This Week in Enterprise Tech Episode 566 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

0:00:00 - Lou Maresca
On this week enterprise tech. Mr Brian Chee, mr Curt Franklin, join me back on this show today and we talk about some hidden dangers. That are looking at Google ads with puny code that's right. How this simple encoding technique can actually be a ticking time bomb for you and your organization. Plus, we sit down with Adam Jacob. He's the visionary behind system initiative. This is a discuss the future of DevOps. He's reimagining the game, turning DevOps on its head. Really insightful stuff to definitely stick around reliability, security and agility for your infrastructure. Definitely shouldn't miss it. TWIET on the set!

0:00:47 - Lou Maresca
This is TWIET this week enterprise tech, episode 566, recorded October 20th 2023. Devops culture vulture. This episode of this week enterprise tech is brought to you by Vanta. Automate compliance and streamline security reviews with the leading trust management platform. Vanta helps SaaS businesses of all sizes manage risk and prove security in real time. Twit listeners get $1000 off Vanta. Go to Vantacom slash enterprise to claim the discount. And by Howl Alto Networks, protect your OTA sets, networks and remote operations with zero trust OTA security. To learn more, find the link in the show description or visit howlaltanetworkscom. And by friends at IT Pro TV. Now. Aci learning. Aci's new solution insights. Assist in identifying and fixing skill gaps in your IT teams. Visit goaceilarningcom slash twit. Twit listeners can receive up to 65% off an IT Pro Enterprise solution plan after completing their form. Based on your team's size, you will receive a properly quoted discount tailored to your needs.

Welcome to twit this week enterprise tech, the show that is dedicated to you, the enterprise professional, the IT Pro and that geek who just wants to know how those worlds connected. I'm your host, Louis Maresca, your guide through the big world of enterprise, but I can't guide you by myself. I need to bring in the professionals and the experts started there very own, mr Brian Chee. He's network expert, all around tech geek and he's always busy doing some fun stuff. What are you doing this week, Cheebert?

0:02:24 - Brian Chee
I've been patching potholes. Well, not so fun then. Yeah, yeah, it's getting tar off your fingers and your clothes is a challenge, but yeah, we've been. I've been patching the roadways and so forth over at the central Florida Farragram Because we want a relatively smooth surface for the power racers, and trying to get everything ready for make affair. Now I am going to throw one thing up. I'm going to throw this. If you don't have one of these doodads in your toolkit, ladies and gentlemen, you really should. It is a non contact current probe. You can buy these on Amazon for like six bucks and what they do is, without having to stick it in anything, you just run it along the court. It'll tell you whether it is live or not. I actually had to yank a person's hand away from a outlet because it had some bare wires in there and they hadn't checked to see if something was happening. So save yourself a trip to the emergency room. Get a non contact current tester. It's cheap, they're easy to use and they could save your life.

0:03:51 - Lou Maresca
I was just going to say because that sounds cheap and useful. This is a very expensive version of that and it does the same thing. So I'm glad you showed an alternative, because it's definitely helpful and it will definitely save your life of not a little pain. So definitely check that out, Appreciate it, Cheever Well. We also have to thank and welcome our very own Mr Curtis Franklin. He's principal analyst at the Dom Dien. Of course. He's the man who has the polls on the enterprise and he's some pretty interesting articles out there this past week. Curtis, what's going on for you this past week?

0:04:24 - Curt Franklin
Oh, it's been a good week. And just so we're clear, this right here makes for a really good voltage tester on 110. If you do this and you get that exciting little tingle between oh, you know that you have current, it's great. 440? Not so much, but 110. Oh that, that, that'll wake you right up. That's better better than Starbucks any day of the week. Anyway, you are quite right, it's been a good week. I've got a couple of articles that have gone up on the omniacom site. I've got some major research going on and I've put together my research agenda for 2024, where I'm going to be looking at all kinds of fun stuff, including, but not limited to, cyber ranges and professional certification training. So we got some good stuff going on and even more good stuff to talk about at the bottom of the show. So stay tuned, everyone. Don't go anywhere. Make sure you're here all the way through the show, are you will not know about the great stuff coming up in the coming weeks.

0:05:44 - Lou Maresca
Yeah, I was just going to give a tease, but I think you did a better job than I did. Well, I would say, speaking of teases, we definitely have a great show coming up. So that would be before the amazing tease from Curtis Franklin. But I would say, coming up, we're going to delve in some hidden dangers. Looking in the Google ads with puny code, the question is how the simple encoding technique actually can be a ticking time bomb for you and your organization, how you can actually manage to secure it. Plus, we'll sit down with Adam Jacobs he's a visionary behind system initiative to actually discuss the future of DevOps and he's reimagining the game, turning DevOps on its head. It's truly insightful stuff. Definitely stick around, because he's going to show you how to bring agility, reliability and security to your tech infrastructure. So definitely stick around. But now, like we always do, we have to take you through this week's Enterprise News Blips. This week in the cybersecurity, we have a new PSA. That's more urgent than your morning coffee. If you're running Winrar, that's right. Winrar Everyone loves that tool older than version 6.23.

It's time to hit the update button. Why will state backed hackers with links to Russian and Chinese governments are exploiting a vulnerability that's been patched since August. That means this isn't a drill, it's an action plan. This vulnerability was first flagged by a zero day initiative in June. It's a buffer overflow issue, which is classic but not actually very dangerous problem caused by insufficient validated data. The exploit allows hackers to access your system's memory and execute code remotely. Security firm GroupIB has reported that this loophole has been a goldmine for cyber criminals targeting this financial sector since April.

And here's the kicker Winrar doesn't auto update. You've got to roll up your sleeves and down the patch banally. And that's the latest version, which is 6.24. But they actually throw some few extra bug fixes in there as well for good measure. But let's zoom in for a second. Winrar has been the go-to for file compression for many years. I know I use it, especially since Windows has notoriously been more zip-centric. But changes in the air, because Windows 11's latest update, that's 23H2, now offers native support for a variety of archive formats like RAR and 7zip. So the day is needing that third party Winrar could be numbered. But for those who were on Windows 10 or earlier Windows before Windows 11, don't fret it, because alternatives like Winzip and 7zip are still in the game and so far they are holding up the fort, with no major vulnerabilities reported. So, whether you're updating or migrating, take action and the world of cybersecurity complacency isn't just a risk, it's reckless.

0:08:13 - Curt Franklin
Speaking of complacency, dear IT administrators, please, oh please, catch a clue, will you? According to a recent survey reported in a dark reading article, your most common choices for passwords on your admin accounts would make a seventh-grader blush. In a search of nearly 2 million admin pages, 40,000 of them used admin as the password, making it the most popular credential used by IT administrators. As if that weren't depressing enough, the same survey found an increasingly high number of pages using default passwords. Now, once we get past defaults, the list of 10 most commonly used admin passwords includes such highly secure gems as 123456, 123456, and the ever-popular 123, as well as passwords at least they did a capital P on it and admin ISP. Oh, these clever administrators with their highly secure passwords.

