In this episode of The Bridge, I’m joined by Dante Orsini, Chief Strategy Officer at 11:11 Systems. We’re talking about building cyber resilience and the aftereffects of the rush to pivot workforces during the pandemic.
11:11 Systems is a managed infrastructure solutions provider that holistically addresses the most pressing cloud, connectivity, and security challenges — like cyber resilience — of today while preparing businesses for tomorrow.
During this episode, we talk about how we paused being careful during the pandemic. We rushed in and deployed tech without too much thought to our cyber resilience. As a result, the pandemic was a force multiplier for bad actors.
Plus, we discuss how despite being prevention and security-obsessed, we don’t talk about cyber resilience and recovery enough, and it’s treated like a different (and less interesting) topic. Ultimately, humans and non-technology remain the riskiest aspect of cyber resilience in all our businesses.
Topics discussed in this episode:
- 11:11 Systems’ strategy to help organizations modernize their applications, secure their data, increase cyber resilience, and ensure application availability, regardless of where the workload exists.
- The changes in security, cyber resilience, and disaster recovery in the current work environment.
- The need for companies to have a multi-layered strategy to protect against attacks and improve their cyber resilience.
- The importance of cyber recovery and resilience, and the move towards bringing disaster recovery into the security framework.
- The challenge of retaining security talent in a highly competitive job market.
- The need for a comprehensive approach to security that includes people, processes, and technology.
- The role of vendors and consultants in helping organizations to build governance and ensure compliance.
ABOUT DANTE ORSINI
Dante Orsini serves as 11:11 Systems’ Chief Strategy Officer. He brings more than 20 years of experience leading direct and indirect sales teams, ideally positioning him to lead customer-focused strategy across all facets, from planning to execution, business transformation, and partner growth.
In his role as Senior Vice President of Business Development for iland, he oversaw the global direction and execution of iland’s strategic and channel partnerships. Additionally, Dante along with his team were responsible for designing iland’s robust global, partner ecosystem from the ground up. He sits on the VMware Service Provider Advisory Council, as well as the HPE, Veeam, and Zerto Partner Advisory Boards.
Dante was instrumental in helping iland to achieve “Leader” status in the Gartner Magic Quadrant for Disaster Recovery as a Service from 2016 through 2019 when the report was retired. Additionally, Dante and his team led iland to win CRN’s Partner Program (Five-Star rating) for five consecutive years as well as the Veeam Impact Partner of the Year award for four consecutive years and the Zerto Cloud Service Partner of the Year for three consecutive years.
Dante’s background, combined with his thought leadership in cloud computing and cloud infrastructure, have ensured that he is repeatedly tapped to present at events across the globe.
Dante holds a Bachelor of Arts degree in Interpersonal Communications from Bowling Green State University.
CONTACT DANTE
The Bridge Podcast – Dante Orsini
Scott Kinka (00:00):
Hi, and welcome to this week’s episode of The Bridge. I’m your host, Scott Kinka, my guest today. I’m looking forward to this one, Dante Orsini. He is the Chief Strategy Officer of 11:11 Systems, a company whose name you may not be as familiar with as the peace parts that make it up. We’ll hear a little bit more about that, certainly, as we’re talking to Dante. Dante, welcome to the show.
Dante Orsini (00:24):
Hey, Scott, thanks for having me. Looking forward to it.
Scott Kinka (00:27):
Fantastic. Dante, where are we talking from on your end? Where are you located?
Dante Orsini (00:32):
I’m actually in flat, hot Dallas, Texas.
Scott Kinka (00:36):
Wow. Okay. What’s the temp today? It’s in spring.
Dante Orsini (00:39):
Today’s not too bad, but yesterday for spring, we’re up at 91. Whew.
Scott Kinka (00:43):
Okay. All right, good for you. As our listeners know, I’m outside of Philadelphia, so we have a brisk 60-something-degree afternoon. It’s very nice here. As Chief Strategy Officer, I mean, I’ve had that role in a couple of companies myself, tell us a little bit about, you know, your role at 11:11. How long you’ve been there, what your day-to-day focus is just, you know, get a day in the life for us if you would.
