This week, we had the pleasure of sitting down with A-Jay Orr (Simple Plan IT, Bunker Labs). We talk about A-Jay’s journey to becoming a business owner and his work with Bunker Labs involving veterans.
Bunker Labs’ mission is to support and convene military-connected entrepreneurs and small business owners. They accomplish this mission by facilitating an action-oriented, member-led network of entrepreneurs and small business owners, providing practical tools and resources, and highlighting inspirational stories that showcase the possibilities and accomplishments of the community.
A-Jay’s IT company, Simple Plan IT, was started back in 2012. He began this new venture with one goal in mind: to help business leaders maximize their investment in technology solutions. Twelve years later, Simple Plan IT helps businesses from around the world stay secure and strategically use technology to increase the efficiency and revenue of their business.
If you’d like to contact A-Jay, please email him at aorr@simpleplanit.com.
If you have any questions, comments, or topics you just want to hear about, please let us know. Subscribe today and help fabricate the future.
Contact us at:
—
Is Your Business Safe From A Cybersecurity Attack? With A-Jay Orr
We are joined today by A-Jay Orr. A-Jay joins us with some news from Bunker Labs, and we’re going to talk about that a little bit. A-Jay, your day job is CEO of Simple Plan IT. Tell us a little bit more about that.
Dustin, I appreciate you having me on. Simple Plan IT is a digital risk management firm. We specialize in helping businesses protect their digital assets. You’re talking about their financials, their intellectual property, their client data, their identities, their employees’ identities, all the stuff that hackers and criminals are really after. We help protect those things because people hear cybersecurity and they automatically think, “It’s an IT function. I’ve got an IT guy that handles all that.”
Cybersecurity In Manufacturing
The truth of the matter is that criminals aren’t after your computers, they’re after your digital assets. They just use computers to get to them. Cybersecurity lends itself to technology, but when you look at digital risk management, it’s your technology as well as your people, policies, procedures, and the culture of your business from a security standpoint, and we help to address both of those things.
Just full disclosure, we’re having some concrete work going on out in the shop and for the wildest dreams, I never thought that our microphones would be able to pick it up in our new studio.
It adds to the audience.
It is one of these, you’re going to hear a little bit of background noise and hopefully Darren will be able to cut some of that out. It is what it is.
It’s because we’re manufacturing man. That’s why it’s legit, it’s real stuff.
I think what you do interests me even more as we grow and we move more money around, we see people trying to hack us almost on a daily basis.
You know why, right?
It pisses me off. That’s the only thing I do know.
Here’s a little tidbit for all of you guys out there. The reason why manufacturing is the number two targeted industry is because think of all the intellectual property that you guys have in your possession because you’re manufacturing products and creating things that go into something else. All of that intellectual property is super valuable on the dark market. That’s why.
What they’re getting from us is, it blows my mind because they will send us a copy of our purchase order or they will send us a copy of an invoice that we’ve been emailed. Somehow they are getting our invoices or purchase orders, and then obviously, I think the most recent one is they sent our customers a, what did they send? It was a new remit two. They’ve sent out a new remit two to everyone to some bank in like Venezuela or something.
To wire transfer the thing.
I was just really blown away that they could actually have physical documents from us.
Creating a manufacturing, those are super easy once what the format is. It’s just a matter of, somebody’s email got compromised, is what I’m going to assume, because that’s the way that they were able to, one, get your client list to send them out stuff, but then two, to have an idea of what your documents look like so that they can replicate it. That’s the other aspect. When you think about manufacturing, I mean, you guys did with large purchase orders. For them, even if you’re a small manufacturer, I venture to say that writing a $50,000, or $75,000 purchase order is pretty common practice. That’s a nice little hit, a chunk of change if I’m able to compromise and get you to wire that transfer just over to my bank without having any foresight to think about it.
Compromised emails can lead to client list theft and document replication, enabling fraudulent purchase orders in manufacturing. Stay vigilant! Share on XTell us how you got started in this. I mean, you didn’t just wake up one day and you’re like, “You know what? This is pretty badass. I’m going to do this or maybe do that.”