So all of this means that the criminals who look for easy-to-guess consumer passwords don't have to take a very big step to switch their target to admin passwords that give them much more valuable credentials. So what's the takeaway here? First, don't use the default password, just don't. Next, when you move past the default password, use best practices when it comes to picking an admin password. Need help with what those are. Think of something your seventh-grader would not choose, and that'll mean you're heading in the right direction. Oh and, once you've got the good password, patch your system. As we just heard in the previous blip, malware is much more effective when it gets into a system where the bad guys already have the admin account password.

0:10:24 - Brian Chee
All right. So, first off, this is actually kind of a scary article. It's probably perfect for Halloween and ours Technica goes and brought it up and said Cisco buried the lead. Greater than 10,000 network devices backdoored through unpatched zero day. All right, first let's go and put this in perspective. And sysadmins especially the young ones that are just getting into the biz love the web interface, but there has to be a web server to make a web interface right. Well, think about that as we go into this.

This last Monday, cisco reported that a critical zero day vulnerability in devices running iOS XE software was being exploited by an unknown threat actor who was using it to backdoor vulnerable networks. Company researchers describe the infections as a cluster of activity. Well, by Tuesday, researchers from the security firm Valne check spelled VULN CHECK said that last count that cluster comprised more than 10,000 switches, routers and other Cisco devices. All of them, valne check said, had been infected by an implant that allows the threat actor to remotely execute commands that run at the deepest regions of hack devices, specifically the system or iOS levels.

Well, this is one of those scenarios that really scare me. So if I were a threat actor, I would combine this with a compromised machine set up in promiscuous mode and configure the vulnerable switch to port mirror throughout the network. By combining this and switching between physical ports, I would search for admin streams so that I could increase my foothold throughout the network. Not too far fetched, especially since oh so many sys admins have been defaulting to scripted maintenance and using apps. The question is, have we automated ourselves into a corner?

0:12:50 - Lou Maresca
Let's talk about the seismic shift that's happening in the talent gap landscape. Universities, governments and industry giants are forming alliances that are nothing short of revolutionary. Why? Because the chip industry is facing a talent crunch that's more intense than that debugging session he had on Friday night. Well, the truth of the matter is the industry needs more than just engineers who can design a chip. We're talking about multi physics, maybe even 3D integration, cybersecurity expertise, and it goes beyond that normal setting of a strong password.

A recent quote by VP of Vantest put it bluntly technology is on an exponential curve, while engineers are evolving at a snail's pace. Now governments are not sitting idle either. Geopolitical tensions and supply chain hiccups are actually pouring resources into education and training. The aim here is to bring key components and materials back home. Let's not forget the cybersecurity threats that are more persistent than a pop up ad. With the internet of things expanding, the attack surface is getting as big as a data lake. Now Arizona State University is partnering with Vantest and NXP to train engineers specifically for the chip test industry. Meanwhile, the Rochester Institute of Technology, or ROTC, snagged a grant from the National Science Foundation to boost research opportunities and semiconductors and Cornell while they're part of the semiconductor education alliance, focusing on upskilling the existing workforce, but that's not filling jobs fast enough. It's more about fostering innovation. Kyle Squares Dean of the Ira A Fulton sorry Kyle Squares Dean of Ira A Fulton Schools of Engineering at ASU said it best quote if you really want to drive a lot of innovation, you need more individuals achieving engineering degrees. The more you have them, the more ideas you can drive to new inventions. So if you're in the chip industry or any tech sector for that matter keep an eye on the partnerships that are going on here. They're not just shaping the future of workforce, they're shaping the future of technology itself, and that's the future all of Stakein. Well, folks, that does it for the blips next up the bikes. But before we get to the bikes, we have to thank a really great sponsor of this week enterprise tech, and that's Vantest. Get compliant and build trust faster with Vantest Now.

Vantest was founded in 2018 in the wake of several high profile data breaches, and online security has continued to become vital. Vantest understands firsthand just how hard it is for a fast growing company to actually invest the time in manpowering it takes to build a solid security foundation, and Vantest was inspired by a vision to actually restore trust in internet businesses by enabling companies to improve and prove their security. Are you a growing business? Well, that likely means more tools, third-party vendors and a lot of data sharing. Also known as Waymore Risk, vantaz's market-leading trust management platform brings at GRC and security efforts together. That's right together Intermediate information from multiple systems that reduce risks to your business and your brand, all without the need for just additional staffing. By automating up to 90% of the work for SOC 2 and ISO 27001 and more, you'll be able to focus on strategy and security, not maintaining compliance. G2 resoundingly loves Vantaz.

Year after year, listening to some of the raw customer reviews from business leaders Quote there's no doubt about Vantaz's effect on building trust with car customers. As we work more with Vantaz, we can provide more information to our current potential customers about how committed we are in information security. And Vantaz is the heart of it. That's from a CTO Quote the best in automated compliance monitoring. From a head of quality assurance and customer support. And another quote great tool with even better customer support from COO and easy to use with incredible integrations. From another COO and a founder and when you get a system that works to save you time and money. Your organization will always be happy. Join 5,000 fast growing companies that leverage Vantaz to manage risk and prove security in real time. Our listeners get $1,000 off Vantaz. Go to vantacom slash enterprise to claim this discount. That's V-A-N-T-A dot com slash enterprise and we thank Vanta for their support of this week in enterprise tech.

Well, folks, it's time for the bites. Now, this week's bites. We have a cautionary tale that's gonna make you rethink that. Well, it won't happen to me. Attitude Everyone has the attitude when it comes to some of these risks.

Now Google, the tech giant we all know, and sometimes love, has been caught hosting a malicious ad so convincing it could fool even the most security savvy among us, especially me. Picture this an ad for an open source password manager KeyPass right there on Google. Take a look at the picture when you get a chance, because it looks legit. Google vets its ads, after all, right? Well, click on it and you're led to what appears to be the genuine KeyPass site. But there's where it gets kind of dicey. The URL is a world, actually a Wolf in Sheep's clothing. Thanks to the technique known as puny code, it's actually pushing malware tracked as the name fake bat Now ahead of threat intelligence that malware bites broke the news stating the users are deceived twice, that's right. First by the Google ad and then a lookalike domain, and it gets going here. Right, the ads were paid by an outfit called Digital Eagle, verified by Google's ad transparency center. So much for due diligence.

Right Now you might be wondering how do you spot these types of things right, these imposters? Well, it's kind of tricky. The puny code technique allows for unicode characters to actually be represented in standard ASCII texts. In this case, a tiny comma-like figure below the K is your only clue, and it's easy to miss, especially when the URL has valid TLS certificate going along with it. Now, this isn't a new trick. In fact, two years ago, scammers used Google ads to drive traffic to a site, mimickingbravecom, pushing malicious versions of the browser.

So there are some additional takeaways here. First, for most, actually be skeptical, even when you're clicking on links and ads from Google, and if you have a doubt, manually type the URL or inspect that TLS certificate and make sure it's valid. But you know what? I'm sure that there's not. That's not the only thing right. There's probably a lot more things to do here. So I wanna bring my co-host back in because this is a very interesting topic. So, cheebert Bryan, obviously it seems like there's a lot of things that users and organizations can do to keep themselves safe from these types of attacks. What are some of them? What do you guys are hearing from people?

