into the user and then it's going to dynamically build out the phishing simulation and it will get more personalized based on the ranking. And so we start out as a level one, we go up to a ranking four, and the four is the hardest level.

And then from there, it will, after they fail, it enrolls them into training. So it's less about, we do have templates if the partner wants to take control and run it and customize those templates if they want. But many of our partners love the idea of it building the test that's personalized for each individual user.

[Uncle Marv]
All right. So you mentioned these levels, I'm assuming that they're based on some sort of metrics. What type of metrics are you guys using to do this ranking system?

[Tiffany Ricks]
So it's based off of how, the way that we look at the attacker journey. So we look at level one is what we're calling just a generic phish. And so that is typically what a cybercriminal is doing when they are just taking a widespread approach where they're sending this message out to everyone.

There's no personalization. They're just trying to see who's going to bite or who's going to open the message. And then we have level two, which is more of a, it's a hybrid between the phishing and spear phishing, which it has a personalized greeting in the message.

It may reference the company, and then it will go to a level three, which may have more personalization having to do with the role or potentially impersonating a contact, a known contact that this individual speaks to. And then the level four, it incorporates a lot of those elements where it is impersonating the company. It may see that the company has announced a merger or something.

It incorporates the known contact that this person communicates with. And then the other thing is that it uses insights where maybe this employee has been a part of a dark web breach already. It'll flip and maybe impersonate a brand.

And maybe we saw that credentials were leaked in that dark web breach from this brand. And then our phishing simulation will impersonate that brand and send them an email, maybe get them display a landing page, get them to put in credentials. We don't save the credentials, but we're trying to see, are they able to recognize this attacker journey?

And then there's different types. So we test, we lure them in with links. We lure them in by opening up attachments.

We lure them in by just replying with no links or attachments. We simulate a business email compromise scam. So a coworker exact email address is being used in an attack.

And so the platform tries to try different types of attacks based on how your past performance in the platform.

[Uncle Marv]
Interesting. So this sounds very deep AI driven. And is this something that we can go in and tweak ourselves or should we just let the AI do its thing?

And I'm asking that based on if we know a client that's had somebody click on something specific, I mean, can we kind of start there and say, look, we've got to train them on this first and then let AI do its thing or what's the level of involvement that we can have?

[Tiffany Ricks]
Yeah. So good question. The way that you can do that is you'll control the, wherever you come in and you control the campaign, the AI is going to pick up where you left off.

So really what we're trying to be is that assistant. Like we know that there may be some periods you're extremely busy and you can't create the phishing campaigns. And so what we're doing is we're trying to make sure that there's no periods of service that has paused because you or your team is busy.

And so what you could do is if you know that there's a certain department or individual who has a hard time spotting links that have this type of information in it, you'll run that campaign. And then what our platform will do is now we have a past performance and past behavior. So if they fail that type of attack, then our platform's going to try another one.

And then, or if they pass it, it's going to try something similar, but the next level of difficulty. So that's one way you can customize the platform where it has your branding. You can, it has your branding, your logos.

We have smishing simulations, text message based simulations, not just email. But yeah, the platform tries to pick up where you left off, or if you never jump in the equation, then we're just looking at, okay, what can we learn from this user and then in what's happening in the threat landscape, and then try the next test to them. And it does it every 21 days and you can change the frequency of the campaign.

[Uncle Marv]
Okay. I was going to ask about the frequency. So it sounds like a lot of stuff, a lot of work.

And I have to imagine that some people might get targeted more than others based on that behavior.

[Tiffany Ricks]
So what we try to, the platform is every 21 days by default, everyone's going to get a test. So it's not going to send more to one user than another. It tries to just, yeah, everyone is going to get at least one, but it determines when is the best time to send that simulated attack based on your insights and your behavior.

[Uncle Marv]
That's okay. Because one of the things I've always thought in my head is if there was a way to send out a test, somebody's like, oh, I got this, boom. And I don't have to worry about it for another month.

And then like an hour later, send another one or whatever, because people would be like, oh, they're not looking for it after they think they hit it in that month period. But I'm not the software person. So that's why I'm on this side of the microphone.

