In today’s digital age, the threat of cyber attacks looms large over individuals, businesses, and critical infrastructure. The rapid advancement of technology has made our systems more interconnected and, consequently, more vulnerable to cyber threats. In this episode of Supply Chain Now, sponsored by Microsoft, hosts Scott Luton and Kevin L. Jackson highlight the dangers of cybersecurity threats and provide crucial insights into how leading organizations are navigating this perilous landscape with the help of special guest Jose Razo, Senior Technical Specialist with Microsoft.

Listen in as Scott, Kevin, and Jose share a detailed overview of the current cyber threat landscape, highlighting the increase in cyber attacks since the pandemic, and the significant costs associated with the breaches.

Learn more about the various types of cyber threats, critical infrastructure and its importance and inherent vulnerabilities, practical advice for businesses to strengthen their cybersecurity posture, and finally, Jose’s four-step framework for protecting against cybersecurity risks.

Don’t miss this episode, and begin engaging in proactive cybersecurity conversations, and stay informed! Because as Kevin says, it’s not if you’re attacked, or even when you’re attacked, but how you respond to the attacks.

Intro/Outro (00:03):

Welcome to Supply Chain Now, the voice of global supply chain. Supply Chain Now focuses on the best in the business for our worldwide audience, the people, the technologies, the best practices, and today’s critical issues, the challenges and opportunities. Stay tuned to hear from those making global business happen right here on Supply Chain Now.

Scott Luton (00:32):

Hey, hey. Good morning, good afternoon, good evening, wherever you may be. Scott Luton and Kevin L. Jackson with you here on Supply Chain Now. Welcome to today’s show.

Scott Luton (00:40):

Kevin, how are you doing today?

Kevin L. Jackson (00:42):

You know, it’s been a great week, you know. And I’ve been meaning to reach out to you. It’s been a great space nerd week.

Scott Luton (00:51):

Hey, lots of stuff happening in the latest and greatest installment of the space race. So, we’ll have to catch up separately. And hey, we’re just talking about how hot it is. It’s almost as hot as this interview discussion’s going to be because we’re talking about a real timely topic and it comes to cybersecurity, right? We’re going to be offering up some critical information, Kevin, for our audience to include identifying some of the most common cyber threats that you should know about while also we’re going to be sharing what leading organizations are doing to more successfully mitigate this cyber threat rich environment.

Scott Luton (01:22):

I’ll tell you what, Kevin, I hate to say it, fish in a barrel. Everybody’s getting hit. It should be a great show, huh?

Kevin L. Jackson (01:28):

Yes, absolutely. Shields up.

Scott Luton (01:32):

That is right. Hey, we should say today’s episode is presented in partnership with our friends at Microsoft who’s doing some really cool things in the industry, helping to move us all forward, successfully and securely. So, Kevin, are we ready to introduce our distinguished guest here today?

Kevin L. Jackson (01:47):

Absolutely. The center of the world, Houston, Texas,

Scott Luton (01:52):

Center of the cyber world right here. Jose Razo is a distinguished leader in operational technology and industrial control systems at Microsoft. Now, in this role, Jose assists many Fortune 100 and 500 companies in achieving compliance and mitigating that incredibly high risk through the development of comprehensive and highly integrated security programs. And he’s a really cool guy as we’ve learned in our pre-show conversations. I want to welcome in Jose Razo —

Jose Razo (02:20):

Thank you.

Scott Luton (02:20):

— senior technical specialist with Microsoft. Jose, how you doing?

Jose Razo (02:23):

I am hanging in there. It’s hot, as you said. It’s definitely hot today.

Scott Luton (02:27):

Oh, it is. And as Kevin was trying to let the cat out of the bag, you’re in Houston and Kevin is up in Virginia. I’m over here in Georgia. I think Houston probably has — between the three locales, Houston probably is corner to market on the heat factor. What do you think, Jose?

Jose Razo (02:44):

You know what, I would say yes. But, you know, Houston’s all I know. Born and raised. So, I’m going to say you guys revolve around Houston.

