Episode 41 |
May 2, 2024
In the fourth episode of the “Building Better with AI” mini-series, host Sarah McGuire delves into “The Concrete Approach to Cybersecurity Challenges” with special guest Andy Barnes, CIO, Blue Dot Readi-Mix.
Explore a multitude of cybersecurity aspects within the concrete industry as they unravel misconceptions surrounding IT, emphasizing its broader scope beyond technology and virtual meetings. Drawing from his years of experience, Andy sheds light on the current evolving security threats and shares insights into navigating them within the ready-mix concrete industry.
Join Sarah and Andy as they discuss cybersecurity best practices, offering practical tips to safeguard concrete operations and data. They further explore the transformative potential of AI, envisioning its role in cultivating a secure environment within our industry.
Tune in now to gain valuable insights into strengthening your cybersecurity stance in today’s digital landscape!
Sarah McGuire, MBA
AVP, Business Development, Giatec Scientific Inc.
Andy Barnes
CIO, Blue Dot Readi-Mix
Hello concrete revolutionaries and welcome to the fourth episode of Building Better with AI. I’m your host, Sarah McGuire. And today we’re going to be discussing it and cybersecurity and how this pertains to adopting artificial intelligence in your business. Today I’m joined by Andy Barnes. Andy is the Chief Information Officer at Blue Dot Readi-Mix with 28 years of experience in this field. Andy has a diverse background in systems engineering, sales, team leadership, and data center administration in a variety of industries. Two years ago, Andy entered the ready-mix industry and we’re really excited to learn from him today. Andy, welcome to the podcast.
Thank you. Happy to be here.
So, Andy, the reason I wanted to have you on specifically to discuss this topic is because our industry is notoriously laggard in technology adoption. And with that, I think comes a lack of productivity around setting up our infrastructure to be ready for the next move in technology adoption that is already starting to happen. So I think your perspective on this will be really helpful in kind of educating our listeners that IT is so much more than just fixing my phone today or setting up a Zoom call, which we all still have troubles with, but it is looked at now as so much more. So I’m really excited to dive into this with you, but first, can we just start by you introducing your background, how you ended up in the field that you were in, and also how you ended up in the ready-mix industry?
We’ll start kind of back in college. I went to college at Appalachian State, got a degree in information systems, and used that to get a job in the IT space in the financial services industry. I went into there, and I was lucky enough to be part of a training program that, at least, showed me the ropes, showed me how to work in a corporate culture, and it gave me an opportunity to move around a bit. And I went from financial services into the technology space working for Hewlett-Packard for several years. And I was an engineer there helping companies in this area understand the problems that they’re facing, understand technology options that may solve those problems.
I moved from that into kind of an interesting role in sales, which I know a lot of people will give me a hard time for, but I did sales for a while trying to understand the business side of things. And I took an engineering spin on sales to focus on continuing to solve problems, but doing it more at the business level instead of focusing on the technology space. And that was nice because I had engineers that I worked with that were very smart.
The twist or the entrance into the ready-mix industry was an interesting one because I’d been in sales for about 12 years. I had relationships with people that are in this industry. And it was really those relationships combined with a desire for change. I felt like I’d kind of gone as far as I could go in the space that I was at. I’d become honestly a little bit burned out on it. And the relationship gave me an opportunity to move into a company that was experiencing considerable growth.
The company started in 1990, the group of companies did, and they grew over time to a group of really right now 10 companies that I’m working with. One of those is ready-mix, others are masonry, rebar, stone, stone design, things like that. But it’s a group of companies with common ownership. And all of these guys that own these companies gave me the opportunity to come in and tune up the information technology aspect of the business. They had not really had an information technology focus up to that point. They had had people that had come in and somewhat had the role, but didn’t have much of a background to really look at it holistically and bring everything together.
This was also new for me. My background was more corporate enterprise space. It was more larger corporations with 30,000 employees with very focused solutions on how do you consolidate and virtualize, for example, a healthcare information system. And this was different. This is more end user focused on one hand. And interesting enough, the way that you asked the question or position to this, I thought it was going to be end user focused when I got here. It turned out to be that plus a large scale opportunity to take a lot of different tools in this space and work them together to use the information provider to make the business better.
When you say end user focused, are you talking about your internal groups of who’s actually using the solutions or are you thinking more on the customer side?
The internal groups. From my perspective, end user computing is a big part of the job. It’s an interesting thought here. Everybody sees me as an IT person inside the company. So therefore I absolutely know everything about computers and everything about every software that was ever written. People joke around, “If it’s plugged into a wall, it’s probably something that I need to pay attention to.” And it’s hard to know everything. It’s impossible to know everything. And I do the best that I can, but end user computing is a big part of it. So PCs, desktop, laptops, mobile devices, printers, that’s a job that is part of that responsibility.
