This Week in Enterprise Tech Episode 509 Transcript
Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca (00:00:00):
On this week in enterprise tech, we have Mr. Brian, she Mr. Chris Franklin on the show today. Now we've heard about the market trends are on no code and low code platforms and just how they're helping organizations digitally transform. The question is, do they create security risk? Plus we have a great guest today. Alex Iceman, he's founder and CEO of Genium. We're talk about the journey of an entrepreneur plus market trends for businesses and the type of talent they need to meet the demand. The secure world. Shouldn't miss it, TWiET on the set
Brian Chee (00:00:31):
Podcasts you love from people. You trust
Speaker 3 (00:00:35):
This. This is twit.
Louis Maresca (00:00:41):
This weekend enterprise tech episode 509 recorded September 2nd, 2022 with the gen out of the bottle. This episode of this week at enterprise tech is brought to you by new Relic. Use the data platform made for the curious, right now you can get access to the whole new Relic platform and a hundred gigabytes of data per month. Free forever. No credit card required. Sign up at new relic.com/enterprise. And by user way.org user way is the world's. Number one accessibility solution is committed to enabling the fundamental human right digital accessibility for everyone. When you're ready to make your site compliant, citing which solution to use is an easy choice to make, go to user way.org/TWiT with 30% off user ways. AI powered accessibility solution end by compiler an original podcast from red hat, discussing tech topics, big, small, and strange listen to compiler on apple podcasts or anywhere you listen to your podcast.
Louis Maresca (00:01:45):
Welcome to twit this week at enterprise tech, the show that is dedicated to you, the enterprise professional, the it pro, and that geek, who just wants to know how this role is connected. I'm your host Lewis Mosca your guy through this big world of the enterprise, but I can't guide you by myself. I need to bring in the professionals, the experts in their field. He's net architected, sky fiber net network, expert security, conno, sore, you name it. Plus he is all around tech geek. He is Mr. Brian Chee. Brian, how you doing my friend? What kind of trouble are you getting into this week?
Brian Chee (00:02:17):
I'm actually rebuilding a, uh, Lenovo. Well, I guess you call it a tiny PC. The whole idea is the maker space. Someone's managed to kind of corrupt it. So I'm gonna start from scratch and put a fresh copy of windows 10 because sadly it doesn't meet the hardware requirements for windows 11, but that's right. It's driving, um, some vinyl cutters and 3d printers. And I'm hoping to get it back to the Makerspace this weekend.
Louis Maresca (00:02:50):
Now what you said, it's driving wire cutters,
Brian Chee (00:02:54):
No vinyl cutter
Louis Maresca (00:02:55):
Vinyl cutters. I'm sorry. Quick away. Wait. Had a second. That sounds strange. <laugh> vinyl cutter. So it's almost like a little mini CNC machine then.
Brian Chee (00:03:03):
Yeah, well, we actually have a full CNC. That'll do a full sheet of plywood. Um, but these are tiny ones. We've got a, um, E size vinyl cutter, so we can do posters and, you know, big banners and so forth. We also have a small cricket, um, to do that. Oh, nice. And then it's also being used to drive, um, a bunch of Delta maker, 3d printers.
Louis Maresca (00:03:28):
Awesome. Fun stuff. You guys get the fun stuff, Brian? Well, thanks for being here. Well, it's always refreshing to have our senior analyst at MD back. He's our security enterprise expert as well. He's Mr. Curtis, Franklin Curtis, uh, have you recovered from traveling?
Curt Franklin (00:03:44):
Uh, I've not only recovered from traveling, I've recovered from COVID. So, uh, I'm feeling a lot better in pretty much every direction. Um, feeling semi human and ready to take on the world, which is a good thing because I've got a lot coming up in terms of writing about the things I saw and heard about at black cat and DEFCON and, uh, doing other cool stuff around cybersecurity. So, um, no time to waste. Gotta get to write. And soon
Louis Maresca (00:04:17):
I hear you. What, what was that? What do you think? What is the biggest surprise you saw at, uh, at black hat this year?
Curt Franklin (00:04:24):
You know, it's, it's interesting. I would say the, the big thing at black hat was the extent to which people are still talking about visibility. You know, that was probably the most common word that I saw on displays was visibility. It seems like we keep building incredibly capable, remarkably complicated environments. And from the moment they go live, we have no clue what's actually inside them. Um, and so visibility is, is a huge deal followed closely by the whole, um, identity and access management component of had a chance to talk to a lot of people, doing interesting things in, uh, IAM. And, uh, between those two, I would say you cover a good 70% of the verbiage on displays around the, the conference.
Louis Maresca (00:05:32):
I was like, well, forward to it. I'm actually looking forward to the coverage. Well, thanks for being back. Well, uh, according this super busy, actually, it's been a super busy week in the enterprise. We have heard about the marketing trends around no low, no and low code platforms and how they're actually helping organizations with digital transformation. But the question is, do they create security risk as well? Can they help maybe with data security and privacy at the same time, it's really great topic, kind of a two side of the coin, uh, scenario. So definitely get into that. Plus we have a great guest today. He's Alex, Alex Iceman, he's founder and CEO of gen. We're gonna talk about the journey of an entrepreneur there, but we're also talk about market trends for businesses and the type of talent that, and solutions they are reaching for and just how they can actually utilize new resources to the meet demands of the market.
Louis Maresca (00:06:16):
Lots of exciting stuff. So definitely stick around. But first, like we always do, let's go ahead and jump into this week's news. Blips op marketplaces may be the place where evil doers are lurking to help attack your organization and steal data. That's right, according to a former cyber criminal who once worked with and betrayed the secret service believes hackers have more prevalent and sophisticated tools than ever, and are highly motivated to attack. Brett Shannon Johnson is now the chief criminal officer at our coast labs, a fraud prevention company. He describes tools that are so sophisticated and useful and have their own marketplace like the bot marketplace called the Genesis market that organizations and governments should be very, very afraid. In fact, the interesting part of this is that 98% of cyber criminals are not using these tools yet, but they're so prevalent. They could become the norm.
