Safeguarding Your Digital World: Cybersecurity Tips from Expert Josh Hankins

Speaker 2: 0:11

Welcome to Side Hustle City and thanks for joining us. Our goal is to help you connect to real people who found success turning their side hustle into a main hustle, and we hope you can too. I'm Adam Kaler. I'm joined by Kyle Stevy, my co-host. Let's get started, all right? Welcome back everybody to the Side Hustle City podcast today.

Speaker 2: 0:35

Special guest Josh Hanken, cybersecurity expert. Thanks for being on the show, josh. Thanks, adam, it's great to be here. Yeah, man, so you joined our co-working space last month and thought it just makes sense to bring you on the show. We've never had a cybersecurity expert on here and, due to the recent hacks, one to 23 of me, which, of course, is where my genetic information is. Not that anybody cares about that, but then also, like I think it was UnitedHealthcare a couple of the health systems just recently got hacked, which is really scary when you think about it, to have your health information at the disposal of some hackers. Who knows what they would end up doing with it. I mean, that's kind of the scary thing to me would be that personal information. If they hack Hulu or whatever, I don't really care. What are they going to get? My email address and my name, maybe Probably your credit payments and stuff like that.

Speaker 3: 1:28

Yeah, you can always cancel those. You can get your passwords.

Speaker 2: 1:31

You cancel those, but like your health care stuff, that would freak me out.

Speaker 3: 1:35

Yeah, absolutely yeah. We'll dive in more on that in a second. Like Adam mentioned, I've been in the IT space for nearly 30 years. I started off as a network guy, routers and switching. I spent the last 18 years in cybersecurity, risk management, compliance, cybersecurity defense things of this nature. So, yeah, it's been a lot of fun and looking forward to doing more work in the space.

Speaker 3: 1:58

But to get back to your original statement there, what would they do with it? Well, a lot of times, based on things I've seen and worked in I've worked with many different business verticals they're building, they get the data. They'll sell them the data brokers we can talk more about that later, but it's what it sounds like. If you're maybe a high value target and whatever that means to certain people, they're going to build a dossier about you and so they can better craft phishing emails or craft better attacks to get to you. And a lot of times they will play the long game.

Speaker 3: 2:32

And by that I mean is let's say I don't know too much about Adam, but let's just say he. Let's say that he and his wife are worth you know, I don't know. Let's just say $12 million. I like it. And let's say they. Let's say that they have a, you know, a 15 year old son and you know he set up to go to Yale because they somehow know that they're going to let Adam Jr graduate from Yale. And then they're going to, you know, build a dossier about him. So you know, oh, adam Jr, coming from pretty well family going to Yale, we're going to sit on this person and wait till they get their first big person or big boy job and then, you know, we'll start attacking them, get their information fraud, things of that nature.

Speaker 2: 3:14

So this is wild. I mean, what's going on nowadays in some of the stuff that's happening in now? Explain some of your background. So we've got, I understand it. I actually sat through a presentation that was super valuable that you gave for on behalf of some salespeople who you know they're not tech people. Right, they may work in a tech company, but they weren't necessarily tech people. So you oftentimes are that middle guy that says or at least you in this case, you were the middle guy and you were like, hey, look, we got to talk to some smart IT folks, csos, people like that. Salespeople may not be able to answer a lot of these questions, right, so explain that a little bit Sure.

Speaker 3: 3:59

Yeah, that's a really good question. So in that presentation and those venues I do work a lot with the C-suite, cfo, cso, cto, things of this nature. I was in a leadership role for the past nine years leading the cyber defense team. I also had to lead my budget management and a lot of his capex, opax, things of this nature, whatever makes the business go. So I speak their language in terms of business, but also what's the threat landscape? Look to them, what's their risk appetite in terms of what they're willing to pay versus what they're willing to protect, things of this nature.