Scott Luton (02:52):

Kevin, he’s talking just like a Texan. I’ll tell you what, just like a Texan.

Kevin L. Jackson (02:56):

Just like another country, right?

Jose Razo (02:58):

That’s right.

Scott Luton (03:00):

Well, Kevin, as you know me and you have ventured down to Houston and Galveston and have really met some wonderful people and some brilliant innovative business minds and we’re looking forward to learning from Jose here today. But Kevin, before we get there, you and I like to talk good food all the time, right?

Kevin L. Jackson (03:16):

Yes, absolutely. My favorite topic.

Scott Luton (03:19):

One of mine too. So, Jose, the first piece of advice I’d love for you to give our global audience out there is when they venture to Houston, Texas, what’s one place they got to eat at?

Jose Razo (03:30):

Well, you know, I’ll tell you this, barbecue is going to be king in Houston and Texas in general. My favorite place is Killen’s, it’s in Pearland. I will say you can only get it when you’re down here in Houston. They have branched out. They’re trying to expand, but the original location in Pearland, that’s the one to go to.

Scott Luton (03:45):

1. Killen’s Barbecue. Coming to Killen’s Barbecue soon. Kevin, we both don’t spit out too much barbecue. We’re kind of big fans, huh?

Kevin L. Jackson (03:54):

Well, I spent some time Texas. I used to live in Kingsville, Texas and it gets hot down there also, right? And we were just outside of the King Ranch. And in Kingsville, steak is cheaper than chicken, right?

Scott Luton (04:08):

Really?

Kevin L. Jackson (04:08):

So, you eat steak all the time. So, I tell you, when I go to Houston, there’s this place called Vic and Anthony Steakhouse.

Scott Luton (04:18):

OK.

Kevin L. Jackson (04:18):

So, I’d like to get a big sirloin and just pig out.

Scott Luton (04:24):

Man. You all got stopped. I’m about to salivate over here. All over my microphone.

Scott Luton (04:29):

All right. So, one of the thing, Jose, as we’ve learned you had your team colors on in an earlier call. You’re a big time Houston, Texas Texans fan. Who’s one of your favorite all time Texans players?

Jose Razo (04:41):

Oh, man. That’s always a hard one. I can name off tons of them, but I’ll go with Andre Johnson. Recently, he’s about to get — put into the Hall of Fame, so that’s a key moment for us. And I think he kind of top of my list just because as a season ticket holder, I’ve gotten to go to events and he’s still very integrated with the team even after all these years. So, I’ve gotten to meet with him. I’ve gotten to talk to him. So, I think he just hedges everyone out just because I’ve actually gotten to speak with him a couple times.

Scott Luton (05:04):

Man.

Kevin L. Jackson (05:04):

Real person.

Scott Luton (05:07):

Yes.

Jose Razo (05:07):

Yes, yes. He really does exist.

Scott Luton (05:10):

Kevin, we’re rubbing elbows with Houston royalty right here in Jose, knowing all the Hall of Famers and all. And he was a wide receiver, right?

Jose Razo (05:17):

That’s correct.

Scott Luton (05:17):

1. About to enter the Hall of Fame, that is awesome.

Scott Luton (05:20):

1. Well, Kevin, we got a lot to get into with Jose here today. I’m looking forward to his perspective and expertise as well as all of yours as well, Kevin. But before we dive into some of these topics, a couple of things that we’ve, kind of, level set the conversation beyond good food and great sports in Houston. Now, I want to start with this, Jose, tell us a little bit about your professional background.

Jose Razo (05:39):

Sure. I’ve been in information technology IT, 12 years now. Primarily eight years, I’ve been focused on security. A big chunk of that has been OT security. So, I have a consulting background. I’ve done every, kind of, role in IT under the sun. I mean, you name it, from help desk on up. Recently now I just focus more on, you know, health guiding customers through their journey to mitigate their security risks.