Louis Maresca (00:07:10):
Now the Genesis market is a very interesting place. In fact, you can search for a target like chase bank or bank of America, Google, or Walmart. It then deploys the bots that are six accessing credentials for that target. It's essentially a bot as a service they've asked me, I coined the term folks that's right. Johnson thinks that with the economic downturn, in the availability of tools and marketplaces, it will lead to be actually an uptick in online financial crimes with bots. Now, to add a bit of validity to this statement, data shows that cyber crime has been on the rise, especially when it comes to cyber cryptocurrency. In fact, last month, hackers reportedly stole more than 190 million of crypto from the crypto firm nomad and a recent report by chain analysis, estimates that the amount stolen in cryptocurrency Heights is up actually 60% this year. Hey, there's a marketplace for apps. Why not bots?
Curt Franklin (00:08:06):
Well, according to an article published this week at dark reading, there's a new, old problem. That's rapidly building for corporate cybersecurity teams. And that problem is spelled I O T the article points out that researchers at clarity have found a 57% increase in O T bug disclosures. Compared to this time last year, the increase comes, they say courtesy of a combination of more connected products, greater security by researchers and regulations requiring disclosure of vulnerabilities. That growing number of vulnerabilities means researchers say that companies need both greater visibility into the IOT devices on their NA works and greater capabilities for managing those devices. Now, part of that visibility will need to include the extended internet of things or XiO T because who doesn't need another acronym. And that's a term that we're hearing more and more and more now XiO T includes things like devices embedded in other systems, medical devices, and other operational technology devices that might not traditionally have included in the old IOT category.
Curt Franklin (00:09:20):
Clarity says that 747 vulnerabilities were disclosed in XiO T devices between the start of January and the end of June a 57% jump from the previous six months. The affected products came from 86 different vendors. And for the first time proactive disclosure by vendors was the second most common way that information on vulnerabilities was published. That comes after disclosure by third party firms. If you're keeping scores, Siemens's represented the top disclosure of XiO T vulnerabilities at 214 with real link. Second at 87, followed by Schneider with 52. Now, one of the things that makes this category hard to track is that the definition of what precisely should be included is a moving target. N for example, defines IOT devices as those that quote have at least one transducer sensor or actuator for interfacing directly with the physical world and at least one network interface for interfacing with the digital world. In quote, some companies put devices for the medical field or industrial applications in separate categories. Others include those and have begun including mobile devices like smartphones and tablets, because so many firms use mobile devices as a way to monitor and control their network of IOT devices one way or another via one definition or another O T bugs and vulnerabilities or an issue that is unlikely to go away within any of our professional lifetimes.
Brian Chee (00:11:00):
So when I read the headline on this article that comes to us from ours Technica, I had to check the publication date, cuz it felt like, oh, a blast from the past. So get this, the headline reads Japan declares war on floppy disks for government use. And I go, huh, really <laugh> anyway. So the story goes, Japan's newly appointed minister of digital fairs to conno has declared war on the floppy disk in other forms of obsolete media, which the government still requires as a submission medium for about 1900 types of business applications. In other forms, the goal is to modernize the procedures by moving the information submission process online, Kono announced the initiative during a press conference in Japan. This last Tuesday, according to Bloomberg legal issues have prevented the modernization to cloud data storage in the past and Japanese government. Often offices often use CDs, mini diss or floppy diss to accept submissions from the public in businesses.
Brian Chee (00:12:12):
For example, Japan's minchi newspaper reported in the December, 2021 issue that Tokyo police lost to floppy diss containing information on 38 public housing applicants, a digital task force group led by Kono will announce how to fix those issues by the end of the year. Well, it isn't that far fetched just before I retired, I was hit with being forced to physically sign quite a few documents, even though the federal version of the same document, um, allow, have allowed digital signatures for many years. My opinion is that Japan like all too many bureaucracies are bound by rules, followed slavishly by unthinking drones that can't see beyond what has been done for years. So it's this day of labor shortages, perhaps we should and can rethink bureaucratic procedures administered by robotic unthinking humans and uh, well replace them with technology. Does that make sense? Come on people really floppy.
Louis Maresca (00:13:26):
It's been a busy week for ISPs is state governments when it comes to the FCC funding broadband deployments, according to our tech, our Technica this past week, the FCC announced a $791 million rural digital opportunity fund grant to provide six broadband providers dollars to help with network expansions to more than two, 350,000 homes in businesses in 19 states over the next 10 years now, the funding will help to support a whole slew of network technologies, including dig gigabit service hybrid fiber wi fixed wireless deployments that will provide end user locations with either fiber or fixed wireless network service used, uh, in licensed spectrum. In addition to the FCC funding, the treasury department and national telecommunications and information administration announced grants for states and travel entities as well on a less enthusiastic note. A few weeks ago, we checked, they, uh, they actually rejected SpaceX star starlings final application to receive that 885.51 million tentatively awarded to the pie auction.
Louis Maresca (00:14:24):
Now all the while the pie FCC was criticized for giving Starlink money for locations or adjacent to the major airports, the FCC has added whether starlings technology can meet the fundings program speeds and latency requirements when deployed to hundreds of thousands of customers, there were, there were other rejections in there as well. Despite the high profile rejections, the FCC today said that the R F is now set to provide more than 6 billion to applicants in 47 states. Now the P FCC originally awarded 9.2 billion to 180 bidders, lots of ISPs listed in this article that are still getting this funding right now. In fact, the biggest broadband fund of all is still coming. That's a 42.4, 5 billion broadband equity access and deployment program from the infrastructure investment and jobs act. Now it does have a long tail. So that means it's gonna come. Won't be for a while that money's being distributed by the NTIA and won't be released until after the FCC finishes a large project to upgrade the map of where providers do and don't offer broadband.
Louis Maresca (00:15:26):
And with all this money being thrown around for infrastructure expansion, one hopes that competition increases in the market. Also making it more affordable to all levels of consumer and business. Well folks that does it for the blips next up the bites. But before we get to the bites, we do have to thank a really great sponsor this weekend enterprise tech and that's new Relic. Now I know lots of developers out there and you are some of the most curious people. I know I'm one of 'em. I'm very curious. And the first to explore the newest technology, digging into documentation, not really wanting to not only wanting to know how things work, but why they work. That's exactly why so many engineers turn to new Relic. New Relic gives you data about what you build and shows you what's really happening in your software life cycle.