I wish I was that cool. I really do. I had zero intentions or desires to actually start a business. It really happened by happenstance. I tell people the entrepreneurship bug or being a business owner really fell on me. I didn’t go out looking for it. I was working for an IT company back in 2012, and being a military guy and somebody that tries to cure themselves with a high level of integrity, I would come across opportunities where the solution that I represented at that point in time wasn’t the best fit for the client. I would tell the client, “We could do this. It’s not going to be pretty, but these guys over here, they specialize in doing what it is that you need.
Go talk to so-and-so over there. He’ll take good care of you, and he’ll get you what you need. If you want to pay me, just give me a referral, and that’s all I ask for it.” I did that, and then a couple of times, people came back and said, “Do you mind sitting in on these meetings to make sure that we’re getting what we need because we don’t understand a damn thing they’re saying?” I was like, “Yeah, sure, no problem.” I sit in on these meetings for 45 minutes, maybe an hour and a half. Then one time I did this and jumped by the name of John after the meeting he gave me an envelope.
I was like John, like, “You don’t need to give me anything.” He’s like, “Your time is worth something. Take it.” He wouldn’t let me leave without it. I get in the car and open it up. It’s a check for 500 bucks. I’m like, “I just made 500 bucks for 45 minutes all I did was I was a translator.” I was like, “I really didn’t do shit.” I was like, “Next time somebody asked me I’ll see if they’re willing to pay for my time, and sure enough they were.” Once again, I told you I wasn’t trying to go into business. When they said, “Sure, what’s your rate?” I was like, “100 bucks?” Not even thinking that somebody had already given me 500, I should have started there.
You don’t know what you don’t know, but that’s literally how it started. Doing that and trying to fill the gap to make sure that business leaders were investing every dollar that they had wisely and weren’t buying technology solutions that either A) Didn’t solve all their problems, or B) They were oversold on a solution and they only used 20% of what it can actually do. That’s how we started the company. Fast forward a few years, and I break off into cybersecurity. We built a security operations center and now we focus on protecting businesses state and nationwide from cyber attacks and things that go boom in the night.
When starting a business, it's essential to ensure that every dollar invested is spent wisely on solutions that truly solve problems. Don't overspend on underutilized technology. Share on XI’m trying to look on your LinkedIn right now because I’m unprepared, eight years?
Yes.
That’s awesome. Eight years ago, it all happened.
It’s been a wild ride, to say the least. The management of people is the biggest challenge that I have within the business itself. That is a challenge because it’s not my core competency or skill set. It’s not what I call my area of genius. My area of genius is in problem-solving and looking at the big picture, understanding how all the pieces work together, making it all work, and being the maestro. If you want me to get down there and play the drums. You get a little dicey.
It is interesting just leading or talking to people, but it is fun to see others succeed and I think that’s the most enjoyable part about my last few years is just okay I have this idea in my head let’s see if we can make it work out of necessity and then seeing it work and then seeing other people that you bring along with you and succeed and create things. Then it’s like, “This is really what it’s about, at least for me, is it’s not so much.”
I mean, we manufacture widgets and we help people solve problems, and all that stuff is fun. That’s tangible to me. We can put something together and go out and into the shop and see it done with Cu-Grip getting the machine up and running. It’s tangible. What is really fun, like seeing Connor’s face when the machine was delivered, that was fun for me because he literally found the damn thing. I’m like, “If you think it’s going to work, then I have to have trust in that.” That’s what was really cool.
Trust And Empowerment In Business
That’s a huge piece, though, what you said right there. I think that a lot of business leaders tend to sometimes skip over that. It’s instilling trust and confidence within your people to say, “I trust your judgment. You go and do it and execute and just don’t worry if you mess up. We’ll clean it up, but I want you to constantly push the envelope. Go out there. Make mistakes because that’s the only way that we’ll continue to grow.”
I didn’t even go look at the machine. I didn’t. They went out there, and they learned it. We were in Baltimore.
You’re way more advanced than I am.
I wasn’t going to add any value. They were going out there to look at this machine. I was adding zero value.
You’re stroking the check, man. You are far more advanced than I am.
Yes, that was my only value.
I take my hands off on a lot of things, but there’s some points where I’m going to step in.
That’s the value that I add, then great. As far as turning the thing on or troubleshooting why it does not work or why it does work, that’s not me. It was Connor. You take full ownership of this and you run with it. It worked.