Dante Orsini (01:05):
Sure. So, you know, I actually came to 11:11 via acquisition. The company I was at prior was called Island, and I was there for, you know, close to 15 years. Right. So, we actually were acquired by 11:11 back in December of 2021. So, a day in the life of my role, I love it. I’ve got a great team, you know, really, I think the strategy is a fancy title for it. I get to work really closely with our product team, our sales team, you know, our delivery team to make sure that you know, we’ve got the right solution set for our customers today, but also looking out, you know, 3, 5, 10 years down the road to make sure we can continually drive value, right. So that means that we work very closely with a lot of what we call our alliance vendor partners, as well as our, you know, our channel partners that we go to market with together.
Scott Kinka (01:56):
Fantastic. And, anything about you personally? I mean, obviously, you’re in Dallas; how long have you been in tech? Tell us something we might not know about you.
Dante Orsini (02:05):
Well, I’ve been in tech for a long time. I came out of college in 95, so I’m dating myself, right? I was a retail stockbroker, and I moved to technology as fast as I could about five years after that. And it’s been a fun ride. You know, if I have time every morning, I’m up at five, I work out with my 20-year-old son, he tries to keep me in shape, and, you know, if you catch me on the weekends, I’m probably tearing apart an old gun or shooting something at a range. I get into collecting old firearms, a lot of fun.
Scott Kinka (02:34):
Very cool. Very cool. And then, 11:11. So, you know, I mentioned it earlier, probably the biggest company, you know, but you know, people aren’t as aware of the brand, but certainly you already mentioned Island. Tell us the heritage, what makes up what 11:11 systems are today?
Dante Orsini (02:50):
Yeah, great question. So, like myself, I wasn’t aware of 11:11, you know, a couple of years ago until we were running a process with Deloitte, right? So, yeah, I think what’s unique is the lineage of 11:11, actually our founder, Brett Diamond, he and our CRO came from the connectivity space. So their most recent exit was from a company called Hudson Fiber Networks. They built out ultra-low latency fiber connectivity, globally targeting, you know, the largest banks in the world as well as healthcare. So, okay, they sold that business in 2018, and, when they started to look around the market, they had a lot of interest in what they were gonna do next. And ultimately, they put a plan together. They had 17 different PEs that were very excited about investing in the company, and they ultimately chose a company called Tiger Infrastructure Partners. Uh, that’s our PE sponsor. They’ve worked with them for many, many moons, and the point being, they want to take what they know about connectivity, and rather than building the physical asset, they’re gonna focus further up the stack with things like SD-WAN. But they want to literally go out and acquire platform businesses specifically focused on cloud security. And then wrapping that with the third pillar being connectivity, right? And delivering that all in a single platform. So if you look at the M&A side of the business, right, they were really looking for core platform businesses that had success growing organically. You know, take us, for example; we were privately held around for 25 years. We were self-funded, so when they looked at us, you know, we were global in nature. So they thought it was a great way to start, you know, what they were doing on the cloud side of it being, you know, hosted managed infrastructure if you will. Things like backup disaster recovery infrastructure as a service. They also acquired, you know, 20 days before us, a company called Green Cloud Defense and, and Green Cloud, very similar solution stack as the US difference was they also, rather than, you know, delivering security for their own platform, which they did, that’s where our focus was. They were actually delivering security for customers on-prem, right? Or regardless of where the workload existed. So they had a minute of security services suite. Okay. So that was very accretive to what we did, but if you fast forward, there were a couple of other small tuck-ins along the way, mostly around carrier services and professional services. and then we acquired the recovery services business as well as the cloud and managed services business from SunGard in November. So that was big. So I, I think we went from, you know, approximately 300 ish, you know, employees to well over 1200 at this point.
Scott Kinka (05:25):
Wow. Okay. So 11:11, Island, SunGuard, Green Cloud is in there, a few others, and, and then recently, Unitas Global.
Dante Orsini (05:35):
Yeah, that was part of, I would consider that more of a tuck-in. So we picked up the, you know, I would say, the private cloud business there. I got approximately 50 customers. But, right now, you know, we’ve got about 60 points of presence globally, over 5,000 customers. And I think the key, though, is that, you know, looking at the platform side of this, there’s been very little overlap in what we do, right? So bringing that all together on a single platform is really where we’re focused. And I think that, you know, working with the customer base that we have today, there’s a lot of opportunity to, you know, continue to drive value to those folks based on the cumulative sum of the portfolio, if you will.
Scott Kinka (06:13):
So, sum it up now, put your marketing hat on, right? So there were a lot of pieces that came together. Tell me the 11:11 story as you know, as a combined company. Give me the elevator pitch just so our listeners get that.