So the end user computing side of things is, I think, the myth that we have that that’s all it is. And I think that exists not just in our industry, but in so many others as well. But in our industry, it’s more prevalent. I travel a lot to meet with all of our clients and people have asked, “Why didn’t that slow down after COVID came in and kind of force people to work more remotely?” We saw a lot of other industries start to adapt a lot more online practices of being able to do more online. But I think our industry, maybe we took a little bit of steps there. But the caveat is that in our industry, on the concrete side, everything is face-to-face. You can’t build a building without being on site, right? So your clients, your suppliers, everyone, they are interacting face-to-face. And so that need to have everything online is just not there, which is why, for me, to be able to get face time with all of you, I have to go in person because that’s what you’re used to being like.
But now, we are seeing that we have to adopt these practices. That need hasn’t been there in the same way because you can’t do our job without being physically there. This is still a big struggle for us. I mean, we’ve been doing this now for four years that things kind of started to shut down, and we still have 20-minute delays in meetings because we can’t get a boardroom set up. That happens all the time, but it is so much more than that. And I think that’s what you were going to speak to next is that there is a bigger kind of infrastructure that needs to be looked at, and I think our industry is not talking about that right now.
Yes, you’re exactly right. I mean, there’s a couple of things to talk about there. One is that it is a different kind of industry where people are used to working face-to-face. I mean, that includes the accountants, that includes all of the back office folks that you would think would want to use Microsoft Teams, would want to do video calls, would want the flexibility to work from a home office, for example. But when I came here, I found that that was not the case, at least yet. And COVID didn’t change things very much. In fact, being an essential requirement for the communities here, our companies didn’t slow down much at all during COVID. The work continued to the extent that it could and the companies remained very functional and they continued to come into the office and exercise the proper precautions when they did it, but it was in the office or on the job site.
But there is a bigger piece to this, at least from my perspective. Those are very big things to keep people functional with the technology required to do their job. That’s a whole job in itself. The other side of this are the applications that the business runs on, the Marcottes, the Command Alkon. At least in the ready-mix industry, it would be the Sysdynes and those big software applications that people are using to run their business. When I came in, I was surprised at how advanced the software was, but how low the experience was with technology. There was a big difference between those two things. For me, there’s so much data out there that’s generated by these software packages that I think, in some ways, we’re using, in some ways, we’re not. And I think there’s a lot of opportunity there.
That’s a great way to put it. So there have been a lot of different reports that have put different statistics out there in different ways, but I just want to draw from one that was from KPMG that came out this year. This is specific to Canada, but I’m sure it’s relevant in the US as well. There are four main threats to growing businesses right now, which are environmental climate change being one, energy security and affordability, emerging disruptive technologies, of course, that’s where we come in, but the number one is cybersecurity. This is the biggest threat to companies right now. And I’d love to get your thoughts on why you think that is the most prevalent out of all of those other ones.
I think simply because the bad guys, the bad actors, they’re getting smarter. They have more tools available to them now to help them become smarter at those skills. And it just makes it more difficult for companies that are trying to do business. All it takes is one click on the wrong email and you can cryptolock all of the data for your whole company. And potentially, you have to rebuild it over the course of six months or a year, or even worse, maybe never recover from it. And I think that’s probably the biggest risk and why it is the number one risk for all companies out there.
So from your perspective, you coming into the ready mix industry and seeing how everything is set up, were there any huge shocks to you based on your experience working? And I mean, we joke about sales being sales, but realistically, you were also consulting in a way. When you’re selling different solutions to companies, you’re getting an insight into how their businesses are working and you’re trying to find the right thing for them. So you do have the experience of seeing all these different companies set up the way that they are. Were there any major shocks to you on basic things that would be considered basic in other organizations that we are simply not doing?
Trying to focus on the information security side of things. The companies that I worked with were large companies, large corporations before coming here, and they all had not just IT teams, but specific teams within IT that were focused on information security. And those teams might have five or six people with each person having a different level of focus on a certain aspect of the security of their environment. Coming here, I found that there was really no focus, at least when I got here, and we’ve changed that obviously since then. But it wasn’t just a lack of focus, it was probably just a lack of awareness around what the risk really was. I think there was a little bit of education that needed to take place. That’s probably the biggest surprise that I had.
So that’s a really important move into talking about the industry as a whole because this isn’t to point out one particular party over another. Your business that you’re in now needed an upscale. I believe the vast majority of businesses are probably in need of that as well, and we are only as strong as our weakest link, right? The analogy of the airport security. When you have really strong security at LAX, but then you get to LaGuardia and it’s just not there and they’re going back and forth, one cannot be strong without the other. And so it’s not just you as a ready-mix business, but it’s your contractors, your suppliers, us, Giatec. We need to be held responsible for a certain amount of things because we are holding very important data. And these are conversations where it’s not finger pointing, but we actually need to kind of rise up together and make sure that these things are happening all at the same time.