Jose Razo (06:00):

I hold a master’s in computer information systems, but it was concentrated in security. So, that’s kind of been my focus for a very long time. A little bit more in my personal life, I love technology. Home automation is kind of the key to me, but I’ve been trying to make my home smart for many, many years. I haven’t accomplished it, but it’s a work in progress. And last thing is I do enjoy cooking other than technology.

Scott Luton (06:21):

1. Man, we’re going to have to have a whole show focused on home automation. Kevin, have you been able to automate any parts of your home?

Kevin L. Jackson (06:29):

Well, I’m not sure I want my home to be smarter than me, that’s too easy. Although, you know, many times I’ll be doing something and, you know, I hear this little voice and I say, I didn’t ask you anything. It’s like my house is telling me what I need to know.

Scott Luton (06:48):

That’s a good point. And we’re still pretty manual in our household, Jose and Kevin. In fact, I rely on my three little assistants all the time. So, it’s a very manual environment.

Scott Luton (06:57):

All right. A lot of good stuff there. And you started to share a little bit of where you’ve spent your years in the industry, and of course I mentioned some of the things you do at Microsoft. But do you want to expound on anything else you do in your role there?

Jose Razo (07:08):

As you stated, my official title is a senior technical specialist. Essentially what I do is I, kind of, engage with customers at the C-suite level all the way down to the right team then it’s going to pertain to what we’re looking for. They kind of come to us and engage the issues they’re concerned with, what problems they’re looking to resolve. And my job, essentially, is to find the correct team plus myself and just kind of guide them through that journey. Teach them where it is that they might be, you know, missing some security components or where they can improve. Everyone’s got some room for improvement. So, I just take them from point A to point B and ensure that they get exactly what they’re looking for.

Scott Luton (07:41):

Kevin, I love that and I love that we’re going to have the opportunity here today in our global audience to learn from Jose’s work with Fortune 100 and Fortune 500 companies because I think there’s lots of things that no matter what size your business is that we can take and apply, right?

Kevin L. Jackson (07:57):

Oh, yes. Absolutely. And in this area, cybersecurity, things change. I mean, like, every day, every hour. So, I’m sure it keeps you on your toes there, Jose.

Jose Razo (08:08):

Oh, it does. It does.

Scott Luton (08:08):

No doubt. OK. So, as we continue to level set a little bit more, folks are probably hearing more and more, especially in this modern cyber environment. This phrase, critical infrastructure, right? Now, we’ve got the smartest audience in all of digital media, right? But there might be a few folks that may be curious about what that means. Jose, how would you define that?

Jose Razo (08:30):

That’s a great question. Essentially, critical infrastructure for me is going to be, you know, the systems or the assets that we have as people, as citizens in our country or in the world itself that we rely on. As far as, like, public safety, health, you know, water, transportation, all these systems that we need on a day-to-day basis to kind of go about our days. The things we kind of take for granted, flipping the light switch, opening the faucet, those things, those are critical. If we were to take something out of the equation there and it affects us, I would consider critical in my opinion.

Scott Luton (08:59):

Yes. Kevin, what would you add to that?

Kevin L. Jackson (09:01):

Well, I mean the definition of critical always links to what’s important to society. And I’ve had this question, Jose, I wonder how you would address this. Is the internet noun critical infrastructure? I mean, we rely on it all the time. My car is connected to it, my smart house is connected to it.

Jose Razo (09:25):

Yes, you know, I do believe the internet, if it’s not there, it will be shortly. I think if you were to kill the internet, I think there’s so many systems that depend on that. There’s so many integrations within the business environment. Customers I work with would not function, could not actually have business without that. So, for them, I know they would label that as critical. Though I think as the general population, we’re very close to that. I do believe our education system and in many factors of our lives are internet based now.

Scott Luton (09:52):

No doubt. You know, I liked your working definition, Jose, that I think is anyone could approach understand what we’re talking about with critical infrastructure. And I also like how you mentioned some of those sectors that we don’t even think about, we take for granted. And I want to call a few of those out for our listeners, water and wastewater, right?