Speaker 3: 4:35

So we have a lot of good conversations. I know they're paying points. I've been in this business, like I said, nearly 30 years and I've traveled a lot in the past two years through Toronto, over to California, back down to Texas, florida and back up here to the great Commonwealth of Kentucky. That's right. Every business faces the same problem. They have the same technical hurdles, they have the same political hurdles, they have the same money constraints. So for me it's really fun to listen to all that not their pain, but listen to that and see I learned from my experience, but I also learned from the others around with me and I give them my proposed solutions on how we can address their risk.

Speaker 2: 5:17

Yeah, and one of the things that I've realized is working with IT. As somebody who owns an ad agency Right, and I'm not a developer I know how to talk to developers. I'm the marketer and designer, but it always seems like when you get to the IT department, it's so hard to work with those guys and what is the deal there?

Speaker 2: 5:40

I mean, how do you jump through the hurdles of the politics and the egos and all that? Because in my experience, the technical people are generally the ones who think they know everything Right and I don't want to talk bad about that, but they would probably agree with me on this and when you get two tech guys in the room, a lot of times they bump heads. How do you, somebody who has to work with different departments, with different types of people, with different egos, with the you mentioned politics, how do you manage a lot of that kind of stuff when you're doing your job?

Speaker 3: 6:15

That's a great question. Looking back from my whole line of work, I'll give you two answers. So when I was an individual contributor on the tech side, people got to know me. I'm a pretty easygoing guy, make lots of jokes, have fun. I also know when to double down when we're working on an incident or down outage, things of that nature. I always did what I said instead of what I do. With people calling me at three in the morning, even if I wasn't on call, I pick up and help them. So they showed that I was actually and with them. That's always part of it.

Speaker 3: 6:48

Also, whether you're an individual contributor or my last role as a director of security, I always gave praise for folks that needed it yeah, folks that deserved it, right. So, whether you know, you can always write a note, send it to their boss. A lot of companies have their own formal ways to recognize employees, which are really nice. Those are things you should do. It's just a good human thing, but they show that, hey, this guy just isn't saying stuff, he actually does it.

Speaker 3: 7:18

So you know, one of the last things I did at my previous job was I launched the DevSecOps program, and we can talk more about that later, but it's really infusing security, what they call shift left at the beginning of the development life cycle, and so that's really hard because most time developers, engineers, data scientists, et cetera they just want to get their code done. We get that. So I worked with a lot of great people, a lot of smart people, and I thought to myself, hey, if I was in their shoes, what would I want? So I basically thought about what all the VP's of software engineering and the CTO, the CIO, seeing this nature like, what roadblocks would they have from their team? I pre-addressed all those as much as I could, and then I got budget from the finance team to address some of the learning components. So it really was removing the political roadblock, yeah the big one.

Speaker 3: 8:10

The technical. It's like my team doesn't know how to do that. Okay, here's a refresher. It's not going to cost that much and, by the way, it's not coming out. Your team budget is coming out my budget. I just need your team to show up for it. Yeah, no one can really say team much. None of that, you know. Let's make it part of your goals and objectives and we'll just say, hey, security is a form of secure coding. Well, if you have to bring code back because of a defect in terms like, hey, this didn't do what it's supposed to do or was a security defect, it's just code quality, it's just another form of it. So let's just frame it as that. At the end of the day, do I personally care as a manager of security that you're fixing it because you think it's A or B? I just want it done.

Speaker 2: 8:50

Right. Well, if I'm an executive too, if I'm, you know, higher up in the company, ceo or somebody, I just want to know that my technical team is working on solutions. I want to know that everybody's doing their thing. And I think right now you've got a lot of weird things happening across the country in technology, especially in California. You hear, all these Facebook guys are getting let go and Twitter. You know, obviously Twitter let people go, but that was for a different reason. But you're starting to see a lot of cutbacks.

Speaker 2: 9:21

The companies that I think are that are doing the best are hiring guys like you right now because cybersecurity is such a big deal. If you're cutting back right now, a lot of times you cut back on marketing, you cut back on sales, you cut back on, you know, the people that you think are expendable. If you're a tech company and you're cutting back on cybersecurity right now, that's probably not the place to cut. You're probably in trouble, right? If, I would say, any company that's looking to bring a guy like you on or invest in their cybersecurity strategies or anything moving forward, those are the companies that are probably well run. In my opinion, they're the ones who are like hey, we know. This is important. We don't want to be the next victim of some kind of hack. We need to bring in somebody who knows what they're talking about, right?