That’s cool stuff, man. You’re right. Being able to see people grow and excel in areas where they themselves might not have thought that they could actually do it, it’s super cool.
Then one of the things that you came in to talk about is Bunker Labs. That is, to me, just jumping on for the quick, I was grossly late yesterday for what you guys were talking about, and tell us who you’re with or via Zoom, obviously.
We were sitting down with the Secretary of State for Ohio, Frank LaRose, who is also a military veteran and Green Beret. The topic of the conversation was really around how can we help veteran business owners in the state of Ohio. There’s a bunch of things that I believe in. Manufacturing is one. I believe that manufacturing, the whole supply chain, is the bedrock of the country in addition to sales. I think those two industries, logistics manufacturing, logistics, and sales, make the country go round because if you can’t do one of those two things, you’ve got nothing.
If you can manufacture a great product but you don’t have anybody that can sell it, then it’s a wasted product regardless of what its potential is, it’s just sitting there and vice versa. If I can sell it but I can’t make it, then I’ve got a lost opportunity. I believe that those two things are the bedrock of our country and business. In addition to that, in the current state that we’re in right now, I believe that veterans are uniquely equipped to meet the challenges that we face.
Veterans are uniquely equipped to tackle today's business challenges. Their mission-focused, task-oriented mindset and creative thinking skills make them ideal entrepreneurs. Share on XHere’s why I say that. The military, and I don’t care what branch you were in, you were taught, and a certain set of skills were ingrained within you, which was we are mission-focused, we’re task-oriented, and we don’t self promote, which sometimes can be a detriment to us when you’re talking about being a business owner, but it’s all about what problem can I solve? It doesn’t matter what challenges you throw at me. If this is the mission, then I will do whatever it takes to get the mission done. We’re creative thinkers. I think we’re uniquely gifted or uniquely equipped to address some of the challenges that I think the current economy and state that we’re currently in.
I’m super excited about helping veteran business owners or veterans that are interested in starting a business. That’s why I got involved with Bunker Labs. Bunker Labs is a nonprofit nationwide, headquartered out of Chicago, but their core mission is to take veterans and veteran spouses who want to be business owners to take them through all the way from the very beginning of “I’ve got an idea.”
It can take you from ideation to product launch, from product launch to business growth, and from business growth to business scale. They’ve got different programs that they can plug you into. To me, it was like the perfect marriage of two things that I’m passionate about, which are business and supporting veterans. It was huge for me. Yesterday’s event was kind of the bringing together in Ohio to where we can start to really build a veteran ecosystem in the state of Ohio.
Bunker Labs obviously is not new, but it’s new to Columbus.
No, it’s not even new to Columbus. We’re going through kind of a relaunch, so to speak. I’m not even going to say a re-branch. COVID knocked the wind out of everybody. 2020 came. We just went under new leadership because we got a new CEO. We’re trying to implement some changes there, and the mission, and everything else like that, and then, boom everything got shot down. It was like, okay, we’re really trying to figure out where our bearings, where do we fit in, how does this all work? I had been talking with the Secretary of State’s office last year trying to get this thing put together.
What happened yesterday was probably 12 to 18 months in the making and we actually put it together and we’re never going to bring it out. The state what thereafter Ohio has done something new or at least new to Ohio and I don’t know if there’s any other states that are doing it, but anytime that you file it and register a business now you have the option to self-identify as a veteran-owned business. Veteran-owned minority owned all the other identifiers. It’s optional because they can’t make you tell what it is.
If you self-report and say, “I’m a veteran, what they want to do is be able to provide you with all of the resources that are pertinent to you being a veteran business owner. One of them would be, Are you aware of these guys’ bunker labs? Are you aware of all these other programs that are in place that help you be successful with growing and launching a business? We’ve been looking and working on that. That’s what we’re working on with the state.
On my side, when it comes to Bunker Labs, my big pie-in-the-sky ambition is I believe that we can cultivate and create a list of veteran-owned businesses, and if we put that list together, we cover every vertical market that some business or somebody that’s actually going to come across. If you want to support veterans then you should be able to come to this list and say, “I need a plumber. I can go here to check plumbers, these are all these veteran plumbers that are in my area. Now I can go and support them.” That’s my big pie in the sky, what I’m trying to build and what I would like to be able to build through Bunker Labs.