0:19:22 - Brian Chee
Well, you know one of my favorite tricks. You know one I don't trust ads. That's probably the biggest one, but if I need to trust an ad and I'm getting ready to click on something, one of my favorite tricks is I'll actually do a control, click, copy the URL and then paste it into a notepad so I can actually look at all the characters in the URL. It's simple. It's not exactly easy, because you know if you're trying to do that late in the evening, your eyeball will start crossing. But that's my only suggestion. Once we get through this, though, maybe as an industry we all need to start thinking about doing things a little differently.

0:20:14 - Lou Maresca
Indeed, we have Adam Jacob. He's our guest, Adam. What do you think? Is this a easy to combat?

0:20:20 - Adam Jacob
No, no, it's brutal, right. I mean, I'm definitely not like pasting URLs into notepad on the regular. I think there's a piece of this that maybe it's just like I try to avoid ads for the thing I'm searching for, because I always take me the wrong spot anyway, but that's not like a defense in depth strategy. You know, that's like where I've decided to click. Yeah, it feels I don't know, it feels like perhaps the URL bar should not actually allow puny code. Seems kind of obvious. But you know, I'm sure there's a valid use case somewhere where people are like no, no.

0:21:03 - Lou Maresca
I agree, I agree.

0:21:05 - Curt Franklin
Well, yeah, I would say on that last point. You know, puny code is its own thing, but unicode the foundation for puny code has a whole variety of very legitimate uses. For example, if you have any language that isn't English, the odds are pretty good that it's going to involve some unicode characters just to represent the character. So this is not one where you can we just say, oh well, let's ban unicode and all go ASCII. Well, great, that's. The other 80% of the Earth's population will really appreciate that. So I know that.

You know I employ some in-point protection software that also looks at the websites, looks at URLs, things like that, and in talking to some of the engineers there, they tend to provide an additional level of scrutiny to unicode because they know that this gets into user and in-point behavior analytics or UEBA that we've talked about in the past. They know that I tend to go to ASCII-based sites. I go to. You know, english is my preference, all of that. So anything that has unicode in it gets an additional level of scrutiny.

That sort of thing is useful, although it's not foolproof, you know. I think ultimately we have to say you do one of two things. You either just have a personnel policy where you say don't click on the ads, or you recognize that there is a level of danger in what you do. You know, don't click on the ads is sort of like well, when you go out to walk in the city, don't cross any streets because that's where the cars live and they're dangerous. Very true, but ultimately, if you want to go someplace, the odds are good you're going to, sooner or later, cross the street. It is this whole balance of cost versus reward that is the crux of every security decision.

0:23:42 - Lou Maresca
It's interesting that you bring this up, because I think that there are very similar techniques within the organization. Obviously, these types of phishing campaigns are usually evolved very similarly to advanced techniques like puny code, and obviously there are software and services that help, but the truth of the matter is, our users are our weakest link. Is this again, just potentially maybe an educational thing too? Like I know, adam said, hey, I don't copy links into the notepad. That's very true, I think. From a case of an email, though, it's something that you definitely want to be at least open to the fact that, whatever's in there, you probably should know what the VAL link is before you're clicking on it. Is this something that maybe organizations just start educating their users about? Anybody?

0:24:31 - Curt Franklin
I'm going to say yes, and this is the kind of thing that one of the areas that I research cybersecurity awareness training tends to have things like this as part of that training for employees.

It is something that everyone should know, and this is, by the way, yet another reason why there are certain actions that are far more dangerous on a mobile device than they are on a laptop or desktop computer. You can at least do the sort of thing that Brian alluded to you can hover over a link and see what it says it's going to. You can do all kinds of things with a desktop browser. That is difficult to impossible on a mobile browser, but telling people hey, if you see an ad that looks interesting, that's great, but wait till you get to a different browser to try going there. This is an education problem first and foremost, though, and as we all know, that is. I won't say it's a losing battle. There are people who are doing very good things there, and I think most users are not, in fact, stupid, but it is a difficult battle just because the attackers are so doggone good at making compelling traps for the incautious user.

0:26:10 - Lou Maresca
Right now. Brian, you're pretty familiar, obviously, with these whole remote desktop solutions, right, and I've seen some VDI. I've seen a lot of companies actually move people who are browsing the internet off of their actual endpoint, off of their device, and into these kind of remote virtual environments that they're controlled. Is that cost effective? Is that a viable solution for this type of things to prevent that type of security violation on people's devices going forward, including mobile?

0:26:42 - Brian Chee
Well, when VDI first came out, I would say no, it wasn't, because when VDI first came out it was pretty darn expensive. I don't wanna point fingers, but our friends at Citrix haven't done a very good job on keeping the cost on virtual desktops within reason. Cost per seat is very high. Now we did interview a company called Eracom and they recently bought CradlePoint. Was it the other way or no? So it was the other way around. Cradlepoint bought Eracom and they have HTML5-based VDI clients and they've been selling a zero trust client where basically it's a completely jailed client. You can't get to anything other than that browser and that's kinda cool. So if all of a sudden you find yourself on a site that's trying to harvest all kinds of weird and wacky things, you can actually just close it and everything. All the temporary cookies and everything just go poof. Now I wanna change paths just a little bit.

We did an article we talked about the Adobe content signatures a show or two ago and while I argued that I'm not sure I like the idea of having to pay Adobe additional licenses for just to validate that it's a real signature, it sounds like something we might wanna consider off in the future. Can we? Does the technology exist? I think it does that you can validate whether or not that URL maybe it's a extra button or something you click on that and it goes and validates whether or not the site that is going to is brand whatever.

Maybe there's a pull down saying okay, is this really key pass or pull down. Is this really Google? Is this really Microsoft? Sounds cumbersome, but I keep wondering if maybe some bright boy or girl has a good idea on how we can go and put signatures in there and just as kind of a future teaser, one of the big problems we're having with what this is really talking about is DNS. Dns is a real problem because there's so much trust involved. So, as a teaser for Christmas present for our viewers, we're gonna go and dive in to DNS with some serious depth and see if we can talk to some people that are up to their elbows in DNS every single day and whether or not the industry is doing something about it.

0:29:51 - Lou Maresca
I want to kind of go back on the URL, the kind of the web browser security side of things. Curtis, is there something else to be kind of more secure way of doing this right?

0:30:01 - Curt Franklin
There is and this gets into something that is not a category that most consumers will be aware of but there are enterprise browsers that are an entirely separate animal from the consumer browsers we're used to. These browsers have built in things like sandboxing for all downloads and URLs, so they will go to a URL in a special environment that doesn't allow downloads, that doesn't allow connections of certain types. They add at least a couple of layers of protection around the browser, around any sort of data that might flow through an HTTP connection. They're not huge in terms of their user bases. Frankly, they have an uphill battle, among other reasons because they cost money, where most of the browsers that come over from the consumer world are free. But this is an issue that, at the enterprise level, people have thought about and there are some enterprise class solutions out there that add quite a bit of protection against problems like this.

