Nick Mellem: 0:04

All right, Eric. Morning. Morning, Nick. Hey, how you doing? It's been a little while. It's been too long. We had the holiday break in between. I don't know if you call it a break, but we certainly uh it's been about a month or so since we've done one of these, so happy to be back on. Awesome. Yeah. What have you been up to with yourself? Well, we have because of the course of the holidays and with two uh you know young girls, we're enjoying the holidays a little bit differently, I'd say. Trying to slow them down a little bit more than the you know, we used to do racing around, trying to see a bunch of people were more focused on the core group, I'd say. But so it was a great holiday season. But uh, you know, we're back into work and you know, everything's just coming at us crazy. There's so much going on that uh, you know, we're just trying to keep keep a lid on and we're doing a great job of that as a team. So happy to be back in the saddle after the holidays. How about yourself? Uh are you a real tree guy or fake tree? I we're a real tree. Okay. We're real tree. Yeah, we've got a couple places down here. One of them is he actually trucks his trees in from Michigan. He's places called the Michigan Tree Guy. So he trucks them in here. I didn't get my tree there, I just went to the good old-fashioned Home Depot. But uh, I thought it was pretty cool that this guy trucks them in um from some specific spot in Michigan. So how about yourself?

Eric Brown: 1:26

Uh right now, real tree, but I think next year is the last year for that.

Nick Mellem: 1:32

Oh no. What how come? What what makes the change?

Eric Brown: 1:36

Uh it the uh probably the last year that the kids are really engaged from a Christmas perspective because they're all older now. So um it's uh I I think we enjoy the the whole um tree in in Christmas, but um, you know, maybe something that's a little easier to uh to manage.

Nick Mellem: 1:59

Um I I think the real trees are actually easier.

Eric Brown: 2:04

You think?

Nick Mellem: 2:05

Oh yeah. You pick it up, you throw it in the back of the pickup, you bring it home, you throw it in the stand. When you're done, take the ornaments off, throw it on the curb. You're not taking the pieces apart, trying to fit them, jigsaw them together to get in a box again, and you're bungee cording the box and you're trying to put the box in the rafters.

Eric Brown: 2:23

Well, there's that, but there's the environmental aspect too. I, you know, I I was thinking maybe a planted tree where you kind of bring it in and out. It's a whole thing, but I don't know.

Nick Mellem: 2:32

Well, we'll hear about this next year, what you decide to do. We'll put a pin in it, and you can update us next Christmas. Uh okay. Well, since we got a short amount of time, I'm kind of curious to kick some things off. We talked about the Christmas trees, but there was one other activity you did over the Christmas break that you made public uh was roasting some coffee beans. We know you're into this. You've brought this up before. This is not a new hobby or activity, but I think everybody's curious to know. Well, we saw in the video, but what was the outcome? Was it good? Did the house smell like burnt popcorn?

Eric Brown: 3:08

What no, it was it was good. Had the had it underneath the uh the hood, so all that got sucked out. Um, but got a surprise Christmas gift of a coffee roaster. And like this is a legit roaster where it'll do uh, I think it does about um maybe a half a pound at a time, something like that. And it um collects the chaff so you don't have the chaff blowing all over the place. It takes about a half hour to roast it. It's got a bit of a cooler built in, so it's it's legit. It's been pretty good. Made some really good coffee with it. Um I I I opened uh that up the night before. So Christmas morning had the uh had roasted beans already and and had coffee ready to go. It was pretty good.

Nick Mellem: 4:02

So this is a set it and forget it device.

Eric Brown: 4:05

Well, you put the kind of. You you set it, it it rotates, it roasts the the beans, but you gotta keep an eye on it because it it's um you know if something were to happen, you want to be right there. And it I think it beeps like every 10 minutes. You gotta turn the alarm off so it knows that you're standing there.

Nick Mellem: 4:25

Got it. So it can get a little swirly, so you gotta man it. You gotta keep an eye on it, okay. Well, I did also get we had the Secret Santa, as you know. I got the uh got a grinder. Um, so I think the next step for me is gonna be to try to do the roasting steps, but the grinder's been awesome. It's been very tedious just because my oldest daughter, which is barely three, she wants to be involved, so she's putting the beans in one by one, and so it takes forever. Instead of just thumping them in there and grinding it, she's like putting them in there. So that's a whole thing, but uh it's good. Um anything else over Christmas you wanna?

