Own the Cybersecurity Conversation, Drive Sales - Alex Ryals - Channel Security Secrets - Episode #6
Welcome to Channel Security Secrets. I'm Lou Raban. On this show, we expose the untold secrets and critical insights from the people shaping the future of cybersecurity sales in the trusted adviser channel. If you're looking to up your game around selling security, stick around. Channel Security Secrets is brought to you by Cyber Defense Group on a mission to shift cybersecurity from reactive to resilient.
Lou:I cannot wait to speak with today's guest. He's a channel leader, CISO, main stage speaker, and solutions innovator with more than twenty years of experience in technology. At TD Cynix, he drove global sales of solutions from 250 plus cybersecurity vendors to more than 20,000 channel partners worldwide. He currently leads a team of cybersecurity solutions engineers and oversees strategic partnerships with top industry vendors. He's the chief information security officer at MicroAge.
Lou:Alex Ryals, welcome to the show.
Alex:Thank you. Really good to be here, Lou.
Lou:So so, Alex, what's what's the biggest secret to your success in the channel and security in general?
Alex:Well, I think out of all the years, I've been at a vendor. Customer, I've been at a partner, I've been at a distributor, I think what I've learned is that the secret to a reseller service provider building a security practice is to align your security solutions that you sell with the skills of the sales reps who are going to sell it. Too many times I've seen those be at odds, those goals, and I've seen, resellers and service providers struggle to grow their revenue around security. So the secret is make sure you're not selling something that your sales team is incapable of selling.
Lou:That's an interesting point because I think in the channel, what we're seeing is a lot of a lot of sellers that are new to security. So how that that advice wouldn't totally gel with someone that hasn't sold security before. So what do you say to a trusted adviser that, you know, maybe sold Bandwidth or telecom, and now they wanna get into selling security?
Alex:So to answer that question, me tell you a quick story. I spent about twelve years in distribution at Abnet, and then later, they got bought by Tech Tech Data merged with SYNNEX to create TD SYNNEX. And at Tech Data and TD SYNNEX, I ran the global cybersecurity business there. And one of the programs I launched for the benefit of our trusted advisers and our TAs is is a practice builder program specifically for security. To address the exact question you're asking, we had a lot of partners.
Alex:I had 20,000 partners that would buy some type of cybersecurity from us throughout the year. And so many of them were pivoting from other disciplines. They might have been a network TA or they might have focused on server or storage or something else, some type of service. They wanted to sell cybersecurity. They didn't know how to do it.
Alex:So our Practice Builder program was a multi step process that went through a series of weeks with each one of our partners to help them think about, rationalize, you know, how to build a security practice. You know, what's really interesting is we found a couple of things that I think are important As we went and spent days in rooms with these guys trying to build business plans, we we figured out that, number one, a lot of the partners that had started practices, like, a year before and just weren't growing weren't successful. The reason was the very secret I just talked about. They had come from a network or storage partner. That's all they've sold for years.
Alex:Their sales team they hired knew how to sell storage, but yet they had picked, like, selling SIEM solutions like Splunk or Arctic well, excuse me, Splunk or Microsoft Sentinel as a SIEM solution. The sales reps just simply didn't know how to how to talk about that. Right? So once we aligned the security be network security or in the case of storage vendors, data security, then it all seemed to fall into place. But some of the other things we learned from this exercise in this program was, don't pick too many services or too many vendors to partner with right away.
Alex:You know, get get some feet under you. Pick a couple of vendors that align to your sales team. Pick a couple of vendors that have good, solid channel programs. They all are not the same. We could talk about that more if we want to, but, we also figured out that the services you pick, you know, pick one or two services to start, make sure you're really good at them, and dial them in so that you can delight your customers with those services around security.
Alex:And too too many many providers we were working with seemed to want to pick five, six, seven, eight services and 10 to 20 vendors, and when you're starting out, that just gets too overwhelming, and you can't be good at anything. So that's kind of the summary of this multiyear exercise we did with our security practice program.
Lou:Yeah. There's a lot of wisdom and and probably some definitely some pain behind that as well where you had to figure that out. So you talked about the channel. Yeah. You know, maybe speaking about what's a good channel program look like then for some of these vendors?
