The Trusted Advisor Advantage - Rick Mischka - Channel Security Secrets - Episode #2
Welcome to Channel Security Secrets. I'm Lou Raban. On this show, we expose the untold secrets and critical insights from the people shaping the future of cybersecurity sales in the trusted adviser channel. If you're looking to up your game around selling security, stick around. Channel Security Secrets is brought to you by Cyber Defense Group on a mission to shift cybersecurity from reactive to resilient.
Lou Rabon:I'm excited to welcome today's guest. He's a respected security thought leader, army veteran, and cybersecurity cybersecurity expert with over a decade of experience in technology and cybersecurity. He served as a special forces sergeant in the US army. In 2024, he was featured in the top 100 innovators in Entrepreneurs magazine. He's the founder and former host of the Cyber Pro podcast, cohost of the Avant Technology Solutions podcast, and currently slays it as a cybersecurity SME at Avant Communications.
Lou Rabon:Rick Mischka, welcome to the show.
Rick Mischka:Thank you, Lou. How are how are things going? I think you're probably more of a subject matter expert than I am, but I appreciate the intro.
Lou Rabon:I don't know. I don't know. I I think it it depends on which subject we're talking about. And under pressure, I don't know who can I think you've probably got the the jets to operate a little bit better under pressure? But one of the first things I wanna ask you, Rick, is what's your biggest secret since this is channel security secrets?
Lou Rabon:The biggest secret to success, your success in the channel.
Rick Mischka:It's really demystifying and simplifying that security doesn't have to be a security conversation. I think in the last year that I've been in the channel because I've only been in the channel for a year. That's crazy to think about.
Lou Rabon:But in
Rick Mischka:the last year, I've really taken a different take on how to position security for trusted advisors, sub agents, partners, and that's you all know how to have a sales conversation. You all know how to have a business operations conversation because you're selling connectivity or unified communications, why are you so afraid to have a security conversation? Really, all you're doing is asking them what are you doing to protect your data? What are you doing to support your employees so both of those and continue to give the best service to their customers themselves? And when you phrase it like that, when you use the term resilience or operational advantage, the channel just gets it and the customers love it because now you're having that business conversation and it's no longer this cost center.
Rick Mischka:Oh, I gotta spend it because somebody's telling me to spend it. It's I get to actually make a difference for my organization. So it's kind of a fun trip.
Lou Rabon:Yeah. And so so you think that translating that is a secret, like, being able to have the courage, I guess, to to open the the door to that conversation.
Rick Mischka:Yeah. Yeah. I think I think if you can translate that, if you can have just enough of an understanding about all of the acronyms in our world. Right? There's so many And not worry about what the acronym does, but ask the follow-up question, Oh, you need an identity access management tool, IAM.
Rick Mischka:Why? What is that going to do to allow your business to continue to grow revenue? Oh, well, it's gonna allow us to do x y z. Those are the questions you ask, and when you ask those questions, every customer goes, I wanna have another conversation with you because you're making me think.
Lou Rabon:Yeah. That's a good point because we often are getting calls from TAs that are like, okay. They need a pen test. And so we're like, why? Why do they it doesn't matter.
Lou Rabon:Customer wants a pen test. Can you do a pen test? And we've been increasingly turning those down because we're saying, hey. Listen. If that's all they're interested in, if they don't wanna get better, if they're not looking to improve something about their program, then it's probably not a good fit for us.
Lou Rabon:Not saying there's other providers that wouldn't do it, but I think to your point, Rick, it's like when they don't when the TAs are not asking those questions of the customers, then they're missing an opportunity, really.
Rick Mischka:Yeah. And I know you guys are great at the Pentest side. You guys have a bunch of other solutions like the cybersecurity consulting arm that you guys do. I always ask the trusted advisor around those pro services, oh, they said they wanted a pen test. I need two things from that.
Rick Mischka:Right? I need a budget and I need to know what the outcome of it is because if you can't give me those, then our providers, the cyber defense groups of the world, they're going to decline this. They're not going to support you because they need to know that there's something meaningful going to come out of it. Is it going to be continuous exposure management? Is it going to be some form of cybersecurity support?
Rick Mischka:Whether it's consulting or whether it's a future state or maybe it's artificial intelligence readiness build. Those are the future of a company, and just because somebody says my insurance company says I need a pen test, unless they tell you that that budget's 50 k or higher, I don't know. That's probably not a great use of everybody's time, so.
Lou Rabon:Yeah, yeah, big time. So, you know, you're throwing out a lot of really advanced concepts. How do you speak to someone that's been selling, you know, broadband? They've been selling, you know, voice communications, and now they're seeing the opportunity in security, but they're just, like, mortified to even, you know, to your point, throw out the acronyms and really start having that conversation.
Rick Mischka:Yeah. You know, I think I think if we have two arms. Right? A lot of people in the partner community have come from selling connectivity or selling communications. And I tell them that those are fairly commoditized.