It’s almost like an Angie’s list for veterans.
100%.
Collaboration With Other Veteran Service Organizations
That’s awesome. Before you and I met, I had never heard of Bunker Labs. Just looking into it, it’s like, this is nationwide already. Are you guys involved with the Wounded Warriors project?
We don’t do stuff hand in hand. I don’t know where the breakdown is. I mean, there’s so many veteran service organizations out there across the state, and it’s like we don’t do a good job of all coming together. It’s like, “You do this and I do this, and let me do my thing over here.” It’s like, dude, if we just all got together and really attacked this problem as a unit, we could accomplish so much more in my opinion.
For sure, and if all of those groups do get together, and I know that Cu-Grip is running a project with the Wounded Warrior Program or project in Canada. I didn’t even know there was a Wounded Warriors of Canada.
I didn’t either.
There’s apparently a huge Wounded Warriors in Canada, but they’re doing it here locally too. When we talked to the CEO and to get this whole program launched, it’d be interesting to get them involved in Bunker Labs as well. Even for us, one of the big pushes as we hire, it’s like we’re patriotic as it gets. It’s like, let’s hire more. I don’t care if they’re wounded or if they’re not wounded or whatever it is, but if we can get even a wounded vet in here and we need to give them special whatever to be able to do their job, but if they’re wheelchair driven and they can sit there and they can do their job, then who the hell cares? Let’s set it up so they’re successful and doing what they’re doing and they can go along with it.
I like that a lot. It’s interesting. I was having a call earlier today with a veteran of a manufacturer, and what he was talking about was his propensity and really wanting to hire veterans because of the work ethic and this, that, and the other. It was interesting, not to segue too much off of where you were at, but when he and I were talking, I was asking him, as I look at manufacturing, one of the gaps that I see in manufacturing as a whole is just technology. I see technology as a big blind spot. I was asking him, I was like, “Here’s my thesis, and I’ll share it with you guys. My thesis has always been that manufacturers have a cybersecurity problem, they just don’t realize it.”
He was like, “Why do you say that?” I was like, “When you look at the whole landscape of things, there’s more competition now than there ever has been before. It’s not just competition down the road or even in the neighboring state, it’s nationwide and global competition. Now there are more people in the market, more competition, which means that you’re all fighting for the same type of resources as far as talent pool and everything else like that to get things done.” Let’s face it, manufacturing isn’t the sexy, appealing job that it used to be.
Now you’re paying more to get people in because the talent pool is shorter and there’s more competition. You’re paying more, which is causing you to take a hit on your bottom line. You’re making a little bit less, and your margins are a little bit thinner. The only way that you can actually compete with that is if you introduce more technology, more robotics, automation, things of that nature. As soon as you do that, then you have a major cybersecurity problem. That’s my six degrees of separation until I get there.
I paint that picture, and he’s like “I hear that but one of the things that you miss in that assessment is that if I implement more technologies then I’m losing more jobs. I want to create jobs not take them away.” I was like, “You know what? There’s a very interesting perspective that I hadn’t thought of or hadn’t really looked at because I’ve always questioned why aren’t manufacturers implementing more technology to make them more efficient. You could do way more with the technology that we have today.
Whenever I would talk to other business owners, they would say, “There are two things that are holding us back from this automation and all the new technology. 1) We can’t afford the downtime. To implement and put in this new line and it’s really going to disrupt everything, we can’t afford the downtime. 2) We don’t have the staff on hand that has the skill set to run these new machines and these new systems.” I was like, “As I look at problem solver, that’s the way that I kind of look at it, address things.
Let me go and talk to the robotics manufacturers and these automation guys and say, “You’re creating these solutions to go into the manufacturer’s workflow. How are you overcoming this? At the same time, what are you doing to address security once you put these things in?” Me trying to see if I can find a way to bridge that gap. That’s more of the processes in which I’m currently one of my initiatives I’m currently working in.