Dante Orsini (06:26):
Yeah. I think the key here is we are squarely focused on making sure that all of our, you know, customers’ applications and data are gonna be consistently optimized, right? Whether we’re, you know, working with somebody on the availability of those platforms, or we’re actually helping protect them, you know, again, regardless of where that workload exists, you’ve gotta tie all this stuff together, right? So, the easiest way of understanding 11:11 is a globally managed infrastructure services company. But I think what’s really unique is by bringing all these together, we’ve established a lot of best-of-breed approaches, not only to our own infrastructure but to help people on the journey. Scott, internally, I joke around, I call it the Cloud-O-Meter, right? You know, where is someone on their journey, right? How can we help them? Can we help them in their own data center? Can we help them, you know, and, and where they’re looking to, you know, protect data, secure data, what are they doing for application availability? Do they need someone to help them modernize these applications and help them in that transition to the cloud? Let’s face it, the operating environment that people are in today is much different than it was even a couple of years ago. You’ve got people trying to, you know, nurse whatever they have for however long they can. But the more and more CIOs I talk to, the more people would say, ‘Hey, if there was an easy button’, that easy button was sass, ‘I would do it for everything, but I can’t, right?’. So trying to help these organizations, you know, get to where they need to be, wherever they are on that spectrum, is really where we’re focused.
Scott Kinka (08:00):
Dante, will you provide those plus up services, you know, even if some of the workloads are destined for hyperscale, or is it hundred percent generally? Okay. So whether it’s your infrastructure, their infrastructure, or even a journey, you know, a repatriation journey back to some kind of hybrid as they’re realizing what may or may not work well in hyper-scale, you’re there for the journey across the board, correct?
Dante Orsini (08:23):
That’s exactly it. And I think that’s been, the part that’s been, you know, super exciting for me because where I came from, we were very focused on our own platform, right? And that’s what allowed us to scale. But I also understand that things have changed dramatically for our clients, right? And when you look at that operating environment, like I said, could be on-prem, could be in multiple different, you know, public clouds, various different SaaS providers. How do you make sure that those applications and data are constantly being, you know, optimized, right? And God forbid, you know, something, how do you recover? So having that domain expertise, regardless of where the workload exists, is critical.
Scott Kinka (09:03):
Super interesting. Dante, you know, when you, let’s just, let’s go back a couple of years, right? I mean, everything is, you know, it’s like the start of time anymore, right? It’s kind of pre-pandemic and post-pandemic, right? During that whole journey. it was still an island at the point of the pandemic, right? Or was that already, so the 11:11 island thing was post-pandemic, correct?
Dante Orsini (09:24):
Yep.
Navigating Supply Chain Challenges While Sustaining Business Growth
Scott Kinka (09:24):
Got it. Take us into that journey a little bit. Let’s just step out of being technologists for a minute and just be, let’s just be business people. You know, we have a lot of listeners who scraped a lot of knees in March, April, and May, June of 2020. You were Chief Strategy Officer at that time at Island as well.
Dante Orsini (09:46):
Yeah, I think my title was a little different. I think it was the SVP of Business Development.
Scott Kinka (09:52):
So, you know, you were in the room where it happened. I mean, tell me about your journey as a business in making decisions on how you were gonna work, what you were gonna do, sending people home, just how’d that go? Walk us through your journey a little bit.
Dante Orsini (10:07):
Yeah, Scott, I wish I had a great story for you here, but the reality is we were all ready to find the right talent as a cloud provider. We were already a distributed workforce.
Scott Kinka (10:17):
Yeah, okay.