Louis Maresca (00:16:13):
It's a single place to see the data from your entire stack. So you don't have to look to into like 16 different tools and make those connections act manually. Now, new Relic, pinpoints issues down to the line of codes. You know, why problems are happening and resolving quickly. And that's why dev and ops teams at DoorDash GitHub, epic games, and more than 14,000 other companies use new Relic to debug and improve their software. Now, when teams come together around data, it allows you to triage problems, be confident in those decisions and reduce the time needed to implement resolutions. Using data, not opinions. Use the data platform made for the curious, right now you can get access to the whole new Relic platform and a hundred gigabytes of data per month, free forever, no credit card required. Sign up at new relic.com/enterprise that's w R E L I c.com/enterprise new relic.com/enterprise.
Louis Maresca (00:17:11):
And we think new Relic, their support of this week and enterprise tech. Well folks, it's now time for the vice. We have a couple articles here now. No and low code platforms and tooling is really the range of the industry. Right now it's empowers organizations to really develop solutions without specialized roles to get there. Plus digital, transformation's kind of the forcing function behind all of this is you use the tools to really help get be successful in that transformation after the transformation. So there's some stats here. In fact, uh, Gardner prod projects that the use of no code low code tools will grow from almost 25% of application applications in 2020 to 70% in 2025. Now the question is can the same tools help businesses develop solutions for their workplace? Also have a weak point security, maybe malicious actors are constantly spinning up new tactics and attack models and no, and low code tools leave huge backdoor sometimes for them to be exploited.
Louis Maresca (00:18:15):
Now an assessment by the open web application security project, OWA reveals several no and low code security risk from account impersonation, authorization, misuse to credential sharing and much more. And for some observers, no one low code tools actually sacrifice on security on the, without really improving productivity. They just kinda leave it out there. Even though these tools are very much in clear and present danger, the industry has moved to using no and low code tooling to actually help automate other things like privacy operations by securing data and meeting David privacy regulations like GDPR and CCPA. So it's not the other side of the coin. They're saying, Hey, let's go use these to actually make it easier for you to secure your data and actually fund, uh, fund compliance, uh, for your, for your data. Now, some of some actually offer automatic fulfillment of privacy requests via data subject and data access requests, uh, actually, which is a requirement of GDPR out there and under the rights access.
Louis Maresca (00:19:13):
And if you can also handle consent management and third party risk assessment. In fact, some of the no code, uh, low code integrations are out there for it, as well as Salesforce, HubSpot, Shopify, and other data sources, a lot of clients to automate privacy and deletion requests concerning in those systems. And the data mapping tools can also help create GDPR records and processing activity and tracks all personally identifiable information collected in those client systems as well. So this, this is really a case where no, and low code solutions are helping organizations, but they're also maybe hurting organizations. So I think this is a very interesting topic. I didn't wanna bring, um, my co-host back in because Curtis, this is a polarizing topic. It, it seems like no, and low code platforms have, are more positive than negative, especially in this case, they're helping data and privacy. Is that the, is that the consensus that you're seeing when you talk to organizations?
Curt Franklin (00:20:08):
Well, I, I think you got a, a bunch of moving parts here and it's important to look at them because the big place where no code low code came in, and the reason that it began to pick up steam was the idea that it would let subject matter experts. The people who are actually in the business units do development of applications that put their business processes into action, rather than having to go through the human, uh, chain of explaining what they want to do to developers who then have to build into, um, the, the applications and the systems, send it back, go through, you know, multiple revisions with all of that. The, the big problem traditionally has been that these business unit subject matter experts don't know it security. So the big question on security is whether it has been, whether the issues with no code, low code security stemmed from inherent issues with the system are the fact that people who don't know it security was using those systems.
Curt Franklin (00:21:30):
I think what we're seeing now is a shift. Uh, we've had guests on, in the recent past here at, uh, this week in enterprise tech, where they were low code, uh, system manufacturers, low code environment publishers who found that their systems are being used primarily by professional developers. And in those cases, there's no reason to think that the security and the controls for privacy, can't be just as good as those that come about through traditional development and can actually be greater because you have people who know security who have put those controls in place, and there's not a good way around them in the low code environment. So I think it's a, it's a moving target. It's a shifting scenario that depends heavily on exactly which generation of low code no code you're using and who you've got back at your shop, who have their hands on the mice and the keyboards.
Louis Maresca (00:22:43):
<laugh> I like that. Well, tee, I wanna throw this to you because obviously we talk to a lot of organizations trying to use no and low code platforms for many different reasons, obviously, because they don't necessarily have the skill. Curtis is saying, Hey, it's not always gonna be a replacement for that skill. Is that something that, you know, you see when you talk to organizations or people around, Hey, like most of these tools can do what they need to do and is the right generation. They can be secure enough and we can make use out of it to make our business better. And then there's an extent there's a, like a limit to where then I need to go and get that, that expertise.
Brian Chee (00:23:16):
Yeah. You know, it, our viewers are probably noticed we've, we've had lots of people on talking, no code, low code. It is a mega hot topic. And, you know, just a couple episodes ago, episode 5 0 8, we had out systems and they're talking about a lot of process control, um, controls that they've put in place. Um, now some of like, I, like we said, it is a polarizing topic. Um, some people are going to go, the sky is falling. It's bad. It's going to be the end of the world, blah, blah, blah. But on the other hand, there's also the opinion that, um, we don't have enough people in DevOps to be able to go and do, uh, what is in essence stovepipe applications, you know, customized applications anymore. We just don't have the skills. Well, the Bo warm bodies to fulfill the skills let's, let's call it that.