I kind of want to go back to that weakest link comment that you made.
Yeah.
I think, in a sense, that sums things up for me because we can do a lot of things with security, but all it takes is one person with a perfectly secured PC to click the wrong link, not understand how things are happening on their computer, and open the door for a bad actor to come in and do bad things to the corporation’s data.
Absolutely. I’m sure everyone has at least seen or heard of the movie Catch Me If You Can. I’m sure you’ve probably watched it yourself, but it’s based on a true story with Frank Abagnale. He was a creative con artist in his early 20s. He worked for the FBI, now he does consulting for really large scale corporations. And I had the opportunity to see him speak at a conference. And he had a perfect example of a simple test that he would go into Fortune 500 companies and do. He would take USB sticks, and he would mark them confidential, and he’d scatter around parking lots. And then they’d test see how many employees were silly enough to go and plug them into their computer because curiosity got the cat. And that was a really important message.
I had also heard of companies that have serious protocols in the sense of you could get terminated from your business if you had left your laptop in your vehicle and your vehicle was stolen or broken into. Because of the magnitude of the type of information that was stored on those computers, employees shouldn’t be that careless. I know we don’t have a policy like that, but still these are things that we’re probably not really thinking of. It’s just very passé. But I would definitely encourage anyone if they have the opportunity to go watch one of his TED talks or something because it’s fascinating.
It is. And I think it comes down to the person being the weakest link, unfortunately, which points us to education. And I think information security education is very important. I like to joke around that the most secure computer that we could have is the one that’s not plugged in and not turned on. And that’s really the only way to perfectly secure a computer. Obviously, that’s not going to work for us. So we have to find where we need to be on that spectrum of security that allows the end user to do their job without being impeded in any way, but also have that security level that they need. At the end of the day, end user training is incredibly important.
Actually, you said something that’s a little scary there, that is a big reason as to why we’re having this conversation because yes, the easiest thing to do is nothing at all. Just unplug your computers. Don’t allow your data to go into the cloud. That’s not a reality, but a lot of people are questioning why not? They’re saying why not just stay everything on-prem? Why not keep it secure? So as somebody who is in that space yourself, and Blue Dot is taking some incredible steps to bring all of your data together and consolidate it, for the person that’s saying, “Well, you just said the easiest thing to do is do nothing at all,” what do you say to them to encourage them that this is worth taking off?
It’s just not realistic to not leverage the technology out there today. If you take it even a step further, we do have options to bring everything in-house to house data centers with computers, with everything running inside an isolated and secure network, but I just don’t think it’s realistic. The resources required to manage that are so significant that it just doesn’t seem like it makes sense for our industry. There’s so many great tools out there that are software as a service, they’re cloud-based, and they are taking steps to secure those and make sure that they follow the proper compliance requirements and regulations.
Given the slow moving nature of the industry, how do you approach implementing innovative solutions while managing that potential resistance to change?
Nobody likes change. That is what I’ve found out since I’ve been in this industry. Change is very difficult when it is not your core competency. And that kind of speaks back to what we were talking about earlier too. IT is never going to be the core competency of a ready-mix company. Our core competency is logistically delivering concrete. IT is just that means to the end.
So for me, my main goals are to keep it simple and that’s kind of an internal joke here, keep IT simple, keep it simple. The more simple we can make it for the end users, the better it will be. The more that we can do behind the scenes, even if behind the scenes it needs to be complex, that’s fine as long as the end user has a simple way to leverage technology to get what they need out of it, which is the perfect segue into artificial intelligence because there’s so many things that it can do for us, especially with some of these new emerging technologies where it can be massively complex outside of our view. But the view that the end user gets is simple, but it’s giving them the information that they need to do their job.
Right. And AI is very buzz-worthy. Obviously, that’s the whole reason we started this segment here, but AI is nothing without a system to be used on, right? It needs a structure. We’re not living in an age where we have robots walking it around. Generative AI is this concept that AI will start learning on its own without needing that data coming into it, and we haven’t seen that in a practical application. Even using the ChatGPT bots these days still give out weird answers if you ask them for things. You always proofread if you’re using one of those. But we’re still a long, long ways away from that.
But as you mentioned earlier, the hacking these days is getting scary. They are finding ways… I mean, my father received a phone call with an audio voice of me saying I’m in jail. But he knew it was a scam right away, but most people don’t. You’re hearing horror stories. And we’re not even dealing with the craziest things yet. We’re still seeing kind of that early set.
And so the education is really important, but the way in which we allow data to be accessed, to be learned from is really important as well, because I’ve fallen privy to one of these phishing scams a long time ago before there was a little bit more education around it and their abilities weren’t that great. But I even had my social media hacked into about a year and a half ago, and these people were telling me, “Pay me this much and I’ll let you back into it.” They completely underestimated how much I cared about that. I immediately just shut it down, made a new account. I was like, “I’m not tied to my social media the way that you think I am.” Canceled by credit cards, everything, and just started over. No problem.