Rick Mischka:They understand that if I ask this question, they're going to say yes or no, and then I can ask them the next question. And I said, in this case, you're no longer asking the yes or no questions. You have to go back and ask them the open ended question. And so think about the question you're about to ask. Don't ask them what keeps them up at night.
Rick Mischka:Right? Everybody asks them that. That's such a you know, it's such a question that's known. Them something that you know already. Did you sell them connectivity?
Rick Mischka:Then ask them, hey. You know, I know that we've been partnering together for a while. I've been able to get you great connectivity rates or I've helped you with your network arm of your operations. What's the next iteration of your company and how are you securing it? Man, that's an easy question.
Rick Mischka:And I said the word secure, yeah, I get it, but ultimately that was what I do. And then the other thing I always tell trusted advisors to ask, and I think this is this could be used for everything. Doesn't matter what it is, is Tell me what you're doing really well today with your security posture. Everybody likes to talk about their good things. They're very positive.
Rick Mischka:And it tells you what they think security means to them. They say, oh, I just bought, you know, x, y, z firewalls, and we love them. They're super easy to work with. They're a network first company, and they haven't thought about their user data. They haven't thought about their cloud posture.
Rick Mischka:There's your next question. Right? And cloud's an easy word. It's a five letter network adjacent word. And so same thing with unified communication.
Rick Mischka:You've had a conversation with them about communication. Most likely, it's for internal and potentially external customer experience, but now you can take that one step further and say, well, how is your internal employees communicating about what they need to get their job done, and then how can you help support securing that. You're not having a security conversation. You're having an employee conversation, an efficiency conversation. So I try to take it down the journey that they know, and then I just I will tell you that I've been on a number of calls with partners where I've actually done role playing with them, and I just don't think that the partners are used to that.
Rick Mischka:You and I, when we were younger, man, when I was in the military, man, they'd stick to you in a room and they'd be like, alright. Let's role play this out. You're about to go talk to this warlord and, you know, you guys for me, it was Yugoslavia, but, you know, and they're like, how would you do this? And then you get feedback. And so the best TAs, the best trusted advisers have been those that role played out.
Lou Rabon:Yeah. What what you're talking about is preparation. It's funny because Yeah. You know, you've been a special forces operator. We do tabletops, you know, incident response tabletops, and a lot of companies are like, oh, well, you know, once a year or something.
Lou Rabon:And, you know, as of being, you know, special operations, what do you do? What's 80% of your time or 90% of your time? It's training. Right? You know, you the ops part is 10% probably, and most people don't realize that.
Lou Rabon:It's not like you just just are so superhuman that you get dropped into an environment. It's that you're so resilient, and you can deal with boredom and discipline. You know, you have the discipline to repeat the same thing over and over again until it becomes second nature. And I think what you're saying is the preparation for TAs. It's it's important.
Lou Rabon:I mean, you and I have been around long enough, me much longer, to to remember when, you know, you could take a Cisco SKU, mark it up, like, 200, 300%, or maybe a thousand percent where, you know, selling it through Ingram or something. Be like, okay. Here you go, mister customer. And they had no idea. This is like odds even, you know, pre odds.
Lou Rabon:But now you gotta put a little more effort into it. So that, I think, is one of the secrets is, you know, if you wanna sell security, it's not just as simple as saying, hey, MDR, and then pulling in three vendors. You wanna understand the pain point, the actual pain point of the the customer.
Rick Mischka:Yeah. And I think you guys have a mini secret in that you guys you just mentioned it. Right? Tabletop exercises are preparation for recovery. And I I just think you guys I would love to hear how you guys are doing it and what feedback you're getting.
Rick Mischka:But every time I've put somebody in front of, you know, a customer that says, let's do a tabletop or an incident response plan before we even talk about the rest of your pen test or cybersecurity needs, there's so many more good things that come out of it. What are you seeing on that?
Lou Rabon:Oh, yeah. Big time. I mean, I I'm I have an embarrassing story where I got really frustrated with a customer that came through the channel, and the TA probably is not very impressed with me because I kinda lost it because the customer was just like, hey. We wanna do we wanna drop USBs in the parking lot. And I'm like, well, have you had an assessment?
Lou Rabon:Have you tested your incident response plan? Things like that. So, yeah, we what we're seeing is when we get in to do a tabletop, actually, the first thing we do is a capabilities assessment because unless they need to do a tabletop for, you know, compliance purposes and they're interested in doing a little bit more obviously to say, okay. Let's figure it out, and then let's work together as a team. We're we're not we're trying to avoid the one offs, obviously, one off projects now.