0:31:30 - Lou Maresca
It's interesting because I've actually seen some organizations implement on device VPN that forces you to any link that you click. It goes through their VPN and obviously there's some level of validation there as well, as anything that the device is downloading is also regulated. So there's some interesting cases there as well that could potentially catch the step of stuff. I'm curious to see if there, like Brian said, if there's some service out there that can help us even more use some AI techniques to essentially validate. Is anybody aware of some AI technology that's being utilized here to help manage some of the threats, in this case for malicious links or puny code type things?

0:32:11 - Brian Chee
I'm not sure if it's AI, but AT&T dropped a shim into my phone or on my phone, so all the URLs that I enter on my phone go through this service that AT&T runs, and so it takes a good hard look at where it's going. I've actually had it pop up once saying are you sure you really want to go to China? So we'll see. I think it's all baby steps at the moment.

0:32:42 - Lou Maresca
It really is. It really is. Well, hopefully, things will evolve over time. I'm definitely interested to see how the market evolves here. Well, guys, that does it for the bites. Next up, we'll get more from Adam Jacob, but before we do, we do have, I think, another great sponsor of this week at Enterprise Tech, and that is Palo Alto Network.

Cybersecurity has become the top focus in all organizations I'm sure it's at your organization as well and one additional challenge is the fact that there's been a significant growth in the number of OT assets that require internal and external connectivity. Ot assets are usually very vulnerable to attacks. There is often no security built into the asset, as well as very poor visibility. In fact, there's unencrypted traffic and much more there. But Palo Alto Network's industrial OT security is the solution security teams need to provide effective visibility into OT assets. It provides the most comprehensive zero trust security across all OT environments and it's developed specifically for industrial and manufacturing operations. Industrial OT security delivers on comprehensive visibility, ml-powered, scalable discovery and intuitive visualization of OT devices and patterns, ot vulnerabilities and risk assessment. It delivers on zero trust security, offers segmentation and lease privilege access control. Plus it has continuous trust verification with 24-7 risk monitoring and continuous security inspection. Plus. It's simplified operations. That's why it leveraged existing infrastructure that's already there, deployed to minutes, and share device information natively with tools. Collect your OT assets, networks and remote operations with zero trust OT security.

To learn more, find the link in the show description or visit palaltonetworkscom. That's palaltonetworkscom. We thank Pal Alto Networks for their support of this week in enterprise tech. Well folks, this is my favorite part of the show. We actually get to bring a guest to drop some knowledge on the Twite. Right Today we have Adam Jacob, ceo of System Initiative. Welcome to the show, adam. Hey, thank you, I have to apologize. In the beginning of the show I put an S on the end of your name, so I'm sorry about that.

0:34:53 - Adam Jacob
I mean, look, you can't be named Adam Jacob and not have like the Adam Jacob's like a lot. So it's not like you're the first person who made me Adam Jacob's, it's like pretty much the thing.

0:35:04 - Lou Maresca
So it's all good man Perfect. Well, I'll tell you, we do have a large spectrum of audiences and experiences. They come from entry-level people all the way up to the CEOs, ctos of the world, and they love to hear people's journey through tech. Can you maybe take us through a bridge during journey through tech and what brought you to System Initiative?

0:35:20 - Adam Jacob
Yeah, I mean. Look, the short version is I'm 45. So my first job was working for an ISP in the back of a dentist's office when I was 16, 15, 16. And that was because at the time if you knew how modems worked and I loved bulletin boards from when I was a little kid so if you loved bulletin boards and you knew how modems worked and the internet started, you could get a job doing phone support or tech support. But since I also had been running bulletin boards the very cool like Cis Admin who ran the ISP, who went to the community college and loved skinny puppy, I thought that guy was super cool and so I became a systems administrator. And that was the first 15, 20 years of my career as a systems administrator.

And then I wound up starting a company called Chef that did infrastructure automation. So we'd run a consultancy basically where we help people fully automate their infrastructure back in like 2008, you know, 2007. So we're building fully automatic, fully automated infrastructure, soup to nuts. And then out of that came Chef, which was a configuration management tool. So I was the founding CTO of Chef and then I was, you know, at Chef the whole time I was on the board when we sold to progress. I took a couple years off and I felt like I had some unfinished business in terms of trying to think about how we could build tools that would help DevOps people do their work and sort of help large enterprises in particular kind of get the benefits we always hoped that they would get when we kind of started the DevOps movement. And that's what brought me to System Initiative.

0:37:07 - Lou Maresca
Fantastic. So I'll tell you, I live day in and day out in the world of DevOps, so I can definitely tell you there's lots of challenges that go along with it. But I'm actually curious when you said it, it's unfinished business. What was the spark there that made you say, hey, I need to go tackle this?

0:37:22 - Adam Jacob
Yeah, so a lot of my work at Chef was out in the world, inside large enterprises, and so, like I would spend probably like four to six weeks out of a year actually kind of embedding myself with teams inside huge enterprises trying to figure out how to help them do better or how to design new technology or how to run their teams differently. Right, I'd sort of take over teams for a couple of weeks and teach them how to do things differently, and it was super valuable and sort of toward the end of my time at Chef I wound up in a meeting with some folks at a very large automotive company and they asked me, basically, hey, how would you put together all this automation to solve this problem that we have? And I told them I was, so I like went to a whiteboard and I like drew the architecture and I explained how it would work and how their like process would need to change and sort of how their culture would need to shift and how the tooling would all work together. And when I was done, I turned around and their global CTO high fived me, you know, in the meeting he was like yes, that was awesome, you know, and I felt nothing. I didn't like no joy, which is weird. Like you should feel joy right In that moment. That's like a good moment you should feel. You should feel good about it. But I didn't. I just wanted to go home, and a lot of it was because I knew that what I had told him was true.

Like if they did all of those things and they put it all together just so that they could have the results that they wanted, they would be able to, like, collaborate better together, they would be able to ship as many times a day as they possibly could hundreds thousands of times a day and they would actually have the collaboration that they really wanted and the agility they wanted for that business. And there was no way that they were actually going to pull it off, because there was always going to be something in between that cultural change and the tooling that made it. So they just couldn't. They, for whatever reason, they couldn't get there. It was too hard to get there.

And I just come to believe that it wasn't because those people, like, weren't smart enough, or because they didn't care hard enough or like believe hard enough in the DevOps rules or culture. You know it's actually. I came to believe that the way we were putting the system together holistically was the problem that that, while every tool we were using was great on its own, when you put them all together, what we got was sort of mediocre outcomes all the time because of the way that the tools worked with the social parts of what we do and the culture of what we did. And so I'd had enough success and I had enough, like my co-founders as well that we could like actually think about that problem differently and say, well, what would it look like if we tried to design a system that was designed from the beginning to serve better the way people Eventually want to use and work in these big DevOps organizations, and that's kind of that's where system is.