But this happens to people all the time, and we’re not even in the age where technology is advanced enough. And that is scary for a lot of people, but AI is not the problem. It’s the infrastructure that we’re putting in place to make sure that it’s not tackling these things. And in my situation with my social media, I didn’t have two-factor authentication. Simple. Now I do.
It is simple.
And then I told everyone, “This happened to me. Go and do that.” Half of my friends didn’t have it on themselves. I got them to do it, easy-peasy done. But typically, these things don’t happen until there’s a catastrophe. And I think that’s what people are scared of is what is going to be the catastrophe that gets us to be thinking more about this. And so let’s do our best to make sure that that doesn’t happen.
I think all you have to do is watch the news nowadays to see what can happen because it happens all the time and it happens all around us. It’s not a common discussion around our office, at least not that I’ve seen. It almost felt like when I came here that the construction industry felt like they were immune to these things. You’re going to attack a healthcare company, you’re going to attack a bank, you’re going to try to take money, you’re going to try to take information. Why would you go after the construction industry? But it didn’t take long. A company of similar size were attacked with just a simple click on the wrong email, cryptolocked critical data to their environment. They were held ransom for one million Bitcoin and decided not to pay the ransom. They didn’t really feel like they would get the data back if they did. So they took six months to rebuild all of the data to continue to operate their environment. And that’s in the construction industry. And that’s a big example.
A smaller example would be things that have happened even recently. An end user clicked on a document that was a DocuSign and they expected a DocuSign email. They’d thought this email would be coming. It made it feel legitimate. When they clicked on it, it prompted them to log into their Windows account. And for some of us that might be a red flag. For this particular user, it was not. When they authenticated, the bad actor, the hacker was able to put certificates to maintain connectivity to that account. They put hidden rule sets in place for that email account. And those rule sets forwarded emails to them. They learned the language of this particular user that did have purchase authority. They used that to send an email to accounting to ask them to send a check to a specific address for a decent amount of money. It was a very interesting scenario. It happens.
And I think that’s a good one. And sometimes I feel a little annoying for doing this to our customers, our suppliers, whoever we’re talking to. A lot of the times I have to respond to emails and say, “Can you just confirm that what you’ve sent me is correct?” Now, usually, when I do that, it’s because I wasn’t expecting documents. But we get things like that all the time, big zip files to look at specifications or mock-ups of projects so that we can recommend what people need to use. That’s a very common thing in our industry.
And I think that exchange of information happens all the time, especially if you’re looking on your phone because those types of safeguards that you can put in place, sometimes you get those random emails that say nothing, but the name comes up and it’s the perfect nomenclature of how it always shows up. I know with our co-founders, I’ve gotten many emails like that. I’ve even had people text me and say, “Sarah, this is Pouria,” Our CEO. “Can you do this, have this done?” And it’s a very reasonable request, but I have this number saved. Or I look at it and I go, “He doesn’t text me often. He’d call me.” But I know that most people would see that, and in our industry, we’re so quick. Everything is moving so fast that it’s so easy to brush past those things if we’re not even aware that they’re happening.
So I think that’s so important for people to be aware of. But it’s a really interesting note to move to. My next question for you is, in an industry where we are barely making ends meet on time as it is, how do we get people to focus on this? And you mentioned that other groups of companies that you’ve worked with before, they had silos. They had teams that were just focused on this, but we don’t. So how do we accomplish that? Do we need to hire full staff teams? What is the answer here to make sure that people are being proactive about this?
I think you’ve really got a couple of options. The main option is you really don’t have a choice. You really need to gain that focus for your company one way or the other. And within that, you’ve got a couple of choices. You can hire a person or a group of people to take that responsibility on, or you can work with a partner, a managed service provider. And if you do that, you really have to be careful about managed service providers. There’s a lot of them out there and there’s a lot to choose from. I tend to break them down into two categories.
One would be the reactive partner where you could call them every day for a week with one particular problem and they’ll never know that you call them five times. But then you’ve got the other kind of managed service provider where it’s a proactive partner. They’re going to start picking up on trends. They’re going to know, “Hey, you called me about this Monday and Tuesday. It’s Wednesday, you’re calling me with the same problem. We have a system level problem now. Let’s focus on how to fix the root cause of this.” And it’s difficult, especially if you don’t have IT folks in your company to find a good managed service provider. So for that reason alone, at least have one person in your organization that is responsible for that piece, and then have them pick a very strong provider that has a very keen focus on information security.