Speaker 3: 10:48

That's a very good point. I mean a lot of the companies. If they run well right, they're going to have enough capital to float that, whether they're more OPEX or CAPX heavy. Sorry, I get that. Just make sure it's not bothering us. But your strategy needs to have that long-term foundational pieces.

Speaker 3: 11:09

But what I found that really works well is how do I show, not just to my executive level but also to my peer tech level, what's the ROI Like? How do I get this back? And as my ROI measured in money, is it measured in my security metrics? Is it measured in sentiment with my peer groups? Actually, it's all of them. That's one thing I used to do in a previous role was to measure all that.

Speaker 3: 11:34

We can talk more about that Cybersecurity metrics, metrics that matter, metrics beyond just checking the box. But you really need to be thinking of that. If you have a good strategic plan set with good milestones, it'll be just fine, but you still have to be that Adam Smith hand looking at every three, six months to 12 months Like does this still make sense? We just acquired X? Do we need to pivot? Or the economy changed, or is it different? Vertical, that's hot or one's less hot? Do we need to be concerned about that.

Speaker 3: 12:06

So but most of the people I've worked with over the past 30 years are very, very astute business operators and I learned more from them than I did ever studying for a Cisco test no, in Cisco great test, all my cybersecurity tests all super hard. I learned a lot. But I can learn all that stuff online. If I don't know it, I can olden days I could pick up a phone and call somebody I know in my field and say, hey, help me explain this to me. But the business things, those principles and really seeing how business and tech work together and I've been around probably five to seven super astute business operators and for me it was like watching a magician talk and work, like it was really awesome. I learned so much from them.

Speaker 2: 12:48

Yeah, and speaking of that like I mean you're, I mean you've been doing this for a long time now. I mean, obviously, you know, for somebody to be able to like find you and pick you up would be a home run. But talk to the younger folks out here, like what I've said for a long time now, and it's starting to become an even bigger thing with AI. So AI and cybersecurity, understanding both of those things going into the future Right, if I want to and this isn't a podcast about, you know, jobs necessarily is a podcast about like, how do I start my own thing and become a consultant, which you've been?

Speaker 2: 13:23

right you've done, you just got done. Doing that Right Still doing it yeah. Yeah, I mean you know, with the project. Yeah, if I'm looking to the future or if I'm an adult out here with kids and I'm like, hey man, what career does my son go into, my daughter go into, like where would you push people right now? I mean, do you think cybersecurity is like the next thing? I mean it doesn't seem to me like it's going away.

Speaker 3: 13:44

It's a good question. It's not going away, obviously, with the intersection of AI and cybersecurity, two things One the adversary is leveraging it as much as we'll be leveraging it, so we have to leverage it too, so we can adapt faster with our defenses and things of that nature. It's also understanding how it works. So there could also be a ditch position in terms of how do I protect my data lake where I generate my LLMs or whatever your training models, because there's a thing called data poisoning, some other things like that. So were you data poisoning the data lake? Were you poisoning the data lake? And then the person runs their AI and they're going to get bad results right. So I mean some of the bigger players like Microsoft, google and Amazon. They have ways to do it with, like their corporate tenant and etc. Where you know it's fairly like pristine, but to me, for that, that's just like good old fashioned code code versioning control.

Speaker 3: 14:40

Yeah it's the same concept, just on steroids, right. So but for roles, understanding how the AI works, understanding what it's doing. I used AI this weekend to do some things for me and it did a pretty good job and I was pretty amazed by it. But I still read it and checked it, because some things got left out that were important to me and that could have been just from it learning, but also maybe I didn't write the correct prompt. Yeah right.

