You found the backup wrap up.

Your go-to podcast for all things backup recovery and cyber recovery.

In this episode, we tackle something that's every backup person deals

with trying to get money for backup.

Backup is not sexy, but here's the thing.

When ransomware hits.

It will hit you better have good backups.

Or you might end up like the vodka company stole that, just filed for bankruptcy

due to a ransomware attack persona, and I dig into how to convince the people

with the purse rings that backup matters.

We talk about working with your security folks.

Yes, it's the same ones that I used to hate back in the day.

And also getting the GRC team on your side as well, if you're tired of being

the last priority in the IT budget.

This is your episode, by the way, if you don't know who I am,

I'm w Curtis Preston, AKA, Mr.

Backup, and I've been passionate about backup and recovery for

over 30 years, ever since.

I had to tell my boss that there were no backups of the production

database that we had just lost.

I don't want that to happen to you, and that's why I do this.

On this podcast, we turn unappreciated backup admins into Cyber Recovery Heroes.

This is the backup wrap up.

Welcome to the show.

Hi, I am w Curtis Preston, AKA, Mr.

Backup, and with me, I have a guy that I might have to defriend of his comments

today about wicked Prasanna Malaiyandi.

Oh,

so hi Curtis.

Yeah, We saw it a couple weeks ago

and I've been listening to the soundtrack and I think I might have

told you the other day I was at work, it was like seven in the morning and

I had the wicked, like I, I had, uh, popular Ariana Grande's popular song,

just like stuck in my head and I might have tried humming it along aloud.

But

It's not really a hummable song.

Hmm

yes.

Mm-hmm.

It's not really hum.

So yes, so I did that and I enjoy it.

So I was listening to the soundtrack today,

Mm-hmm.

and there is one song, I'm Not That Girl.

Yeah.

And

You're

yes, I'm not that girl.

And as part of it, she has a crush on a.

Someone, and it turns out to be a guy.

And so I had asked Curtis a question.

I'm like, why does it have to be a guy?

It's just, 'cause that's the story, man.

I'm, I'm just saying it's not very inclusive.

The, the show's about as inclusive, as inclu, as inclusive shows get

you're, so you're saying there's not, well, I would argue that

I.

guy that she has a crush on.

Uh, how do I put this?

I think he might also be open to guys,

Okay.

um, I, I'm pretty sure I mean, that, that it, it's, he's the

most free version of Fierro I've

Yeah, but then here's my question is why couldn't I have been an animal, like

there's a goat or a sheep in the movie?

There are other animals as well.

because.

Right.

Or,

No, no,

or, or,

human animal relationships.

That doesn't work.

That's a

okay.

problem

I'm just,

there's, there's so much that we, there's only so much we can take,

you know, there's only so many of the allegory of the, I mean, the, the

movie's so full of like allegories and, you know, like the animals basically

represent sort of a, a downtrodden, uh, what do you, what do you call it?

A marginalized, uh,

Yeah.

Right?

And it, it's kind of cool in that.

By being animals in the story, they can represent any

marginalized culture, which is

Yep.

Yeah.

so,

So do you still hate me?

how dare you, how dare you criticize my current, favorite movie

Which is, uh, by the way, by the way, how many times have you seen it?

three

Okay,

in the theater?

Three times.

in two weeks?

many times.

The movie's been out for two weeks, right?

Yeah, I saw it three times.

Like on the first weekend.

Uh, I, well,

And, and

the first weekend, I think a couple days later is when I

yeah.

with, with my daughter.

here you are complaining about Bollywood movies being too long, and yet you

spent how many hours in a theater.

I've spent nine hours in a theater seeing this movie, uh, most of which I was awake.

Um.

Which is surprising for those of you who may not realize it, Curtis

tends to fall asleep in theaters.

There were some, there were little naps here and there, but

Yeah.

I

But your wife took a nap

Yeah, she did

and she did see it twice.

Yeah,

Yeah,

but she napped a different section, so she was able to actually see overall, yeah.

Oh Lord.