It’s interesting that you say, “Make sure that you always have at least one person,” even if you go the managed service provider route. We’ve had some experiences with that before thinking that we could choose one or the other. And either way, on both sides, it just didn’t work. It was very frustrating. And then, of course, what you said before that even though you are working on computers all day and you should be the one that knows everything, you can hook everything up, at the end of the day, you don’t know everything. Nobody knows everything. That’s crazy. So having that expertise outside that can kind of keep you up to date with the latest trends while you have somebody internally proactively working on that, to me, it’s kind of like the ideal situation, especially for these ready-mix organizations where we’re struggling to find people as it is. But then also, maybe for yourself, it would be nice to hear some advice on how would you recommend that ready-mix providers get IT professionals excited about working in our industry.
That’s a fun one. I think for me, I was drawn here through a relationship. But when I got here, I found it fascinating. To me, concrete was that bag on an aisle at Lowe’s Home Improvement that people put in a wheelbarrow and mix up with a rake.
Which you now know that that bag is cement and not concrete, right? And it’s basic foundation, we need to know that.
I can’t tell you how many times I’ve said, “The cement truck, the cement mixer.” And I get corrected, “And it’s not a cement truck, it’s a concrete truck.” But for me, concrete was not that complex. And when I came here, I found that it’s amazing. I mean, there’s so many different variables that have to go into how you design the mixes and how they apply and the different use cases. And just the scientific side of it honestly was fun. The other part of it was probably the big challenge of taking a company that did not have an IT focus and trying not to slow anybody down, don’t impede anybody, don’t take things away, but put the proper infrastructure in place for the company to flourish, to grow.
And building that foundation is extremely important. But then also, we even have this with our own software solutions in-House when we realized that. As a simple example, this was years ago, our sensor application, we didn’t have it prepared to do multilanguages. And the further we went into development, the more scripts we were creating, the less foundation that we had. It was like as we continue to grow the product in other ways, we were just making a bigger and bigger mess for ourselves to one day have to go back and do that. So thank goodness we learned that with the other software solutions that we’re starting to put out there.
But the longer that you go and the more that you build up, you’re creating more and more problems for yourself in the future. And that’s such a hard thing for people to grasp because it seems it’s not a priority today. But by finding outside services that can help you prioritize it for the future, but also being involved so that you have an understanding of what your solutions are, you need to have somebody that’s kind of that guiding light in-house. But I think that outsourcing is really important in that whole process, but then also relying on your suppliers. So what kind of advice would you give to other companies, questions they should be asking their suppliers? Are there main questions that you would have through a checklist or something that you guys are making sure that your suppliers are fitting?
I probably should have a checklist.
I don’t mean to out you for not having a checklist, but in Andy’s defense, there have been a couple of things where when we were plugging our system in with yours, we had to go through some firewalls. You were the only company that we had to go through those things for, which I found really interesting. So-
Yep.
… no, we didn’t get a checklist from you. But if you had a checklist, what would be on it?
If I had a checklist, because I do think process is important, and I was once told, “If you can’t write it down, then you don’t truly know it.” I wanted to argue with that, but now I believe it wholeheartedly. But if I had a checklist, I would focus on things like multifactor authentication. That is the lowest hanging fruit that can secure you the most. It does ensure that there are multi-points of authentication for an application in your environment. So when I’m talking to other companies about solutions that they have, I’m going to ask them about end user security, password enforcement, multifactor authentication, how easy would it be for a bad actor to break into our account and steal our data since most of these applications now are hosted online.
You pointed out firewalls and network security. Network security is very important as well, especially considering most of this stuff is software as a service or hosted somewhere outside of our facilities as it is. So you need to focus on those things, make sure that the application is secured. If it is software as a service, make sure that the company that you’re getting those services from do have that level of security. A lot of times, Microsoft Azure, AWS, these types of services are out there. And there are certain security profiles that you can easily apply to applications that would in turn be presented to your company for use. But it is important to ask those questions.
So when we’re looking at these services like Amazon Web Services or Microsoft Azure, these are very big companies that have arguably the best security measures put in place. But there’s also a bit of fear that these are the same companies that we should be a little bit worried about taking our data in the first place. And so when we’re looking at some of these larger companies that we’re trusting, what should we be looking at for them and what should we be doing in-house to make sure that we are protecting ourselves from that?
I think we’ll get back to something I said earlier, which is the only real secure computer is the one that’s not plugged in. It’s not realistic. So at some point, you just have to trust these companies that you’re partnering with. And Microsoft and AWS and all these other companies providing software as a service that are potentially hosted by those platforms are companies you have to trust at some point. You need to focus on the contracts that you’re agreeing to, you need to focus on the security aspects of those contracts, and you need to ask the right questions around user authentication and the general security posture that they have for their application. The other thing that you have to focus on if you’re deploying apps in those spaces are the configuration of those environments. Some people might just think, “I can just spin up a server in AWS and now it’s safe. It’s fine because it’s in the cloud.” And the reality is you really need to go in and focus on the security aspect of those systems and environments and make sure that they’re configured properly.