I was very intrigued by his response this afternoon, “I want to find to be a job creator, not a job destroyer.” He’s like, “I could put those things in.” He’s like, “It cost me a million dollars to put this new piece of equipment in, or, and then I could run that with three people or I could put this machine in, that’s half the price, but it creates eight jobs.” He’s like, “Whenever I factor out the eight jobs and everything else like that, the ROI on it, or the break-even point is X amount of years down the road.
I would rather employ people whenever the Delta on that in comparison is so far out, it makes more sense to me.” I was like, “I respect that. I completely respect that.” It’s very interesting just the different dynamics. Once again, there are just so many different ways that you can skin a cat when it comes to how we get the job done. It’s just a matter of what makes the most sense for you, which is ultimately fun.
Then I can completely agree with that. I think some other manufacturers are looking at it a little differently because they are having trouble in the talent pool. We have a partner that we’re working with right now. They just bought a new laser. They bought a new powder line. They bought tons of these new things. He’s like, “I can’t find people to run the things.” We need new people, younger people that understand the programming and how to get the jobs to the machine. Then he’s like, “We also need people that understand how to bend and weld and put PIM nuts in and all those things.”
You’ve got to have a human eye that’s going to be the call to control.
You can’t automate that too easily and we are talking about it, so probably one of my first podcasts we had Matt Goosey on from MRS Machine. He’s done an amazing job in Augusta, Wisconsin. The population is very low and I can never remember what it is, but they started recruiting in elementary school, just getting people interested in manufacturing. I was talking to Bill and Bill’s back in my hometown in Pickle, Ohio. We’re in a similar place where the city isn’t doing much to generate new talent. I was talking to Bill and I’m like, as business owners, we’re going to have to do that.
One of my best friends teaches out of JVS in Springfield and has a manufacturing program where they teach 3D modeling, they teach programming, they teach how to cut, how to bend, and how to weld. More of a hands-on engineering program where I think we’re going to pull Eric in, we’re going to sit down with the pick with JVS and try and create some sort of a program with Matt Goosey’s help because he’s done such a great job. I mean, it is important to add jobs, but the technology piece is equally as important where we’re doing some jobs where it will be 100 or 200 part numbers in a package where we have 24 hours to quote it.
The day of you sitting down, printing off all the drawings, plugging into a spreadsheet, and going out to get a quote from material, those days are gone. They’re gone. People are not going to win business unless they can quote immediately. There are programs out there that are cloud-based, so it adds another level of security where they are ITAR compliant and things like that, but it’s getting these shops to adopt these things.
We’ve really, in the last probably two months, have just went to some of our partners and we’re like, “You have to adopt this, you have to.” They’re like, “We don’t think we need it.” I’m like, “You can’t return a quote in 24 hours to 48 hours. I don’t care how many pieces it is. If we want to win the business together, you have to do it in 24 hours to 48 hours. That’s unrealistic.” I’m like, “It’s not unrealistic though.”
It’s unrealistic with the systems that you have.
Exactly. Then to have all the security in place where we can communicate, that’s the interesting part to me is that we are adding a level of urgency to the industry where manufacturers typically, I’ve just said, “We have a seven-week lead time. We don’t care if you need it in three. It is what it is.” The consumer is like, “Okay, we’re past that,” because people are trying to figure it out and we’ve been able to figure it out with us being involved. We take a week out of it because we need a week to do what we need to do. Now we have been able to communicate to everyone, including our customers that this is possible. We are removing a week out of the lead time that they need. It’s not easy, but once we do this enough, the systems will be there and it will become easy.
That’s the key thing. It’s interesting hearing you talk because when I look at my world, the cybersecurity world, it’s one of the things I tell people all the time. When it comes to minimizing damage and reducing risk, the name of the game is speed. The faster I can detect that something has gone wrong and I can detect it and respond to it, the more I can minimize the damage. It’s interesting to see manufacturing is like it’s all about speed, you have to be able to be faster, and we have to turn these things around quicker which puts even a bigger dependency on technology now.
You’re absolutely right and we had a customer tell me it’s probably been four years ago, we were there. I put a ton of pressure on everyone and we got there and we bid it and we got to PO almost immediately and I’m like, “See, speed helped.” He looked at me as like, “First dog to the water bowl eats.” That stuck with me. I’m like, “How do we become first to the water bowl or to the food bowl more often? You have to make that repeatable. You can’t just get lucky and you’re like, “We’re lucky. We got here once. Like, let’s make this repeatable. How do we make it repeatable?”