Eric Brown: 5:10

No, I think that's uh I think that's it.

Nick Mellem: 5:13

We're into January, we're ready to go. Yeah, exactly. We're we're we're moving on. Um, I think uh for me, what I was most looking forward to talking about was I think the company's endeavors into the team strengths. Oh, sure. Yeah. You know, so we did the Colby, we did the uh paper, and then most recently we did the Clifton strengths. Uh, do you wanna jump in on Eric, why that was so important for you to move the organization into that direction?

Eric Brown: 5:47

Yeah, absolutely. So um it I'm in strategic coach, which is um Dan Sullivan's organization. It's a business coaching um organization. And and when I joined that a couple of years ago, they have you go through a couple of those exercises that you mentioned. So um the Colby exercise, um, and and these are all assessments that that you take to really understand how you operate and how others operate. Um, really kind of your unconscious motivators, uh, for example. So we did uh first we did the Colby and we got we got some pretty good results out of that. Um people started to understand what makes them tick. And then we did um print, um, which is the capital P-R-I-N-T. And um the the the print really gets behind um the motivators and triggers for the team. And then the on the Clifton Strength side, really getting into how people naturally contribute and lead. Um, so those three kind of round out, give a 360 of um us as individuals and then how we work together as a team. And it's pretty cool because you can take, if you if you're gonna work on a project with uh other folks that have gone through the assessments, then you can kind of understand um who's gonna be good in what role. And if you are working with people that maybe haven't been exposed to it before, you can share with them um how you work and and how um you're motivated and it just gives them a little bit of insight into who you are.

Nick Mellem: 7:44

Yeah, I think uh I was looking for the word, you know, like it's like decoding the team. Yeah. And especially, you know, depends on the size of your organization. But I think we get so wrapped up in, you know, somebody's title. You know, so depending on your title, you automatically need to work on a project. Right. So instead of looking at it internally, looking at, you know, maybe you have a group of five or ten people or whoever it is, depending on the size of your organization, that, you know, maybe you don't need all these people with just high-level titles to work on a project because you have everybody that could, you know, every piece of the puzzle within, right? People that you might not even thought about that you could put on this project that will all work well together, that will streamline a process, but we wouldn't know that unless we did this process. You know, when this we were first starting this, I had never done one before. Um, so I guess I wasn't sure what to expect. Um and when I'm taking these quizzes, I'm like, what are these questions? Like some of them are like, wow, like kind of like I don't want to say brain busters, but you're like, wow, what do I really think? Like, how do or or forcing yourself to answer the question actually as me, not maybe what I think. Like, you know, like how should I answer that question versus how do I really feel about that question? And I think the Clifton Strengths one, that was a long qu long test. I think it was like a hundred questions, but I think I resonated with all of them. I think it was almost two at T. So you you take the quiz, right? You get through it, and then you get a report. And then you're going through the report, and it's like, you know, wow, I never thought about it that way. I can see that I do those things. So they all actually lined up very closely for me. So then after the first one, which you said was Colby, I was like, wow, I'm I'm kind of a believer in this now. Then you take them follow on, follow on. The two other ones we did, and uh most recently Clifton Strengths, um, to see, you know, how we fit together as a team. So it's been a pretty cool exercise. Um, and I've I've already encouraged um some other uh colleagues around the industry, let's say, um, to you know, to look into it just as uh and it's also kind of a team building exercise, you know, uh a camaraderie uh collaboration tool, people get together and there's no right or wrong answer after you get these quizzes. It's just who are you? And then you kind of see, you know, I see why you and I work so well together or why we naturally gravitate to each other. And I think for me it's strengthened uh one of the bonds at the or at IT Auto Labs, just seeing um how aligned really we are. So it's been uh I've welcomed the process. I think I think most people have. It's been cool to see you know how it's been going so far, even though it is relatively new um here. But uh anything else you wanted to give you. Uh on your Clifton, do you know do you remember what yours were? I'll have to bring it up. Should have had it ready. I should have had it ready live. Do you have yours? I got mine, yeah. So I've got your there.