Alex:You know, spent an awful lot of time in distribution educating our vendors on exactly that question. It's funny how many vendors misunderstand the role of distribution and the role of building a channel. Startups in particular, they get their VC funding, and they they come straight to a distributor and think that's where the partners are, the resellers. And so if I just sign with them, I'll be okay. Unfortunately, it doesn't work quite that way.
Alex:So what what I would the advice I always gave, ISVs that were starting up or, big enough to finally start thinking about channel is number one, you need four things. But number one, you need a partner program with a guide that explicitly lays out what the rules of engagement are. So what's the protected margin for the reseller or service provider, that's gonna sell your technology? You need that partner program to be on a partner portal. That's number two.
Alex:So resellers and service providers, the channel wants self-service. Right? So, they have to be self-service with a partner portal. You need deal registration on that partner portal so that if I have an opportunity, I can bring it to my ISV, and I can tell them about it and protect myself so no one else can come in and scoop a deal. Right?
Alex:If I'm first in, I get the highest discount in theory. And fourth, these vendors have to have self-service education and training. It's if you expect people to go to training classes you offer once a quarter or classes you offer online, it's just not gonna work for most resellers and service providers. They don't have the bandwidth. Me at Microwage, I have 75 secondurity vendors we do business with regularly.
Alex:I can't possibly schedule my team to go to training for all of them. Right? But if it's self-service, a lot of these guys are taking training at night, on the weekends, laying in bed with their iPads. So if it's self-service, we can make it work. So partner portal, clear partner program with clear rules of engagement and rules of how to make money, deal registration, and, and self-service training.
Alex:Those are the the advice I give ISVs as they're building up a channel.
Lou:Yeah. I'm taking notes on this because we, we we only have a couple of those, and I think especially the self-service. We we always feel like, hey. If we do it in person and and or at least, you know, jump on a call. But to your point, I mean, everyone's too busy, especially during the day.
Lou:They they should be out there having meetings and stuff trying to get revenue through the door and deals through the door versus listening to training for an hour or half an hour. So I'm taking that advice back to the team to do that. What about, like, an individual TA? You know, there's some a lot this channel has a lot of smaller TA shops that that don't have, you know, 70 sellers or a plus, etcetera. What about the the people that wanna make that transition?
Lou:I I guess from your advice, they would definitely get enabled through the channel the the vendor's channel program and maybe some of the enablement that they're doing. What about when they're having the conversation and security starts coming up? The other thing you said, which is really relevant, is don't try to boil the oceans. Right? Like, don't try to do eight, ten vendors when you've never even really sold security.
Lou:So what do you think an easy starter, service is for security? And then, you know, how can they start to have those conversations?
Alex:Yeah. So there's a couple of things that come to mind. First of all, make sure you start getting involved in your local security interest group. Most cities have local interest groups around security where you can be around like minded people, and you can kinda start to figure out which area of security might be good for you. They bring in presenters all the time.
Alex:I go present at a lot of these around the country, and they're really great environments for you to fine tune your strategy just by seeing what other people are talking about, like minded peers, right, so that's one thought. Another thought is leverage your distributor. If you're a service provider reseller, if, you know, if you're going to market with an Avant type of aggregator or a TD SYNNEX type of legacy distributor, they all have amazing resources, training around security. They've got connections into a lot of the vendors and suppliers and help you think about which ones might be good to build relationships with. They're the ones who have all the good dirt on on which vendors have the best margin beneficial programs.
Alex:Right? So you don't wanna waste your time with someone who you you're not gonna make a lot of money with. So use your, you know, your your AVANCE of the world, your your TDSN Xs, Ingram micros of the world in order to to give you a leg up because they've got tons of programs and resources that are generally free that you can leverage. The other thing is go to the big security conferences. I was just at Black Hat two weeks ago.
Alex:You know, we can talk the whole podcast about Black Hat, but, so many great opportunities to learn from that community, not only in sessions, but just meeting the vendors in person. You get a rapid fire understanding of who does what and and things just as I walk through the showroom at RSA or Black Hat, the thought comes to mind of, oh, I bet this solution will be good for this client of mine.
Lou:Right.
Alex:Or, hey. I've never had this thought before. I didn't even know this technology existed. Maybe that's someone I should reach out to after the show. So, those are a couple of things that come to mind that help me figure out not only which technologies to sell, but also which services to invest in.
Alex:And we can go down and chat about services more if you'd like as well.