Um, so for those of you that are, you know, here for a backup podcast,

maybe we should talk about that now.

Um, I, I, I was thinking about, I.

The, this, this idea of getting buy-in, right?

backup, I don't know if you know this persona backup is not now, nor has it

ever been like the sexy part of of it,

Yeah.

Do you think it is at the same level of like, say networking?

No.

It's below networking.

Because I mean, here's, and here's why I say that.

There are people that like go to college and, and go through training and like

Hmm.

is to be a network engineer.

No one goes

to.

become a backup person.

It's how so many people including me, got their start or get their start in it.

It's the job nobody wants.

And,

you, you know,

going to the topic.

What's that?

I want to meet someone.

I bet there is an individual out there who growing up they said,

I want to be a backup badman.

Yeah, they, yeah, they

I bet there's one person.

and they're like, I want to be like Curtis.

I bet there's at least one person in the world.

All right.

If there's somebody out there, especially somebody, you know, what if they, if they

exist, they're listening to this podcast.

And, uh, 'cause they, you know, they have a Google search, like

a, one of those, you know, the

RSSV.

Yeah.

Yeah.

Uh, for the word backup.

And, um, they found out, they found this podcast, um, and

they're like, wait, what is this?

I must listen to this.

But,

But I agree with you though that in most companies, right, it isn't

the thing that people desire to do.

They don't want to stay in backup very long if they could help it, right?

It's sort of a stepping stone to become a sysadmin or an application

admin or something else, and.

Also in terms of like IT budget, it isn't prioritized at all, right?

It's like, here are some leftover dollars or here's like a tiny

fraction of the overall IT budget go.

Do with it what you will.

And I, I, I think it, it's for a

Yeah.

right?

One is that, um, backup never added anything to anybody's bottom line

unless you're a backup company.

Right.

In the sense of it's not a revenue generating

function of the business,

It is a revenue taking part of, of the business,

but you could also say like anything dealing with like, uh, compliance

is also seen that way as well.

Yeah.

it's similar, compliance is similar in that you're doing it

because you kind of have to do it.

The um, there may be regulatory.

If you don't do it right, because depending on if you're subject to

a couple of different regulations, may be required to protect your

customer data like hipaa, for

Yeah.

Yep.

One of the, one of the aspects of HIPAA is that you have to protect the data

that you're, that you're storing, right?

Yep.

Um, and, there may be a monetary impact

Yeah.

organization if it doesn't do the stuff that it's supposed

to do for the regulations.

Right.

Um, and the

Especially if you said that It does, but it doesn't.

But you didn't.

what?

Especially if you said it does that you meet those regulatory

obligations, but you actually don't.

Yeah.

Yeah.

That, um.

Yeah.

Or don't meet them in the proper way.

Right.

Yeah.

again, I think back, I, I know we brought this up on the podcast, but

when we think about the GDPR, I, I think about some of the fines, and the one

that continually comes to me is this hospital in Portugal that their, their

way of granting various levels of.

access to the data was to grant everyone, doctor A, they made everyone

a doctor that was easier, right?

And so everyone in the organization from the janitor to, the president

of the hospital had doctor access, which meant they had direct access

to, obviously, to medical records.

Yeah,

janitor does not need direct access to the medical records.

maybe they do.

the administrator of the hospital.

Yeah.

Most of the people

Yeah.

right.

A doctor, right.

A nurse,

Yep.

other people don't.

And so that, and so they basically, the, the, the, uh, regulators, when they

looked at this, the, the response was kind of like, look, you didn't even try

Hmm.

you,

Yeah.

you just, you just said, we don't need to do this at all.

Hmm.

And so, yeah, the same's true here.

If you.

If you made a good faith effort, but then there were mistakes, uh, and,

and think bad things happen because your backups or Dr isn't good there.

You know, bad things can definitely happen to your company, but like you

said, if they're, if, if it's obvious that you didn't do anything, uh, or you

did such a poor job that it, it showed that you didn't care, then that could

have a significant impact on the business.

Right.

Um.