Eric Brown: 11:03

Yeah, so I uh strategic, uh ideation, maximizer, futuristic, and intellection.

Nick Mellem: 11:13

Those are your top five. Those are my top five. Mine are responsibility, realtor, adaptability, belief, and positivity. All right. That sounds like you. I'm a positive guy. So there's the there's the top 10 markers, and then you have the list of the there's another 30 or sorry, 25 or so extra ones on there.

Eric Brown: 11:34

Um 34 total and then 34 total. You can do the top five report, or you can do all 34. We did all 34 just so we could see kind of what's what's up at the top, and then what are some areas that that uh you know we we we don't put a lot of energy into. So yeah, it's uh it's cool. Looking forward to to that for the year. Um working with the team on it. And um, we should have the the person that did our Colby come in and you know, maybe have have her on field notes and kind of break this whole thing down. That might be fun.

Nick Mellem: 12:08

That would be fun. She, you know, I've worked with her a couple times after we took it and diving deeper with her on this just because I became so interested. I think I looked at my results much deeper in a much different way than I would have if I just took the quiz and then, you know, ingested the information and then moved about. But since we spent a little extra time on it, I you know, there's been a little bit of a shift in how I might go about my day. That I'm still looking at the Clifton strength series, and then off to the right of you know, those markers, it says you lead with relationship building is like the top top part. Um just different to, you know, see it's this is the really the only true way to kind of look under the hood, right? You take your car to the mechanic, you know, you see what kind of engine's under the hood. Um, but here you're you know, this is how we I guess we can see how uh everybody in the organization, you know, actually works or functions or or wants to work, right? How you maybe you want to do more research first, that was as we've seen. Maybe you want a more clear path. You you're not good with creating a process. So, but we have people that create process, so we'll send them out to do that. And the people that are really good at following a process and making things run very smoothly, you know, you you can send them in after so we can be very strategic about it. So that's that's cool. I think we could go on and on about this. So I think we should definitely have uh have her come on. Yeah.

Eric Brown: 13:41

It's uh it it it is something that you know, I'm being more intentional about in 26. And uh one of those is just really being more protective of my time so I can focus on the areas that that uh that I'm good at. Um and Nick, you know, we get wrapped up in a lot of meetings, and uh a lot of those meetings and you know, it's kind of a waste of time. So I'm stepping back from meetings and I'm only gonna attend if I really need to be there because I sometimes you join these meetings and somebody's just rattling off a stream of consciousness for 30 minutes. Like, why am I even here? So, really being intentional about time and I think bringing that to our organization as a whole and and making sure that you know we're coming in, we've got an agenda, um, we're we're we're really intentional about the time together. Um, I don't need to sit through a project update if it's something that I could have read in uh you know in an email, right? And um leveraging tools, AI, automation, agents, what have you, where somebody who may be more of a talker does need to get that out, but they could get that out in a fashion that AI is gonna process it, synthesize it, and produce you know something that's really crisp that others can reflect on in their own time.

Nick Mellem: 15:04

Yeah, a meeting that could have been an email. Uh the uh what I've been doing is, and I think I think this is always gonna be this way with the LLMs. We're gonna have our favorites, you know, the flavor will change throughout the year. Uh if we would have been having this conversation even two months ago, I would have told you Claude is my number one. My number one has shifted. Breaking news. It is now my favorite right now today is Gemini. Okay. And Gemini is I'm trying to figure out how the best way to explain why I think it's my favorite. But the reason I brought it up is because what you were just talking about is like being more intentional and like being more intentional with your time to like send an email versus call a meeting. So you can use an AI tool like Gemini, like like the stream of consciousness, to have that conversation and it can put it into a bullet point. Boom, you put it in an email, you send it off. Um, but I think the way that we're doing things at IT Auto Labs is what you said of being more intentional, is you've made it possible for people just to make a decision. Like we don't need to have a fifth meeting about a about a tool or something like that. If you guys feel strongly about it, and this is what we need to solve the problem, just get it and go. Um, and if we need to make an adjustment down the road, um we'll we'll do so. But uh that's uh that's good. Good piece of advice to be more intentional. Uh we can't always take less meetings, but we can certainly try. So Nick, all right.