Dante Orsini (10:18):
Right. So it wasn’t that big of a deal. You know, I, I think that, and again, we’ve got folks that are in North America and have for over a decade, right? So I think from that perspective, like internally, we were already set up for all the infrastructure required, to operate completely distributed, right? So we didn’t really go through the challenge that a lot of companies, you know, perhaps did. I do think that when you are, you know, continuing to expand in, let’s call it virtual teams, you’ve gotta have some really strong management, right? And some really good collaboration tools. And again, fortunately, that foundation was already there, right? Now it did change, you know, the way that people, you know, I think that some people did appreciate it if they were in a region where there was a corporate office, and there was an opportunity to see people for a day or two. Let’s face it, you know, a lot of us are social, and to relegate that to a screen like we’re on right now, that was a tough transition for a lot of people. And I do think that you know, we’ve also seen, it’s changed a lot how, you know, people are sourcing different solution types, right? I just look at it with all of our partners, you know, partners want to get out, they wanna learn more, they wanna figure out, you know, what the best solutions are so they can align, you know, customer requirements and things of that nature. But let’s face it, you know, if, if I was a, you know, a CISO or a VP of IT, and I was able to dodge every vendor on the planet by staying in my home, and I’m comfortable there, then you better provide a lot of value to get my time, right? So I think it’s, I’ve seen, we’ve seen more impact on people that are trying to sell in this market, frankly. But I also, you know, I appreciate that a lot of people, it was like everything stopped some of our customers that didn’t have the infrastructure in place to support this work from home challenge. And that became the mission-critical priority, right? How do I add capacity? How do I add, you know, a network? How do I enable this from a security perspective? Like, there’s no doubt in my mind there were a lot of people, you know, that didn’t anticipate that, and clearly, you know, no one, no one did, right? But I think once that’s settled down, people can get back to the normal business of how are we gonna, you know, continue to grow the business. And what’s the role that it has in, in making that happen now that we’ve been able to enable the, the work from home dynamic if you will?
Scott Kinka (12:52):
Well, it’s interesting. I mean, you mentioned how it could help make that happen. I think those were your exact words. And I mean, my feeling, honestly, for many years selling into the mid-market and enterprise is that we weren’t really asked that question before the pandemic, and they’re sort of being asked that question post-pandemic. Do you concur with that? You know, and if so, tell me a little, you know, one way or the other, tell me about your experience and then like how the job changed for the IT leader inside that business.
Dante Orsini (13:22):
Yeah, like I said, I think some of our customers, you know, clearly struggled, right? And I think that it’s a bit of a cascading challenge because one thing I can absolutely identify with is the supply chain conundrum, right? Depending on who you were leveraging, I think the hardest supply chain hit we saw was on the network side. I won’t name names, but I mean, something you could get in 30 days suddenly became nine months or 11 months.
Scott Kinka (13:51):
Yeah.
Dante Orsini (13:51):
Right? So how do you navigate around that when the business is growing, right? And, as an IT leader, you gotta sustain that growth or support that growth. That was very, very difficult, right? It was difficult for, you know, cloud providers. It was difficult for our clients as well, just in their own, you know, operations.
The Intersection of Cybersecurity, Disaster Recovery, and Cyber Resilience
Scott Kinka (14:14):
Got it. So that was, I mean, the current, where your company focuses today. I mean, in our pre-call, you were talking a lot around, you know, two areas that stuck out at me were, you know, in security, right? We’ll talk a little bit about that and how that’s changed. The other one really being sort of in disaster recovery and business continuity and how that’s changed. Let’s take them one at a time. Obviously, security is different now. I mean, it’s always been a problem, right? Let’s say what it is. But then everybody was in the office, and we could paper over crappy endpoint management processes because people were sitting at the firewall and then they went home. But in reality, let’s be clear, everybody got a free pass for 2020 and half a free pass for 2021, and then we woke up one day, and we’re like, all right, well, I guess, I guess it’s here now. Tell us a little bit about how, how that’s changed. You know, what are people struggling for? How have you guys answered the bell on that? How has it changed your, you know, kind of regular interaction with your customers?