Speaker 3: 15:04

So it's playing around with the prompts, getting what you want it's a good assist in my book depends what you're doing, but also you have to have it with you know a good eye in terms of does that result make sense? You know I was helping my kids with math, like you add, and if you take the answer and you subtract, it should be the same right With the reason. So that's kind of you need to have that check and balance there when you get your answer from AI. But definitely it's going to be embedded with the roles, even if you feel like you're not going to be a direct operator of AI. It's good to understand that in the tech field. So when you're in meetings with tech executives or that tech person who knows it all because they go home and just study it all day long because that's what they like to do, which is great, right, you need to understand just the basic terms like LLMs and AI and generative AI, things of that nature.

Speaker 2: 15:58

Well, and what about? So? You know, in my experience, most tech people seem to be very introverted to the young people out there. You're a very personable guy, right? Yeah, if you see something that's an issue, you don't have a problem going here or there talking to people, building relationships. It seems like especially here. I mean, just as soon as you get here, you're talking to people, you're getting to know people. I don't think a lot of tech people are like that. Is there a benefit to having an introverted versus extroverted personality in this industry?

Speaker 3: 16:35

Absolutely For a couple of things. One, if you're in the classic example, as you get really talented coder, you stick them in the closet, you give them tweekies and mountain dew and love to do their stuff. The mountain dew is very important, you know, and the world needs those folks. But then at one point that human is going to have to tell you're their manager or upper manager something. So that's where a person who's really good in terms of understanding the tech maybe not to the bit level of this person's doing memory code swaps and he or she thinks that's the next bees knees thing. That's great. But why are we doing it Right? Like, yeah, we don't because it's fun. Are we doing it because the client asked for it? And what's the benefit? What's the business value? What business problem are we solving?

Speaker 3: 17:18

The most super tech introverts we don't care too much about that. But you have to. You need both. But in the dates, like, can you articulate your message to the right audience? I still work on that, especially when I speak to the C suite. I can give them a thousand reasons why X needs to be done to mitigate the risk in their environment. But they don't have time. They're smart people and everyone thinks they're not, but they are, yeah right. They're very laser focused on business things and for me, I feel like the business world is so abstract. That's why tech was kind of I gravitated towards that. I do like that section of human, business and tech intersection. That's where I feel like my sweet spot is. I'm a very extroverted person. I like giving presentations, talking to people, breaking down barriers in terms of which is hard to find, Like in my.

Speaker 2: 18:08

From what I know about tech people, none of them want to get up in front of anybody. None of them want to stand up in front of a room and explain things. They just want to hang out in their closet, drink that Mountain Dew, eat some Cheetos and just watch the Blinky Lights. The guys that I've met, that's their thing. Right, the thought that they are going to stand up in front of a room, explain to a bunch of non-tech people and be able to dissect the hard information and make it easy to understand to a bunch of salespeople or to a bunch of execs who are not CTOs Right, that's hard to do and I mean I'm in marketing. I have to do that all the time for not technical stuff but other things, abstract marketing, ideas and products. But you're kind of doing that. In a way, You're kind of a marketer for technology, Exactly.

Speaker 3: 19:04

Yeah, I do work a lot with those groups in marketing, sales, PR etc. You have to have somebody that can speak, understand the tech side really well. But also, how do you hone that message? So it's really knowing your audience. I know that's trite, but really it's knowing the audience. And then what message do they want to be left with?

Speaker 3: 19:26

So when I moved into a manager role, I was a direct report at the CTO level. So I know this fellow was super busy and I was only one-tenth as busy as he was and I was super busy. So I don't know how he, that guy, even got any sleep. But when he would ask me for a response to an email, I would give him three bullet points of what he wanted and then right below it I said here's your short, Tough Note version answer. If you want a deeper dive, it's right here. So that way when he or she's reading that night, he or she gets the answer Like oh, perfect, that's why I need it.