Lou:Yeah. For sure. But I I love this advice about going to Black Hat or RSA because often the vendors will get you'll get free passes. It's not really a matter of even trying to get in. So it's like if you can get to Vegas or San Francisco for those conferences and you can find a place to say that might be a challenge to bring on where you're staying.
Lou:When you get there, those, you know, you saw it. The sellers are so hungry to speak to anyone. You know, it's they'll they'll scan your tag, and then they'll they'll give you a free education on security. So I I love that advice, and it's it's it's really a good idea. And for the seller or for the services, I'm sorry, the the like, yeah.
Lou:The services that they can get into. I mean, MDR is kind of a table stakes kind of thing. Do you do you think like, what are some of the things that you you feel a a trusted adviser could sell day one that they wouldn't have to understand too much about?
Alex:Yeah. If you're day one, my recommendation would be build a network of third party service providers that you can resell. Mhmm. Because you're not gonna, on day one, have the skills, morale, the people, the resources, the funding to build an MDR, you know, capability, a SOC as a service capability, your own pin testing team. You know?
Alex:So spend your time first building up a network of providers that can deliver those things for you, and you become the front end of that with your client. You leverage your client relationships and all of your historical accounts, and you can go in and sell MDR day one as an example. And whether you're selling CrowdStrike or or Rackin seven or, you know, there's so many Arctic Wolf. There's so many examples. You can you can just sell someone else's stuff, and then you could figure out value add you can provide around it.
Alex:For instance, maybe you do a gap assessment before you sell the NDR service. Help gap someone to the NIST cybersecurity framework as an example. Not terribly hard to do that. Does it take a lot of resources? And your output of the gap assessment could be, hey, we noticed you don't have a SOC as a service.
Alex:You need to think about MDR, and here's a couple of vendors we should set up demos for you, and we'll find a solution that works. So starting there, and then pin testing is another great example. Everybody needs to do pin tests every year to stay compliant with their cyber insurance. So you may not have the team to do that internally just yet, but I mean, I could probably list 10 off the top of my head, you know, people that do that, that you could go resell and build some credibility momentum. And then once you figure out what your client base tends to buy, maybe that's the area you invest in hiring your own people and building it out yourself so you can keep a little more of the margin.
Lou:Yeah. Yeah. That's great advice. And why? Why should they sell security?
Lou:What we've seen in the trusted advisor channel is that they are used to maybe UCaaS, CCaaS, some of the other solutions, bandwidth, stuff like that. So some of them are just like, Hey, security may be the next big thing, but I'm not sure I want to get into it because it's a more complex sale. So what are your thoughts on that?
Alex:Security can be a more complex sale, but it doesn't have to be. What I tell my client, my sales team, is that every single customer you approach, I don't care who they are, they're all struggling with a couple of challenges. Number one, they know that is that their cyber risk is increasing daily. The threat actors are getting smarter. They're using AI to write malware now and to, purposefully mask themselves so they can get around traditional security measures.
Alex:So clients all know that they're facing a really challenging battle. The second thing they know is they've all got too many security tools today. The average SMB customer has somewhere between fifteen and twenty secondurity tools. A mid sized customer has somewhere between twenty and forty five secondurity products. An enterprise customer can have upwards of 75 unique security tools.
Alex:Yep. So they're all facing this real challenge of how do I integrate them? How do I make sense of them? Is it possible to consolidate to a platform approach? And the third thing that every single client we talk to is going to face is they can't find enough security people to help them figure out the first two.
Alex:Right? So there is a massive security shortage of skilled resources here in The US and globally, actually. So even though customers want to do more around security, they can't find people who know enough about the topic, so they tend to use IT people
Lou:Right.
Alex:As security experts. And, unfortunately, what I found in my career, having managed stocks and I built a cyber range at Tech Nuda, One of the fascinating outcomes of all that was IT people don't make great cybersecurity experts. And the reason is because IT people think very structured. We're very logical thinkers. We're typically programmers.
Alex:Right? If this, then that. But cybersecurity requires a nonlinear thinker. Hackers are typically somewhere on an autism scale slightly because they they think of solutions that are hard to think about. They're constantly ideating on fascinating new ways to hack into your environment, and so security researchers also are best if they come from the arts, liberal arts in particular.