Dante Orsini (15:17):
Yeah, great question. I think probably the most obvious one here is the security conundrum, right? Like you said, enabling work from home. You know, I think clearly the bad guys don’t care about the pandemic, right? It’s like a game on. It’s a force multiplier for them. And, you know, I think that you can spend a lot of time and effort, right? Doing the best you can to defend the castle, but ultimately, if somebody really wants to get in, they’re gonna find a way to get in, right? I mean, I’ll give you a crazy example. I was on a flight, and I was coming back from the Bay Area. The person next to me was, you know, he had a technology jersey on. So we were striking up a conversation, and it turns out he was a pen tester, and his job was to physically get into buildings, right? And I dunno if you remember a couple of years ago, the Solar Winds hack, right? Very public. And we were just trading war stories. And he said one of the quickest ways he was able to get into one of his global clients was to leverage that hack. I said, okay, how did you do it? He said, well, it was really simple. I just started to call into as many help desk locations as I could. And one morning, I was able to get somebody on the phone, and I was posing as, you know, a SolarWind salesperson, knowing full well that nobody’s gonna want to talk to me, right? So, he’s literally cold calling, and you know, the person gets on the phone and says, Hey, I’ve got no interest. And, he said, listen, you know, whether it’s me or the army of people behind me, we’re gonna keep calling, so do me a favor, just tell me who you’re using. I’ll notate the account, and then we’ll take you off the list. He’s like, fine, we’re using Rapid Seven. He took that little data point, and then he turned around, and he started to call non-technical people. He got a hold of a marketing director in North America and said, Hey, I’m so-and-so, I’m on the global Rapid Seven cyber response team. You’ve been compromised. I need you to log in to this URL right now because you’re the source of the attack. A person freaking out gets on the phone, and boom, he’s on the corporate network. Was that simple? It was two phone calls. So social engineering’s super powerful, right? But, I think the other thing that we’re seeing is that because of, you know, the escalation of what’s happening with cyber attacks, the cyber liability insurance carriers, right, are getting more stringent, and it’s getting harder and harder to actually write a policy. And even if you have a policy, they’re indemnifying against, you know, state-sponsored hackers and things of that nature, right? So at the end of the day, that’s becoming a boardroom level conversation because people are realizing, well, wait a minute, you know, yes, we’ve had to go make all these investments to take all these boxes to get a policy written, but if the big boys are coming after us, they’re getting in, and then the insurance carrier’s not gonna pay out or help, right? So it becomes a, okay, now what are we gonna do if the worst happens? And I mean, you know, you can pick your favorite framework. Like if you look at NIST, the majority of NIST is all around the preventative side, right? But then that last rung is really around the recovery side. And I think that’s the most overlooked component when people are trying to prepare for this. A lot of people don’t even know what data is critical, right? Going back to what we first spoke about, because the operating environment is completely different. You’ve got data and SaaS-based applications, various different public clouds, and your own infrastructure, right? So how do you know what’s important? You know, how do you know what the contingencies are to protect it? And better yet, you know, do you have the capacity to be able to bring up multiple copies of that data? Should you be compromised in a clean room environment that’s completely segregated to allow a forensics team to help you pour through it and find the best copy of the data, right? Recovering from cyber’s completely different from traditional disaster recovery. Cuz you can’t really rely on replication. It’s all about, you know, restoring from backup, which, hey, guess what? It’s not gonna happen fast.
Scott Kinka (19:21):
Certainly not, you know, or depending on when the attack was, you’re restoring, you know, servers that are already compromised, which is the other part of the problem. I mean, we’ve always had a tendency to think of disaster recovery as, I mean, disaster is the wrong word there, isn’t it? Right. Recovery’s much more common from, from the cyber side than it’s gonna be from, you know, fire flame pestilence, you know what I mean? River’s turning red kind of event at the end of the day. You pulled the two things together, you know, I said earlier, like, we talked about security, and we talked about disaster recovery, and you just sort of, you just attached sort of the last rung of the NIST framework to pulling DR into the security, you know, framework. Is that how you guys talk about it? I mean, is it one conversation or two?
Dante Orsini (20:12):
It’s definitely how we talk about it. We’ve seen this change recently, in the last couple of years, right? A lot of folks are starting to pull that stuff under the CISO where it didn’t sit before, right? And I think that maybe the conversation doesn’t originate there, but it definitely ends up there, right? You know, one of our folks that we work with really closely in the channels a hundred percent focused on the enterprise space. And, you know, the way that he describes it, he’s like, look, you know, nobody wants to talk about DR anymore. All they wanna talk about is CR, right? Cyber recovery or cyber resiliency. More importantly, you know, the way he put it is everything that folks like us, and if you look at the security vendors in their space, all these different point solutions or a managed provider like us, there’s thousands of us out there on the preventative side, right? And in, in his words, he’s like, you all are defending against the JV team, right? And that’s what he said, that, you know, a state-sponsored hacker or, or a really well-organized, bad hacker, right? Chances are they’re gonna get in, right? So, what are people gonna do when that happens? And I think that you gotta have a multi-layered strategy, a hundred percent on the preventative side. Like, there’s no if, ands, or buts about it. And how you get, there is by being intellectually honest with what your team is capable of and where you’re gonna make your investments. That’s why we’re seeing so many people gravitate towards either SaaS-based or our managed security services to help augment. And that’s another huge challenge too. I mean, Scott, think about it, the whole, you know, great resignation going on; who do you think’s got a better opportunity to retain security talent? A provider that focuses on nothing but that, where they get to play with all the latest toys, right? Or a manufacturing company, right? I mean, there’s just no way. If you just look at North America, I think there’s like, I don’t know the exact number, but there’s a site that actually tracks this. I think there are like 1.1 million gainfully employed security professionals today, right? Okay. With over 600,000 open recs. So, there’s no unemployment in that space, and there’s clearly a deficit in talent, right? So where’s the talent?