0:40:08 - Lou Maresca
So the one thing I want to dig into is obviously there's a concept of tooling, is culture kind of thing? I'm just making sure that you're you know you want to embody that kind of philosophy, but you're seeing a lot of organizations that are not necessarily doing that. Sometimes DevOps is kind of a grueling thing to go and work with and it doesn't kind of meet the culture. What, what is, what is it? What's what can happen here to help maybe foster more Collaboration efficiency when it comes to tooling?

0:40:34 - Adam Jacob
so women saying that like it's more culture than tooling kind of the whole time. You know, like if you go watch a bunch of DevOps talks, like it's a pretty common thing to hear people be like it's about the culture, like if you get the culture right, then whatever tooling you pick doesn't really matter. I Think that's Lie is probably a strong word. I'm a person who swears a lot, so I would swear if I could, and then I feel like that would be more accurate but doesn't seem like the most sweary show in the world, but like I'd swear if I could, you know. So you just like insert swear word here.

I think, and the reason is that culture culture is defined by what we actually do, right, so there's what you believe, so there's like what you think should happen or whatever. But our culture is what we do, it's how we act, it's how we behave toward each other, it's it's the way that we work. And so the tools are the ossification of our culture in a very real way, like the way we put those tools together and the way that forms the mechanism, the physical movement or the, the fear, the intellectual mechanism by which we move through our day. The tools are our culture in a very meaningful way, and so we kind of did, I think, the movement of disservice by saying that the tools don't matter.

0:41:45 - Lou Maresca
I think the tools really do matter, and they matter because the expression of those tools and how we put them together is the literal expression of the culture you say you want Right now one thing I noticed obviously, system initiative is described as open source, so that means that you're obviously being able to influence by, you know, being more adaptable, be more robust and, you know, obviously having people put in their own point of views into the, into the you know, by you know offering up their own ideas. How is that kind of moving the platform forward to make sure that tools are part of the culture?

0:42:19 - Adam Jacob
Yeah, I think you know. Look, if your ambition is to take something that's as successful as DevOps has been and it has been right like the tools we've built are amazing, the work we've done is incredible. I'm so proud of it. I think everybody should be like what it really is better in the enterprise now than it was in 2007, 2008, like it's. We did, in fact, move the needle in a meaningful way. But if you want it to be really a lot like an order of magnitude better, I'm not a person that like lacks for hubris, you know, like I've got plenty of ego and like willingness to go and just like pretend I can do it all myself, but in reality, you really do need everybody. You need a bunch of people Pulling not only on the same code base and on the same ideas, but on the same movement, saying, yeah, actually you're right.

Like these tools aren't serving us the way we hope that they would.

We're not seeing the outcomes we hope we would see and and what are we gonna do about it is gonna require a much bigger conversation, a second wave of DevOps, if you will, to happen sort of amongst in the movement, and I think open source is one of the ways that that happens, like if I say that I've built this incredible new way to help solve these DevOps problems and I keep it to myself and you're not allowed to take it and or benefit from it or profit from it if you want to.

Instead, that's only something I can do. Well, I'm kind of capping that technology's ability to impact the industry or other people's lives by saying, well, I'm only gonna let you impact you know, I'll make your life better if you want to use my technology, but if you want to like make your life better by selling it or by packaging it or by doing something else with it, I draw the line there. There, I don't want your life to be better, I want it only be better a little bit in, because it doesn't benefit me enough. So System initiative is open source because we believe that it's a transformational technology and that if, in order to achieve its full potential, people need to be able to benefit from that technology in whatever way they need to benefit from it, and and that that's going to bring goodness to the company, it's gonna bring people in, it's going to have plenty of opportunities To make money and do the things that we need to do to stay a growing concern.

0:44:29 - Lou Maresca
Let's take a step back for a second. When you were developing that, you know that second wave rate of DevOps what was the first proof of concept? Like, what did you? How did you guys go from? Hey, I had this idea. I want to start the second wave of DevOps here. Let's go build. Yeah, what was that? What was that? What did that look like?

0:44:46 - Adam Jacob

So I mean, the first thing we tried was basically Removing a lot of the boilerplate from how you express your infrastructure as code. So if you think about how much we have to repeat ourselves, you know, think about just something simple like you're gonna run a web service behind a load balancer, or maybe a fleet of them behind a load balancer. How many times do you have to express the port number in different ways in order to get that service to be load balanced? And how could we remove the boilerplate from that? Or, for example, if you say that you want an EC2 instance to run, there's a bunch of inputs that you need to specify in order to get one right. I need a how. What operating systems is it gonna run? How's it gonna? How's that operating system definition? Then choose which AMI you're gonna use. How do we get the keys that you're gonna start with all that stuff?

So the first versions of this we're really about trying to remove that stuff by building a really smart, intelligent solver.

What we discovered is that it wasn't better, because what people actually wanted was hyper specific all the time.

Anyway, right, you didn't want, like a magic machine, to pick a random thing for you. You wanted the thing you knew you wanted already expressed in as few words as possible, which, which is a slightly different sort of conception, right, which led us more toward thinking about it as a as a UX problem, as a visual problem, and saying what we actually need isn't a way to remove the boilerplate or the TDM or whatever you want to call it from configuration, but we need a better way to visualize Configuration and the relationships between them and then to use that visualization to intelligently infer Configuration. So, if you know that a port number starts on a given service, how can we model that thing and then use that port number as an input to the load balancer and say the load balancer is going to, you know, load balance across this service running in this place on this port, and that's kind of how you get to what system initiative looks like now, which is a very visual interface over the top of this, like big, complicated, distributed hyper graph.

0:46:47 - Lou Maresca
Yeah, I do want to talk about this more and I definitely want to bring my co-host back in, but we do have to think. Another great sponsor of this weekend, a price tag, and that's our friends at it pro TV, who is now called ACI learning. Now 94% of CO's and CISOs agree that the attracting and retaining talent is increasingly critical to their roles. Now, with today's IT talent shortage, it's more important than ever for your team's skills to be current. No 87% of companies say that they have skill gaps in their employees. Plus, it's kind of overwhelming to assess your IT staff skills, but it doesn't have to be.

Aci learning now offers insights. That's right. It's a revolutionary skills gap analysis tool to assure you that the training you're providing actually is working. In a quick one-hour Assessment, aci learning insights will allow you to not just see, but understand and fix the skill gaps on your IT teams. This is something we've all been waiting for, especially IT managers. This insights actually makes it easy, because it helps identify Specific skill gaps in your employees and see where your team's weaknesses lie. Plus, it empowers your team to with personalized training, and we all know blanket training waste time and money. Insights offer details, solutions, support and strategy by issuing Recommendations and training for individuals and your whole team. A compare results against other organizations so you know where you actually stand. Plus, you can test skills and close the gaps with practical labs that allow trainees to focus on the skills they need most. Aci learning helps you retain your team and entrust them to thrive, while investing in the security of your business.