Alex:If you're an artist, if you're a musician, that makes great cybersecurity people because they think nonlinearly, and they expect the unexpected. They're not expecting that a hacker's gonna follow the instruction manual for how to compromise Palo Alto firewalls. They're gonna think outside the box. And so, you know, these kinds of things are are some of the things that I've learned, you know, just along the way.
Lou:Yeah. That's brilliant, and I totally, you know, relevant as well, coming from someone with an arts background, which is where I got my degree. But the, the other thing about IT people that I noticed, is that they're also technology focused. Right? Obviously, that's the whole point.
Lou:But, it's gotta be people in process too, and I think that's the part that they kinda skip sometimes and, or or just don't have the experience for. So we we we are constantly having that battle where it's like, yeah. Your IT guy can do it. He's already got enough to do or your IT team. However, you know, to your point, they're not the best place for this.
Lou:And also there's always a tension, right, between the cyber, team and the and the IT team depending on the size of the company. So, yeah, we we've found we've done a bunch of, incident responses where we've seen the IT team has actually created the incident unfortunately. Usually an outsourced MSP that's maybe sharing passwords across clients or there's because they're only hired for a small scope or a certain scope, they're not patching certain devices like firewalls and things like that. You know, they're only responsible for the endpoints, whoever M365 is installed on. So it leads to some real problems.
Lou:And, I think that, luckily, you might be seeing this as well. The the industry is kind of evolving past that, but they don't really have a choice sometimes either depending on the size of the company. So, what what's a challenge that you and and the team at MicroAge have have had to solve recently around security?
Alex:A challenge we've had to solve around security. So, I would say part of it is helping clients recover from ransomware attacks. It's always a challenge because they're not always the same. We've got a big sales kickoff is actually this week later this week in Phoenix, and I'm doing a main stage. And at the end of my main stage presentation, I'm telling a story about a particular client that, they got hit with, IKEA ransomware.
Alex:And, you know, that's a ransomware as a service, as you might know. And and so hackers just pay a certain monthly fee and get access to this platform that can send out attacks and multiple variants of ransomware, and then they can check-in after work, you know, to see if anybody got on the hook from the phishing email or something that got got attacked. This particular customer, you know, got a ransomware variant, and this variant of ransomware typically is a double extortion variant of ransomware. So you might pay the ransom to get you the decryption key, but then they tell you they exfiltrated your data too, and now they're gonna put it public if you don't pay it again. So, you know, just that that was a really unique scenario to walk through with our client and figure out how to help them.
Alex:They did not have a lot of security in this particular example. We ended up selling them a bunch of firewalls and resegmented their network and sold them our managed MDR service to help them out. But I find it's a challenge. Customer we talk to is in a different state because they all have different levels of security deployed. Some take it more seriously than others.
Alex:I find that companies that are under some sort of regulation, healthcare under HIPAA, retail under PCI, managed service providers under SOC two, government under CMMC or ISO 27,001, those are a little better off because at least there is a playbook to follow in order to be compliant, but a lot of our clients don't have a playbook. They don't know they can use the NIST cybersecurity framework and just follow the best practice and and check the boxes, and you'll be in much better shape. So it's it's just sad on how we have to constantly reiterate the importance of what I consider to be table stakes security controls, but a lot of our clients just aren't there.
Lou:I think that's one of the biggest secrets in in cybersecurity is it's actually to do it right can be somewhat boring. It's, brushing and flossing. It's just, you know, doing the the the small things repeatedly in a structured manner, and then having a a a way to to to find when things fall out of configuration and things like that.
Alex:I mean, just basics. The basics are email security. Don't rely on just Microsoft's email security. You know, get you a Mimecast or Proofpoint or Admin Room or something. It's make sure MFA is turned on for every single account.
Alex:Make sure you're doing privileged access for privileged accounts. Make sure you have endpoint security on every single endpoint device. You know, these these things are just table stakes nowadays, and it's no different in our personal lines. Right? I mean, how many of your family members still use the same password for all their accounts and don't use a password manager and have it frozen their credit?
Alex:And, you know, it's it's we do this in our personalized way, and we carry that over into our business lines.
Lou:Yeah. Yeah. There's an inverse curve between con convenience and security, unfortunately. So more convenience, less security. You know, that's just the way it goes.