Scott Kinka (22:24):
And look at how many of those businesses do they consider security a full-time job, too, right? I mean, any job that’s also a job is a job. You don’t really do very well, or at least you’re not chopping the same wood every day with the sharp ax, right? So no question of going elsewhere for that. And I love what you said about being intellectually honest because look, what you said is accurate at the end of the day too, you know, regulatorily and from a compliance C perspective, you know, insecurity. We’re not required to be perfect. In fact, we’re expected not to be, right? We are expected to have documented policies, we’re expected to educate our people, we’re expected to have a plan, and we’re expected to be able to demonstrate that we actually run the plan.
Mapping Dependencies and Ensuring Data Protection
Scott Kinka (23:09):
We’re supposed to have logging to demonstrate that we, you know, can get ourselves out of a situation and have the, you know, the forensics to be able to do so. But you’re never expecting that, that’s the big misnomer here. Like, you’re never expected to be perfect. You’re expected to be able to have the artifacts to trace it back. And ultimately, to your point that you’re able to recover from it, you mentioned earlier, I thought it was really interesting you started talking about mistakes people make, right? You said, I think, I think the example that you gave was, you said, you know, most businesses don’t even know. I think it was something to the effect of what data’s important or what systems would need to be recovered to get back. So let’s assume for the sake of argument that a business is now getting serious about cyber recovery, which, you know, is really ultimately different from disaster recovery. What are the main mistakes you see, you know, businesses making right now when you get in and have that first conversation, and they’re like, oh yeah, here’s our, here’s our documented DR plan we had to have for our ISO, you know, and you look at it, you know, what are the main mistakes that you guys see?
Dante Orsini (24:13):
Clearly, that is a layup. I think I know exactly where you’re going with that. The number one issue there is that piece of paper; it’s only as good as the last time you actually ran the exercise. So like, that is clearly the biggest gap, right? And we all know it. Like DR. Traditionally, DR. I firmly believe it’s like the skeleton in its closet. Usually, it’s not well documented in the heads of certain people, but let’s say that you’ve got a formal process; you’re only as good as your last test. And historically, that means, you know, people are gonna test like once a year, twice a year, once a quarter. You almost have to think of this like C I C D, right? There has gotta be a constant string because, let’s face it, change is the only constant, right? So how to do you, like, this is part of the trick? How do you enforce policy across everybody that’s deploying something? And this is what I know enterprises struggle with today, just from a data protection perspective, right? Like I was talking to, you know, a major global bank, and this is what they’re trying to solve for. You know, they’ve done a fantastic job of having a modern data protection platform for every data center they have, right? But when they’ve got different internal customers, think dev teams or lines of business deploying stuff, AWS, Azure, GCP, right? How do they enforce policy to make sure that all those workloads have the same level of data protection? So if and when something goes wrong, they know that they’re following the corporate standards, so they have a path of recovery. It’s very difficult, right?
Scott Kinka (25:47):
And, you know, are the people in the business, not just the technical people, consulted on what the important priorities are. I mean, you know, I often find that, the story that you just said implies that the people that are working on the data know how to classify the application or data that they’re working on to meet a certain level of policy, right? Like, no business is gonna be able to afford a recovery time objective of immediate, you know what I mean? And on every piece of data inside the business right now. But do you find that there’s a disconnection between the technical people who are trying to build that stuff and the business who’s deciding, Hey, you know, we can’t afford for this thing to be out for two hours, this thing we can hold till tomorrow? Like, is it, is there a disconnect between the business and the technologists often too?
Dante Orsini (26:41):
Typically there is. a lot of people have been working consistently on that. Like, you know, I think it’s a little bit different now than it was, you know, let’s pay three to five years ago. But I still think the larger the organization, the more challenges they have there, just because of the sprawl in general. But I do think cyber is definitely shining a light on this more than anything. At the same time, you know, I think there’s money well spent on consulting engagements to really have somebody come in that deals with not just B C D R, but cyber resiliency, understanding, and things like vital data assessments. There’s some phenomenal technology, right? Also, that can help with application dependency, mapping, understanding, you know, the flow of that data, that can help guide these conversations.