Um, so, so the question is, when we first start, um, you know,

thinking about this, um, so, you know, why, why is it like that?

You know, is there, can you think of a why?

Why is it that people think about it as not just an insurance policy,

which it really is, but it's, it's an unwanted insurance policy.

It costs them money and there's no benefit.

And it takes people and there's always backup people coming.

And if you follow what we talk about on this podcast,

Yeah.

be involved in every new application that gets deployed, making sure

the backup requirements are there.

On the flip side, everyone's like, why is this person showing up?

Why are they putting additional requirements on me?

Why are they making it such a pain?

Right?

All I wanna do is just build the application and go and

start generating revenue.

Right.

And then he's just that annoying

Yeah,

in the meeting of like, did we buy enough?

Did we buy it up?

Additional capacity, additional, you know, all of the, all of the

things that you have to do when you

yeah,

in

yeah.

did we

I,

the fact that we've never backed up AWS before?

anyone, did anyone

I wanna.

thought about it?

I wonder if people have a Curtis voice when they're in these

meetings as a backup person.

And maybe they're,

somebody that

maybe they, and maybe they have a Curtis on their shoulder.

I wonder who the devil would be on the other shoulder, you know.

the, yeah, we had a guy, uh, going all the way back to my first days of my career,

a guy named Joe Fitzpatrick and he was,

Hi, Joe.

he.

Yeah.

Hi He was that guy.

He would always raise it as, he would always raise his hand and

say, are we getting this on tape?

And he, and he said it with a, you know, with a twinkle in his eye, but

he just wanted to remind people, Hey, is it, are we backing this thing up?

This new amazing thing that you're talking about?

I, I think it's just, it, like you said, it doesn't, it

doesn't make anything faster.

In fact, it, it makes a lot of things slower.

Um, it creates, um, I.

Like there, there's an impact on production, right?

It might slow things down.

It might cause you to do things that you wouldn't have to otherwise do.

I think back again to, again, me with my stories, when I had this, this

knockdown drag out argument with A DBA that didn't want me, hello Oracle people.

He didn't want me to.

Put the database in archive log mode because he had this weird

thing about archive log mode that it somehow caused corruption.

And we're like, what?

Like it's a built in feature of Oracle, right?

And so he didn't want me to turn it on, but if I didn't turn it on,

I couldn't back up this really big server, by the way, really big.

I think it was, um.

I think it was like 300 gigabytes something.

It was, it was huge.

Back in the day.

yeah, and he, he didn't want me to turn it on and because, and he, he

saw that as, again, as an, as an imp impediment to him doing what he needed

to do, which was, you know, be the

DBA of this

Oracle database.

and the other thing is, say for some random reason that you're doing a

backup and the database crashes, who do you think is gonna get blamed?

Right.

yeah, exactly.

And so, you know, it, it, it gives you all these extra requirements.

It, it makes the system cost more money.

Um, you know, I can think of, over my career, the meetings where we've have to

have, it's like, okay, well that server has to have, when we were doing backups

very differently than we do to today.

We had to make sure that every server had a gigabit, um, a separate gigabit.

Nick in it, right?

Because we had like a backup network, which for the

Yeah.

was the cutting edge thing of the day is, was to have a separate backup network.

'cause that way you could get all the backups done.

It didn't impact the production network.

Yep,

Um, it was also more secure because it wasn't connected

to the rest of the network.

yep.

but you know that this costs money.

All of that stuff

Yep.

and, and it slows down the process of acquiring new equipment, new servers.

And, uh, it's, it is, it is just a pain.

Well, I think you need to show value for the business,

Mm-hmm.

right?

How is what you're going to do going to help protect them when things go wrong?

How, for example, how can you tell them, by the way, when

ransomware hits, not if, but when.

Right?

How you can help them get the business back up and running quicker.

Right.

Or get the business up and running at all.

And how you can do it quicker than something else.

Right.

And how you can help them.

Recover and not take a huge impact or a huge loss due to a ransomware

attack or whatever the disaster may be.

Right?

I, I think because, you know, let's just face it, it is an insurance policy,

Yeah.