We can do it every time and we don’t mess up and we make money and I think the fear a lot of times is that you’ll rush through it and you miss something. Then you’re like, “We lost 20 grand instead of making 50. If there’s that big of a swing and then everyone’s afraid of it, you have to be successful out of the gate for people to appreciate it. Then that builds the confidence in your customer. We had that issue that we talked about earlier. I’m like, “This has to be fixed today.” Like if somebody is sending emails from our server, this has to be fixed today.
That’s a big problem.
They’re like, “We’re researching it.” I’m like, “Research is over right now. It’s time to fix it now.”
Stop the bleeding now. Go and do the forensics later.
It’s not like the one email that we had, we’ve had everyone seen the emails that it would be like McMillanCoLLC.com where it’s not even our URL but it’s close enough that if you’re in a hurry, you just miss it.
Cybersecurity Risks And Solutions
That’s the problem when it comes to cybersecurity, and this is what I tell people I was like I get people ask me all the time “Who’s your biggest competitor” I’m like, “My biggest competitor is the status quo.” People think, “I’ve got an IT guy, I’ve got an IT shop, we’re good,” or my favorite, “We’re too small to be a target and so therefore I don’t really need to worry about this stuff.” It’s like, one, nobody’s too small to be a target. I take it back. Yes, you’re right because you’re not being targeted. Most cyber crimes are crimes of opportunity.
It’s just like if you ask a police officer about car break-ins, most car break-ins are because you left your door unlocked, or you left something valuable on the seat and they smashed and grabbed. Most of them, you left your door unlocked and then somebody went in. It’s the same thing when it comes to cyber-attacks. The problem is that we try to approach cybersecurity the same way that we approach protecting a building. I’m going to lock my doors, I’m going to put sensors on the windows, this, that, and the other. The problem with that approach is that in a building, your entry points don’t change overnight.
In the digital world, I didn’t have a window on this wall yesterday, but I’ve got five of them on that wall now. It’s like, “How did they get there?” If you didn’t know that these holes now were created or now found, now you’ve got a vulnerability point that you don’t have protection for. Once again, if you can’t see it constantly looking at it, then you’ve got vulnerability points and weak points. The status quo is one of our biggest competitions of people just thinking that we’ve got everything taken care of and everything is all under control. With that mindset, you will quickly be left behind.
In the digital world, vulnerability points can appear overnight. If you can't constantly monitor your systems, you're at risk of cyber attacks. Share on XThat’s true. What is the most glaring thing for people to look for that they do have a problem?
Password policies are a really big issue. People use weak passwords. When you look at what people are doing, most businesses will have a firewall in place, which is fine. You should be doing the basics. Have a firewall, make sure you have antivirus, but the use of weak passwords or sharing passwords, because there’s a lot of that where we’ve gone into organizations where five people had the same password. On top of that, these people use their work credentials in other places.
They’ve used their work email and that same password because we’re creatures of habit, they use that same login and password to go and sign up for an Amazon account or something like that. Then their systems get compromised. Now, that email and password are part of a database on the dark web. Then they, on the whole, go and shop and it gets them right on in. They’re like, “Great.” That’s how attacks happen.
What is your opinion of password managers? Like Google has a password manager. Are you a fan of those? Would you advise not to use those, period?
I like password managers. I do not use the Google one. Personally, I use LastPass. Big fan of that one. Dashlane’s another good one. What I like about the password managers is, one, I can speak to LastPass because I’m in it, so I don’t want to speak for all the others because I don’t have intimate knowledge. With LastPass, if you forget your main password, you are SOL because they don’t even have your password and they can’t reset it. It’s part of the security features. The system gives you the ability to create super complex passwords for all of your logins that you don’t have to remember and things of that nature.
Especially if you’re like me that has a hundred different logins that you have to remember, there’s no way I can create super complex passwords and that’s the reason why it happens that people just use things that are easy for them to remember. There are also tips and tricks that you can create that you can use to create complex passwords. Use passphrases instead of passwords. Here’s some free advice for you guys. If you’ve got passwords, there’s two methods that I use or that I teach people, one is the seed method.