Eric Brown: 16:36

Switching gears, Sonia, right? Yeah, let's switch them up. You're going into a new account. Um and you know, you're you're kind of week one in there. What what are you doing? Um, what is your go-to kind of repertoire of what what's the tool that you're gonna bring in or process or what are you gonna do to kind of help this organization through an inflection point?

Nick Mellem: 17:03

I was thinking about this question last night for a while. Again, I'm I was up like three times last night with our youngest baby feeding her a bottle. So I had a lot of time to think about this overnight. I could answer this question multiple different ways. I could take the easy route, hit the easy button, and say we're bringing Palo in, we're getting the XDR set up, we're you know, going the whole EDR route, XDR route. But I was and I was thinking to myself, I I'm kind of more of an auditor by by trade in the in the field here. So do I want and we were meeting with a client yesterday and we're talking about um Veronis. And I was like, do I want to take a more unconventional route with this question and bring in Veronis so we can pull back the hood, get our files all in place? Because a lot of these organizations that we're working with, and I know you didn't specifically ask about the organizations we're working with, but for sake of argument, that's where I'm putting this meet compliance or a government organization. They've got HIPAA, CGIS, PCI, FTI, the whole thing. Um, CMMC. That's a lot of acronyms. I know it's too much. It's it really is too much. CUI, we get the whole thing. So I think I'm gonna have a little bit more fun with this question instead of going like EDR um or like proof point or something like that. And we're gonna go with Veronus and we're gonna pull back the hood, we're gonna get all the files, we're gonna get everything under control, we're gonna figure out where your data is, what data you have. We're gonna figure out how we're gonna tackle compliance and are we're gonna remain in compliance. Um, so I yeah, I was kind of thinking, I I kind of wanted to answer it a different way than conventionally. So I think I'm gonna go with Veronus and then we'll move on and get everything else under control because I knew you'd go more technical. So I was like, I'll go a different route than Eric's gonna go. What what route did you think I'm going? You're gonna go uh email security, I think, first. And then uh or EDR.

Eric Brown: 19:00

I I I do like email security, EDR kind of yeah, yeah, you know, that's a good no-brainer. Um question though, does the organization already have MFA?

Nick Mellem: 19:11

I thought about this last night too. I was like, do I just go hardware tokens and hardware MFA and just say we're implementing YubiKeys right away? Uh so I did think about that. Let's say they don't have MFA.

Eric Brown: 19:23

Oh, you gotta do MFA first. Yeah.

Nick Mellem: 19:25

Yeah.

unknown: 19:27

Yeah.

Nick Mellem: 19:28

Yeah. It's there's no question about it, you gotta do MFA first before you do anything else. It's crazy to me. And then I think why I'm looking off on the side here and shaking my head is because to thinking now 2026, we're still hanging having the conversation that an organization doesn't have MFA is wild. It's truly wild. So we're we've we're skipping the standard MFA, and we, you know, to me, it's like you gotta get YubiKeys. Um And I get some for the MFA. But I'd love to just right off the bat rip it off and get some Yubi-Keys.

Eric Brown: 20:07

Okay. Awesome.

Nick Mellem: 20:11

Are you uh are you a fan of YubiKeys, Eric?

Eric Brown: 20:13

Uh sure. I I like the YubiKey. You know, I uh no no issue with the YubiKey. I I I think just the standard MFA to start, just to get people um something um and reduce the friction, reduce the complexity is great. But then yeah, certainly YubiKeys or um CAC cards, um the you'll notice on some laptops they have the slot on the side, but you know just about any federal government organization has mandated CAC cards, um, which yeah, I think Google, um I think they they all use a form of UB key. And so it you know, if those big organizations are doing that, you know it's important and um it it's probably saved uh you know millions, if not billions, of dollars of issues just because they they they took the path of this is how we're gonna do it. It's it's you know, we're not gonna argue about it. It's just this is the way it is. When you when you work here, you get this access card, and this is how you access your equipment, which uh, you know, I really love that because it's dead simple and it's just like this is how we do business. And if if more organizations did that, we'd have a lot less problems.