Dante Orsini (27:35):
And, now more than ever, I think that it really gives people the opportunity to have a multi-layered approach to this. As you said, it’s gonna align both budget and risk and be more pragmatic about it. So it’s really just an opportunity to take stock in what’s happening and how well-prepared you believe you and your team are today. I think the other thing that you brought up too, because of the pandemic, there’s been so much movement in headcount for so many organizations, right? It becomes increasingly harder and harder to maintain good levels of process around this.
A Shift in Focus Towards Security Documentation
Scott Kinka (28:13):
Yeah, no question. And maintain the talent to maintain the process. Who’s maintaining the documentation, it’s this vicious cycle that goes on and on and on. I’ve said on other podcast episodes, and I’m sure you’ll get the movie reference, that the pandemic was like the blue pill, red pill moment for security, right? Like, do you want to do this yourself? And if so, take the pill, and I’ll show you how far the rabbit hole goes. Do you know what I mean? Like, or bring in a partner, right? Bring in a consultant, bring in an 11:11, you know, bring in somebody to help build governance. By the way, interestingly enough, assuming you picked the right vendor, that also helps you from a compliance and documentation perspective because not having it yourself versus having someone else do it, you know, it’s a way to, I don’t wanna say push responsibility, but you lean on somebody else’s sharp acts, right. You know, in regards to doing that. Super interesting. This has been a wild conversation. Let me take a little bit of futurism with you if you wouldn’t mind. So I’m gonna ask you, not 11:11 specifically, I’m gonna ask you to make a shameless prediction about the next 18 to 24 months. Doesn’t need to be in tech, but it certainly can, just throw something out there and put your Nostradamus hat on for me.
Dante Orsini (29:36):
It’s a tough one, right? I think of my CTO when you ask that question, right? Because, unlike myself, vacation for him is going to things like a black hack, right? And has been for a long, long time, and every time there’s, there’s been a hack that shows a little incremental growth on capability, right? He’s a firm believer that the big one’s coming, right? As in something that’s gonna cripple a lot of people. And I’m telling you, the bad hackers are moving faster than the good guys, right? And that’s the part that I think keeps a lot of us up at night. My biggest fear is that clients don’t take this seriously enough until it’s too late, right? So I’m gonna put my happy prediction hat on, and that people are going to, you know, people are gonna get very focused on this and start to plug the holes that they have very quickly, because I think every day, you know, this continues to happen, and it’s kind of reaching like a pandemic style, across the industry. And again, the other big thing I see here, Scott, is that this is happening way more frequently than the things that become aired out publicly, right?
Scott Kinka (30:56):
Unquestionably. Yeah.
Dante Orsini (30:59):
I mean, so I’m hopeful. Let’s say glass half full people.
Scott Kinka (31:01):
Okay, the glasses are half full. I like that. Earlier on, I wrote down, you know, your commentary earlier about human engineering, you know, on attacks, and I mean, that’s the footprint you can’t do anything about. At the end of the day, if somebody’s gonna just not smart enough and answer the call, that’s really where the resiliency piece kicks in, right? So, I mean, if, if I’m gonna be hopeful of tacking onto yours, it’s that, you know, we get serious about educating because that’s important, but there’s always gonna be an open attack vector, right? I think what I’m hopeful about is that organizations like yours, you know, make the point that resiliency is also part of the security problem.
Dante Orsini (31:48):
So interesting. It’s a great point, by the way. Like the, the whole training side of this is so critical, but I don’t think it’s happening at, at a high enough frequency, as in, you know, there, there’s a, a really well-known company that recently sold, I think for 4 billion in that, in all their training’s been focused, I think, you know, the vendor, right? And it’s all focused on ransomware, phishing, and spear phish, like educating the average user, right? I think about how they educate people, like if I’m talking to my mom about, Hey, mom, this is, this is what an attempt on your email looks like. Don’t click on this. It’s not real. That kind of stuff. Little tips and tricks to look at, but we do that. And I’ve seen the firms that we hire to penetrate ourselves with, with social engineering, they’re still successful because of the amount of information that’s out there about every single company now with social media. With your website, there is enough for a talented group of people to spoof things and put it in the right tone so that it seems like it’s legit. It’s no longer the, oh, this is a misspelled, you know, crazy URL people; if they wanna get in, they can get very, very creative to go register URLs that are so similar to your own corporate needs. They can monitor all the public communication that’s going on so they can understand the tone in which, you know, your executives are communicating. Look at LinkedIn, you’ve got people all over LinkedIn that have a persona. There’s enough public information out there, you know, to spoof, you know, in the right tone and the right message to get people, to take dumb steps, right? To a trained person would seem obvious.