Another question for you. I think I’m seeing a trend in this, at least with the younger generation. In our industry, it’s very common for people to have two phones all the time. You’ve got your work phone because we are on the phone all the time, taking orders, contacting suppliers, figuring out, “Is that pour going out today?” That is very common to be texting people on the job site. But I am seeing a trend in people saying, “I don’t want to carry around two phones.” And then I see the trend of companies saying, “No problem. We will subsidize a portion of your current phone bill. We will use maybe a VoIP application that you can use, or you can get a dual SIM card or you can use your personal number. It’s your choice.” But now, I have my personal phone and I have all of my company’s stuff on it. And I’m wondering if that seems like a red flag to you. Or what you would advise to companies that they need their employees to do if they choose to go that route?
That one is also tough. I’ve actually spent more time than I’d like to admit looking at phone options for our corporation. Some people need desk phones, some people just need a cell phone, some people want a second number, some people don’t. In some cases, if it’s a customer facing person, you want them to have a number that is associated with Blue Dot, in our case, and not their personal number. And as much as I’ve looked into it, I have not found the perfect answer. And I think there’s going to be multiple answers for multiple scenarios. It’s easier to focus on the folks where we don’t have to own that phone number, the people that are internal and back office, because in those cases, a lot of people would just be happy using their personal cell phone. And if that’s the case, it kind of makes it easy.
The difficult thing that you did point out is the ownership of that data. If you have a Microsoft 365 tenant for your company and you’re doing email through that, you would think that all of the contacts that they have for the company would be held in Microsoft Outlook. But then you’d find if you move things around, if it’s an iPhone, half of them are in iCloud, half of them are in Outlook. The end user really doesn’t have a whole lot of control unless they’re pretty seasoned at information technology. And it does become a constant challenge. I haven’t found the perfect answer. It is an absolute focus for us. And I’m hoping if we have this conversation again in a year, that I’ll have a better answer for that one.
Careful, I might hold you to that one. So how does Blue Dot approach training for your employees? You talked about phishing scams and things like that, and I’m familiar with those. We kind of have the same things. I’ve fallen privy to a couple. One time I actually was walking with my laptop and knocked it over and then clicked on an email that I knew was a phishing test. It was just a really silly thing to do. And then, of course, had to go through mandatory training. But outside of that, are you currently doing anything with your employees on a monthly or quarterly basis to keep them aware and keep them updated on the latest trends in cybersecurity?
That is actually something that’s on the focus for 2024. We need to do cybersecurity awareness training. We haven’t done that yet. The training up till now has been a result of failing a phishing test or a conversation that we have with the end user where they say, “This happened and I didn’t expect this.” And we try to educate people as an IT team every time we talk to anybody in the end user space. But going forward, I think we do need to have some focused cybersecurity awareness training to help people understand the main risks. Actually looking back, we have sent some emails out to say, “If you’re looking at phishing emails or if you’re looking at emails, look at these key points,” and things like that, but nothing official at this point.
Even as you’re saying that, I’m thinking to myself, “This is a great thing for some of the associations to get involved with, whether at the state level.” I might actually bring that to the next meeting that we have next week and just see if that’s something that as an industry we could actually put a little bit more support around. Again, this is not a company individual problem. I mean, of course, I guess you could say that there’s a competitive advantage to being able to stay afloat and not be at risk of this, but this isn’t something that we should be shielding to one company alone in an effort to stay competitive. I think this is an industry thing that we need to work together on.
I agree with that. One quick comment on that. Email filtering is very important. We use Microsoft Defender and we use a tool called IRONSCALES. There’s other tools called KnowBe4.
That’s what we use.
Right. When you focus on email filtering, which you need to do, there’s going to probably be some level of cybersecurity awareness training built into that tool, and it’s really just a matter of getting that out to the end users and making it a requirement.
That’s a great point. And all of those, whichever one you choose, I can say KnowBe4 is really effective. They have these really cool videos that you almost feel like you’re watching a Netflix series, but somebody is going through and walking you through different mistakes that could be made. Honestly, they’ve done a really great job of making it engaging because it’s such an important topic that we need to talk about.
So we’re talking about all of these fears, risks, concerns, firewalls, things that you need to do to prevent big catastrophic events. But ultimately, we’re doing all of these things because we’re trying to get more out of our data and we’re trying to get more efficiency. And the technology, while we have to be careful with it and implement it slowly and securely, is still worth it. There’s a lot of really cool applications that are coming out. Obviously, I’m going to be biased because I believe ours is one of them, but that’s not the purpose of this conversation.
I want to get from yourself, what are you most excited about with some of these things coming out today of how this can actually really influence some bigger problems that we’re having in the industry, such as the lack of labor, the lack of information we have, keeping up with sustainability requirements? The list goes on in my head, but I’m curious to hear from you what you think are the most exciting advancements we’re going to get from all this new technology.