More than 7200 Hours of content are available, with new episodes. Add a daily. Aci learning stomps its competitors with a 50% higher completion rate. These are the training solutions your business has been waiting for. Future-proof your team and company. With insights from ACI Learning. Visit goacllearningcom. Slash twit. Twit listeners can receive up to 65% off an IT Pro Enterprise Solution plan after you're completing their form. Based on your team's size, you'll receive a proper quoted discount tailored to their needs, and we thank ACI Learning for their support of this week in enterprise tech. Oh, folks, we talked with Adam Jacob, chef, founder and system initiative as well. You know what you know. We've been talking a lot about future DevOps and how we're going to actually get there, but I do want to bring my co-host back in because they have a lot of experience and I'm sure they get some questions. Who's going first?

0:49:17 - Curt Franklin
Kurt, oh sure, why not? One of the questions that comes up often in my part of the world is the perceived gap between the code that is developed using the faster, more rapidly iterated forms of DevOps and secure code. Is this one where you think? Do you see signs that we're getting better, that both the tools and the culture are emphasizing secure, and I will use a word that we all hate reliable code to a greater extent than we did back in the break it fast, fix it fast, early days?

0:50:16 - Adam Jacob
Oh, that's a good question. I mean, it's probably, yeah, it's probably better than it was then, right, I think we're certainly thinking more about security throughout the life cycle in which we're developing the software and developing the infrastructure, sort of as they go with it. I think one of the things that we know brings about great outcomes in DevOps teams is the degree to which we can collaborate directly with experts across different disciplines. If you think about the complexity in the security conversation across the disciplines, there's application level security, there's IT infrastructure security, there's network security. All those things are different kinds of experts, right, we really need to be able to bring into that process the full life cycle of that process, both from application code but also into the infrastructure code. I think right now we don't do a great job of that, not only with security folks, but just with each other.

Most of the time in our DevOps process where we collaborate is code review. That's not even really collaboration. It's right there in the name it's review. You've already made the decisions and I'm looking at it after the fact, as opposed to saying, hey, how do I put the information in front of a security expert and just let them ask the question is this securely configured? Is this actually securely written? What's the application security posture? What's the moment we actually have that conversation with an actual other human being. Right now it's pretty rare to do that. I think it's better than it was because we've codified a lot of those practices. We've built a lot of great security technology that can do security scanning, we can do compliance as code. There's all kinds of technology that's helping us to move that needle and make it better, but the actual thing we need more than anything is human interaction, and that part we're actually not doing a great job about.

0:52:11 - Curt Franklin
Okay. So on the human interaction side, to your way of viewing this, does that mean that we're integrating into tools like, say, slack, or does that mean that something like a service now, or at last in, becomes part of the development stack?

0:52:31 - Adam Jacob
Yeah, yeah, it's an interesting question. So I mean, one of the things that we've done is we've mostly built tools that work asynchronously. So we say, hey, how do we collaborate? Well, we collaborate by pushing tickets around, right. So we say here's a ticket that goes to the security person.

Some in that security person hope that the ticket has the context they need, right. Or you're going to link them into three or four different systems to sort of get that context. I think in those cases, like it's better than nothing. But I think what you really actually want is to do what we're doing right now. Like how do I get a security person in Zoom with me looking at the thing I want to deploy or know whether I need to, right? Can the system tell me hey, you've stayed on the golden path. You know like I can validate that your configuration is secure because an actual security expert has encoded that policy in the system. That is how you express the configuration itself. Therefore, I don't need you to talk to a security person because they already kind of vetted it or you have gone off the reservation, right? Does that have something about the way that you've made this security policy, has made this infrastructure or designed.

This application requires a security review because you've left the path of what we understand. Therefore, we need to summon a person and get them to look at that infrastructure with you. So if you think about the way we collaborate, if you ever watch a UX designer collaborate with someone in Figma, or if you've collaborated with someone in Notion they're collaborating. You can collaborate together in Miro, for example, where a team gets together and what we're doing is working together to solve the problem in real time. And in DevOps, we don't. In DevOps, it's tickets, it's queues, it's everything but collaboration.

0:54:18 - Curt Franklin
Well, with real collaboration being the goal, with that being where we would like to go. Yeah, is that going to be a single source answer, or is this always going to be a question of putting together the proper tools for each segment of that problem in a way that lets everyone do what they need to do? You asked such good questions.

0:54:53 - Adam Jacob
Okay. So look, yeah, it's one of the things that we discovered in Building System Initiative. It's taken us four years to get where we are and we're still kind of very early in the journey. So we're still, to be honest, like we're not. We're still working together with a bunch of very innovative DevOps engineers to like take this technology into the world. But what we discovered was that we need to start building digital twins of the real infrastructure.

So, if you think about sources of truth, we've sort of gone around the horn on this a couple of times as an industry where it's like, oh, we need a single source of truth. And then we're like, oh, single sources of truth are complicated and hard and very rarely up to date, and so then we spread them out again. So what we've discovered is that if we build, if we focus in on the modeling part of it and we say, how do I let you model your system in as high a fidelity way as you possibly can and then allow you to interact with that model, the same way that, for example, a Formula One team can only run the race car every Saturday, right, they only get to run it really over the weekend, but they have a simulation of the Formula One car that allows them to know and the track, and so they can know before they get to the track what they think the right settings for the car are. We can do the same thing if what we do is build digital twins of your infrastructure. So if we build a model of how the infrastructure works or the application works and its relationships, then we can use the model to inform you about whether what you think should work would, or whether or not it's up to date, and we can ignore things like it takes half an hour to deploy them or it takes a super long time to boot an EKS cluster. Instead, you can sort of encode that policy into the simulation. So when we think about how do we get people together and get them to work in a way that feels more notion-y or Figma-y or real-time, collaboratively, we can do it, because what we do is build this simulation and the simulation is what you're interacting with, and then you can have a separate source of truth that is reality, and what people are doing in a lot of those cases is reconciliation between what's actually happening in the true world and what's happening in the simulation and what you expect, and I think that's ultimately how we solve that problem, when we solve it through tickets or we solve it through Qs.

I was talking to one sort of global 3000D company Big Pharma company and they were saying that the average time to get cloud infrastructure to one of their application teams was nine weeks. Nine weeks and that's roughly what we used to do when we ran data centers. We were like you got to give me nine weeks to order gear. It's got a drop ship from Dell. I got to put it in the rack, I got to put the operating system on it and we sort of ballooned our way all the way back out to that. And that's a lot because of the tooling and the workflow we put in between to keep track of all those different people with their different segments and their different tools and their different reporting structures.

0:57:44 - Brian Chee
All right, so one my last life. I was an academic and one of my biggest frustrations was this concentration on specializing, specializing, specializing, and. But I grew up in the world of generalists, yeah, and so I'm going to ask you to think if you could change academia to go and better fit where you think the development world's going to be in, say, the next four years. What would you say to the academics on the mistakes you think they're making now?

0:58:33 - Adam Jacob
Oh well, I went to college for like an hour, so so my, so, my, my actual lived knowledge of academia is pretty let's call it mediocre, kind of at best, yeah, but I guess I would probably say that the there's a there's a version of building applications and doing especially IT innovation. So in a lot of the time, what we're talking about when we talk about DevOps or we talk about application development or enterprise technology, what we're really looking to do inside these huge enterprise companies is figure out how to be innovative within the framework of this already massively successful organization. Right, if you're a Citibank, when you try to be innovative like it's harder to be innovative at Citibank than it is inside system initiative. System initiative is 20 people I can do what I want.