[Tiffany Ricks]
No, I think that's a great idea. On text messages, we do have that capability. And basically we're trying to do, it's called change of channel.

So you'll get a text message and then you'll get an email to try to validate, try to see like which one you would upvote.

[Uncle Marv]
All right. I didn't know you did text message tests as well. So for, do companies actually give up?

Like here are all the users that, we have their cell phone numbers, check them. Or is it the ones that have, like are getting email on their phones and that you want them to have that test on there?

[Tiffany Ricks]
Great question, Uncle Marv. It's usually where they're giving out corporate devices. So it could be that there's a construction, you may be managing a construction crew and for some reason they're not using their own devices.

You're giving them those devices out. That's typically the use case. But we are getting more and more requests from partners in the Asia Pacific market who are sending these out to the users who have their own device.

Okay.

[Uncle Marv]
All right. What's the craziest setup you guys have had to do so far?

[Tiffany Ricks]
Craziest setup? I don't know if I have a crazy story.

[Uncle Marv]
Aren't we crazy? Don't we like want to do special campaigns and stuff?

[Tiffany Ricks]
No, you're not crazy. No, I don't have an interesting story. I don't have anything, any crazy setups for us.

Onboarding is pretty simple and easy. It takes about three to five minutes to onboard. If you have the integration into Microsoft 365 or Google Workspace, we have auto, well, it does direct email injection, but for some of the third party brand impersonations, we do have to set up whitelisting, but we have auto whitelisting.

So it's pretty streamlined. Okay.

[Uncle Marv]
I was going to say, because the last whitelisting or allow listing I had to do was like 30 domains I had to manually add. Okay.

[Tiffany Ricks]
Nope. Just one IP address and we have an auto whitelisting capability where you press a button and it's going to set all those rules up into Microsoft 365. And then, yeah, you'll need to, inside of your email security solution, set up an allow rule for one IP address.

[Uncle Marv]
Okay. All right. So let's take a break here so I don't ask any more wild questions.

And I want to give a shout out to my sponsors. And first thing I want to do is say, of course, we've got our premier partner, NetAlly, your number one ally for network testing. You can install and validate your network in as little as 10 seconds.

Check them out by going to our sponsor page over at itbusinesspodcast.com. You can't see the name here because I have the wrong background on it, but when we are on site at festivals like Florida Man Games, we are powered by Rhythms, your portable internet in a box. And it did work while I was at Florida Man Games, although I did not live stream.

There's a long story behind that as well. Our newest sponsor this year, Designer Ready. So if you want to do white labeled websites and SEO for your customers, Designer Ready is the place.

They are going to be on the show in a few weeks, and we're going to talk about them. And if you watch the video, you saw at the beginning, I have a brand new sponsor that is here today. They're so new, I did not get their logo ready for the sponsor section here, but LionGuard is now a sponsor of the show.

They are what we call a gear sponsor. So they are helping to pay for some of the equipment that we had. And that's going to work out well because my show with Don Sizer at Zero Trust World was a mess.

I need a new camera that doesn't take off when she moves her hands. So check out the sponsors over at the website, itbusinesspodcast.com slash sponsors and support the show. And of course, you can always use my Amazon link and you don't have to do a monthly commitment or anything like that.

Anything you buy on Amazon will get us a little one or 2% commission. That's probably the best way you can support the show without having to do anything special. Just use my link there.

All right. Tiffany, let's go back and tell people we first met when you were a part of, was it the 2023 or 2022 Pitch It program?

[Tiffany Ricks]
I'm going to say 2023.

[Uncle Marv]
Okay. 2023. You didn't make it to the final three, you didn't get my steak knives or anything, but you're like, thank God.

[Tiffany Ricks]
I was looking forward to them. I need some knives.

[Uncle Marv]
But tell me about your experience with that. I know that some of the ones that I talked to, it was great. It was jam packed.

It was a lot of work. How was it for you?

[Tiffany Ricks]
Yeah. Thank you for reminding me that we didn't make it to the top three. I forgot.

Now I don't have good thoughts about it. I was going to say all great things. No, just kidding.