Lou Rabon:But anyway, when we do that, we find that there's a lot of behind that because they're like, woah, we didn't know that we needed, you know, to have an external counselor. We didn't know there was a gap in our cyber insurance, or we didn't realize that we don't have immutable offline backups and or we thought this vendor was covering x and they're not. So, and then with the capabilities assessment, we're like, well, do you even have visibility of, you know, a tabletop is is not useless. A tabletop is always really useful, but incident response, you can have a plan. But if you haven't you don't have the visibility to know when an incident happens, you're basically getting involved once it's, you know, a a disaster scenario.
Lou Rabon:And the goal of an incident response is to catch it early, obviously. So we're seeing the organizations. It's it's funny because now, you know, going through multiple iterations, multiple generations of, you know, bad experiences for everyone. They're finally catching up with our model, which is let's do this proactively. You know, they might have already been through an incident.
Lou Rabon:They might have had, you know, a provider that didn't really know security that said they knew security, but then they got into some trouble or overlooked something really simple. And so now they're finally coming around to, okay, we want someone that does this, knows how to do this, and then is going to make us better because they're seeing it. You said it earlier. It's it's, you know, you're it's a it's not a just a cost center. It's an investment.
Lou Rabon:And, you know, we've we've banged that drum, and and Stefan has as well, I'm sure when when you guys speak. So you work with Stefan, who's who's the man. I know he's moved on to cloud now. But
Rick Mischka:Yeah. He kinda hired me to take over the security so he could go play in bigger, better things. So
Lou Rabon:Yeah, man. Well, you're you got big shoes to fill, but, you know, you're you're more than capable, so you've been doing a good job.
Rick Mischka:No. That's wonderful. You know, will add one thing that I think is interesting, and you guys do it really interesting as well. But, you know, post COVID, I saw this huge This is the quote I use. VCSO is dead.
Rick Mischka:Long live VCSO. Right? So I make fun of this quote, but solar winds happened, and now we're seeing the chief information security officers could be liable because they're negligent if they knew something. And we're seeing all of these folks go, well, we went away from this virtual or fractional cybersecurity consultant to hiring internal, and now we're seeing this trend to go back to it. But if you say the word desisto, everyone is like, no, I don't want an advisor.
Rick Mischka:I actually want somebody who is going to white glove give me what I need, tell me what I'm doing well, show me, not just tell me, but show me how to fix the bad. And I I think I think that's the pivot, and I'm seeing more more providers take that approach when it comes to that consulting arm.
Lou Rabon:Yeah. That's obviously what we're doing. And that's that's really important because bringing the team, not just saying, hey. Do this. Do that.
Lou Rabon:The armchair, you know, visas owed saying, I'll come back in a month and check if you did this. That that doesn't work anymore. So, I mean, it's a scary world out there. I hate doing the sky is falling, right, because everyone knows everyone's got breach fatigue, etcetera. But just recently, Microsoft had this SharePoint, you know, zero day vulnerability.
Lou Rabon:It didn't affect their cloud, but for the on prem stuff. But we know there's a ton of on prem, you know, servers and things like that. So, also, it's nontraditional industries that are getting hit now. Whereas, you know, health care finance, they've always been big targets. They've always invested more than others because they were regulated.
Lou Rabon:But now everyone is you know, there's there's if you're connected to the Internet, you're a target. And especially with AI leveraging, you know, they they can send bots out, and it's it's an it's crazy. So, anyway, all that to say that having the the holistic programmatic approach, there's no other way to do it. You know? What whatever any vendor says, this this is your silver bullet.
Lou Rabon:Do this, or all you need to do is alerting. All you need to do is MDR. That doesn't those days are gone. You know, if it all it takes is one misconfiguration or even if you have your con your configuration set, one person to change it because some executives said, hey. Can you open that port, or can you can you temporarily take off MFA from this portal?
Lou Rabon:And then you're popped. So
Rick Mischka:Yeah. I I will say, you you talk I love the I love the idea of this podcast being for the channel and the the, you know, the secrets around, you know, security because every time a trusted adviser comes to me, they say, I need somebody who has a security title because this customer won't talk to me because they said that their security is secret. And then you put me or you or another one like us on a call, and it's just like opening the floodgates. They tell us everything. And I go, Juan, why is that the case?
Rick Mischka:Are you hearing something similar? Because I'm hearing it all the time. Like, it's it's so secretive insecurity, but does it need to be?
Lou Rabon:I think they just it's tough. And and that's one of my questions for you is the nonpractitioner. You know, that's why TAs, I think, are a little bit reluctant, and it's also why customers are reluctant. It's it's always been a hypothesis of mine that you it's really hard for a nonpractitioner to sell security, but it's necessary. So, you know, TAs are there, in my opinion, to open the door and say, hey.
Lou Rabon:I know you you have a problem. I know people that can help you solve this problem. I think it would be difficult for the TAs to say because even if they hear it, unless they are practitioners, they're not going to necessarily know when they you know, what where the gaps are. So, I I think it's normal. I I don't think it's it's strange, but I also think that the TAs just have to know where to get the answer, who to bring in to give the answers to have the call.