Lou:But it's funny too because you're talking about I I just to kinda geek out a little bit on the more, technical side of of the security, you know, discussion. And it's not even that geeky, but with Proofpoint and and all of that, those are great to add for for email. But Microsoft, from what I've seen, actually has gotten, better with its kind of core security products. Now they put it behind a paywall and stuff, and we can have that conversation. But well, I believe they should just, you know, let the all the the companies use it.
Lou:But long story short, we saw where one, provider had misconfigured the email, the this you know, that email provider that was security provider that wrote on top of Microsoft. And they, actually, Microsoft caught a phishing email, but then it released it to this other, tool, which then released it to the user, which is which then led to, compromise. So Yeah. I think definitely I I the the story there is not to not get email security, but, yeah, determine the efficacy of the controls you have. You know, if it's a provider, it makes sure that, you know, they've got a good history of of doing good stuff, but also make sure it's configured correctly.
Lou:You know, how many of of the, breaches and and and things that you've seen are due to misconfiguration of actual security tools that have been paid for?
Alex:A lot. Yeah. And in the case of email security, a lot of people don't realize that you've gotta you've gotta kinda maintain that daily and weekly. An email security tool is not something you just turn on or let go. You know?
Alex:You you gotta be looking at the phishing emails coming in, and if someone reports a phishing email, you gotta make sure it's not going to any other mailboxes. Like, there's a lot of active work that goes into truly doing that, and especially in our world, we we focus on SMB mid market, less so the large enterprise at MicroAge. So in our world, a lot of a lot of our clients tend to buy a secure email security product as an example and set it up once and not maintain it, and the configuration can quickly get get inaccurate. Right? So you gotta maintain all these security products.
Lou:Oh, yeah. And I think that's another mark against the IT providers sometimes is that they have that it's kinda like, okay. We're gonna sell the stack. Right? It's ConnectWise, whatever their RMM is, Labtech, you know, Huntress, SentinelOne, like, you know, insert stack here, per seat license, maybe do some work for an hour on it, when they're onboarding the client, and then set it and forget it.
Lou:And to your point, you can't forget it. You you gotta set it right the first time, and then you have to check it. What excites you about the future of cyber?
Alex:AI. So it both excites me and Frank's bitty does. Mhmm. Right? Because on one hand, I'm seeing some amazing use cases for AI being embedded in a lot of the security products we use every day.
Alex:Vendors that was the number one theme in Black Hat. Obviously, two weeks ago, AI. It was misused a lot in terms of marketing, messaging, of course. But there are absolutely a lot of really cool use cases, for instance, particularly with SIEM solutions or XDR solutions, where you can take in and adjust large amounts of data and use an AI engine to do better correlation than we've done in the past, more importantly, to then write up the remediation plan in real time based on the particular threat you're seeing. That's a huge step for incident response.
Alex:So I think that there's a lot of really amazing things that I'm excited about there. But at the same time, I'm I'm watching some of this malware that's being written by AI now, and written without as many human error in the code as a human might make. And we're seeing ransomware that's got polymorphic, and it can change its skin as it moves around your network and presumed to be different types of code and software so that it's harder to detect. That part is very scary, not to mention we used to have to have humans do pin testing to of find all the points of infiltration in a network, and there were scripts that could do some very prescriptive steps to try to log into a network as if I'm a threat actor. But now with AI, these these hackers are writing code that is is trying a penetration, looking at the result of ideating on a better way to try and trying again, And used to, you would have to rewrite your script and rerun it, and now I can kinda figure all this stuff out in real time on its own, and that's that's the frightening part.
Lou:Yeah. Oh, yeah. Because what that means is the the cost of that is really low too. It's not like you need a $200 per month, you know, subscription to chat GPT for that. You can use a lot of the free tools out there to to at least get to better than a basic level and, you know, what we used to call script kitties now that they're AI kitties, I guess.
Lou:And, it's you're right. There's that's where the conversation with these customers with with organizations that are, not investing in cyber. To your point, you know, we see this all the time. The regulated industries, have the best, protection and finance, which is a regulated industry, but they also have a very direct correlation between a a breach and losing, dollars. Some of these other companies that haven't gotten, with the game, we're seeing, like, you know, not even retail stores, but kind of, you know, services that were more even blue collar, but large, like plumbing organizations or things like that that are now realizing that or even oil and gas, right, that, hey.
Lou:We pull, dead, you know, fossils out of the ground. It's like, no. No. You've got OT on your oil wells. You're doing all these these other things that involve technology.