Scott Luton (10:08):

Especially here in the States, we just expect to be able to turn on the faucet or flush the commode and it just work. The dams sector. Me and Amanda went out to Las Vegas not too long ago. We took a little — I think it took us about 45 minutes to go over to the Hoover Dam. When you cross that, it’s one thing to think about dams and security there, but when you cross it and you see it, you think about dams everywhere around the world that the safety of which we rely on and we never think about it, right?

Scott Luton (10:32):

Financial services, I think one of you all touched on that. How often we just expect transactions to happen and have our access to our resources to be available at any ATM or bank or what have you. And these things take active protection, especially in this evolving threat, which we’re going to touch on in just a minute. Kevin, any comments there?

Kevin L. Jackson (10:50):

One thing you missed, which I think is huge right now, and is healthcare. I mean, our hospitals really depend on connectivity and remote healthcare. Now that — you know, after post-COVID, everybody is now, sort of, take telehealth for granted, right?

Scott Luton (11:07):

That’s an excellent point. In fact, maybe Jose can confirm or deny this, but healthcare and higher education seem to be two of the top targets for bad actors out there from a cyber standpoint. Maybe we’ll touch on some of that later. And folks, we’re not looking to scare anybody, but it’s important that in real frank terms what this cyber threat landscape looks like. The numbers are appalling.

Scott Luton (11:29):

Jose and Kevin, the IMF recently shared that cyberattacks have more than doubled since the pandemic, and that might be conservative. And the costs of severe breaches have more than quadrupled to some $2.5 billion. Goodness gracious, no sector is immune. Some are certainly more vulnerable than others. So, Jose, the question here is how would you define the current cyber threat landscape?

Jose Razo (11:52):

You know, the way I see it and the way I would answer that question, especially when I’m speaking to customers, it’s really identifying what we’re concerned about at the moment. And as you said, that changes by the minute, changes by the day. I think some of the bigger things that I like to focus on, you already kind of touched on, it’s the pandemic.

Jose Razo (12:07):

I think after the pandemic, there has been so many ways that we have changed. Customers are changing the way they do business. They’re changing the way they engage, not just their employees, but their personal customers on the other end of business. And in healthcare, healthcare has really struggled since the pandemic for some reason.

Jose Razo (12:24):

The big thing is we went to BYOD. And so, that just encourages more vulnerabilities. And there’s a way, you know —

Scott Luton (12:29):

Hey, Jose.

Jose Razo (12:30):

— we have to protect — yes.

Scott Luton (12:31):

What was that acronym? B-Y-O-D?

Jose Razo (12:34):

B-Y-O-D, yes.

Scott Luton (12:35):

B-Y-O-D.

Jose Razo (12:37):

Yes.

Kevin L. Jackson (12:37):

Bring your own device.

Jose Razo (12:38):

Bring your own device, yes, that’s correct. Not with a B, with a D.

Kevin L. Jackson (12:44):

You got me thinking there now.

Jose Razo (12:48):

And, you know, I think that makes it a little harder because now we’re not just protecting corporate enterprise devices but personal devices that come in there that may just not have the same type of protections on it. So, healthcare has really struggled in this area.

Jose Razo (12:59):

I think the Russian and Ukraine conflict has really opened the eyes to what a nation state with money and the resources to engage in IT threats. They have showcased the way they can do targeted attacks and how they can attack critical infrastructure.

Jose Razo (13:14):

And so, that is a key. And I think the last thing that really I have been focused on is just the adoption of different vendors. I think we outsource a lot of security and we are on the mercy of how good they protect their systems.

Scott Luton (13:25):

Excellent comments there on that last item, Kevin, before I get you to weigh in there. When we think of global supply chain and the tens of thousands of suppliers, probably more than that, that make up various sectors, that make up some of the largest companies, supply chains, and all the touch points between each of those across the ecosystem. And then multiply it by what Jose just said there, Kevin, which is that bring your own device because it adds so many more nodes, that’s more opportunities for bad actors to get in there and do bad things. Kevin, what would you add as Jose kind of described the current cyber threat landscape, your thoughts?