Scott Kinka (33:29):
Yeah, a hundred percent. You know, for smart people to take dumb steps, right? It’s not just the, would your parents fall for conversation? Yeah. Which I correct completely, are two fun ones. The next, you know, the apocalypse is, in your dystopian future, there’s only one app that works on your phone. It’s the one you have left, what is it?
Dante Orsini (33:54):
Oh my gosh, I’m a type-A person, right? So it would probably be something to chill me out. It would probably be either the music app, and if that’s not qualified, it would probably be some dumb mindless game to keep my mind off what’s going on?
Scott Kinka (34:07):
Well, I just got asked on our last podcast what I would pick, and I said the music app for that reason, I’m like, listen, if there’s nothing going on, I don’t need my news app, and I certainly can’t communicate with anybody over text, so just show me out. I got a pair of headphones on a desert island. It is what it is. So that’s a good answer. What’s on your end table right now? What are you reading? Is there something that you wanna share? Or if you don’t have something that’s current, maybe your favorite business tone that you’d like to share with us for other people’s reading list?
Dante Orsini (34:36):
It’s really interesting you say that, because, to me, if I’m gonna read for pleasure, it’s not gonna be about work. It’s gotta be something completely different to get my mind off of work, right? So I’m good for a page or two a night right before I knock out. And it’s usually some type of, you know, a memoir written from some military, could be World War II, could be Korea, could be Vietnam, right? But I love reading personal accounts of some of those things. And it kind of all started with the HBO series, where like Band of Brothers. If you look at the credits for the series Pacific, they were all based on books. But for me, it started, probably 10 years ago; one of my good buddies, his father’s parents died when he was 17 in a car accident. He enlisted; it was like multiple tours of Vietnam. And so I asked him, I’m like, Hey, have you ever talked to your dad about, you know, anything that happened there? And, he’s like, yeah, he won’t tell me anything about it. I read this one book. I’m like, well, why is that? He said it because the book was written about his unit. I’m like, all right. So I think this is right when I bought the first generation iPad, and I was getting ready to fly to Europe. And I’m like, I don’t really read that much other than work stuff, right? So maybe I’ll see if I can find that book that my buddy was talking about. I found it, and I couldn’t put it down. So that was kind of, that was like my, that got me on a, it’s not, Hey, how do I do this better? Or I need to be motivated. I know a lot of people read things like that. This is for me to kind of, like I said, chill out a little bit.
Scott Kinka (36:10):
I’m gonna take that advice. I don’t chill out enough. So you’re the second guest in as many weeks that has said something about reading non-fiction. For that reason, we’re reading, you know, obviously, historical accounts, but not necessarily work-related. So that’s good advice. Dante, this has been a lot of fun, great conversation, and super interesting. We got some nuggets. I was watching our producer, Gene, scribbling down notes in the background, which means he’s got some quote cards to pull out some quotables from you. That’s good. For our listeners, if they wanna learn a little bit more about 11:11, what would you recommend that they do?
Dante Orsini (36:47):
Yeah, just check out our website. 11:11systems.com. And, clearly, Bridgepointe’s a critical partner of ours, right? So I would just reach out to whoever you work with at Bridgepointe, and let’s just have an open dialogue. See what we can do to help if anything.
Scott Kinka (37:03):
An intellectually honest discussion about where you are from a security and recovery perspective, which I love. I’m gonna steal that, if you don’t mind. I will credit you for it. But, here on the Bridge, thank you for joining us where we have intellectually honest conversations about what’s going on in tech. My guest on this episode was Dante Orsini from 11:11 Systems. Dante, thank you so much for your time.
Dante Orsini (37:27):
Scott. Thank you. Really enjoyed it. Take care.
Scott Kinka (37:29):
Fantastic. And to our listeners, thanks for tuning in, and we’ll see you soon on another episode of the Bridge.
- Technology Hype Cycles with Jason Carolan at Flexential - May 21, 2023
- Edge Data Center with CoreSite’s Maile Kaiser - May 17, 2023
- The Business Process Outsourcing Model with David McAbee - May 14, 2023