I think the thing that excites me the most about that is just being able to do more things that just simply weren’t possible in the past. You just could throw a ton of people at a problem in the past, and you still probably couldn’t do it as efficiently, as effectively, as completely as you can with some of the artificial intelligence solutions that are coming out today. What excites me the most about this really is how it’s going to affect the employees of our companies. It’s going to free them up to do the higher thought level things because AI can do a lot of these repetitive tasks and basically make the information available to our employees in a way that they can make more complex decisions. We can do things quite simply that we just couldn’t have done before.
And what do you say to people that are concerned about new technology dumbing down our experts?
I hesitate to say this, but I will say that I share that concern.
Interesting.
Well, and I’ll walk you through why I say that. When my father was in college, I think he probably used a slide rule for math. When I was in college, I used a calculator and they were just starting to learn how to use graphing on calculators. When my kids went through college, graphing calculators were so prevalent that I don’t think my kids really understood how to graph on paper. Now, we’ve gone past calculators. I look at ChatGPT as a verbal calculator. It is a calculator in a sense, but for the way that you communicate things because it can give you a better way to say things. And the more that we start leveraging these technologies, the less we’re going to think at those critical levels of thought.
So I am a little bit concerned about it. But as you do apply those technologies to business, I think you have to. I think if any company in the industry does it, it gives them such a competitive advantage that it’s just not fair for everybody else if they don’t. And I really don’t think we have a choice at this point. So with that, we just have to embrace it. We have to place a stronger focus on maintaining that sharpness, maintaining that knowledge, maintaining the understanding of why things happen, not just what happens.
Well, I think it’s interesting that you say that because I want to challenge you on… So you were graphing on paper in college. Why is that a skill that is important in 2024?
That’s a great question, and I’m not sure the answer of that. I think it goes back to understanding the why. As long as you understand how to put that back together, as long as you know how to go back to the source of why that data exists, why the answer is this, then you ask questions in a better way. And that’s probably the key. Even with ChatGPT, if you put garbage into that tool, you will get garbage out. You have to know how to ask the question to get good results. And I think you have to understand why you’re doing things to do that effectively.
And ChatGPT is a very good example because I have it open on my computer all the time. I’m not using it every single day, but I used it yesterday. I’m coming up with drafts of what’s a good structure to… I’m trying to put a couple of courses together, what should that framework look like? And then I will go and plug in and do the creative stuff. But I have a bit of a bias in thinking that AI is going to make the critical thinking and the creative jobs more lucrative because it’s going to super process the mundane things that we’re spending time on. It’s going to elevate our time to be able to spend more time on evolving society, our businesses, our lives.
Even I planned my honeymoon with ChatGPT. I put in, “What’s a perfect itinerary for a young couple on their honeymoon going to Argentina. I want to spend a couple of days here, a couple of days here.” And it spit out a couple of different options. I did not take it at face value, but we had an awesome itinerary plan by the time I was done because it put me in the right direction. And it would’ve taken me so much longer to look at a map and figure out what’s within reason and what’s actually out there. And it just spit out something realistic. And then away I went and did the more creative stuff.
And I had so many people ask me, “Who did you use to travel-book with that? How did you come up with all of these ideas?” ChatGPT, that’s the thing that set me on the right path. It wasn’t perfect, but these are the things that I think it’s going to bridge that gap. We’re already seeing a lot of that in the medical industry right now where it’s kind of elevating the ability to get to the solution faster, and it’s creating a lot of efficiency. So I’m hoping that that’s what it does.
But there is a valid concern about, “Well, what happens when we don’t have that available to us anymore and we won’t know these basic things?” And I think that is an important thing to keep in mind when we’re bringing in a new technology that we always have a plan B. We had a big situation happen a year and a half ago in Canada. We have only three major network providers here. And one of them had a complete shutdown for over 24 hours, I think. And so anyone that was using their internet, the mobile phone, their TV, anything, and ready mix operations that were using them as their main provider for their internet sources, it was disruptive. So it is still so important to not just fully rely on technology. And even in your personal life, you have to remember your emergency phone numbers of the main people that you would call if something went wrong just in case. And I think that applies to businesses as well. There has to always be a backup plan with everything that we’re doing, anticipate for the worst and hope for the best.
And that actually touches on one of the key things that I didn’t see when I got into the companies that I work for now, which is a focus on removing single points of failure. And that’s kind of a common focus for larger enterprises, but didn’t seem to filter to this industry, or at least the group of companies that I’m working with. So when I came here, I noticed one of the biggest challenges was internet connectivity. Our internet connections were going down at plants relatively frequently. Our firewall technologies were all disparate. We didn’t have any uniformity there. So cleaned all that up, have a centrally managed network with common firewalls at every location.