Citibank is like a massive global bank that you know serves the planet, and so I think when we, when we talk to those academics and we think about how we train people to work, I think we need to start thinking about teaching them how to collaborate together and how to, how to work as a set of experts focused on an outcome.

So we sort of teach engineers very frequently how to operate in like a feature factory, how to take a spec and then develop to the spec and then and then ship the spec and then hope that it works, and I think instead we need to teach people how to work together in more collaborative teams. So I suppose if I was creating an academic curriculum to teach people to do that, I'd be, I'd be teaching them how to work together with you know highly engaged product folks to build, you know very highly aligned and very autonomous teams that discover the path to the right answer in and make that innovation framework be better, which I think would then solve a bunch of downstream impacts in terms of the specifics of what people do and when they wind up in their career.

1:00:31 - Brian Chee
From just what I heard here, you would have made an amazing academic.

1:00:35 - Adam Jacob
Hey, thanks. Yeah, like I, like, I'm nerdy about it I think I would have really liked going to college.

1:00:42 - Brian Chee
Yeah well, you know, one of my big tricks was I was always fighting the faculty because I only had a bachelor's, but I had a ton of experience building really, really big systems. Yeah, it didn't matter because the academics weren't interested in listening to me. Sure, and it didn't help that I was a generalist.

1:01:04 - Adam Jacob
Yeah, I mean I've got a bunch of books on the back there that like I read, you know, because I needed to interact with people who were academic and I didn't know how you know, so I had to go buy a book so I could like have a language and talk about what I knew in the language of people who had studied it. And at the same time, you know my career and I think the DevOps movement owes so much to academic research. Mark Burgess I mean we're still living on Mark Burgess' research into systems automation, into self-healing systems, into promise theory. I mean he invented his own branch of Deontic Logic which does a very good job of defining how complex distributed systems work in the real world. And you know we've got 50 years more research to do to live on top of what Mark has been doing in academia. So like there's a value to it for sure.

1:01:56 - Brian Chee
If I'm a customer you know I'm a potential customer Say I'm not a Fortune 500. Maybe I'm, you know, just one of the bigger companies in a particular city.

1:02:07 - Adam Jacob

1:02:08 - Brian Chee
And I have a budget to develop. What kinds of things should I be thinking about? What kind of homework do I need to do before we go and jump into building something you know, especially now? We have DevOps, we have your work and so forth. How do I maximize my DevOps effort by doing some homework?

1:02:38 - Adam Jacob
first, yeah, I think the number one piece of homework you can do is learn how to be an effective product leader, like what's lacking most frequently I've seen in organizations roughly that size is there's a real art to getting people together and experts and generalists, people with all sorts of expertise, and aligning those people against a singular outcome and holding loosely what you think the solution is to that problem and letting those experts then together discover how to best serve your customers. There's a, you know, rick Rubin has a great quote I have a Rubin's a record producer and he talks about how rules lead to average outcomes, and he's totally right. If you just follow all the rules right, if you do everything that we're told to do, what you get is average. No one likes it, it's mediocre at best. And if you want extraordinary results, you got to break some rules. And I think most of the time, the way that you know that those people who are in those sort of mid-sized enterprises or even large enterprises can best serve this is by learning how to tastefully break rules. What are the rules you can break? What are the constraints that you believe are hard constraints? But aren't the things that you take as gospel. That were just things somebody made up, you know, but have just sort of hung around as rules that you believe. You know.

I had another enterprise I talked to once upon a time had a data center. They weren't allowed to use DHCP in the data center. No one knew why. They built an incredible machine to bootstrap infrastructure. They were installing operating systems by literally patching the ISO. Every time they wanted to boot a new server they would patch the ISO hard code, the IP address that they got from the configuration management database, and then boot that image and then install the operating system. It was bananas, but it was also amazing like what intelligent people to have worked around this. And when I asked them, why don't you just run DHCP? They were like because we're not allowed. And I was like who told you that? And they were like, well, everybody knows. And I'm like, yeah, yeah, yeah, but who's the human being that said you can't do that? Like what's the? Who's the actual person? Like I'd like to meet them, let's find that person and understand why this is.

And eventually it turned out there was no such person and there maybe had never been, but maybe there was, but they were long gone and I think that sort of thinking. That's product thinking, right, that's just looking at the problem and going, yeah, yeah, yeah, I hear you that that's the way, the way it is now and it's the way you live. But like what if we? What if we tweak it just a little? Like what if you? Just what if you just broke that rule?

And what could happen if and I think we don't do enough of it in the enterprise, in part because I think the enterprise can then convinces itself that it's not as creative or it's not as capable or whatever it is, which is just not true Like if you actually go out into the enterprise and you meet people who do this work. They're incredibly intelligent, they're so creative, they're doing all kinds of fascinating stuff all the time in constraints that people in less in less, in less complex environments don't have to deal with, but we just don't let them off the chain. You know, like we never actually just sit them down and go. Well, just how about you crush it? You know. So I guess that's probably the number one thing I do is I would just, I would say, figure out how to better trust your people and how to let them express their expertise more fully by giving them a better insight into exactly what the problem is that they need to solve, and then let them run.

1:06:14 - Lou Maresca
Great wisdom there, and I think a good time is any to close the show. Adam, thank you so much for being here. We're running a little bit low on time, but I want to give you a chance to tell the vast audience more about system initiative. Where could they go? Get started, find out more.

1:06:27 - Adam Jacob
Yeah, so systeminitcom and, yeah, system initiative. Our mission is to rebuild DevOps from the ground up, and if you're an innovative DevOps engineer who wants to get in on the ground floor of something that's not quite ready for you to use in production, it's not going to like replace anything you have today, but it is a really innovative new way to think about the problem and we're getting closer every day to being able to help you with real production workloads. So come check it out. You can hang out with us on Discord. You can find me on Twitter. Do we still call it Twitter? Do you have to call it X? I don't know. You can find me there, or on Blue Sky, or on Mastodon or whatever. All those things. I'm easy to find.

1:07:06 - Lou Maresca
Well, thanks again, adam. Appreciate you being here. Well, folks, you've done it again. You've sent through that out of the best thing Enterprise and IT podcast in the universe. So definitely tune your podcaster to TWA. I want to thank everyone who makes this show possible, especially to my amazing co-host right there, mr Brian Chi. Brian, what's going on for you the coming weeks? Where could people find you?

1:07:27 - Brian Chee
In the following weeks. Sorry, leave me alone. Truth be told, I am losing my mind between patching potholes, making sure we pick up large, large numbers of t-shirts so we can go and print t-shirts for the crew and volunteers of Maker Faire, and trying to get the last couple of big strands of single mode fiber between the buildings so that instead of 300 meg max we're going to have true gig and maybe, just maybe, if those optics arrive, my backbone will jump from 1 gig to 10 gig across my fingers. Anyway, hey, you can hear my ranting about shipping and things like that on Twitter. Or now it's called X. I still say that was one of those dumbest name changes I've ever seen. But hey, that's only my opinion.