It is.

The backup system only comes into play.

It's only useful if something bad happens and historically.

We, you know, depending on where you lived, it, it was the, the degree

to which something bad might happen.

If you lived in Florida where I grew up, you, you had a high chance of hurricanes

Yeah.

Or if you live in California where we just had a earthquake about three hours ago.

did we up there,

Yep.

I think it was a 7.8 off the coast of California or of Northern California,

and it triggered a tsunami warning.

Did anything happen

No.

wise?

Okay.

Um, you've got that, you've got tornadoes, obviously in the Midwest and

tornado alley, but if you were outside of these areas, um, you know, you,

you could maybe, and, you know, and then we, for a while there, we started

talking a lot about terrorist attacks.

Yeah,

Um,

insider risk.

Yeah.

And, but yes, insider risk, what I think always was a concern

Yeah.

because of the, the, the problem there mainly I think is two things.

One is a disgruntled employee or a, um.

You know, a, a greedy employee,

Yeah.

going to steal something.

Um, using their, using their access.

Right.

They might even, they might even participate.

There have been, there was I.

A, you remember that story we did last year where the, the, actual, it was from

like, it came to light last year, but it, um, it was from a story from two years ago

and that was an IT guy that basically did a ransomware attack on his own company.

You

Yep.

This is actually, uh, unified ubiquity.

Yeah.

Um.

So, you know, the, the, that's another thing.

And, and, and then ransomware.

The, the difference, the reason why I was saying before, like, you know, if

you have one thing in Florida, another thing in California, another thing in the

Midwest, um, and, and you know, I know nothing about the natural disasters that

impact people in the rest of the world.

Um, you know, the, other than that tsunami and Myanmar, uh, that was a mess.

Um.

And, the fires in, uh, Australia, but I don't know what, like on re on a

regular basis what impacts certain areas.

But the thing about that is you're like, ah, it's probably not gonna happen to me.

Yeah.

can, we can ensure against that in other ways.

Meaning, you know, get a really good building, build,

hire, get, you know, whatever.

you don't need to worry about the data.

Yeah, you don't need to worry about the data, but a ransomware attack changes all

of those things, and a couple of reasons.

One is, and you've brought it up already, the, the, it's not a,

it's not a if it's a win, right.

Yep.

Yeah, because if you look at how many attacks are happening all the time

and the cost of recovering, I actually just read today, no, yesterday.

So you know, the vodka maker stole,

Yep.

they got hit by a ransomware attack in August.

They're still down.

They don't think they would recover till 2025, and they just declare bankruptcy.

Really.

Yep.

You know what?

I think I did see that.

Yes, they did just clear, yeah.

They declared bankruptcy because of a ransomware attack.

Ransomware plus some other things happening in Russia, but yeah.

Right, right.

Yeah.

So really what we're talking about is when you, when you're trying to sell

insurance, you need to convince the other person that they need the insurance.

Yeah.

In this case, you're, you need to convince upper management the odds of having

nothing happen to them are virtually

nil at this point,

right?

and I think you don't even need to go directly to upper management.

Mm-hmm.

I think you should partner up with your, normally there is a GRC team, right?

A risk.

Team at a company.

That's who I think you should be partnering with to sell

your case to executives.

Because what you think about from a data protection is just part of the overall

risk profile of the company, right?

There are people and processes and technology and equipment and

locations and all these other things that that team is worrying about,

Mm-hmm.

and those are the people you should be partnering with

What does GRD stand for?

uh, governance risk compliance.

Thank you.

Um, well, let me ask you this.

I, I agree with you.

I also,

Disagree.

I agree.

I don't, I don't disagree.

It's just, I, I like the idea of going to the G-R-P-G-R-C folks.

My concern if you don't at least work your chain,

Yeah.

You should do that as well.

Yeah.

could find yourself in a, like, like, it's like you're trying to go over their

Yeah.

Yeah.

No, no, no.

I, I agree with that.

Yeah.

You should work up your chain.

But just going directly to like executive leadership, right?