It was a fun experience. I think it was a great way for us to share what we're doing, but also to learn more about the needs of this industry. We met so many people who gave us feedback.

We met so many people who shared more about their problems that they're trying to solve. It gave us in a short amount of time, just the ability to learn and upskill faster. Then I think it gave us the opportunity to meet some great people that would have taken a very long time to do.

It was a great experience. I really enjoyed it.

[Uncle Marv]
All right. Now, check me if I'm wrong, but you weren't really in it for the money because you had gotten some funding previously. You guys were doing okay.

Was it just to be a part of the channel? I know you're doing stuff with Pax 8 and all of that. I know for some, they're truly in startup phase.

They really need that exposure. I didn't feel that from you guys. You guys seemed like you were pretty set.

[Tiffany Ricks]
Yeah. I'm glad you brought that up because that was my hesitation of doing it. Initially, I was thinking, I don't want to take this opportunity from a startup who really is trying to gain access to $100,000.

We weren't doing it for the money, but one of the things that made me want to go ahead and do it was, it was just about, again, just meeting so many people. Before that, we were going to, I think, so many different conferences and we were meeting people, but once we became a part of the Pitch It competition, we started really trying to figure out how to collaborate. There was more collaboration that happened between the vendors.

We were talking about events that we could go to together. The community shared more about what's happening in this space. We got to come on podcasts.

I just felt like for us, it was about getting to know networking, brand awareness, and we wanted to get on the stage, really. We wanted to be on stage. So, didn't get there, but we met all our goals of networking and brand awareness.

For us, now I remember because that was so long ago, what really sparked it was our customers told us that it would be easier for them if we integrated with some of the ConnectWise products. That Pitch It opportunity gave us what we needed to start that conversation. I think we were one of the first who finished our integrations.

I don't know if someone has beat us, but we finished our integration pretty fast. Then having ConnectWise behind us at different events and we could talk about that integration. So, yeah, it really helped with brand awareness, but also just letting everyone know that we had that integration.

[Uncle Marv]
All right. So, what are some things that have really happened to you guys since then? What integrations and collaborations have you done?

[Tiffany Ricks]
Yeah. So, since then, well, what is top of mind now because I have a hard time remembering things.

[Uncle Marv]
You're a busy gal.

[Tiffany Ricks]
You know, it's the true entrepreneur lifestyle where you're just always onto the next thing and you just go, go, go, go, go. So, it's hard to remember. But since then, we were funded by Google, Google for Startups, which was a great opportunity for us.

[Uncle Marv]
Tell me about that real quick. I saw that and I know that a ton of it was called cloud credits.

[Tiffany Ricks]
Well, yeah, it was cloud credits, but it's also because we integrate with Google's various APIs from being able to report phishing incidents to syncing in with some of the email directories. We were able to get access to some of their product teams and get access to some capabilities that Google, a lot of times for a cybersecurity product that does phishing, they have strict guidelines from an API standpoint on what they will allow you to connect to. And so, having that relationship allowed us to further our product roadmap in some of those areas, also in improving our AI technology.

And so, it was just really a technology play for us, as well as, again, brand recognition where more people can know about the problem that we're trying to solve. And so, yeah, that was the clear reason why we chose to go down that path was to further along our product roadmap.

[Uncle Marv]
All right. Sorry for jumping in there, but I saw that. I wasn't going to bring it up, but you did.

So, it allowed me to ask that question.

[Tiffany Ricks]
Yeah.

[Uncle Marv]
All right. So, you got inside the ConnectWise platform. We had chatted about Pax8 earlier.

What else have you guys got going on?

[Tiffany Ricks]
Yeah. So, with Pax8, what's coming soon is we've added some new products. We're adding, coming soon, we're adding new products to the Pax8 marketplace.

And so, pretty soon, you'll be able to get access to our super product, which has that text message phishing simulation capability. You're also going to have access to our basic product. And so, many companies who are doing penetration and testing, like how we used to do, they can use Phish Basic to just do the phishing part of the product.

The product doesn't have to train them. It's just all about phishing and getting the reporting so they can have this conversation with their customers about their human risk. So, that's coming in Pax8 soon.