Brian Chee (00:24:20):
So there are, let's look at the two sides of the coin, one on the positive side, because the tools are available to the subject matter experts. We might actually start getting some better applications faster and better meet the needs of the users. On the flip side, we also have a lot of issues with things like dependencies. That's one of the big issues that have come up in several conversations, um, because they're compiling down to something, whether it's, um, interpreted code. So it has to be recompiled every time it's run or whether it's, um, compiled down to a base language like C sharp or something, there are, um, going to be dependencies involved. And so on the plus side, that means if we find a problem in dependency, the system can slip it out and slip, you know, a fixed version in faster. Um, then if we had to go and recompile a stovepipe application from scratch, um, again, you know, some of the people that are, you know, talking about this, this is it's like, well, shouldn't, they all compile down shouldn't they all be going to a fairly low level language so that they're faster, more efficient and so forth.
Brian Chee (00:25:46):
Um, some people have said, no, no, we, we want the flexibility. We want to be able to go in and say, oh, we found a goof in our logic. Let's go and change it quickly. So the two sides of the coin are going to be really interesting conversations as time goes on. Um, our guest, no, we are not taking pot shots at our guest. Um, the whole idea behind this dark reading article is just looking at some of the issues, just like, um, when the web first came out, you know, I was working at the university of Hawaii, um, for the first time and this new thing called a web, you know, worldwide web. That was really cool, but there was so, so many flaws in it, um, that the world was predicting, oh, it's never going to work. Well, world has changed, hasn't it?
Brian Chee (00:26:41):
Well, maybe no code low code is one of those things. We are just gonna have to see how the market, um, turns out there's going to be plus sides. There's gonna be, um, negative sides. Um, I'm hoping market pressure will do it now, going back to what Kurt was saying about security and so forth. One of the things this article does say is that, uh, security of no code solutions is a concern. And of all the respondents, only 7% of the server respondents said, uh, security. Wasn't a concern and all betcha that those 7% probably didn't read the question very carefully because everyone I've talked to one of the first things outta their mouth is, well, is it secure? And, um, knowing Kurt, that's probably gonna be one of our questions we're gonna pose to our guests. That's coming up and not too terribly long.
Louis Maresca (00:27:43):
Curt Franklin (00:28:32):
Yeah. And, and that's where you get into trouble. Uh, I remember long, long ago being taught the problem definition of assume, uh, why, why we don't assume. Um, and, and that hasn't changed. Uh, I think where we get into trouble is when we, as managers, as developers, as business owners assume that surely someone in the development chain is providing security. We might not, who know who it is, but we just can't believe that no one's doing it. And so we go along assuming that this security has been applied, we need to be asking the hard questions about precisely who is responsible for the security of the system being developed, what the basis of that security is and just how good it is, what precisely it's providing. Because if we don't know the answers to those questions, then the odds increase exponentially. That actual security is going to fall in the cracks between the various components. And the only thing resembling security is actually gonna be provided by the threat actors who try to make sure that their nefarious work isn't interfered with.
Louis Maresca (00:30:00):
Right. Right. So it was good to evaluate the platforms you're using. So I definitely agree with that. Thank you, Curtis. Well, I think that does it for the bites. We wanna bring the guests in to drop some knowledge on the TWiT, right. But before we do, we do have to think another great sponsor this at enterprise tech and NAS your way.org. Here's a little bit more about 'em
As you get bigger, they scale with you. If they can handle Disney, absolutely. They can handle you. They make best in class enterprise level accessibility tools available to you, your small or medium size business. And then as you scale, you need user way and you're ready. It just makes business sense. Some of the biggest problems, nav menus, very difficult. So the way this works, if you're blind or you're using accessibility tools, there is what they call an accessibility layer. That's what the screen reader sees. So really what user way does, is make sure that all the information available to the front page to the sighted user is available to the browser in the accessibility layer. It changes colors. Now you've got your Pantone color for your business. Of course we do too. Doesn't change that, but it adjusts hu and luminance. So it's easier for people with vision issues to read.
So user way will generate all tags. That's one of the reasons it needs AI. It can actually see the picture and generate an all tag that matches the picture automatically. You can go in if you want, you can modify it. Of course it fixes violations like vague links, fixes, broken links, make sure that your website uses accessible colors and you'll get a detailed report of all the violations that were fixed on your website. So, you know exactly what it did. Plus you can work with it user way, integrates seamlessly with your site builder software, let user way help your business. Meet its compliance goals. Improve the experience for your users user way can make any website fully accessible, ADA compliant, and everyone who visits can browse seamlessly, customize it to fit their needs. It's a great way to show your brand's commitment to the millions of people with disabilities. It's the right thing to do
Louis Maresca (00:33:04):
User way can make any website fully accessible in ADA compliant with user way, everyone who visits your site can browse seamlessly and customize it to fit their needs. It's also a perfect way to showcase your brand's commitment to millions of people with disabilities, go to user way.org/TWiT and get 30% off user way's AI powered accessibility solution, hook a short call and get their accessibility guide user way, making the internet accessible for everyone. Visit user way.org/TWiT today. And we thank user way.org for their support of this week and enterprise tech. Well folks, it's my favorite part of the show. We actually get to bring the guests to drop some knowledge on the TW riot. And today we have Alex Iceman, he's founder and CEO of Genium. Welcome to the show, Alex.
Alex Iceman (00:33:54):
Thanks. Thanks for having me.
Louis Maresca (00:33:55):
Absolutely. No, we you've had quite the journey, uh, and career I professional athlete to founder and CEO of tech industry. And, you know, we have quite a diverse audience out there from different stages in their career. Can you take us on a journey and what brought you to, uh, gen?
Alex Iceman (00:34:11):
Absolutely. Um, I was really good with computers. Um, probably starting at the age of 10 and, um, my dad brought some old computers, very old, um, 2 86 machines with green monitors and I was able to just play around with them disassemble and, and do certain things. I wasn't doing much of programming, but I was enjoying kind of, uh, geeking out on those, uh, with those machines. And, uh, overall I've been always next to machines, but I mean the computers, but then, uh, fast forward, um, I got into chemistry at school and, uh, chemistry was a big part of my life. And then hockey happened at the age of 11. I played until I was 15 and, um, went to college and got my first master's in biochemistry and then parallel I was doing, um, hockey and, uh, um, I was, uh, a professional hockey referee, uh, for many years throughout the college.