Lou Rabon:And their main job, in my opinion, is to open those doors and then help, you know, find the best solution. Obviously, that's that's a whole trusted adviser. But for you, you know, question back to you, Rick, is as a nonpractitioner, how do you suggest a TA kind of open those doors for for the practitioners?
Rick Mischka:Yeah. And you're spot on about the trusted advisers not having to be practitioners and probably aren't gonna be able to sell 75 or 80% of security solutions without being a practitioner. I think the non practitioners have something that you and I don't have. And that's ultimately the ability to ask a question, and it's okay if they don't know the answer. But if you or I get the question and I don't know the answer, man, it's like I know how to own that.
Rick Mischka:Like, oh, you know what? I don't know about that. I'm going to go learn that. But it's okay for the trusted adviser to say, I don't have that answer, but thank you for making me think about it because I will find it for
Lou Rabon:you. Right.
Rick Mischka:And and that's great. That's something that I wish I I still had, which I still could say, I don't know. But in most cases, I have to say, I think it's this, you know? And kind of squint a little bit, you know, kind of have some fun with it. But I really do think that the trusted advisors forget that they don't have to know it all.
Rick Mischka:They didn't know everything they needed to know about whatever they were good at selling before this. They don't need to know everything, and it's okay.
Lou Rabon:Big time. Yeah. So so why do you think that TAs should sell security?
Rick Mischka:Yeah. I always tell trusted advisers, it might not be their biggest sale. Right? It's not gonna go close, you know, a full SD WAN across a thousand sites, you know, million dollars a month type of thing. But it's sticky, and it leads to trust that just selling circuits doesn't give you.
Rick Mischka:And that's the trust that will allow you to sell all of the other things, even if it's going back to your base. I also truly think that selling security, especially if you sell it as business resilience, is all about what's right for the business, not just what the business thinks they need for the day. And so I could sell connectivity all day. I could sell UC all day. But I would also argue that if I'm selling both of those, I'm providing something that the customer needs to do business.
Rick Mischka:Security is no different. And that's the mindset you have to get ready for.
Lou Rabon:Yeah. It's I think in those sales, you totally hit this all the time where it's like, yeah, why would they spend a complex security sale to get to know the customer, understand the pain points, put something together that's not just a, hey. Here's a quote for x amount of widgets or whatever, x amount of data centers or compute that and the numbers are much bigger. They get a nice commission check, and it's maybe three years. You know, they they sign a a three year deal or something.
Lou Rabon:Definitely, the numbers add up to say, hey. Those are more interesting. But to your point, it's a transactional sale. Once that's done, you you may check-in with the customer or take them out for some dinners or whatever. But at the end of the day, that's that you're not going to to have any other conversation around that, and it also doesn't necessarily build trust.
Lou Rabon:If you did a good job, that builds trust, but it's not something that's so you know, once they get that bandwidth, it's kind of like, who do you trust more? The guy that sold you the car or the guy that's fixing the car. Right? So, I think that when you can bring your really, you know, problems to a company like where security is and where the numbers may be lower, when you gain that trust where yeah. Okay.
Lou Rabon:Wow. You they solved a big problem for us. I can sleep better at night, etcetera, etcetera. Then it's like, oh, by the way, we have another project. And it's not bandwidth, and it's not security.
Lou Rabon:It's data center or whatever. So I I'm with you, and we've seen that consistently where we're not necessarily the biggest commission check they're gonna get, but they're they're it's definitely the trust that they get with their customers so they can they they sell more of what they're trying to get in there.
Rick Mischka:Well, I think there's two other added additives to that. Right? The first one is if you're having that security conversation, you are going to learn so much more about the rest of their business because they're going to tell you. They're going be like, oh, well, why do you need this tool? Well, because it's actually helping over here.
Rick Mischka:Oh, well, tell me about what's going on over there. The other additive that I find, and this is an interesting stat, security services, both professional and managed, the average long term revenue play is somewhere to the tune of a customer will buy from a trusted security provider, nearly seven and a half years' worth of recurring revenue. Versus cloud, it's like four and a half. We're seeing network is about five and a half, right? It's like one cycle plus a renewal.
Rick Mischka:And in security, it's two cycles plus at least one or two renewals. And so we're just seeing a lot longer play, which means that you just get to stay with that customer longer. Final thing, and this is like the bonus, is security providers or it's not security providers, security professionals like us, we tend to not have the mentality of we're gonna stay with an organization for thirty years. Right? That's great.
Rick Mischka:It's awesome. There's a lot of IT directors that have done that. But for the most part, we're super excited to help another company and move on and move on and continue to grow. And so right now, it's every four to five, four to six years is roughly the transition for a senior leader in security, except for the Fortune 500s. That's a different story.