What also is coming soon is we are coming to Sherweb. So, Sherweb, we're going to be launching with Sherweb in the April timeframe. There's a wait list that you can sign up now.

So, once we're live, we can get you that information and you can be one of the first to test our integration. And so, that'll be coming in April. But as far as new product capabilities in the HacWare platform, so if you're already a HacWare customer and you're leveraging our Pro and Plus product, or you may have gotten access to our super product, what's new that we have released in the last month is our automated reporting and enhanced reporting.

So, our reporting shows insights on what topics are the users having a hard time understanding when it comes to phishing. We'll say that your users are falling for social media phishing simulations. And it also shows details on how they're doing from an overall training standpoint.

And you don't have to come in and download that report every month or how often you're doing it. You can set up an automation where it's going to automatically generate that report, send it to your contacts, you can customize the message. And so, that's something that has been asked from our partners.

And we've released that. We also have released auto-whitelisting, which gives you the ability to just press a button and it's going to go into Microsoft 365, set up all the rules for you. And then one last thing that we've released is there's a new way where you can, well, what's coming next is our phish reporter insights.

And it's going to give you details on the emails that you've reported, some really exciting things there. But yeah, those are the hot things that I wanted to make sure that the audience knew. Okay.

[Uncle Marv]
So, that pen test tool, you called it phish basic?

[Tiffany Ricks]
Phish basic.

[Uncle Marv]
Is that going to be kind of like just an external vulnerability test? Or is it going to be a little bit more than that? In between it, phone test and a pen test?

[Tiffany Ricks]
So, right now it's a pen test. The use case oftentimes is used for pen testing. But one thing that we are releasing soon is we are releasing an assessment that's going to give you a holistic view to show your customers.

So, it's going to show human risk, but it also is going to show the risk for the organization at the domain level. We're integrating with some exciting cybersecurity products that can also kind of show vulnerabilities in the other part of your stack that we're going to show in this report. So, that'll be coming in Q2, this assessment that you'll be able to use for prospecting potentially.

[Uncle Marv]
All right. Now, is that going to qualify as a third-party attestation? So, that if somebody has to present a report saying that, yes, we had a pen test, that it'll qualify for that?

[Tiffany Ricks]
It will be... I don't... Hmm.

I don't want to speak out of turn.

[Uncle Marv]
Okay.

[Tiffany Ricks]
So, let me... I don't want to speak out of turn.

[Uncle Marv]
I don't think... Don't want to get you in trouble.

[Tiffany Ricks]
Yeah.

[Uncle Marv]
Some developers in the back room saying, no.

[Tiffany Ricks]
Yeah. No, that's not...

[Uncle Marv]
Okay.

[Tiffany Ricks]
I don't want to get you in trouble, Uncle Mar. Don't get me in trouble.

[Uncle Marv]
Okay.

[Tiffany Ricks]
I'm in enough trouble myself.

[Uncle Marv]
So, two more questions that I'm going to ask that are now... We're going to switch gears. You are touted as a four-time founder.

Are there...

[Tiffany Ricks]
Absolutely not. Someone was asking me, what are you going to do after... For me, I've always want to build a big, scalable business.

As a kid, I wanted to build a business that is going to go the distance, and that's what I'm planning to do with HacWare. But I'm not doing it again. After HacWare gets to its height, that's it.

I don't have another one in me. Yeah.

[Uncle Marv]
Well, are you going to use that to sell off and then go do your dream of hitting every beach in the world?

[Tiffany Ricks]
Oh, see, you have done your research. Absolutely. I am going to every beach and I'm going to dance across the world.

I want to dance and do everyone's native dance. But I'm also... I don't know how to not work, so I will be doing something, but it won't be starting another company.

[Uncle Marv]
All right. Now, at the time, and this is going back a while, so hopefully it has changed. You were talking about Costa Rica having the best beach.

I want to know if you've been to any of the beaches on the West Coast of Florida, and how do they stack up?

[Tiffany Ricks]
Okay. So I love Florida. But?

But I don't know. The reason why I'm pausing is I don't know if I've been on the West... What do you consider the West Coast of Florida?