You create a seed phrase like “I ride my bike to” and then after the “to,” you put where you’re creating the password for. I ride my bike to Yahoo, I ride my bike to Twitter, I ride my bike to Facebook. Wherever you’re creating that password that goes after the to. You’ve got your seed phrase and then where you’re making it for. Now you’ve got unique passwords, easy enough for you to remember because you use the same seed phrase and just change for each location. The key with that one is just making sure that nobody understands or figures out what your seed phrase is because you’re screwed.
That’s one way that you can do it and create passwords that are easier to remember. The second is the substitution method that I use which is, once again, use another phrase, I like to eat chili in the winter. That’s a great long password. Another key when it comes to passwords and passphrases is the longer the better. It used to be the more complex, the better. Now it’s longer. I think the last time I looked at a study, a password that was 18 characters or longer was virtually unhackable.
You couldn’t break it. It takes like thousands of thousands of years before a computer could actually break it. Length is your key, use phrases. Most passwords now allow you to use spaces in your phrases, so it doesn’t have to be jumbled together. Now you can put spaces in there and then just try to mix it up. Those are two methods that I use to create complex passwords, but to answer your question, yes, I’m a fan of password managers.
I’m a big fan of it too, because I would never, unlike you, have [00:36:03]. Then I try to log in to something on my phone without it and I’m lost. Then I get really upset when I can’t remote and I have to reset everything. Everything is just a mess.
That’s another thing that I would say to turn on if you have the ability in any applications you’re using, two-factor authentication or multi-factor authentication. It’s another security measure that you can use to help combat weak passwords. If I were to log in on your computer into any of my accounts, it’s going to send a message to my phone saying, “Please validate with this six-digit code that you are who you say you are.” That’s another way that you can overcome the use of weak passwords in your environment.
Got it. Let’s jump back to Bunker Labs again. You guys just had the meeting with Frank LaRosa yesterday. If somebody wants to get in touch with Bunker Labs, obviously you’re all over LinkedIn. What’s the easiest way for people to be involved in Bunker Labs?
You can go to BunkerOnline.org and just go to the website there and find some stuff. If you’re in Ohio, I would say reach out to me directly at A-Jay.Orr@BunkerLabs.org
We’ll put that in the description when we launch this. If you didn’t catch that, just go to the description and we’ll have A-Jay’s email.
Email me directly. If you’re in Ohio, email me directly because I’m building an ecosystem. I’m committed to it. If you’re a veteran, a veteran business owner, or interested in helping to support, reach out because I’m trying to do big things over the next two years in regards to that.
We do have listeners all over the US. If somebody’s in California, is there Bunker Labs all over California?
All over.
From coast to coast, whatever city, there’s probably one.
I think we’re up to 40 chapters now across the country.
If they go to BunkerLabs.org, there’s probably a place on here to find an event.
You can actually, I believe you can punch in your zip code and it’ll show you what chapter is the closest to you.
I can’t wait to be more involved just because I think it’s such a cool program and to see people succeed. How many people did you have on your webinar yesterday? It wasn’t really a webinar, but it was like a meeting that everyone could watch.
It was a big session that everybody could watch in, and so we had a little over 200 into that thing.
That’s crazy.
Whenever I was planning this thing and I was talking to people in the back and I was like, “If I can get 50 to 100 people in here, then that’s a good day for me.” I was like, “I’ll be happy with this event.” To get over 200, just blew my mind.
It seemed like people, like I said earlier, I jumped in at the very tail end but people were very interactive as well. I mean, so many times you get those things and everyone’s like, “No video, no sound, and it’s just crickets.”
Yesterday’s event was really a precursor event, which was to lay out what the secretary of state’s office wants to do to how they’re going to try to support veteran business owners in the state of Ohio. At the end, I think I don’t know if you were on whenever we were talking through it, but there’s going to be another event on February 24th. Now this will be a smaller group so we’re asking people to pre-register and submit some questions, but what you’ll be able to do is we’re going to have a session and Secretary LaRose will be there as well, but you’ll be able to talk directly with him and have correspondence back and forth.