Speaker 3: 20:05

I'm like well, I don't understand what Josh means by that. Oh, here's his deep dive. Oh, that's what he means, and he or she can read that at their leisure. I got a lot of compliments on that. He really liked that, so something I've used before. I always leave it at then. Hey, if you got a question, just call or text me. Within reason. I'll probably be asleep between midnight and seven, but call me anyway If you think it like it wasn't. Really. I was into a manager or a leadership role that really understood all the inner workings of the business or some decisions that are being made that you can't tell your team and there's some repercussions upstream and downstream and things of this nature. But if there's a business decision that has to be made and they're waiting on a data point from maybe some tech, they need that right, and they can't tell you why. It's not secret, they're just busy, or they really can't tell you yeah, yeah, Right.

Speaker 2: 20:57

So now, if you are so your career I mean obviously been around a long time understand the business. Guys like you can just kind of do your own thing. I mean you could, you could create your own business. You could be just a consultant where you come in and you talk to these companies. That's. I mean, in a way, that's what you've done before.

Speaker 2: 21:25

So if there was an industry that you would say you could hyper-target, like for you because when I talk to people on this show and the people who listen to this show they want to know where the next opportunity is, like they want to maybe start a business they could potentially be like hey, I'm good at technology stuff, now Maybe I want to jump into this thing and start my own consulting practice. What industry would you say needs it the most? What industry would you say, if you, Josh Hankins, knew one industry particularly well and could get in there and knew the threats and knew all the players and knew what the companies needed and who needs you the most, which one would you say Like, what industry would you say would be a good one to go into?

Speaker 3: 22:15

That's funny. You mentioned that. I was talking to my friend about that and one of the things that's near and dear to my heart just everyone can relate to is just healthcare. It's a critical service. It's identified as a critical service by the FBI, also part of the infregard We'll talk about that later, but it was the number one critical service hit last year for ransomware attacks. Wow.

Speaker 3: 22:37

And the reason is what you would think right Like they're willing to pay the ransom folks because they're critical, life-saving services that need to be up right, right. So I take that kind of personally in terms like I could be my mom, my grandma, my granddad, my brother can't get to carry needs because some ransomware or they can't get the medication as taken longer, or someone you know you used to pay.

Speaker 2: 23:03

Well, that just happened recently too Like people couldn't get I forget what it was, but they couldn't get reimbursed for their medication that they'd paid for out of pocket. And that was a big deal for some people, especially when you think about the economy the way it is right now.

Speaker 3: 23:16

People don't just have money sitting around to pay for this stuff when they're supposed to have insurance cover that Right, and you're on a fixed income and you get medication, and what are you supposed to do to put on your credit card? I mean, there's some medications you've got to take regularly or they just don't work. Yeah, I mean.

Speaker 3: 23:29

I'm not a doctor and I don't play one on TV, but but you know it's. That's why they target them right, because they know that they're more willing to do that. Yeah, so advising folks with that it's also having a not just prevention strategy. You know I was always big and still am on prevent, detect and correct corrective controls. And what's my backup plan? You know a lot of people talk like we have our backups. I mean backup like it was our plan B. But you can back up your data. Everyone does it but most people don't do the other thing, which they think happens automatically, which is restore. When's the last time you restored your data and it worked the way that you thought? When's?

Speaker 3: 24:03

the last time you restored the data, it didn't have the ransomware binary on it. You know when's the last time you restore the data but your database needed to talk to it. Now it's in a different format or whatever, and now it doesn't play well. So what do you do? You have to have a conversion step for the database, Like there's a lot of little things that you don't think about, and the only way to really do that is just if you live through it, which is not a lot of fun. Or two you like, do, like, like a tabletop, like a test. Yeah, what do you do? And another thing you know in terms of ransomware. You know there's some things you need to think about, Just like what if your communications are compromised?

Speaker 2: 24:40

Yeah.

Speaker 3: 24:41

Like what if they have everything? They can look at your email, your corporate phones. Do you have an alternative method already set up and the people know how to work that? So yeah, how do you pay the ransom? If you want to pay? Do you have a Bitcoin wallet? Do you have a broker? Do you have someone negotiate? I mean, there's a lot of stuff you get right right, right, right Well that's wild.