Rick Mischka:But every four to six years, they they move. And if they trusted you at their last place, you just got a new sale.
Lou Rabon:Yeah. That's a great point, and it's true too because that just like everything, you bring your team, right, whenever you move and and and stuff like that. Also, a great thing that you just reminded me of as you're talking about that is security practitioners, we are constant learners. You know? We I think people are drawn to security.
Lou Rabon:It's funny because people are constantly probably asking you the same way they're asking me. Man, you can make a lot of money in security. How do I get into it? And I'll say, you can make a lot of money roasting chickens, you know, if you're really passionate about it. And so so I think the people that are most successful at security and the the the most gifted are the ones that are having the constant, you know, into the constant learning cycle.
Lou Rabon:So by seeing different environments, jumping around, it's it's one of the reasons that I started, you know, my company, Cyber Defense Group, because, I I was like, I wanna see different things. I don't wanna just be part of one team, a cog in a wheel of a Fortune 500 company that, you know, I'm kinda pigeonholed to one little area. We see everything, and we we do a lot. So, I think that that's important too where to your point, you know, moving around, seeing a lot of different environments, that's a plus for for cyber practitioners.
Rick Mischka:No. And and I'm gonna we've pulled back tons of curtains for the secret thing, but I'm gonna pull back another one. I also tell trusted advisers that they don't have to go knock on an enterprise door every time. And and a lot
Lou Rabon:of times, like, well, we
Rick Mischka:want the big whale.
Lou Rabon:And I
Rick Mischka:get it. Everybody wants the big whale, the big wave, whatever you want. But recently, I did the math, and I I I I looked at some data. Over 99% of all companies in The United States are 450 or less employees.
Lou Rabon:Yeah. Yeah. There's that's what drives the economy. It's small, small businesses, small and mid sized businesses. Yeah.
Lou Rabon:It's pretty crazy. Now they're not gonna be, you know, SMB is too small for a lot of offerings. They're they're concentrating on other things. But, like, midsize, mid market is is, like, I think that's where the yeah. Because you've got what?
Lou Rabon:Fortune 500. That's 500 companies. Fortune 1,000, whatever. Maybe let's say 2,000 enterprise companies. Below that, to your point, there's, you know, hundreds of thousands, maybe millions.
Lou Rabon:Yeah. So yeah.
Rick Mischka:Yeah. The numbers that I saw was companies that have over 10,000 employees in The United States are a touch over 10,000. So there's a number there. Right? That's a big close.
Rick Mischka:But everybody is knocking on their doors. And then you have almost it's almost a million SMB. Right? That four fifty or less. And and you're right.
Rick Mischka:They don't always have a big sales cycle, but it is a good place to practice. Right? Hey. Can I go close one of those big managed detection response acronyms? It's quick.
Rick Mischka:It's easy. Go close it. But you're right. The sweet spot is that mid market, 450 to just less than a thousand, and there's nearly 200,000 of those companies in The United States. So there's plenty of room to go tackle.
Rick Mischka:Go close an enterprise, go close the 10,000 employee or bigger. That's fine. Don't knock on the doors and practice your voice with the SMBs because they're listening and they have to make quick decisions, but where you're to see the biggest spend, where you're going see the biggest provider lean in is that four fifty to a thousand, maybe 2,000. It depends on the provider.
Lou Rabon:So Yeah. And the sales cycles are so much more interesting, you know, because being in the enterprise, it could you could spend a year and a half trying to close a deal. You get to the, you know, end point, and then everything is done by committee. It it takes so long. Maybe one of your stakeholders leaves, and then you gotta restart.
Lou Rabon:You know, there's just so many variables, in that equation. Whereas when you're in the mid market, you're usually speaking to the top of the chain food chain, and the procurement process is easier. I mean, I mid market is much more interesting, from a just a day to day standpoint. Obviously, getting one enterprise customer that's gonna, you know, do a multimillion dollar, multiyear contract, that's great. But to get there, you know, you you might be able to make that same amount of revenue off of 10 mid market clients that have a, you know, 80% quicker sales cycle.
Lou Rabon:So
Rick Mischka:Yeah. I know it's great.
Lou Rabon:Yeah. So so what's what's a challenge that you've had? You're you've got, like, the whole channel coming to you saying, hey, Rick. We we have a whatever. You know?
Lou Rabon:Something security related. Can you help us? What's a big challenge that you've helped you and the team have helped solve recently?
Rick Mischka:Changing the mindset that everything can be fixed with technology. That is the biggest if I stand on a soapbox and have a loudspeaker, that's the biggest thing that I'm really driving change towards. And I was part of a research study through the RSA, through IBM, through Comcast, through Verizon, and we've proven that if a firm focuses on just buying technology, it's not actually helping their security posture, it's actually making it worse, right? There's the stats that we saw were 78% of firms that have more than 30 technologies and security have so 78% of them have alert fatigue and are still getting breached.