Nick Mellem: 21:33

Yeah, and not only from a security standpoint, but it probably taking a lot of stress off of your service desk, right? Because you're not gonna the annoying password resets um tickets, right? Somebody can't log in, they're calling you at 3 a.m. because they randomly have to check their email. Um but yeah, we used the cat cards uh when I was in the military, and this was um 2007, 2008 um during that time, and we were using cat cards then, and every computer you went to, um you know, you had to drop there was a little slot in the keyboard that you had to drop it into. Um, or as you mentioned, on the side of the laptop, you stick it into the side. So um that wasn't super, super long ago, 15 plus years, but uh um we're like I said before, we're still having the conversation now. People aren't using MFA. So, you know, if we're wheeling it back to the beginning of the question, yeah, MFA is kind of the no-brainer if they didn't have it. Yeah, I guess assuming they did, that would be best case, but uh yeah. All right. I think we're kind of bumping up against uh against the end here. Is there anything else you want to chat about, Eric? Any any flight goals for this year 26?

Eric Brown: 22:45

I I want to get up a little bit more than I did last year. So um I do have that goal and I I want to get my glider license this year. Uh I've been last couple of years I've been messing around with it, but um I just it's really hard to book time with the glider and the instructor because it the the time just fills up and then maybe you have a weather day and you can't go. Um so I I do want to get that done. You know, I probably need about another 10 hours or so in it, and then uh take the check ride and and all of that. And then when you come down, you and I can go up.

SPEAKER_01: 23:20

Yeah.

Nick Mellem: 23:21

Uh I'll stay down and get some cool pictures. But honestly, what was the we talked about it a couple uh episodes ago. The glider, not the glider, the it's got the parachute and the the fan, propeller fan on the back of you can wear as a backpack or a seat. Oh, the ultralight. Ultralight, yeah. Yeah. Are there any any chance that you're gonna be doing that?

Eric Brown: 23:46

I would love to do that, but it it's maybe just a hair too risky for me right now. Yeah.

Nick Mellem: 23:54

Uh that is like dangerous that you're saying.

Eric Brown: 23:58

I think I mean they are dangerous, right? Because you have a you have a wing or an airfoil that um can potentially collapse, right? It's not rigid because it's you can inflate the leading edge, I think, with with air. But um if say you you know you you turned, uh maybe you're going down when you turn up wind, and there was um gust of wind or something, you could have that wing collapse on you. And if that wing collapses and you're you're too low, you can't pull the reserve. Um it's just it's gonna be a bad day. And and I'm not saying that um you you can't learn to appropriately fly the the ultralight because there's thousands of people that do. Um, and I don't I don't think they're super dangerous, but for me right now, um it's not the smart decision to to do, even though I would love to just be, you know, 50 feet over the river just cruising, right?

Nick Mellem: 25:02

I mean, it's it sounds awesome. We need Eric around, we got to keep him around. No ultralights for in this future. No ultralights. I saw a video on social media, I think it was last week, and then it was in Florida, and there was a helicopter taking off a pad. It looked like it was floating. Sure. And there was another helicopter right here, and this the helicopter coming off the pad smacked in to the one. Yeah, I'll have to find it and send it to you. Um, it looked like a scary situation. I don't know if anybody died, they weren't that high off the ground. I mean, relative, you know, to me where they were going, they're maybe 50, 30 to 50 feet off the ground. Looks like they had just come up. So I don't think anybody was um fatally injured or anything like that, but um scary to see nonetheless. Anything else? Uh closing remarks for the people, Eric, before they get their days going. No, that's it. Let's get back on here soon, though. Yeah, let's do it. Um, all right, Eric, thanks again. Thanks everybody for jumping in, and we'll see you next time. You have been listening to the audit presented by IT Audit Labs.

Eric Brown: 26:06

We are experts at assessing risk and compliance while providing administrative and technical controls to improve our clients' data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, or all our security control assessments rank the level of maturity relative to the size of your organization. Thanks to our devoted listeners and followers, as well as our producer, Joshua J. Schmidt, and our audio video editor, Cameron Hill. You can stay up to date on the latest cybersecurity topics by giving us a like and a follow on our socials, and subscribing to this podcast on Apple, Spotify, or wherever you source your security content.