Speaker 2: 24:58

But that industry, I definitely say, is vulnerable, I mean especially with the you know examples you just gave. But if I'm just a regular guy, I got a laptop, I go to coffee shops a lot or I come here to a place like this what does a Starbucks have to worry about when it comes to that kind of stuff? Because I'm sure they're even vulnerable to cyber threats. And you've got people that are sitting in there probably trying to. They've got some software on their computer or whatever. They can go into the network and see what everybody's doing on their computers. I mean, I've seen scary things like that. Or if I'm a guy just on his laptop trying to get a couple hours with the work done and read some emails, I might be vulnerable sitting in that Starbucks. What are those two groups have to?

Speaker 3: 25:42

do? That's a good question. So from an enterprise perspective you know Starbucks, the most middle to big companies they're going to have what's called a default route. You're going to get on that, you're going to get on their Wi-Fi and the only place within reason, like the setup you can only go out to the internet. Like you can't get to the internal corporate network. And some companies do what's called an air gap, like they have a special router that's just for customers get on it.

Speaker 2: 26:08

The guest internet Right.

Speaker 3: 26:09

The only way in and out it's just through the internet. It has no connection to their corporate network.

Speaker 2: 26:16

They have some way to kind of admins, to some way to back into it but they've created a network inside of that Starbucks, so now there's an open network inside of that Starbucks that their guests can go in and log into and right I mean you hit the splash splash page except all the terms and conditions I'm not going to hack.

Speaker 3: 26:34

No one ever reads it, you know. And so you know if that that kind of like obsconds or scones but off the skates, or washes Starbucks of any liability, if you're, you know, download a Kitty porn or something like that.

Speaker 3: 26:46

But, by the way, if you're a fine Kitty porn on any type of corporate machine, you have to by law call the FBI to please do that. But yeah, but from if I'm just a normal smell or normal person, I mean, you get on there, you get on the internet and you're connected. I would definitely, if your company has a VPN, definitely use that. Even if you don't have a, if your personal laptop, I would definitely buy a VPN. Now, the VPN, all that really does is encrypt your traffic from your laptop out to the internet. So no one really can see what you're doing.

Speaker 2: 27:22

So if you're going to your banking site, going to your health care site, people cannot intercept your data, your data stream, and try to decode that super important because if I'm sitting there on my laptop and I go to my bank to see you know what my account's looking like, or you know I go check out my crypto account or whatever, while I'm on Starbucks's Wi-Fi right, I don't want people being able to like somehow find and I don't know if there's a real thing. I mean can?

Speaker 2: 27:50

people can people find your password by being on that network.

Speaker 3: 27:53

Sure they can. They can, they can fake like they're the Starbucks Wi-Fi you want to connect to and then, if you do that, you connect through them and it goes through all their laptop man the middle or person the middle attack. Then they just record all your data. Then they can go back later and replay it and decrypt it etc and all that fun stuff. But you definitely need to have a separate ID and password or separate password at least for all your accounts. I have a 400. It's not a lot of fun.

Speaker 2: 28:20

Wow, do you use a password manager? I do, okay. Sometimes I feel like the password managers could get hacked.

Speaker 3: 28:26

They can. I mean the one did I use a different one than that. But you know, my the combination to open the safe is like extremely long and complicated, oh gotcha. So the longer the string to open it, the longer it takes for someone to crack it. I mean, if they're really, really into it, they'll get to it. But it's also like I used to tell the team. I ran like we want to make sure that they're not going to crack it. I ran like we want to make the target as small as us on our back, as small as we can.

Speaker 3: 28:54

So they get frustrating. Go to somebody. Yeah right, I'm spending 17 hours trying to get on the Josh's laptop and I can get in years of one hour to get more money or get even half the money I thought I could get from Josh. Like, well, that's a good oral, I have my time right, I'm going to do that. Yeah, so that's helpful. You have to mean if I actually have some accounts that I don't even put in my password, see if I have a minimal write them down.

Speaker 2: 29:16

Yeah, oh no. That's a good idea, especially if it's like a crypto wallet or something like that. You want to put your private key or whatever it is your words or whatever to get in there, or have to FA set up.