Lou:No one can go back to paper. Right? Like, I don't think there's any
Alex:Yeah.
Lou:Yeah. There's not one industry that can just say, okay. If we go down, we'll just go back to paper. It's it's almost everything is online now, so pretty crazy. And by the way, yeah, Black Hat AI slapped on everything.
Lou:I just swooped in for twenty four hours, and it was pretty crazy to see right next to each other. I don't know if you did the you walked the perimeter because I those are the more interesting ones. Right? That's the up and comers and and Yeah. Yeah.
Lou:It was like, two or three AI suck. I mean, there were probably 50 of them, but just in one row, you would see two or three right next to each other, advertising the same thing. It really, you can tell there's a lot of money sloshing around.
Alex:Well, yeah, I've got a couple of friends in the VC community, and I work with a lot of startup CEOs in security as they're trying to build out their go to market and build channels. And what I've learned is that at this point, the VCs won't even give you money if you don't have an AI angle on your security product. So I I I wasn't surprised at all to see all the AI focus in branding there in the, the area that the show that was focused on all the startup guys because they they have to do that to get money.
Lou:Yep. Yeah. Makes sense. So, yeah, a personal story. You have one that demonstrates kind of how cybersecurity has had a direct impact on your life or people you know?
Alex:Yeah. I mean, I would say one of the more interesting stories, is is how I kinda came to learn a lot about cyber and then how I ended up applying it. I I built a cyber range at t at Tech Data before it became TU SYNNEX in Phoenix, Arizona. So it's still to this day, I think, the only cyber range of distribution. It's a it's a room, a facility where we can showcase the power of cyber, and and we would host events there.
Alex:Vendors would bring clients in there. We would do lock pick villages and teach people how to pick locks. We would showcase different types of security. We would demonstrate hacking exercises. We did facial recognition hacking.
Alex:And then when I built a light kit on the ceiling so that anytime we hack something in the room as part of a demo, the whole room would turn red. And people would come in from all over the country and host events there, and it was it was kind of a destination kind of event center. It was a lot of fun. But in order to build it, I had to hire a couple of guys who are very unusual. So I randomly ran across a guy at a an event he was speaking at, and I had just moved to Phoenix, Arizona, and I heard that there's a speaker gonna speak across the other side of the city over in Goodyear.
Alex:So I drove all the way over there that morning, took me an hour to get there, just to hear this guy speak. And and when I got and sat down, I noticed all these guys in suits came in and sat down all over the room. One of them sat next to me, and I I just leaned over and said, hey. I'm Alex. You know, what are you doing here?
Alex:What who are you with? He said, we're with the FBI. And I said, okay. And what are you doing here? And he said, well, honestly, we we learn more about the state of cyber from this speaker coming up than we do from our own cyber team.
Alex:So I thought, well, okay. Well, this is gonna be an interesting presentation. And so this guy gets up and speaks, for a little bit. And afterwards, I went up to talk to him because I had just been tasked with building a cyber range at Tech Data, and I didn't know where to start. And this guy talked about how he had built a non profit cyber range there in the Phoenix area.
Alex:And so long story short, he was looking for a job, and I ended up hiring him.
Lou:Nice.
Alex:And he built a range. But what was interesting is I found out the depth of his, I'll say, experience working with government agencies over twenty years doing cyber and all the the activity he did around the world related to that. And what's what's fascinating is, as he taught me over the next two or three years, all the behind the scenes of how cyber really works, how hackers really think. We we diagnosed a lot of malware code together, classifying different attackers. It it was a fascinating experience.
Alex:He brought in two friends of his from his world, I'll just say, that also built some unique tech for our cyber range that were really in the middle of actual cybersecurity, not just sellers of technology, not just implementers of you know, installers of of firewalls, but guys who are really battling the the threat actors in in the field. And it was fascinating. So, I got invited to go to Russia, to a conference in Moscow, for Kaspersky. They invited me to their global channel event. And so my team got so excited about prepping me for this.
Alex:They taught me counter surveillance techniques and all kinds of things, and then they gave me a burner laptop and a burner phone. So off I go to Moscow, not knowing what I was gonna get into. And so I get over there, and, of course, they took my luggage at the airport, gave it back to me the night I came home five days later. Oh. So I had to go find clothes for the week.