Name some places.

[Uncle Marv]
Well, we'll start with Naples, Fort Myers, then heading up to Sarasota, Clearwater, Destin, then you get into Panhandle, Panama City, Gulf Shores. Okay.

[Tiffany Ricks]
Yes. I love Destin. Some of the most beautiful water, clear, clean.

I love Destin. I haven't been to any other...

[Uncle Marv]
Wait a minute. You've been to a tiny town called Destin, Florida?

[Tiffany Ricks]
I love it.

[Uncle Marv]
Yeah.

[Tiffany Ricks]
So I'm in Texas and originally from Texas. That is our go-to destination. A lot of Texans drive to Destin, Florida.

[Uncle Marv]
Yeah.

[Tiffany Ricks]
So I've been there. It was almost like every summer thing.

[Uncle Marv]
Okay. That was your spring break, huh?

[Tiffany Ricks]
Yeah. Yeah, definitely.

[Uncle Marv]
Interesting. All right. And then one final serious question, and this is...

I have not done a show on diversity in quite some time. We're out of February, which is usually the time that people would do that, but I've got you on the show here, and I just want to ask your perspective. It's kind of a double whammy for you because you are, one, a woman in tech, and then you are, secondly, a woman of color in tech.

So I just wanted to ask your perspective on how you see the tech sector, what things do you bring unique to the tech world, and how has that shaped not only how you run HacWare, but how you guys exist in the space?

[Tiffany Ricks]
Yeah. I mean, I'm really, really... Even this month, I've had a lot of fun just meeting some really brilliant women who are starting some...

Who have some really successful technology companies. And so I love to surround myself with brilliant people. As I mentioned before, I study greatness.

And so this is my fourth company, and it's been really exciting just seeing how technology has broadened its perspective. And we have brilliant women, black women and men. We have people just come from so many different walks of life who are growing a career in businesses, in tech.

And I just look at it as business. I was just speaking to a company recently. It really is about just having a broader perspective.

And it's really about any company should be looking at how can they do their business different? How can they differentiate themselves? And it always starts with the team.

So anytime I'm looking for funding, or I'm trying to look at a strategic partnership, they're always asking about the team. The team is super important on how the company moves. And so you have to have brilliant people who think differently, who can help you get from point A to point B faster.

I mean, just think about Facebook. Facebook was a great company, but until Sheryl Sandberg became a part of their leadership team, that's when their revenue reached some extreme heights. And so it's really just about making sure that all companies are looking at how can they broaden their perspective?

How can they get the best and brightest minds? And you're not going to get that by just looking at the same place you always looked, because the byproduct is that you're just going to get the same output. And so that's the way I look at it.

It's just a business move.

[Uncle Marv]
All right.

[Tiffany Ricks]
And the best business move.

[Uncle Marv]
The best business move. Okay. All right.

Well, Tiffany, that ends our tech portion of the show. And we are now going to be focused on our Florida Man segment here. Florida Man or a random question.

So I thought it would be unfair to bring a ton of Florida Man stories when I was just at the Florida Man games. And we didn't prep Tiffany well enough. So Tiffany has already agreed to answer a random question.

And so we'll start with that. And I don't like that question, so I'm going to generate another one.

[Tiffany Ricks]
Well, while you're doing that, so my audience probably doesn't know what is this Florida Man games? What is that?

[Uncle Marv]
So it is based off of the Florida Man concept that for some reason, a lot of people don't know that if you were to go to the internet and type in the words Florida Man and a date, you are going to get some crazy, weird, ridiculous story that could be something about man robs Wendy's with an alligator or some shirtless Florida Man evaded cops on a tractor. Just those types of stories. And they're just, they're just crazy.

They're also based on the original cops that was started here in Broward County, Florida, where they were on TV showing all the weird, crazy cop chases and stuff. Live PD, three of the main cities on that show. That was basically a live cop show from around the country.

And there were film crews going around. And one of the most iconic scenes from Live PD was a man in the West Coast of Florida that was walking around licking doorbells.

[Tiffany Ricks]
Oh my gosh.