Alex Iceman (00:35:03):
And then, um, um, so on and on, and at the age of 18, I've decided to open up my first company before I turned 25. I saw a, a friend of mine and his dad running his, um, his family shop. And, uh, I kind of liked that lifestyle and how they, um, could build your own schedule and, and, and SA, and I kind of made a promise to myself before I turned 25. I would open up my company. And then I kind of forgot about that promise and fast forward. Um, I went the United States for the first time when I was 22, I think. And I, I was fascinated. I came to San Francisco was fascinated by just the ecosystem and the startup environment, the take a talk. And that's where I decided that biochemistry is not getting caught it and I, wasn't kind of enjoying it, uh, as much.
Alex Iceman (00:35:50):
And that's where I went and got my second masters in computer science and, uh, mathematics. And I really loved it and that's, uh, propelled me into software development field. And, um, I moved the United States, got my first job. Um, I remember on the job interview, I presented my phone, which was iPhone fors, I believe. And it had both iOS and Android installed on the iPhone and I was able to, you know, hack it up the way that, uh, um, and it impressed, impressed the interviewer of my, like a lot. You've never seen anything like that. And, uh, I've got a really good job offer, um, and not to mention my, um, thesis was in cyber security and, uh, um, applying, um, mathematical analysis and statistics, uh, preventing DDoS attacks. And, um, so I was into like white hat, uh, hacking and I was able to, uh, install Android on the iPhone, which was pretty cool.
Alex Iceman (00:36:43):
Um, that's cool. And, uh, yeah, fast forward started my company at 25 and, uh, everything went there. Hockey still big, big part of my life, uh, professional hockey referee still in the American league and, uh, fly airplanes as well as a pilot and compose some music too for films. But, uh, software is a big part of my life. And, uh, as an engineer and, uh, entrepreneur, I'm here, I'm here to share the, you know, my Mo mostly mostly, uh, life lessons. So people don't really step in the same mistakes that I, you know, I did. <laugh>
Louis Maresca (00:37:13):
Well, you, you, you've definitely combined a lot of passions together. I, I definitely give you that. That's amazing. Now I let's talk a little bit about genie because I think it's a very interesting company and it, it kind of reaches different sectors of the market. Uh, one being that it is a, um, it does help with, um, kind of a professional services consulting type thing, but also providing resources to organizations to help solve some of the technical challenges out there. And I can tell you that the price tag that offers engineers, especially in the us sometimes is, is especially now, is actually on the rise. Um, what other locations around the world are you kind of working with and what types of projects, what kind of demand is driving those things?
Alex Iceman (00:37:54):
Uh, great. I think it it's, it's important to share, share the story, how it all started. I think, um, you know, I started started working as a software engineer and I started first my consultant company here in San Francisco, and I was hiring engineers here in San Francisco, but it was impossible to compete with big guys, big names. They were, um, offering huge salaries and stuff. And my clients started to reach out to me and say, Hey, Alex, can you build software or higher developers at the same quality, but somewhere else. So we, we find a better price tag. And that's how I started looking outside of the United States. And I did a lot of test trial projects in different, um, different regions of the world, China, India, Eastern Europe, uh, I've done Philippines. And then I started doing Latin America and that's where Argentina came about.
Alex Iceman (00:38:37):
And, uh, we had the great success there, really high quality, um, high quality engineers. And then we grew into Latin America, similar time zone, really good English. Um, and the process that we have to get the best of the best really helps to build, um, amazing teams for clients here in the us regarding the industries. Uh, I really like to have fun. You know, my background was cybersecurity. So gen is iCare certified by the department of defense and department of state to work on, uh, um, top, top kind of secret projects, level one level to outside of the United States and, uh, take on really exciting stuff. So cybersecurity at the core of how we hire people, the background checks. And, uh, I also made a promise to myself, not to hire people who will do spaghetti code, cuz I've done a lot of untangling of that in my life.
Alex Iceman (00:39:22):
Right. And it was so painful. I said, no, we are gonna get good architects that no proper, uh, data structure algorithms, they know how to build our, an architect properly, um, software. Um, and, uh, so we, we build something that everybody will enjoy interacting with and engineers will enjoy, enjoy looking at the, at the code and that's how we started to grow. And the, um, clients we serve, they're all in, um, major verticals of either, um, data protection or, um, threat preventions or, um, identity verifications at such and such. So it's not necessarily cyber security, but those companies really need good, um, practices around hiring and, and building the right software with the right architecture.
Louis Maresca (00:40:04):
It's not like you do kind of work all over the, over the market. I, we talked a little bit about in our previous segment around no code Loco platforms, how it's attempting to help organizations that don't have the skills kind of bring to Morgan digitally transform, you know, when do you see, when do you see the threshold? Where's the threshold at when like no colo platforms are not enough and now you need to go and come to some organization like yours to really provide the professional experience.
Alex Iceman (00:40:29):
So that's an amazing question. We do have, uh, several clients that, that provide NOCO platform. So we, I do work with them day in and out, and I know they, a lot of the background on how they come about and the benefits of it. Um, and I think it's a great thing. That's an abstract on top of the, of, of the programming languages you have, and that's, what's been happening with the industry since assembly, and then you have, uh, higher level programming languages and then frameworks, and now you have no code, low code platforms, and it's a, just a natural evolution of the software developing process. And, um, I think it's a great tool and I wanna say something that's very important that that struck my nerve when I was getting my degree, um, at mathematics and computer science that security and cybersecurity is not, is not a question of if it's a question of time throughout which your data will be secure.
Alex Iceman (00:41:19):
Every, every system could be hacked, uh, with, with, uh, basically, um, enough money and enough time. And it's just the time period throughout which data will stay secure and you constantly have to keep updating things and, and adhering to checklists. Um, so I, I think it's a great tool and I think, um, you, you gotta pick the right tool for the job, no code low code platforms allow to do that allow bigger businesses to, to transform themselves digitally. Um, not necessarily having the knowhow of, of software development or in like huge engineering and R D departments. Um, and I think it's a great tool regarding cyber security around those tools. Um, at least what I see and how we approach that is having checklists on every level of software development, whether it's planning, whether it's testing, implementing, and, um, frankly the vectors of attacks have haven't changed much.