I think you want to go with a broader message, but I definitely

think you are gonna need the buy-in of your own leadership to

be like, Hey, this is important.

These are the risks.

Because they have to be worried about that because say something happens, you

got hit with a ransomware attack, you're down for three months, whose neck do you

think is gonna be on the chopping block?

Yeah.

You know, um, I, I, I just, I learned a long time ago the, the

importance of the chain of command.

Right.

And you probably learned that in your Navy days too, right?

I, well,

Yeah.

definitely in the Navy days, but, my favorite story about the importance

of the chain of command, um, was taught to me when being a waiter at

Hmm.

and when we had this cook who was insane, um, the, the story was

he literally killed his wife and

Oh wow.

and, and had served his time and was now our cook.

That was literally, was literally the story of this guy, and he was a terror.

To have in the kitchen.

And I worked swing shift.

He was the, he was the night cook, so he would come in at midnight

Yeah,

and, and so half of my shift was this guy he was horrible.

And he would co, he cost me tips all the time.

And I went to my manager and he didn't do anything.

And so, um, I mean, technically in this story I followed chain,

the chain of command, but.

I

weren't getting any results.

like, if you don't do something, I'm gonna go,

Yeah.

I'm gonna go.

So I went to the manager of the store and I told, I told the manager of the

store versus the assistant manager, and then the next day I came in.

And, um, yeah, so, so I'm gonna tell the story, but the lesson, I

think the lesson I learned in this story is more like, know your place.

Yeah.

is that I, I went to the manager and then when I came in the next day, the assistant

manager called me into his office, which, and by office, I mean like, you know, this

Yeah.

Booth.

Yeah.

know?

And, and he, um, and he said, uh, so I heard you went to, you know,

management or whatever, you know?

Yeah.

I said, yeah.

And he said, um.

Do you know who, if, if, if we fire bill, whatever his name was, if we fire

Bill, do you know who has to cook me?

And he said I would have to replace him if I fired him.

Do you know how many cook, how many applications I got last year for cooks?

And, and, and he

One.

wasted

Yeah.

Okay.

He said one of the three thought maybe he kind of might wanna work nights.

So basically that's like zero applications for nighttime cooks

Yeah.

year, do you know how many applications I got for waiters last week?

Yeah.

He is like, yeah, that's where you know your pecking order, Curtis.

If you, if if I'm gonna get rid of one of the two of you, it

ain't, it ain't gonna be the guy

Yeah.

can't replace.

Um, yeah.

So it just understand in a, especially in a corporate environment, that there

is a chain of command that, that you do want to make sure you, you do your best

Yeah.

And

and

the other, one other thing to add to that too is you.

As a backup person, you don't have the overall visibility into everything

going on within the department, right, or across the company.

So it's important because what you think is important may not

be part of the overall strategy.

Maybe it should be included in the overall strategy, or maybe

it's just there are other fires that need to be dealt with then.

So what you think is important is not really overall important for the company.

Yeah, thanks for bringing that up because.

E, every department within it

thinks that their budget isn't big enough and their thing is important

and their thing needs to happen, right.

It's just that of the other departments.

When you say things like, our database isn't fast enough, our customers can't

do the thing, and the boss is like, how much money do I need to give you?

Yep.

Right.

With us?

It's like our backup system fa isn't fast enough.

So,

what do I care?

Right?

Um, so you have to translate it into language that they understand, right?

You

yeah.

it into financial.

Risk.

Risk to the company, risk to going out of business.

I think this, this article would be great.

The one about, uh, stoly

Yep.

and, um, there are companies that do cease to exist, uh,

that entire series on that.

Right?

Yeah, yeah, we did, we did.

Uh, there, there's an entire series on cloud, uh, disasters.

When you.

Perhaps what you do is you work your chain, and if you just get to a part

where you get somebody who just doesn't fully understand the, you know, the

risk, what you might then say is, do you think I should involve the GRC folks?

Right.

And you say that not in like a threat,

Yeah.

you know, this is a, do you think perhaps the GRC folks could help us out?