Speaker 3: 29:25

You have to FA you can also get your backup codes. I get those are printed off. Put them put in someplace safe. You know if, in case your phone gets hacked or you lose your phone, you can use the code to get back in. But, like it's usually like the payment which service, like 20 different long string of characters and you have to type them in oh my goodness. But you know that's your backup way.

Speaker 3: 29:45

And you know one thing a lot of people don't think about is they use reuse the same passwords or they have one main account Maybe it's you know, adam at gmailcom and that's your one account and then like, hey, I need to reset my password. So they send you a link you click reset it. That's all fine, dandy, if you don't have to FA set up for any special accounts, then what do I need to do? I need to get into Adam's Gmail, then go to his bank account and say I need to reset my password. Then they reset the password as you, even though it's not them, and then they change it to something they have. Then they drain your funds.

Speaker 2: 30:18

Oh no, I just talked to somebody today. He's an older guy, does a lot of political stuff, but he has been hacked His account or his credit card. I think he said it had been hacked twice in the last month. Oh okay.

Speaker 3: 30:31

Wow.

Speaker 2: 30:32

Yeah, he's definitely. I was like, wow, that's a lot of dude. I was like, are you clicking on links on your email that you shouldn't be clicking on? Or yeah, but people can essentially send out a fake email that says I'm from Fifth or Bank or PNC Bank or whatever bank, us Bank, the phishing attacks and they can send you an email you think it's from that company. You click on it. It takes you to a fake landing login page you put in your information and then nothing happens after that and you're like, oh, I didn't get a login, didn't work or whatever, but now they got your username and password.

Speaker 3: 31:05

Right, yeah, exactly. And also most banks or most websites do offer two-factor authentication, where you put your ID and password in and then it will prompt you for a second factor, which could be like an authentication app on your phone, like octa or whatever, or a google authenticator, or it'll send a code to your cell phone. Those can be intercepted. So I typically just I like to want the codes, or they'll send a phone call.

Speaker 3: 31:34

you pick up your phone and hit a number right yeah, or sometimes I'll be like, hey, it has a phone call. Here's the code we sent you. Now type it in.

Speaker 2: 31:41

That's probably another industry, though banking that is susceptible. I mean outside of healthcare, banking's probably the number two, like I might be number one. Right that people are going to try to hack and attack and do all that stuff too?

Speaker 3: 31:55

Sure, absolutely. I'm in a big target. It's not just for consumer accounts. There's business accounts, small, medium business accounts there's large accounts, there's wild transfer.

Speaker 2: 32:04

I might have worked at a bank, so I know yeah well, I mean, and if you're a small business and you have an internet account maybe you got a few employees, they got their own emails that becomes a whole nother issue, because what if they get fished right? Or now you've got all these people with these accounts out here. I mean, is that a? I mean, is that something that these smaller businesses even need to worry about.

Speaker 3: 32:26

Well, absolutely. I mean they can get your phone number and send you a text and say hey, I'm Adam. They send it to your brother and say I need you to transfer this funds. I'm busy, I'm at this campaign thing, I'm doing this, I need it now. I need it now.

Speaker 3: 32:35

And Ryan's a good guy. You know whoever it is, he does it. Well, he thinks, he thinks it's coming for you, but it's not right. Yeah, somebody else right. So I mean some some basic things.

Speaker 3: 32:48

You know I recommend to do for anybody is when you create your password. Say you're going to go to a banking site, it's. It gives you like how complex your password can be and so it says how long the max number of characters doesn't use special characters. It says a whole bunch of stuff. You really need to take five minutes and just read that. So if it's a 40 character password, they'll accept. Put in 40 characters and it doesn't have to be like random characters. You could put in something like Adam is the best, I love working at covworks a bunch of numbers and some other stuff. That's more of a passphrase and those are easier to remember. But you also put in a password safe. Another thing you could do is uh, what's any type of financial website, whether it's your banking or credit card or whatever. They have alerts you can set up. And I've read some places and people like anytime I get anything for one cent, I get an alert.