Kevin L. Jackson (14:00):

Well, that was an eye-boggling number I heard just the other day. The cost of cybercrime, it’s going to cost our global society like $9.5 trillion in 2024. All right. This is a lot of economic loss.

Scott Luton (14:18):

It is. What did you say, eye-boggling. It is eye-boggling? It’s mind-boggling. It — it’s knocked my socks off. And of course we’re leaning into the sense of humor. But there are a lot of awful innocent victims. You know, that $9.5 trillion loss is going to deeply, deeply impact.

Scott Luton (14:35):

So, folks, the threat is real, right. We don’t have to preach on that anymore. So, now I’m going to give a couple of examples of some of the — it’s a weird way to use this word, but successful cyberattacks in recent months and that impact there. Jose, what comes to your mind?

Jose Razo (14:50):

Well, there’s been a large increase in ransomware attacks. One in specific that I kind of want to highlight. It’s been around since 2019, and I apologize if I pronounce this part, this the Phobos ransomware. This is kind of targeted by a group called 8base. And so, that’s the ransomware group that’s been using it.

Jose Razo (15:05):

Essentially, you know, long story short, they try to find ways to infiltrate your network. Whether this be phishing, doing some type of vulnerability via RDP ports, you know, your remote desktop protocols. And once they’re in, they’ll back load this ransomware. Essentially, what happens is the ransomware will lock up your systems and it will encrypt the data. It will have the ability to raise your backup.

Jose Razo (15:24):

So, everything that you take the time to protect yourself with, how you’re going to mitigate and remediate after a vulnerability they put at risk for you. And so, then they turn around and hold you hostage. And so, once you’re being held hostage, you have the opportunity to either run to the authorities or pay the money.

Jose Razo (15:42):

And I made a note for myself because they actually send you — and I found this very interesting, as they sent you terms of services that literally — and I won’t read all of them, but they literally tell you, this is how to pay us. These are the steps you should not do. You cannot contact the authorities. Do not involve the FBI or any, you know, government agencies. And then these are our promises. We promise to remove it. We promise to remove all the vulnerabilities and to completely check out.

Jose Razo (16:05):

And it’s kind of concerning because this is targeted toward governments, education, healthcare, anything we would consider critical infrastructure, that’s where they’re targeting. And many companies are paying the money and they keep the data private, so we don’t always hear about this. But CISA has put out security advisories, the FBI has as well. So, this is a very well-known thing. And we do keep anonymizing a lot of the people that have been targeted, the organizations that have been targeted for good reason but it is a shame that we have to face this. And companies need to be aware of these things that we don’t always hear of.

Scott Luton (16:36):

Jose, I’ll tell you, it is fascinating. Going back to the earlier part of your response, how we’re kind of laying out the guidelines of what the interactions are going to be like. It’s something you’d find from, like, an e-commerce retailer or something. It really is disturbing. Kevin, weigh in on some of Jose’s perspective there.

Kevin L. Jackson (16:52):

Well, you were talking about successful cyberattacks, right? What about innovation in cybercrime? This is what you’re looking at. One that, you know, many people have not heard about is how these crimes are cross-pollinating. If you’ve heard of virtual kidnapping where people are using cyber vulnerabilities to find out about what you do in your life, right?

Kevin L. Jackson (17:19):

You know, when do you go to the barber? When do you go to the beauty parlor? When are you at home and when you’re not at home? You know, who’s your husband? Who’s your wife? And then they use that information, for instance, I don’t know about you. Like my wife, she goes out to get a manicure or a pedicure, get her hair done. She’s going to be gone for three, four, five, six hours. And no, you can’t call her. She’s busy. She’s busy having fun.

Kevin L. Jackson (17:44):

But a cybercriminal will pick that time to call you and they have already recorded her voice. They already know what her telephone number and they will spoof that they have kidnapped her and demand ransom from you and you have to pay within the hour and don’t call the police. It was a virtual kidnapping. You’re wondering, trying to figure out, and you pay the money and then, you know, your wife comes back. Hair all do [phonetic], she’s happy. Well, you are — you aren’t right, you know. And this has become a very popular, you know, cyberattack vector.