Alex Iceman (00:42:10):
They are very similar since the inception of internet. And, um, as long as you check those categories and, uh, men on the middle attack, you know, St overflow attacks and they're very similar, the, the, the, uh, the, you know, the most weak element is a human element. So if you, um, try to eliminate that, um, with procedures and checklists, that makes it a really good software and, and just keeping track of all the security updates on, on libraries you have. Um, so I think talking about the low-code no code, it's a great solution. I think at certain point of time, you still need, um, specialized engineers that know how those platforms work. So it's, you basically create a, a double high, um, high level abstract, but you still need engineers to figure out how to customize those abstracts. So even though it's low code, no code, you still need to have engineers specifically trained to do those.
Alex Iceman (00:43:07):
Louis Maresca (00:44:15):
Actually see, I actually see a lot of job postings out there for, like you said, specialized platforms, like the, you know, the app of the world, the sales force of the world. So you're right. Like there's definitely super special areas that you have to go to sometimes, sometimes just, just to kind of get somebody to build on top of that platform. I do wanna shift really quick to something else before we have to go to our, to our ad. Um, you talked a little bit about security, uh, and how, you know, a lot of the, a lot of the different, uh, organizations you work for are looking for security solutions. You know, one thing I we've talked about in the past is on open source software and how like with the recent, uh, supply chain attack sometimes open source might not be the best approach when you're building software for making things more secure. What's what's your point of view here? What, what do you guys, how, how are you guys involved with open source and how are you use it with your solutions?
Alex Iceman (00:45:02):
Uh, great question. So opensource is widely, uh, a widely used and variety of different different industries. And we're not an, an exception you, you use open source and you always use stable versions of libraries of the open source that have been there for quite a while. So you have to pick the stable versions that you're gonna start with and then monitor the security vulnerabilities. And, uh, for certain microservices that are more, um, more, um, more prone to certain attacks, you really carefully check what, what you're implementing or certain things you would really copy and implemented yourself and test test against those vectors of attacks. Uh, but I think open source in general is an amazing tool and, and we'll see a rise of open source communities and, and, and um, in the upcoming years and my true belief that the open source is the only power to solve.
Alex Iceman (00:45:52):
Um, one of the most challenging problems in the, in the humanity right now, like curing cur, um, curing cancer, or, um, helping with me medications, opening up new stuff. Um, AI, and only like a company, an enterprise company cannot hire, um, hundreds of thousand developers just contributing to an open source community or a product and, and, and a cause. Um, and it's really an amazing power. And I think we we'll see more of it in terms of security. Really what we do is we, we like down the certain number, like the version numbers and we track the track, their updates and security vulnerabilities. And, uh, um, that's, that's what you have to do. Um, biggest, um, stable version.
Louis Maresca (00:46:37):
We have lots more to talk about. We wanna bring my coast back in. I'm sure we'll, we'll get into the security topic as well, but before we do, we do have to thank another great sponsor of this weekend enterprise tech. And that is compiler an original podcast from red, red hat, discussing tech topics, big, small, and strange. Now compiler comes to you from makers of command line heroes and another of our sponsors and is hosted by Angela Andrews and Brent semio and technology can be big, bold, bizarre, and complicated compiler unravels, industry topics, trends, and the things you've always wanted to know about tech through interviews with the people who know it best. Now on their show, you'll hear a chorus of perspectives from the diverse communities behind the code. Compiler brings together a curious team of red hatters to tackle big questions in tech. Like what is technical debt or what are tech hiring managers actually looking for?
Louis Maresca (00:47:26):
And do you have to know how to, to code, to get started in open source? Good question episode two covers what can video games teach us about edge computing? Now the internet is a patchwork of international agreements and varying infrastructure, but there's something coming to change. The ways we connect and in the episode of compiler hosts, explore what edge computing can mean for people who are enjoying video games and what this form of entertainment can teach us about the technology itself. Episode nine, how are tech hub changing to now? Traditionally, if someone wanted a career in tech, they need to move to a tech hub city pack with startups and talent, but things are starting to change. Now, the host of compiler, speak to a fuel of change makers out there who are thinking outside the physical and social dimensions, we've come to associate with innovation.
Louis Maresca (00:48:15):
Now the edge computing episode was excellent. Definitely listen to that one, that, that did an amazing job of distilling down what edge computing is and just how practical applications make it seem more accessible to everyone. Definitely check that episode out, learn more about compiler at red that HT slash TWiT new episodes are at now. Go and download them at any time and be sure to check back for new shows, listen to compiler on apple podcasts or anywhere you listen to your podcast will also include a link on the episodes show page. And we thank compiler their support of this week and enterprise tech. Well folks, we've been talking with Alex Iceman, he's founder and CEO of gen. And I wanna do wanna bring my cohost back in cuz I'm sure they, they wanna ask some questions. I wanna curse. I wanna go to you first, cuz I think we've been kind of talking about security for a little bit and you're, you're definitely got probably some inklings for talking about security.
Curt Franklin (00:49:09):
Oh absolutely. Alex, I'm curious, you talked about hiring security folks and that's something that a lot of people are trying to do these days. My question to you is how do you advertise to get good security people and how do you vet them? What I mean, do you go simply on, uh, which certifications they have or are there other things that you look for?
Alex Iceman (00:49:37):
It's a great question. So first of all, we never advertise. You will never see a, a job posting active, uh, for a position that we're hiring. So we always scout and uh, the people that, that, that are part of the interview, they they've been selected to be part of the process and we reach out and invite them into a process for a specific project. And if they're interested, they would apply and uh, or not even apply, they would just really re reply cuz we do reach out to them directly. And um, that's, that's something that's been unique to us and very helpful in the process regarding the security experts. They're really tough to hire. They were really tough to find. Um, we pride ourselves in hiring really skilled software engineers. It's not necessarily security, but they have to know the right start like the, the, the, the, the right, um, architectural, uh, decisions and, and, and, and best practices of, uh, of hiring, I mean, building secure software, but when it comes to interviewing, it's never, it's never just about the resume.