Lou Rabon:Oh, yeah, man. That's crazy.
Rick Mischka:And so changing it to the service model. What can you do with a pro service, an implementation service, and a managed service that's going to allow your employees to do something efficient for your company, but lower the number of technologies that they have. And and the first question I get from customers is, well, the technology is easy. No. It's not.
Rick Mischka:How many staff do you have to throw at that technology when other people, all of you, me, all of our professional brethren, brothers, sisters, they're going to the service providers because they get to play with all the cool technology. They're not going to a mid market customer. They might go to Google. We did it. Right?
Rick Mischka:They might go to Apple. Right? That's fine. Whatever. But we see that this trend actually saves the customer money if they spend more on services.
Rick Mischka:And then when a technology like Carbon Black kind of goes away, another technology, another endpoint detection response tool can replace it, and the service provider doesn't have to do anything besides retrain on the product. So that is my biggest push to the market is stop talking about technology. The technology changes every eighteen months. Talk about the humans.
Lou Rabon:I'm standing on that soapbox right next to you, bro, because it's like people and process, you know, that and that's what we bring. I mean, that's basically our value prop. Because to your point, technology, it hasn't solved the problem. If if you believed every vendor that says that their solution is going to solve the security problem for the last twenty, thirty years, you know, look at the stats. They're going in the wrong direction.
Lou Rabon:So and and again, to your point, you know, that obviously breaches are a big thing that we we work incident response reactively. We go in there. I can't tell you how many times they've actually had endpoint protection, but at certain endpoints weren't covered. It wasn't configured correctly. We just did one breach that was a provider that had it was a customer that had hired a third party MSP who put up an additional they were charging them more money for email filtering beyond what Microsoft m three sixty five offers.
Lou Rabon:Guess what? If they got phished and and popped, you know, hacked, If they had not paid this provider for extra email filtering, they would have prevented the phish because m three sixty five caught it, but then their solution, who I won't name names, said no, release that. It's not, you know, a phishing email. And next thing you know, you know, big incident response, hundreds of thousands of dollars later, not covered by insurance, you know, because they weren't, they didn't have it, and they weren't looking at it like that. Now it's a different story.
Lou Rabon:They've got their house in order, but this is the problem because they relied on technology. They were like, oh, this is our IT provider. They must know what's going on, and I I don't wanna get on that soapbox because but Woah. Really, big problem right now because this is where everyone's finding, the issue. And that's where the, you know, back to the channel.
Lou Rabon:This is where the trusted advisers have an enormous opportunity if they understand that no longer is it, hey. You want eight eight of those, eight widgets that are going to or, you know, how many seats you have? 700 seats times, you know, these these tools, and then you're good. It's not like that anymore. It's yeah.
Lou Rabon:I think asking the why. So so you guys have solved that. You'd or not solve that, but you've you've you've come close to, like, say, hey. Let's take a step back. Let's ask some questions.
Rick Mischka:Yeah. Yeah. I think I think there's a time and place for the actual, what I would call the actual technology or the platform. Unfortunately, I think customers lean in with that, and the first question I ask them is how is this going to actually solve your problem? Right.
Rick Mischka:Right? And if they don't have an answer for me, man, I can solve your problem. Let's get the right people. Let's get you the right process. The technology, you don't you don't even care about the technology once we got the rest of
Lou Rabon:it in play. Exactly.
Rick Mischka:And that's that's the big solve.
Lou Rabon:So. Yeah. Yeah. Makes sense. What what excites you about the future?
Rick Mischka:I think the blanket answer would be artificial intelligence, but I tell people that in security, artificial intelligence has been around in the form of machine learning since twenty five years ago.
Lou Rabon:Yeah. It's not new. Yeah.
Rick Mischka:And so for me, I actually this is why I think artificial intelligence is so key to the security conversation, because it's making people think, how can I be ready to use artificial intelligence? And if they do it correctly, they go, well, let's first look at your systems. And then let's look at your data. And then let's look at what you want to get from your systems and data, and then let's build the AI model. And when you do that, you've just built a security posture before you've even gone the artificial intelligence route.
Rick Mischka:You got it. And so for me, artificial intelligence is the answer, but not for the reason people think. Yeah.
Lou Rabon:Exactly. And what we're seeing is artificial intelligence. I mean, this is obviously a huge bubble. I was speaking to someone recently, and they were like, what, you know, what do I have to think about with AI? I'm like, data.
Lou Rabon:That's that's what it's about. AI today is about data. Like, can it do really cool stuff? Is it going to it's it's a complete game changer. It's kinda like it it definitely is one of those techno technological milestones like, you know, airplanes and, the Internet and computers and automobiles.