Scott Luton (18:22):

Wow, this is blowing my mind, Jose and Kevin. I thought I was kind of well-informed, but goodness gracious. OK. Well, let’s shift gears because now we’re getting into, I think the good news here because folks out there listening or watching us, there are steps you can take today. And certainly, some information that we’re equipping you with is going to help fill in that blind spot so you can start to educate your teams and then act to better mitigate this environment we’re in.

Scott Luton (18:48):

So, Jose, as we kind of flip to this next part of the conversation, let’s identify some of the common cyber threats that business leaders really got to be aware of.

Jose Razo (18:57):

You know, the most common are the not as sophisticated ones, they’re the ones you hear about on a day-to-day basis. The malware, ransomware, as we kind of mentioned. Social engineering, the phishing e-mails, those kinds of things as, kind of, Kevin alluded to where they learn about what’s going on by phishing this data gathering from a variety of sources.

Jose Razo (19:13):

The biggest one is always going to be human error. We, as individual, I think companies need to focus on training employees, that’s always key. That’s usually how you get breached as a phishing e-mail came in and they usually have credentials. They don’t have to steal them.

Jose Razo (19:26):

And then more recently, I would say A.I. And I’ll give a quick example to kind of tie back to what Kevin said with the virtual kidnapping. I’ve seen and heard where they do A.I. voice train. So, not only do they do the kidnapping, they fake the kidnapping, but they also have a voice synthesization of your spouse or your son, your daughter, and you hear them talk to you. And that just adds to the next level of fear that you already have at that point.

Scott Luton (19:48):

Goodness gracious. Kevin.

Kevin L. Jackson (19:50):

Yes, I mean, you sort of alluded to what I think of as the next level of cyber defense, artificial intelligence and machine learning. Everyone’s trying to use A.I. and M.L. and Generative A.I. to improve their business, improve their bottom line to provide better service to their customers. But what about the flip side of it? How do you protect yourself against bad A.I.?

Jose Razo (20:18):

You know, at Microsoft, we’re leveraging A.I. on both sides of the spectrum there. We’re doing it in a way to leverage more efficiency. Make, you know, employees and personal individuals more effective and efficient. But on the flip side, we do have security A.I. as well.

Jose Razo (20:32):

And so, you know, you’re going toe-to-toe as well, right? As the threats become more sophisticated with the use of large language models and A.I. training, so are the security tools. We have a large set of security tools that are leveraging the same types of data. You leverage that with Microsoft’s threat intelligence that is coming in. And we’re just going back and forth race to see who can keep up. And long story short, it is — you know, we both have the same set of tools. It’s just who’s going to stay ahead of the game there.

Kevin L. Jackson (20:56):

Instead, arms race, right?

Scott Luton (20:57):

Right, it’s like space race again.

Jose Razo (20:58):

That’s true, yes.

Scott Luton (20:59):

Cyberspace race. Well, and also your last comment, Kevin, what I heard implicated in your response is the human factor, right? The people factor that’s driving the innovation across technology and certainly across the cybersecurity realm is still really critical. Kevin, it’s one of our favorite things to talk about.

Scott Luton (21:17):

I want to follow up to Kevin’s question though. He was talking about specifically A.I. and Gen A.I. But as we broaden that out a bit, you know, what are some other examples as to how organizations are really successfully mitigating this highly dangerous cybersecurity environment that you’ve seen? How are folks winning?

Jose Razo (21:32):

For me, it boils down to understanding how you’re going to be attacked and understanding, you know, what are the steps. And I usually don’t start with, you know, trying to sell Microsoft’s full security stack. You know, I would say we could cover every aspect of that, but that’s not realistic a lot of times.

Jose Razo (21:48):

And so, usually the way I kind of try to present this to the customers is what do you need to do is number one, you need to be able to do risk assessments. Understanding where your risks are, identifying your assets. And this is going to help you evaluate the type of threats and what is priority. Then you’re going to try to follow that with preventative measures. And the third step would be detective measures.