Speaker 2: 33:40

I'm like that's a little overkill because you're going to get numb to the pain yeah, you're going to get financial click in, and right, I forget it, it's another one of these, so I suggest people have a number that it's kind of a sweet spot.

Speaker 3: 33:52

Like you know, do you typically spend? You know, look how much you spend on average each transaction. You know you can ballpark that and but don't put an even number like 25 or 37 or 102, do you know? Set some number like 67 but put 0.21 or 0.01 or something something, because a lot of the fraudsters they know like if it's below a clipping level they won't get popped or the bank has to eat the cost. Yeah, sure, there's that. But also, like most I would say, if I had a guess, over 90% of the people probably put their clipping levels in some 25.00, right, or something. Dots, no, like funky sense, yeah. So, um, you have to think what everybody else would do and kind of do the opposite. That's kind of what the hackers do too. You gotta think like them.

Speaker 2: 34:39

So yeah, well, and they're smart people. So, josh, what's next for you? I mean, if somebody wanted to reach out, uh, you know, and bring you in for a consulting gig, or uh, I mean I don't even know if you're available to for a full-time job, right, because you're just kind of a side hustler too a little bit when it comes to this stuff.

Speaker 3: 34:57

I like helping people out, small businesses. I've worked with some friends, you know, doing things like this, just helping protect your stuff, and then you go, go out and have some pizza afterwards.

Speaker 2: 35:04

That's about it yeah, we're one of the hospitals around here, or even you know you could do this anywhere, I'm guessing, sure. But if somebody wanted to reach out to you, find you uh, you know, bring an assault. I'm guessing LinkedIn, or is there a email address you want to give out, or I think?

Speaker 3: 35:21

LinkedIn's probably the best place to start. Okay, so I'm gonna Josh Hankins LinkedIn. Um, you can find me there. Uh, cincinnati area. Um, you know I'm a proud northern Kentucky snob. I do, I do recognize the great state of Ohio and you know I worked in Ohio for many years, but I do recognize myself as a Kentucky snob, proud snob of Kentucky Commonwealth. Um. So, yeah, I'm always happy to answer questions and a lot of times when I travel for work, I get a lot of folks, whether they're starting off in cybersecurity or they're maybe the more grizzled vet like myself. They always ask me some questions. So I actually have a WhatsApp group where I send out links to discount or free training things that nature. I I just send it out because I I used to do it for my co-ops at my previous job, but you know, maybe some internships, jobs that folks may be looking for, but people didn't like that.

Speaker 2: 36:10

So it's helpful. You're a connector through your WhatsApp. What's the WhatsApp group is it? Is it available for people to find or can they connect you on LinkedIn and then typically LinkedIn, I kind of curate it. Okay, make sure like there's, you don't want just anybody in their mom joining it.

Speaker 3: 36:22

Yeah, I mean it's fine, like I can, only one. That sins on it because I didn't want it to turn into like some type of uh, I like sausage, I like pineapple, pineapple, my pizza and finding between the group. So it's only I can send messages. But you can send me a message outside the group if you want said hey, josh, I've had a few that few of the people been on the group. They hear some free training once you post in the group. Okay, it sounds good, look at it, make sure it's legit, not fun stuff. But yeah, people have been very helpful about it.

Speaker 2: 36:47

I love it, man. I love it. Well, josh, thanks for coming on the show today. This has been great. Uh, wish all the luck. I mean, I'm sure you got people knocking down your door right now to cybersecurity with all these, all the news and stuff that's been out lately. It's it's been crazy like I'm not even in cybersecurity and I'm getting all these alerts and stuff about all the stuff that's happening. So right, thanks again for being on the show.

Speaker 3: 37:06

I appreciate having spent a lot of fun.

Speaker 2: 37:08

I can't wait to come back thanks for joining us on this week's episode of side hustle city. Will you've heard from our guests? Now let's hear from you. Join our community on facebook, side hustle city. It's a group where people share ideas, share their inspirational stories and motivate each other to be successful and turn their side hustle into their main hustle. We'll see you there and we'll see you next week on the show. Thank you.