Alex:They followed us everywhere we went from the hotel. And a long story short, they brought they put malware on my phone, but not my laptop, and we're pretty confident it came in through the hotel network. So when I got home, my guys are super excited to to try to investigate all the latest ransomware or, excuse me, malware that was on my phone and see if they knew about it before, if it had been caught in the wild or not. And so, you know, just that whole experience of working in the cyber range, getting to work with real cyber specialists, and and learning from them. It was just fascinating.
Alex:It's probably the most fun I've had in my career.
Lou:Yeah. That sounds awesome. You know? Building the cyber range and then being able to do the budget that you would have had to to put that together and make it, you know, super cool. And then these guys working with, people at that level, that's phenomenal.
Lou:Very cool. So and you're personally you know, you're in Alabama, Birmingham?
Alex:I am. I'm in Birmingham right now. Moved from Phoenix a little while ago. Grew up here in Birmingham, but, my company, Microwave, is based in Phoenix. I'm in Phoenix an awful lot.
Lou:Okay. Yeah. This year, special forces is not in Phoenix, I guess. It's in, Dallas, the Yvon, channel event. So I don't know if you'll be there, but would've been easier in Phoenix, I think, for you.
Lou:How'd you get here? It looks like you've you've had, you know, technology leadership positions at pretty significant companies for most of your life. And so so how'd that lead you into the to the cyber world?
Alex:So I I was computer science background, in college. I went to Auburn University, and and I went straight from there to the customer community. I went to FedEx to work as a system administrator and learn, and that's where I really learned the technical side of IT, system admin for a whole bunch of operating systems and networking and that kind of thing. From there, I went to a reseller where I learned a lot about the sales cycle. How do you sell?
Alex:I was a presale solution architect and eventually ran software development there for a while and became their CTO. But when we moved into we sold the company actually to Abnet, a distributor, and at Avnet, they were looking to invest in in four new practice areas that seem to be up and coming in the market, IoT, cybersecurity, data analytic, and mobility. And back then, those were kind of newer concepts for distribution. Customers were really asking a lot of questions, and partners were trying to figure out how do we sell this stuff. So they came and asked if someone would be willing to start a practice at tech data at AvMed at the time around cybersecurity?
Alex:And I raised my hand, and I was like, I don't know cybersecurity. You know, I've been doing cyber for a long time and on my personal life. Mhmm. And so they gave me a shot to build a cybersecurity practice there at Avnet. And later, when AMNET got acquired by Tick Data, they asked me to run the full North America cyber business and eventually doable, and it kinda went from there.
Alex:But it it came from a particular leader giving me a chance to to help them build a business, which is which was really, really great.
Lou:That's awesome. That's really cool. It's a good way to get into. I think you have to be technical. Right?
Lou:I I don't I don't believe you can be successful at cyber these days. You know, at least have a long career if you're if you don't have technical skills.
Alex:I agree. Software development in particular is important to understand how malware might behave and what type of security you need to defend against it. And the scary part about AI is that we are replacing that great skill set of software development that people go through as a rite of passage in IT with AI. And so I think about how we're moving more toward a new role of software architect where humans will architect a software offering but probably use AI to build the modules for it. But then over time, am fast forward eight to ten years, who has the skill to be a software architect if no one went through the process of writing code and understanding code?
Lou:Oh, yeah.
Alex:So it's, it'll be an interesting sticky wicket, as they say. Yeah. We'll figure that out.
Lou:Yeah. We will see. It's a brave new world. We're still trying to figure out how this AI is gonna impact us. And and in some ways, I think, you know, humans are not going to be replaced.
Lou:It's just we'll be able to use it as a tool, and those who stop using it as a tool or don't know how, those are the ones that might be left behind. You know? So, what do you do outside of work? I know that, you've got a propeller behind you. So
Alex:Yeah. Hobby my main hobby is aviation. I have an airplane. I have a Mooney. It's a 1993 Mooney m 20 m bravo.
Alex:For any of you Mooney fans out there, it's a long long body Mooney, big four six cylinder engine. Can go to 25,000 feet. Comes with oxygen. Wow. Not pressurized.
Alex:Oxygen. It's a traveling plane. So my wife and I like to go on the weekends. We'll fly in different cities and have dinner and come back. We'll fly to the beach.
Alex:We're from Birmingham quite a bit and have to see food. Come back. We just, I like little missions. Most weekends, you'll find me taking my buddies and their kids up.