Jose Razo (22:07):

So, we need to be able to prevent. So, this would be training our employees, purchasing those security A.I. tools and trying to leverage, you know, the sophistication of the new solutions that are out there. And then as well as being able to detect it because we can try to prevent everything, but something’s going to get through. And so, once it’s in there, how do we find out?

Jose Razo (22:23):

And the last thing is, how do we respond? What is our incident response plan? How do we come in here and try to remediate as quickly as possible? And I think those, in a nutshell, is how customers are doing it. I know they’re very generic and broad, but those are the key fundamentals to doing this. And every security product you buy, whether that be from Microsoft or any competitive solution, is going to help you do the assessments, do the preventative detection, and then help you respond and remediate after that.

Jose Razo (22:48):

And so, those are the big key points of customers. We have oil and gas customers, large oil and gas customers, one out of Houston. We have the world’s largest beverage company applying these same types of ways of thinking and ways that coming through. It’s a very simple approach, but it’s effective if implemented correctly.

Jose Razo (23:04):

And this is large corporations that are doing this. We’re not talking about small companies. These are companies that are spending millions and up to billions of dollars every year because, as you stated, many times, the economic factor of a breach, a lot of times will easily pay for that security budget. You just remediate that one, you prevent that one, and your security budget is covered in full.

Scott Luton (23:25):

That’s right. That $2.5 billion goes a long way even at enterprise level. And going back to Jose’s framework, Kevin, you know, and I appreciate his talking about how simple it is, but you know some of the most powerful frameworks out there are simple. I think a plan, do, check, act, right?

Kevin L. Jackson (23:39):

Yes.

Scott Luton (23:39):

PDCA. How many organizations and professionals have benefited from that very simple holistic circular framework? And when I go through what Jose just shared, in my mind, I love the sequencing because it takes your mindset through kind of that holistic cycle. Assess the risk, look at your preventative measures, look at your detected measures, and then how are you going to respond? I got all that right, Jose?

Jose Razo (23:59):

Yes.

Scott Luton (24:00):

1. I want to pass the quiz, right? I want to earn one of these dozens of credentials that Jose’s —

Kevin L. Jackson (24:05):

Get your cyber badge, right?

Scott Luton (24:08):

I doubt they’ll let me in that school. But, Kevin, comment on that framework and the results that Jose just talked about.

Kevin L. Jackson (24:14):

Well, in the end it’s cyber hygiene. OK. Everyone, I hope, brushes their teeth, because if you don’t brush your teeth, you could get bacteria and you can get an infection and you could die, that’s dental hygiene. Whereas the same thing with cyber, right? Don’t trust everything that shows up on your browser. Don’t have that wild finger that clicks every link that comes up. You have to practice cyber hygiene or the boogeyman is going to get you.

Scott Luton (24:47):

That’s right. No doubt.

Kevin L. Jackson (24:48):

You know, and that’s all about education. I think.

Scott Luton (24:51):

Great point Kevin and I appreciate it, Jose, including that in part of the framework, right, training the workforce. And also, I think what’s really important in Jose’s framework was, how are you going to respond because what that implies is you’re going to get hit. There’s going to be a successful attack. The numbers are not in your favor. So, it’s important to be thinking about, OK, what do we do when X, Y, Z happens? So, good stuff there, Jose and Kevin.

Scott Luton (25:13):

All right. Kevin, I’m going to get one of your favorite patented key takeaways here in just a minute, right, as we start to wrap here. But, Jose, I bet a lot of folks are going to want to be sitting down with you, picking your brain, comparing notes, talking shop, how can they connect with you and the Microsoft team?

Jose Razo (25:28):

You can reach out to me via LinkedIn. You can directly ping me on Teams if you can, you know, use my Microsoft e-mail address. You can reach the security team, microsoft.com/security. If you want to talk specifically industry, say energy microsoft.com/industry/energy. I’m sure we could post those in the show notes.