Lou Rabon:You know what I mean? We will look back and be like, wow. That was the a a you know, delineation, basically. But today, it's in the beginning. It's like you're not gonna just as you wouldn't have gotten on a plane right after the Wright Brothers flight, you're not gonna, like, I don't recommend you put your whole business on AI today because it's it's not gonna end well.
Lou Rabon:But to your point, we are, seeing where the paradigm is. Let's start thinking about what what does AI need? What does that mean? And that's data to your point. You know?
Lou Rabon:So that is exciting. I think it's gonna it's definitely changing things. I use ChatGPT on an almost daily basis. No. I don't have a relationship with it, and I don't believe it's God or I don't.
Lou Rabon:But it's a great tool. I mean, I use it to to, review a contract. It's definitely gonna put lawyers out of, you know, junior lawyers at least out of business, because I was able to just run a contract through it and said, you know, what are the points I need to pay attention to where I had already done my pass having read a bunch of contracts. And and, you know, it pointed out things that I didn't have to go to council about because it was pretty straightforward. So it's got its uses, and it is pretty exciting.
Rick Mischka:Yeah. I think the big uses are automation and correlation. That that's you can correlate a lot of things. You don't have to have structured data to do it, and it just it helps me automate some of my tasks during the day.
Lou Rabon:Oh, yeah. Oh, yeah. Big time. Let's transition to personal. So, I mean, you're you're out there in Montana.
Lou Rabon:You know? Like, I haven't been to Montana yet, but it's on the list. I definitely wanna get to Big Sky. You're you're the Smeeav. You were at with, Maesergy before you had your own, consulting company.
Lou Rabon:Prior to that, you've you've been working with volleyball. I didn't know this about you, but you were actually a volleyball coach. Yeah. You know, many years ago, the, I don't know if they still exist, the Association of Volleyball Professionals, AVP. Yeah.
Lou Rabon:They were they were a client of mine back in the nineties in LA. Nice. It's I lived in LA in the nineties and late nineties, and they were they were one of my they were based in, if I remember correctly, like, Marina Del Rey or something. And
Rick Mischka:Yeah. Yeah. Yeah. AVP is still around. When I before I got into coaching and as I was getting into coaching, I actually played on the AVP tour for a while.
Rick Mischka:I played professionally in Finland. Yeah. So I had a good career in volleyball.
Lou Rabon:That's awesome.
Rick Mischka:I had a great run coaching, coached the men's national programs for a while, so it was a lot of fun.
Lou Rabon:Dude, that's amazing. You know, you've got the hype for it. So it's good, man. I I should get my sons interested and introduce you. They've got little hype there.
Lou Rabon:I I didn't get the same gene. I gave it to him, but I didn't get it. But that's awesome. Volleyball is great workout too. Beach volleyball.
Lou Rabon:Very cool. But, you know, tell me about how you transitioned from the the military into kind of private sector.
Rick Mischka:Yeah. So I joined the military as a reservist and never saw a reserve unit. I actually got into the military and became part of what is now called direct entry for special forces. I was one of the first x-ray classes to go through it. And I got put onto a tier one operating team, and so it was a great experience for me.
Rick Mischka:I was in for just shy of seven years. Then when I got out, I didn't know what I wanted to be. And I said, well, I did all this really high speed stuff. I should probably stay into some field that's high speed. And went into firefighter paramedic world.
Rick Mischka:My grandmother reached out and was like, hey, you have a chance to go back to college. You'd be the first person in our family for the last five generations to ever go and get a college degree. So I chose to take a scholarship in volleyball, play college volleyball, and turn it into a career but get my bachelor's degree. And then because I was coaching at the university level, I was able to go back and get a bunch of master's level courses and got a degree. And I was able to kind of just move that forward.
Rick Mischka:At one point, I'd always thought I was gonna be in technology. Right? You know, I was high schooler when the Internet was a thing, so I can date myself there. The gray beard does have some ownership there. I remember my buddy and I, we won a programming contest, and then I just never used it.
Rick Mischka:So I went back and non traditionally found four certifications in cybersecurity that I really felt I could do through a boot camp. Passed all four, and reached out to my network and was like, hey, where should I go? What opening should I take? And I was given an opportunity to become a mix of a compliance engineer and also do digital forensics and investigations. And from there, it just that's where I went.
Rick Mischka:Right? I was an architect for a while, and then I went into product management, and now, you know, fully sit on that consultary side of things, and I can't imagine a better life. It's so much fun. So
Lou Rabon:Yeah, man. And it's it's been a really interesting journey for you from, you know, special forces paramedic, you know, firefighter, that's crazy, volleyball, and then going into cyber. Yeah, that's really cool. And and, you know, doing forensics is really, really interesting. I think having that kind of background is really important.
Lou Rabon:They used to say, like, you didn't have to be technical to be in cyber. I'm sorry, but I I there are aspects you can do GRC. You can do some other stuff, you know, privacy. There's definitely areas that you can do where you don't have to necessarily be technical. But to really be effective, you need that that technical background.