Lou:That's really cool. So you've got a a lot of hours under your belt?
Alex:I've got a little over three hundred hours. I'm instrument rated. Very It's a high performance complex airplane. Those are classifications of a of a license, so it's fun. It's a it's a great hobby.
Alex:The reason I love aviation is just like IT, you can never or cybersecurity, you you never stop learning. Right. Every single night, I'm in bed on my iPad for about an hour watching a combination of cybersecurity or or aviation videos on YouTube. Right? Just learning about the craft.
Alex:There's always something more to learn about an airplane, about flying, about the rules and regulations, how to be safe. It it's a never ending journey, and I need that distraction because otherwise, I would spend all my time, you know, at work.
Lou:Yep. Yeah. That's great. And it's true too. I we had an earlier episode where we spoke about how what makes a good cyber professional, and I think definitely constant learning.
Lou:You know? The the if you're if you wanna get into this industry, that's the best advice is to to to be someone who constantly learns. If you're intimidated by that or, you know, it's it's it doesn't feel good to to be confused when you show up at work, it had no matter how much you know, then probably not the right, field for you.
Alex:I get a lot of questions. A friend of mine bring their teenage kids or their college kid, and they say they wanna get into security, they wanna get to him to lunch and figure out what they should do. And my answer is always, you need to understand that cybersecurity is the culmination of multiple disciplines. You networking. You need to study computers and operating systems.
Alex:You need to to study software development, scripting at the very least with stuff like Python, and then you learn cybersecurity because cybersecurity really requires all those disciplines to be good at it, and you can do all of that for free. I'll point people to cyberary.it. It's an amazing free website. It's just tailored to cybersecurity training.
Lou:Oh, yeah.
Alex:If you're going after your CompTIA Security plus or your CISSP, most of the resources you need can be free and online.
Lou:Yeah. Yeah. In including AWS or spitting up infrastructure somewhere where you can test you know, build a network and test it. You know, you're you're probably a little bit younger than me, but around the same time frame where you had to have a rack, you know, a very noisy server in your house and, you know, to be able and and a bunch of routers and switches to be able to play with this stuff. And now you can do it online for you know, with free, free credits here with AWS.
Lou:So there's no excuse.
Alex:The only difference is I could, I could get equipment donated from lots of places. At one point, I had Yeah. 10 servers in my house in Iraq, and I had dedicated PowerRun to my office and the house. And so once you buy, you kinda have it all, but you're with cloud, you gotta pay
Lou:Yeah.
Alex:Regularly. Or it can be a little more expensive nowadays, but you have access to better tech nowadays because I was running old AIX servers and Solaris servers and Oh, yeah.
Lou:You know? Oh, yeah. And then also if you, you have a wife, or a partner, they're not gonna they don't they don't suffer that very long.
Alex:Right. Noise.
Lou:Yeah. The noise and the heat. Yeah. So so, Alex, where can people find you?
Alex:I have a YouTube channel.
Lou:Okay.
Alex:So my YouTube channel is cybersecurity deciphered, d e c y p h, And I post content out there regularly. Lately, what I've been doing for Microwage, I started doing it just internally for our reps, but I publish these on LinkedIn and my YouTube channel every month. I release a video I call the CyberByte video, Byte as in b y t e. They're short. They're ten minutes.
Alex:They're on one topic, like what is, zero trust, or I talk about the difference in the EDR, MDR, and XDR in video. So each video is one topic around cyber. They're ten minutes. They're easy to consume, and then my marketing team cuts them up into shorts, you know, and puts them on LinkedIn throughout the month. So follow me on LinkedIn, and you'll check out my CyberByte videos.
Lou:That's awesome, and we'll put the, the link in in, any of the places that you find this podcast. So thank you, Alex Ryals. Thanks to those that are also watching or and or listening. If you learned something today or laughed, please tell someone about this podcast. Thanks again, Alex, and this has been another exciting episode of Channel Security Secrets.
Lou:We'll see you the next time. That's a wrap for this episode of Channel Security Secrets. Thanks for tuning in. For show notes, guest info, and more episodes, visit us at channelsecuritysecrets.com. Channel Security Secrets is sponsored by Cyber Defense Group.
Lou:When it comes to protecting your business, don't settle for reactive. Partner with experts who build resilience from the ground up.