Like in terms of selling it up the chain?

Yeah.

Right.

Work where?

Work to where you think you can have an effect.

Do you think the GRC folks would help us selling it up the chain?

Yeah.

Use them as a, as a, as a partner rather than as an enemy

Yep.

of

Mm-hmm.

you know, management.

will say that sometimes you go to make a, an argument.

And you lose.

Well, not just you, but you get someone in management who clearly

should not be in management

Hmm.

it, and they literally say things like, well, that would never happen.

We're never gonna get a ransomware attack.

We're we got great, we got great security.

You know, we got Steve over there on the, on the firewall

and he's just, he's just amazing.

Right?

Um.

When you get that right when you hear something like I, I've heard things again.

Like, well, if that happens, I'm probably gonna be dead, so I'm

Yeah.

Yeah.

you know, whatever.

Or I'll probably be fired.

I'll probably be fired either way.

So I don't really care.

I don't really care so much about the longevity of the company as I

Yeah.

the longevity of my job.

Yeah.

When you get that, that you know that that's the only time where

I, I think maybe it is time for you to make a career decision.

Like if you have upper management that just doesn't care about the viability

of your organization, maybe it's time to go convince another organization

and maybe you leaving is the, you know, the kicker that you know that

will help.

well, the other thing I was also going to mention is when you do get

that conversation, just summarize your discussion with that person

and send it an email to them.

Yes.

To make sure that it has been documented that yes, this was discussed, this was

flagged, here was the concerns, here's what we had or here's what was decided.

right.

So you can make,

nothing.

yeah, and there might be constraints, but, but there.

changes at this time,

Yeah, and that's okay.

That's reasonable because it may not even be malicious, right?

It could be we just don't have the budget this cycle.

We have 20 other fires we're trying to put out.

We're all strapped for cash, right?

Whatever it is, right?

There might also be legitimate reasons, but regardless of what

happens once you get to that point where there's a no given, right?

Or someone says No, I think it's important to document.

Agreed.

And um, be careful how you word that, right.

Um, the, the,

don't put place blame.

Yeah,

they know, they know the reason

yeah,

you're doing it, right.

just, um, just say, you know, apparently, you know, based on what

you said, the, the, the department does not have budget at this

yeah.

Whatever.

You just, you put it in, like you said, you put it, you just want to.

This is the facts of what happened in the meeting.

Just wanna summarize, just wanna, and again, this goes over much

better if you always do that.

Yeah.

Right?

Yep.

send an email summarizing the meeting.

'cause probably what'll happen is they'll just ignore the one

Yeah.

you send that is trying to document that they're not giving you what you want.

Yeah.

Right?

I think the key thing here that you do have in your favor is ransomware,

Yep.

Because ransomware, you, you don't have to go very far,

To see someone impacted by it,

well, right?

To find somebody that's impacted by it.

But also you don't have to, if you Google anything, you read

eh.

you're gonna hear.

It's not if it's when.

Every, you know, every ransomware book is gonna

Yeah.

you that, you know, the one that I'm working on now, we start

from an assumed breach standpoint

Yeah.

the, because it's just like, look, know, first off, there, there are plenty of

other books that are how to stop it, but we're like, look, you're gonna get it.

So.

you, you can, you can get lots of.

Information to back up your argument because what you need to do, you need to,

you need to convince the people with the purse strings that the likelihood of this

thing that you're worried about happening

Is high

is extremely high.

and you just wanna say, listen, here are, here is our current backup posture,

Yeah.

which is that if that were to happen, and they took out our entire data center.

It's going to take, um, you know, it's going to make it, you

know, to basically take too long.

Yeah,

might not ever be able to recover, um, et cetera.

Especially if the worry that you have is that the backup system is also

vulnerable to a ransomware attack.

It's one thing to say, because of our backup system is so slow, it's

gonna take us six months to recover.

an entirely different thing to say.

We stand a significant chance of having the backup system be impacted from

a, a ransomware standpoint.

it's, it's, it's your last line of defense, right?