I've been getting some great feedback. The viewers have been throwing all kinds of ideas at me and, interestingly enough, one of the topics that almost every well, not all of you, but a lot of you have been telling me you want is acknowledging that DNS has been a challenge. So hold that thought. I'm working on it. So throw that at my email. I'm Chebert, spelled C-H-E-E-B-E-R-T at twittv. You're also welcome to throw email at twittv. And, coming this holiday season, we're hoping to go and fulfill some of your wildest dreams.

1:09:15 - Lou Maresca
Thank you, Chebert. We also thank our very Mr Curtis. Franklin Curtis, you teased us of some of the stuff that's coming up for you. What's going on for you?

1:09:23 - Curt Franklin
Well, I do want to just clarify something that Brian said. We want to make your deepest enterprise family-friendly dreams come true. There are limits to what we on Twi-It will do for our listeners. They're out there but they do exist, so just wanted to clarify that. With that out of the way, I'm also working to get ready for the Orlando Maker Faire. I think Sunday I'll be there with Brian snorting Plastisol fumes as we try to get a bunch of t-shirts printed. I'm building a CNC machine. We're doing all kinds of stuff for that.

On the professional front, I am working on my trends to watch for 2024. That'll be coming out soon. I've got a large data product coming out where I look hard at the cybersecurity awareness, training and professional certification markets See who the market leaders are, how big the markets are, all that kinds of fun stuff. And I've got more coming up at omniacom on dark reading slash omnia, and on LinkedIn, which is where I've been doing most of my social media work lately. So feel free to follow me. I'm on LinkedIn slash Curtis Franklin. Also on mastodon KG for GWA at mastodonsdforg. Would love to hear from members of the twiat right. Let me know what you're thinking about. Let me know what your questions are. There might be some research on that in the future.

1:11:17 - Lou Maresca
Thank you, curtis. Speaking of maker stuff, for my birthday I had to buy myself a new 3D printer and I have a bamboo X1 coming. I'm excited for that, looking forward to building some amazing little 3D prints and maybe some devices that I can sell. So we'll see how it's going. Well, folks, I also have to thank you as well. You're the person who drops in each and every week to watch and to listen to this show and get your enterprise in IT. Goodness.

We want to make it easy for you to watch and to listen to this show, so go to our show page right now twittv, slash twiat. There you'll find all the amazing back episodes and all our notes for the show, of course, links for the show and, of course, our guest information. But, more importantly, next to those videos, there you'll get those those helpful subscribe and download links. There they are. So get the show by getting your audio version, your video version and your choice. Listen on any one of your devices or any one of your podcast applications, because we're on all of them. So definitely check it out and subscribe. It's the best way to support the show and, of course, if you're downloading and watching those shows, definitely supporting us. Plus, there's also another way to support us. That's why club twit it's members only ad free podcast service. Ad free Plus. It's got a bonus to it. Plus feed is got a lot. It's got a discord server. It's only $7 a month and gets you access to all of our podcasts. That's right, all ad free podcasts. And not only that, you get the members only discord server. You can chat with hosts, producers. Lots of separate side channels. There's the plus bonus content. There's special events, lots of fun stuff. So definitely check it out. I have a lot of fun each and every week on there. In fact, I got to do an AMA a couple of weeks ago. I had a lot of fun. So definitely check it out.

At twittv slash, club twit and also clubs with offers, corporate group plans as well. It's a great way for your team to get your entire team to get access to our ad free tech podcast and the plan starts with five members at a discount rate of $6 each per month and that's where you get as many seats as you like, as many seats as you like to that as well, as it's a great way for your IT departments, your developers, your tech teams to stay on top of all of our podcasts, make them ad free and just like the regular memberships, you can go to the twit discord server and that twit plus bonus feed as well. So definitely check out club twit at twittv, slash club twit. And after you subscribe, I want you to impress your friends, your family members, your coworkers with the gift of twi, because we talk about lots of fun tech topics on this show. We have some amazing guests, so give it to them, give them the gift of twi, and guarantee that they will find it fun or interesting as well, and I guarantee they will also listen and enjoy the show.

But I want to make sure that you, if you've already subscribed, that we also do the show live. That's right, live. At 1.30 pm Pacific time. We do it at livetwittv. You can choose your stream of your choice. Come see the pizzas made, all the behind the scenes, all the banter that we do before and after the show. So definitely check out that stream as well.

And, of course, you can jump into the IRC channel as well, the famous, infamous IRC channel. You just go to IRCtwittv there you'll jump into the twit live channel and you'll see all the famous characters that are in there. There's some of them right now there on the screen. Of course, we can't catch them all in that little amount of chat room content, but they're all in there and they always have a lot of fun, so definitely check out the chat room. At IRCtwittv, definitely hit me up xcomslashluemm I'm also on threads, luempmonthere, I'm luemmtwitsocialmastodon and, of course, linkedin. I'm really big on LinkedIn. I'm always doing stuff on there and posting stuff on there, so definitely check that out. I'm Lewis Moruska on LinkedIn, so hit me up on there as well.

If you want to know what I do during my normal work week at Microsoft, definitely check out developersmicrosoftcomslash-office. It's a really great way to make your office experience more productive. You can customize it. In fact, if you have Microsoft 365 right now, openxcel there's the automate tab right there. Check out the new automate tab, because that's where my team lives and it really builds amazing solutions to make you automate your Excel documents, cross Excel documents, use Power, automate, bring in data from other places Really awesome environment. So definitely check out the automate tab to see how it can be more productive for you.

I want to thank everyone who makes this show possible, especially to Leo and to Lisa this week Enterprise Tech, who did not do the show without them, so thank you for their support over the years. Of course, thank you to all the staff and engineers at TWIT, who can do the show without them as well. And, of course, thank you to Mr Brian Chee one more time, because he's not only our co-host, but he's our tireless producer as well. He does all the show bookings and the planning for the show. We can do the show without them. Thank you, cheebert, for all your support. Before we sign out, thank you to our editor for today, because they make us look good after the fact. Thank you to the TD for today, the talented Mr Ant Pruitt. Ant, I had a good time watching the Google show this week. What else is going on here at TWIT?

1:15:48 - Speaker 5
Thank you, my man. We have a good time on this week in Google. We should never win. I appreciate you checking us out, even though we go for three hours sometime, Boy, how in the world do we do that? Anyway, I just wanted to give a shout out, because you spoke about Club TWIT and how we get access to specific shows that are Club TWIT only. Well, every now and then, we'll have some from Club TWIT open to the public. This week we have Hands On Mac, Episode 105, hosted by my main man, Mr Micah Sargent. Check that out. It is available on the TWITTV website right now public access. So you get a bit of a sneak peek of what it's like to see a members only Club TWIT show.

1:16:31 - Lou Maresca
Love that Love the sneak peeks. Well, thank you, ant, and until next time I'm Lewis Moreska, just reminding you. If you want to know what's going on in the Enterprise, just keep TWIET. 

All Transcripts posts