Alex Iceman (00:50:34):
It's, um, really about first year network. So we have a really good network and people do refer people over to us to specific projects. Uh, we pride ourselves on having very excited projects and clients that we peak and choose ourselves too. So guys are very excited to work and help them. Um, and, uh, we have at least four interviews and, and two of them are technical. And you always ask for those questions, the security is certain security vectors, certain design patterns, questions, and there's coding interviews. And you look for, uh, you, you look for the right mindset you look for. Um, and that's what the mindset of mathematician gave me that, um, perspective on, on how to organize things. And that's what we look for at other peoples and engineers that we, we hire really rigorous process and never advertise, Hey, come and apply.
Curt Franklin (00:51:21):
Well, you know, I'd like to, to follow that a little bit because when you're talking to them, I mean, do you look for things you say that you're looking for developers who are aware of security rather than security people, um, are there particular practices, uh, particular best practices that you listen for? Um, are there particular things that you look for in terms of the kind of projects that they've worked on? I'm as I said, I'm curious because this is a problem that an awful lot of in of managers have these days trying to figure out who they can bring on who actually know something about security.
Alex Iceman (00:52:05):
True. It's a great question. So, um, I will talk specifically about, let's say mobile app development and the security in that world, cuz that's where I've spent majority of my time. And I, I did quite a few interviews in the beginning of, uh, gen getting those people on board. So you would talk about specific questions and, and mobile development. It's, it's all about securing your database, checking of your, uh, devices, jail broken, and then looking at the certificate pinning. So you can, uh, really make sure that the certificate certificate is not spoofed and you get the list of questions, uh, related to those really core kind of like vectors of attack on the mobile device. And you start asking, Hey, have you done anything with certificates? How do you store certificates? How do you store data? Have you ever encrypted your database? What, like, where do you store the key for your database?
Alex Iceman (00:52:52):
Um, in a key chain, let's say, and then, um, how do you check against the jail broken device? What if you detect the jail broken device, what, you know, what happens and you kind of start digging to those things and uh, and then you evaluate this person on the, and they are extend on, on, on, on knowing certain things. So we have a set of those questions per industry, per um, per platform. And we look for the major vectors of attack and you start talking to people and you understand if they've done it or no, if they they're cautiously look for, for those things, when they build software and, and some people don't, and they're not a good fit for certain projects, they, they go and work. It doesn't mean we we're not getting them cuz they might be a very good fit for another team, a front end team or something else. And, and then, um, uh, they could benefit another, another project, but we would vet the, the hardcore people that are building, uh, building really key components for software that they're aware of those, uh, key vectors of attack on a specific, uh, language platform framework.
Brian Chee (00:53:50):
Well, and, and speaking of platforms and things like that, the big rush right now is people want mobile, mobile, mobile, mobile. I keep hearing it time and time and time again. But I only hear about mobile in terms of US-centric, um, applications. What about when we start getting mobile applications further away, uh, central America, south America, um, Southeast Asia where we don't always have terrific connectivity and we don't always have really great security. So here's two, two facet question one, are you actually seeing these no code, low code solutions and so forth dealing with, um, spotty, connectivity and recovery. And then also are these people still recommending you do a VPN or are people actually trying to build that into their no code, low code solutions?
Alex Iceman (00:54:56):
Uh, great two questions. So first, um, we serve variety of clients here in the us that do and, and in Europe as well in London. And, and in fact that do low code, no code platforms. Uh, we have not seen them dealing with low, um, low bandwidth and low can activity. Um, that kind of never came up on the radar as a specific problem. And I think you gotta listen to your target audience and see what, what the problem is they're experiencing. And most of those platforms are used on, uh, at offices where they have good wifis and you're looking at mobile apps for specific applications. We have, we have dealt with that. Uh, we've, we've built quite a few apps in Brazil for Brazilian market and we've will built some of that in Africa. And, um, one in particular, I, I remember and we have dealt with that and, um, you have specific PR we actually tested against, uh, the lower bandwidth.
Alex Iceman (00:55:48):
You have, there's a simulator on your Mac that can lower your, uh, bandwidth on wifi and test an simulator, um, and a spotty connection. Uh, a lot of it comes down to having your offline database and that's what we do. A majority of the apps. Um, you have an offline database and you basically, there's an offline API and online API. And once you go online, you sync up your database to a version and then you, when you open the app and there's no connectivity, you still have a lot of content. You can even do certain things. And, um, um, it's a really best practice to synchronize your data off of, uh, uh, your phone to, to the cloud and back and forth and, uh, creates, uh, a couple of other challenges. If you have multiple clients synchronizing the same data into your account, but, uh, it's a good problem to have. Uh, we typically do that as a best practice. You have an offline, uh, storage and, uh, online, and then you synchronize them.
Louis Maresca (00:56:40):
Wow, that went fast. Alex, thank you so much for being here. And since we're running a little bit low on time, I did want to at least give you a chance to tell the folks home where they can learn more about gen maybe where they can go get started, get in touch with you, especially if they need security professionals.
Alex Iceman (00:56:54):
Absolutely. Well, uh, connect with me on LinkedIn, go through the website, fill out the form. And, uh, and I'm very available online and, uh, ping me message. I really love to be of help and, uh, see if we can help you.
Louis Maresca (00:57:07):
Fantastic. Thanks again, Alex. Appreciate it. Well, folks, you've done it again. You sat through another a of the best day enterprise enterprise it podcast in the universe. So definitely tune your podcast. Tow. I want to thank everyone who makes this show possible, especially to my cohost, starting at the very room. Mr. Curtis, Franklin Curtis, what's going on for you in the coming weeks and where can people find you and all your work?
Curt Franklin (00:57:29):
Well, I've got a bunch of research that I'm working on, especially now that I'm healthy again. And for the writing that I do for, uh, all of my opinions, feel free to follow me on Twitter at kg four GWA or, or, uh, look over on dark reading at dark reading slash Omnia, uh, try to do writing over there as well as, uh, get into LinkedIn. I, uh, did a follow up to black hat on LinkedIn and have more coming up there as well. So just, uh, trying to be out there as much as I can and enjoying being healthy once again.