Lou Rabon:So it doesn't get much more technical than than doing forensics.
Rick Mischka:Yeah. It's true.
Lou Rabon:Yeah. That's cool. That's really cool.
Rick Mischka:Oh, you'll have to come up to Montana. You'll come hang out. We'll go on the Yellowstone River because I do live about five minutes away from the river. So.
Lou Rabon:Man, that's amazing. I've never been out there. I'm absolutely gonna take you up on that for sure. I definitely wanna see Yellowstone. You you're also speaking of Yellowstone.
Lou Rabon:I remember you telling me, are you now a licensed pilot, or what's where are because you said you flew over the park. Right?
Rick Mischka:I did fly over the park. By the, you know, by the end of this year, I will be a licensed private pilot, and I'll be starting working on my commercial hours. I have enough hours to test, but it's one of those where I just want to make sure I pass it on the first go. Right? I think most cybersecurity professionals are kind of perfectionists, so I'm kind of doing the perfectionist thing.
Rick Mischka:And so I will have my pilot's license by the end of this year. And it's super exciting because I get to go up went go up about two to three times a week, and my flight view are mountains and rivers. You can't complain about that.
Lou Rabon:Like, of the best in the in the country, basically. Yeah. Yeah. It doesn't get much better than Yellowstone, man. That's crazy.
Rick Mischka:No. It's amazing.
Lou Rabon:That's cool. So, you know, if do you have a personal story of, anything that demonstrates where cybersecurity had kind of a, an impact on your life?
Rick Mischka:Yeah. So this is a mix of impact of being in the military as well as cybersecurity. Two years ago, I really was and I still am very passionate about cybersecurity, and I had been working with a nonprofit that was heavily focused on transitioning military folks out into cybersecurity. What I was seeing was that these military folks, while they were well trained, had mental toughness and resilience, still had some form of PTSD, and so I really started focusing on that. And that led me down the path of of identifying that cybersecurity professionals are actually one of the highest burnout rates in all careers.
Rick Mischka:And so I went back and applied and got in to get my PhD. I'm almost done with the dissertation, and I'm going to be defending it this fall. And I'm focusing on how cybersecurity professionals, through their organizations, not as individuals, but through their organizations, can be provided with mental awareness and preparedness training, because ultimately a cybersecurity professional is no different than a military soldier. The only difference is there's not bullets coming at their heads. There's bits, right?
Rick Mischka:There's bites. There's attacks. And, I'm I'm putting together a really cool research process around how I can take that burnout in the cybersecurity profession and extend it so we have less of a skill set.
Lou Rabon:Rick, I mean, that's so impressive. You're with your background and everything, I had no idea about the PhD. You're just a badass, man. Like, mad respect, and it's great too. I mean, there's no doubt that there's a a real issue with mental health.
Lou Rabon:I mean, in many ways, I think in in a lot of professions, but definitely cyber has its own unique challenges, and, that's great. That's gonna be a good dissertation.
Rick Mischka:Yeah. I'm excited. The research is done. Now I just gotta and the paper's mostly done. I just gotta defend it.
Rick Mischka:So
Lou Rabon:Yeah. Oh, so you've you've wow. That's a lot of work, man.
Rick Mischka:Yep. The research is done. I I'm in final peer review for, you know, just being able to say, yep. It's done. It can go to bed, and then and then defense happens probably in December year.
Lou Rabon:Wow. Well Yeah. Good luck with that. I know you'll kill it. Like, you have everything else in your life.
Lou Rabon:So, you know, in a good way. Cool. I mean, I think we've we've covered just about everything here. It's been, a real pleasure. Where can people find you?
Rick Mischka:Yep. I'm on LinkedIn. You know, I I typically stay off the other socials, but you could find me on LinkedIn pretty easily. And then look for me at Avant. You know?
Rick Mischka:I'm obviously available, and I am happy to just sit down and and nerd out over almost everything, even cheese. I'm from Wisconsin. So if you wanna talk cheese, I'll talk cheese too.
Lou Rabon:That's a fun fact too. Alright? For sure. Thank you, Rick Mischka.
Rick Mischka:Thank you, Lou.
Lou Rabon:And thank you to everyone that's watching and or listening. If you had fun, learned something today, or laughed, please tell someone about this podcast. And, yeah, thanks again, Rick. This has been another exciting episode of Channel Security Secrets. See you next time.
Lou Rabon:That's a wrap for this episode of Channel Security Secrets. Thanks for tuning in. For show notes, guest info, and more episodes, visit us at channelsecuritysecrets.com. Channel Security Secrets is sponsored by Cyber Defense Group. When it comes to protecting your business, don't settle for reactive.
Lou Rabon:Partner with experts who build resilience from the ground up.