[Uncle Marv]
So yeah. So that's where Florida Man was come from. And the Florida Man games, they created a bunch of competitions based on some of those stories.

[Tiffany Ricks]
So yes.

[Uncle Marv]
So I'll share one in just a minute, but first I'll have you answer a random question. And this random question is what do you wish you had spent more time doing when you were younger?

[Tiffany Ricks]
Playing. And that's probably just a theme throughout my life. Like I wish that I didn't take myself so seriously.

And I wish that I just played and had fun. As a kid, I played, but really I was still building. I was trying to build stuff.

And I was thinking about businesses. And then in college. So I went to Clark Atlanta University, which is a historically Black college university in Atlanta, Georgia.

I went there. I played a little bit, but for the most part, it was all about engineering. And I was just stuck in a lab.

Went to Georgia Institute of Technology. Never went to a football game. Everyone asked me all the time, what were those games like?

I don't know. I was just building. Went to TCU.

Never went to a game. And so I wish I played.

[Uncle Marv]
And never played. But then how did you become a fan of the Bulls?

[Tiffany Ricks]
So growing up with boys, the only way that I could hang out with them is, really, it started with gaming. So playing games, playing NBA 2K or NBA Live. And I would love picking the Bulls because Micah Jordan was always the character that always made his shots.

And then that led me into wanting to watch the games on TV. And then I did play basketball, but that was only because I had no other option. If I wanted to play, I did have to go out there and play basketball.

I was the only girl on the court. But yeah, I just wish I would have played more.

[Uncle Marv]
All right. Very interesting. So let me give you this Florida man story.

And it's kind of a little bit of a twist. And I think you'll understand why, because it's actually a Texas man named Jathan Gilder, who was arrested in Florida for allegedly stealing two pairs of Tiffany & Company earrings worth $769,000. And what makes...

Yes. So on February 26th, Gilder visited the Tiffany & Company store at the Mall at Millennia in Orlando. He posed as a representative for the Orlando Magic, claiming to be negotiating a purchase on behalf of the athlete.

And this allowed him to gain access to the store's VIP room, where he was shown several high value jewelry pieces, including the two pairs of earrings and a diamond ring, also valued at $587,000. And so much footage captured him sitting at a table with the jewelry display before him. He then suddenly jumped up, grabbed the earrings and attempted to flee the VIP room.

It was all pretty interesting. So he did escape with the earrings, but dropped the diamond ring. He was later picked up by the Florida Highway Patrol.

And what makes it even worse, and even more Florida man style, he swallowed the earrings to avoid being caught with the merchandise. And so they had to x-ray to confirm the presence of the earrings. And I don't know how they got them out, but there's your Florida man story for today.

[Tiffany Ricks]
I love that because that's what we're talking about. Like he was social engineering.

[Uncle Marv]
Yes, he was.

[Tiffany Ricks]
They needed security awareness to understand how to ask these questions and pause. Like, why do you think that this guy is with Orlando Magic?

[Uncle Marv]
Yeah. So that's it. So Tiffany, thank you very much for participating and bringing Texas to the Florida man story.

And thank you for sharing the history of HacWare, the history of yourself as the four times founder, not five, and your pursuit of visiting every beach in the world.

[Tiffany Ricks]
That's what I'm going to play. Thank you.

[Uncle Marv]
And we'll get you back here sometime. We'll see where we are on that beach track. But folks, thank you for watching.

If you're watching live, I've seen a couple of people come and go here. Thank you for listening. After the fact, be sure to sign up for our videos as they come out on the YouTube, LinkedIn, and the Facebook.

And of course, if you head over to the website, sign up for your favorite pod catcher so you can catch the audio episodes that have come out. We had two actually released last night. We had another marketing show and another money show, Shannon Simmons and Melissa Hockenberry, two separate episodes there.

I've got more coming out this week, including two more from my time at Zero Trust World. And of course that Florida man podcast that you are so patiently waiting for. But we'll be back again next week with another live show.

Thank you for tuning in and tune in next week. That's going to do it. And I'm finding the outro video.

There it is. We'll see you next time. And until then, holla.