Louis Maresca (00:58:11):
Glad you're back. Thanks, Curtis. Well, we also have to thank our very Mr. Brian Chi cheaper. What's going on for you in the coming weeks? Could we, could people find you and maybe get in touch with you?
Brian Chee (00:58:21):
Well, I post to Twitter on a pretty regular basis. I am a D V N E T L a advanced net lab. And, uh, would love to hear from you, you know, we, we get some interesting ideas, obviously, we're, we're going fairly heavy on the, um, no code low code world because that's where the market's pushing us. Um, but we also try to cover other things. We've had a lot of requests for more on IOT. Um, we actually had someone requesting that. I, um, do a story on my path towards automating my home. You know, I'm designing the house that we're in now, so that can age in place. And part of that is making sure I add in a lot of voice command and things like that and secure my O T facilities so that when I'm not able to get around so well, it's not going get hacked out from under me, but lots of things, lots of things to talk about, lots of things to explore.
Brian Chee (00:59:24):
And we like hearing from you. You're also welcome to throw an email at me. I am sheer spelled C H E E B E RT, twit.tv, but you're also welcome to throw firstname.lastname@example.org, and that'll hit all the hosts. Today's conversation was a lot of fun. Um, brings back a lot of memories. I actually was involved with designing a, uh, system so that on military bases, the guys at the front gate, where there is usually not great connectivity can still go and pull against the department of defense personnel database to go and verify that you are who you are when you try to get onto a us military base, um, which I had no code low code then, because the prototypes took for, to get vetted for use in those applications.
Louis Maresca (01:00:19):
Right? Thanks for being here, Brian. Well, folks, we have to thank you as well. You're the person who drops in each and every week to watch and listen to our show, to get your enterprise and it goodness, and we wanna make it easy for you to listen, watch and catch up on your enterprise. And it news right now, go to a show page, twitter.tv/quiet there, you'll find all the amazing back episodes, show notes, the code information, guest information and the links of the stories that we do during the show. But more importantly, next to those videos there, you'll get those really helpful subscribe and download links, support the show by getting your audio version, your video version of your choice. Listen on any one of your devices or any one of your podcast applications, cuz we're on all of them. Just definitely subscribe, support the show and we'll be there for you.
Louis Maresca (01:01:02):
Plus you may have heard that's right Club TWiT. That's right. It's another way it's members only ad free podcast service with bonus TWiT plus feed that you really can't get anywhere else. And it's only $7 a month and a lot of great things about Club TWiT. I'm using one of them right now. That's right. It's a members only discord service exclusive access to that. Plus you get to chat with the hose, could chat with us behind the scenes producers, separate discussion channels, special events, lots of great stuff coming outta there. So lots of fun discussions on there. Definitely check that out. Join Club TWiT, and be part of the movement. Go to twit.tv/Club TWiT and join the club. Now Club TWiT now offers corporate group plans as well. That's right. It's a great way to give your team access to our ad free tech podcast.
Louis Maresca (01:01:46):
The plans start at five members at a discount rate of $6 each per month. And you can add as many seats as you'd like. It's a great way for your it department, your sales department, developers, your tech teams to stay up to date with access to all of our podcasts and just like regular members. They can join the TWiT discord server and get the TWiT plus bonus feed as well. So definitely join Club TWiT at TWiT.tv/Club TWiT. Now, after you subscribe, you can repress your friends, your family members, your coworkers with the gift up TWiT. We talk about a lot of fun stuff on this show and I guarantee they can find it fun and interesting as well. So definitely offer to them and have them subscribe as well. And if you're already subscribed, we do this show live that's right. We do it live folks.
Louis Maresca (01:02:30):
1:30 PM Pacific time. On Friday days, you can check that out. All of our live streams are@live.TWiT.tv. Come see how the pizza is made all behind the scenes, all the banter and fun we do here at twit. So definitely check that out and if we're gonna watch the show live, please jump into the chat room as well. Our IRC channel channel and chat room is there. It's a lot of fun characters in there and we got lot of great topics and discussions in there right now. There they are, uh, irc.twit.tv. If you have a, if you wanna just use the browser for it, we can definitely be part of that fun as well. Now I want, I want you to hit me up on Twitter because we have, we, we always looking for tech topics and show topics, but of course I love having discussions with listeners.
Louis Maresca (01:03:09):
Louis Maresca (01:03:59):
We have a way for you. So hopefully check that out. Of course, I want to make sure I thank everyone who makes this show possible, especially thank you to Leo and Lisa. They continue to support this weekend at enterprise tech each and every week. And we thank you for all the support over the years. Also wanna thank everyone at twit, all the engineers and staff. I also wanna thank Mr. Brian Chi one more time. He's not only our co-host, but he's also our Titleist producer. That's right. He does all the bookings and the playings for the show and we couldn't do the show without him. So thank you cheaper for all your support. And before we sign out, thank you to our editor for today. He makes our, our, our ourselves look good after the fact. So thank you for all your support. Of course also thank you to our TDE. He's the talented Mr. An Pruitt man behind the current and there, he, he also does a fabulous show, not behind the current in front of the current. He has an amazing show called hands on photography. I listen to it each and every week. It's I, I watch it. I listen to it religiously. Cause I learned something every week. An what's going on this week. What can we learn this week?
Ant Pruitt (01:04:58):
Hey, Mr. Lou Thankss for the support. Yeah, we, uh, sat down with Mr. Zach SETE Wong. Uh, he's a former creative director for a couple different brands out there. We talked about how to get yourself, ready to shoot some product photographers for, for brands and really get their message across. And he had great energy and it was just a lot of fun. So make sure y'all go check that out. TWiT.tv/hop.
Louis Maresca (01:05:25):
Thank you, Mr. Per and until next time I'm Louis Mosca. Just reminding you, if you want to know what's going on in the enterprise, just keep quiet.
Mikah Sargent (01:05:36):
If you are looking for a midweek update on the weeks tech news, I gotta tell you, you gotta check out tech news weekly. See it's all kind of built in there with the title. You get to learn about the news in tech that matters every Thursday, Jason, how and I talk to the people making and breaking the tech news, get their insights and their interesting stories. It's a great show to check out TWT TV slash TNW
Speaker 9 (01:06:11):