And then I focused on, “What happens if we lose our internet service provider? Do we just batch manually or could we do something a little fancier?” So we do have a wired internet service provider for our primary connection at all plants, but we also have a wireless broadband backup through, right now, Verizon Wireless. And it works because it automatically fails over. So if we lose our primary internet at a plant, three minutes later, we’ll be back up and running without a hitch.
I think that’s a great way to end this whole conversation because there are little things like that that seem very minute at the time, but can be a huge lifesaver long-term. So finding those single sources… What did you call that? A single point of-
Single point of failure. You just have to eliminate them.
Yeah, and that is something that I think without hiring experts, a company can probably sit around and think, “Well, what if this was removed tomorrow? What if we didn’t have this? What would happen?” These are things that you can work out. We had somebody in our company once that would say, “Is this a case of beer in a boardroom problem?” And that meant, is this something where we can get a case of beer, sit down after hours, put it on a whiteboard and just figure it out? And there are some things like that that if you start to identify them, those are case of beer in a boardroom problems. And that’s something that we can tackle one by one, and we’ll thank ourselves later for it.
Andy, this has been a great conversation. I’ve really appreciated your insights on this. Are there any last things that you want to wrap this up with, pieces of advice or guidance that you’d offer any of our listeners?
So the last thing I would say is really directed at the IT person in your organization. I would say a little paranoia goes a long way. The crooks out there are getting smarter and smarter. The tool sets are making them better and better. And I think it’s really important to focus on creating the best security posture for your environment.
Great way to end it off, Andy. That’s a really helpful tip for everyone. And I know that I have some questions internally now as well just to make sure we’ve got everything safeguarded the way we should. However, I’m really fortunate to have a really solid team in here that has done this proactively. So thank you so much, Andy, for all of your time today. This was really great. We loved learning about all of this and look forward to chatting with you again soon.
Thank you.
The Concrete Approach to Cybersecurity Challenges
In this third episode of the “Building Better with AI” mini-series, host Sarah McGuire leads an insightful discussion on “The Realities of Mix Optimization” with the distinguished Heather Brown, Ph.D., VP, Quality Control and Quality Assurance, Irving Materials. Delving into the educational realm of the concrete industry, the conversation contrasts classroom teachings with the dynamic challenges of real-world applications. Dr. Brown sheds light on the fundamental shifts she’s observed in industry perspectives over the years, unveiling the evolving nature of optimization. Throughout the episode, Sarah and Dr. Brown confront current challenges, from navigating diverse markets to limitations in testing practices, and discuss the need for evolving methodologies. Drawing from her extensive experience, Dr. Brown highlights the potential of AI in bridging these gaps and empowering informed decision-making. Don’t miss this insightful episode delving into the intricacies of mix optimization. Tune in now and gain valuable insights into enhancing your concrete practices! Episode 7 Dr. Heather Brown
PLAY
The Concrete Approach to Cybersecurity Challenges
In the second episode of our “Building Better with AI” mini-series, host Sarah McGuire explores “The Power of Data in Construction” with Alex Leblond, EVP Client Strategy and Industry Partners of Marcotte. Join Sarah and Alex as they delve into the dynamic world of construction data, unravelling the complexities of on-premises systems and shedding light on the industry’s journey toward technological advancement. Gain valuable insights into the challenges of acquiring and processing data and discover how innovative solutions are reshaping traditional practices. Guided by Alex’s extensive experience at Marcotte, this episode offers a comprehensive exploration of the past, present, and future of data in construction. From discussing the evolution of batching systems to the transformative potential of AI, this conversation delves into the pivotal role of data in driving efficiency, sustainability, and profitability. Don’t miss this enlightening episode as we continue our mission to build better with AI!
PLAY
The Concrete Approach to Cybersecurity Challenges
In this thrilling debut episode of our “Building Better with AI” mini-series, dive into the dynamic world of concrete innovation with the visionary Co-Founder and CTO of Giatec, Aali Alizadeh, Ph.D. Dr. Alizadeh shares captivating insights into the challenges facing the concrete industry and how Giatec® SmartMix™ offers transformative solutions. From tackling overdesign to breaking down data silos, discover how SmartMix is reshaping concrete management practices with its cutting-edge AI technology. Join host Sarah McGuire as she delves into the narrative behind SmartMix’s groundbreaking journey, uncovering its revolutionary impact on concrete mix management and optimization. This is just the beginning! Stay tuned for exciting insights into the future of construction as we tease upcoming episodes that promise to push the boundaries of innovation even further. Listen in now and join us as we embark on a thrilling journey to build better with AI! Ready to unlock your concrete advantage? Learn more about SmartMix.
PLAYWant to Be a Guest Speaker, Sponsor, or Just Have a Question for Us? Fill In the Form!