And if that's not reliable, then you're a little hosed when you're

bring talking about this Curtis, one other thing I was thinking about

is, especially with ransomware, go partner with the security team,

Yes.

It.

right?

They're usually the ones with budgets.

They're usually the ones that people listen to.

Yeah.

It's funny you say that

Yeah.

historically, me as a backup person, back in the day, I

hated the security team, right?

They were, they were always the ones, you know, blocking up ports and, you

know, et cetera, et cetera, et cetera.

Like, again, going all the way back to my early days, the only way I could get

backups done in a reasonable way was to use RSH because we, we were using

rdump and the only way to use rdump.

Was to have RSH as root without a password from server to server.

And that's the

Oh boy.

it done.

Right.

And it was either that or buy tape libraries for every server,

Yeah.

Um, and so of course, and of course the, the security people

thought that was ridiculous,

Yeah.

I dunno what to do.

You, I, I, I don't, I can't.

I can't.

So we were at, we were at odds,

Yeah.

I definitely that things have, things have changed so much for me that the

security people are your friends when it

Yep.

budget for backup and recovery and disaster recovery.

Yep.

especially when it comes to ransomware.

So you, they have common goals,

Yeah.

right?

Protect the business.

Recover.

I heard pot of gold at first and

Oh,

confused.

lucky Charms.

yeah, no, I think, I think that's a per, I think, I think that'll, and we,

we can kind of end on that, that, that I think that's your, the, the, the risk

folks are your partners, but the security people, I think are really, because

they're, they're really core and part of

Yeah.

department.

Um, and that's why some have advocated, and we've discussed this on the podcast,

some have advocated that the backup folks actually report to the security folks.

Mm-hmm.

I don't know, I think it's a

Hmm.

separate diff

Yeah.

but,

the, yeah, I think that's solid.

And by the way, this has nothing to do with the podcast, but I'm

gonna say this, you, you've got different lighting today, don't you?

Uh, no.

I have the same lighting I normally do.

Uh, I don't know, just there's something about the way the

light is hitting your face.

look like, it's like you're an AI photo.

You, it looks really good, but it looks so good that like

you look like you might be ai.

Are you ai

Yes, I am AI

let me ask you this.

How many Rs are in strawberry?

four.

It's three deep.

I know.

Do you know this thing about

Yeah, yeah, yeah.

It, it got it.

It keeps getting it wrong.

yeah, yeah.

I think it actually says two, right?

it says two.

Yeah.

Yeah.

Um, yeah.

Anyway,

why I said four.

it's just, I've been looking at your face all this time, but I'm like, there's just

something about the way you look today.

I don't know.

Maybe you're ai, maybe you've been replaced and you don't know.

Maybe we're all ai, maybe we're all in a simulation.

Who knows?

But I think that's, I think that's the key.

Work your chain.

You know, sell risk.

You've got to sell risk.

You've got to sell the, the, the high probability of a ransomware risk.

Use the security folks, use the risk folks as your partners in

trying to help get this done.

And um, and honestly, if in the end you do all that and you have a management chain

that just refuses to acknowledge that risk, suggest you look somewhere else.

Yeah.

that's just me.

Yeah.

any final thoughts from you, sir?

No, I think that's, yeah, that's a good episode.

I think.

Yeah, that's all I had other than don't, you should go watch Wicked again.

Me?

Yes.

I.

think so.

I've got other things.

I've got other things I gotta do.

All right.

Well thank you very much.

Anytime Curtis.

You and your gorgeously lit face today.

I don't know what, I don't know what that's about.

Anyway.

All right.

Thank you to our listeners.

I, um, you know, we're nothing without you, so, uh, be sure to

subscribe and, um, that is a wrap.

The backup wrap up is written, recorded, and produced by me w Curtis Preston.

If you need backup or Dr.

Consulting content generation or expert witness work,

check out backup central.com.

You can also find links from my O'Reilly Books on the same website.

Remember, this is an independent podcast and any opinions that

you hear are those of the speaker and not necessarily an employer.

Thanks for listening.