Scott Luton (25:45):

That’s right, or they might find you at Killen’s in Texas.

Jose Razo (25:49):

Yes, they will.

Scott Luton (25:50):

Good barbecue, right?

Jose Razo (25:51):

I do work remote.

Scott Luton (25:53):

I couldn’t quite make out the town where Killen’s was. How do you say that?

Jose Razo (25:56):

It’s Pearland, Texas.

Scott Luton (25:58):

1. Pearland, Texas. OK. It’s a new one for me. All right. Good stuff there, Jose. I bet you’ll get some folks reaching out and wanting to talk shop and maybe a little bit of barbecue. Kevin, a lot of good stuff from Jose here today.

Kevin L. Jackson (26:09):

Oh, yes.

Scott Luton (26:10):

I want to ask you, what’s one of your favorite takeaways from all that Jose has shared with us here today?

Kevin L. Jackson (26:16):

You know, we’ve talked about this before, but don’t be scared, right? Learn. Education is out there, you know. So, don’t put your head — don’t be an ostrich, put your head in the ground. Be aware of the cyber threats, and also learn how to protect yourself against those cyber threats. It’s not a question of if you will be attacked. It’s not even a question of when you will be attacked because you’re attacked every day.

Scott Luton (26:47):

Everyday.

Kevin L. Jackson (26:47):

It’s how you will respond to that attack.

Scott Luton (26:51):

That’s right.

Kevin L. Jackson (26:51):

How will you protect yourself?

Scott Luton (26:52):

And folks, I would just add to that, take that four step framework that Jose laid out and dive into specifics with your team. Start to have the conversations, right? Have the dialogue, right? Figure out what those four areas mean for your organization.

Scott Luton (27:07):

Kevin, before we wrap the episode here today, I want to make sure folks know how to find you and connect with all the cool things you’re doing at one of the world’s most popular technology programs, “Digital Transformers”. How can folks connect with you?

Kevin L. Jackson (27:19):

All right. Thank you very much. I’m online all the time, but LinkedIn, Kevin L. Jackson, or “Digital Transformers with Kevin L. Jackson”. And you can find, you know, “Digital Transformers” at supplychain.com or the big X, right, Kevin_Jackson. We’re there.

Scott Luton (27:38):

Every day, all day. Yes, you can find us, like Kevin said, at supplychainnow.com. You can learn a lot more information there. Big things. What a great episode. Very timely episode and conversation.

Kevin L. Jackson (27:47):

Awesome.

Scott Luton (27:48):

I want to thank Jose Razo with Microsoft. Jose, thanks so much for being here.

Jose Razo (27:52):

Thank you.

Scott Luton (27:53):

Kevin, always a pleasure to have conversations like this with you. I feel like I walked away maybe with a half certification today, Kevin.

Kevin L. Jackson (28:00):

I’ll give you your cub scout badge insider.

Scott Luton (28:04):

I’ll take it too. I’ll take it. Most importantly, folks, big thanks to our global audience for all of your support and feedback throughout this remarkable journey we’re on. Big learning and educational journey, and we learned a lot here from Jose and from Kevin. So, thanks so much.

Scott Luton (28:19):

But folks, now the onus is on you because you’ve got to take something that Jose dropped here on us today and put it into action, right? Put it into practice. Deeds, not words. Everyone’s had too much lip service leadership, but that’s not how we protect our organizations from the bad folks out there.

Scott Luton (28:34):

So, Scott Luton, on behalf of the entire team here at Supply Chain Now and Digital Transformers challenging you to do good, to give forward and to be the change that’s needed, and we’ll see you next time right back here at Supply Chain Now. Thanks everybody.

Intro/Outro (28:48):

Thanks for being a part of our Supply Chain Now community. Check out all of our programming at supplychainnow.com and make sure you subscribe to Supply Chain Now anywhere you listen to podcasts. And follow us on Facebook, LinkedIn, Twitter, and Instagram. See you next time on Supply Chain Now.