The purpose of this meeting is to give your story. I started my business. These are the things that I struggled with. This is how I overcame it. If you had this in place, then that would help a future veteran business owner who’s launching not have to go through the same struggles. He also wants you to share your success stories. I started a business. This is all the stuff that you guys did that was great. I was able to do X, Y, Z because of all this access, whatever. He’s like, he wants to hear it all so they can put together the resources that are actually going to move the needle.
Many times, people will put together a resource program product or service, and it’s like, “That was nice in theory, but it really didn’t help move the needle. It really didn’t help me at all, but thanks for trying.” He doesn’t want to be one of those. His thing is he’s like, I’ve never run a business. I’ve never owned a business. I don’t know what business owners really need. I don’t know what your direct challenges are, but I have a platform that if you tell me what your problems are, I can try to help you find solutions to them to make your life easier. That is what really got me excited with working with him.
As a leader, I may not have business experience, but I have a platform. Tell me your problems, and I'll work to find solutions that make your life easier. That's my commitment to supporting our business community. Share on XIn the different stages, because the needs of somebody that are just have an idea and they haven’t even registered, they don’t even have an EIN, they don’t have anything. That person’s needs are way different than somebody that’s three years into it. Their challenges are now probably cash flow and scalability and all these other things that person’s like, “How the hell do I get from just over this next hurdle?” It’ll be great to just pair people up that are at that stage. I need help because there are so many good other organizations like the city of Columbus and the SBA.
They offer great resources, and we’ve reached out to them. The person that they paired us up with was geared towards somebody wanting to sell baloney sandwiches and how to figure out their cost for one bologna sandwich, and it’s like, “We’re a little bit beyond that, but this is what we do need help with.” They’re like, “We don’t do that.” Is there somebody in the organization that can?
Is there another resource that I can go to? Just because you can’t solve my problem doesn’t mean the problem doesn’t still exist for me.
That’s kind of the purpose of MFG Monkey too is to just interact with people and for people if they have a challenge to reach out and say, “We’d really like to hear about this topic. We had somebody do that just with sales and marketing.” It’s like, “What are the top five things we could do for sales and marketing because I don’t have a marketing budget?” There are those things.
The more people that we have listening and the more interaction that we have, I think that’ll be even fun for us to be able to give back because then we can, if somebody has a specific cybersecurity question, they can reach out to you. If it’s a big enough topic, then we’re like,” It’s more than just an email answer. Let’s jump on and talk through that and add more value.” That goes for everything from just for us, welding, stamping to business sense type things with the IT and security world.
I think that’s why I love what it is that you’re doing here and what you’re putting together because you’re providing a conduit for people to actually get resources and access to things that they normally wouldn’t have access to. I can’t go out and meet everybody, but whoever’s listening to this show now knows,” There are some tricks that I can use to create some secure passwords.” If you’re in the government contracting space, “There’s some cybersecurity stuff that you really need to be paying attention to because the mandates are changing.” Having access to now a resource that can actually help you with those things is something that they normally wouldn’t have access to. That’s the beauty of it.
One of the topics that I think would be great is I heard somebody ask about the financing piece, which is very daunting, and we just went through it. We bought a new machine and brought it in here. Somebody referred us to a lender, and it didn’t quite go the way that I thought it would. There’s a whole story along that as well that I’ll share with everyone when we do a finance piece.
I think that would be really good to do because it is going to be a challenge for vets and what they need to do to get financing if that’s what they need to get to the next level and who to trust and who not to trust and things to look for and things to do and not to do when you are trying to get financing. I learned a very hard lesson a couple of weeks ago. It probably cost me $35,000 in cash. I’ve financed lots and lots of things. I went back and looked at him like, “What could have I done differently?” There’s now hindsight in 2020, but I could have probably done many things differently, and I will do many things differently going forward. I think that that is a very interesting topic.
To your point, there’s no manual for running a business that says if you do this, then you’re going to be successful. We all go through those hard knocks. I was talking to somebody the other day. I was like, “When I started my company, I invested so much money in things that I thought that I needed that I should not have wasted my money on because it didn’t do anything to move the needle.” One of those was not understanding how to market and position my company.
I went and hired a marketing firm and just said, “I’ve got a business, this is what I do, you go market it.” I paid them a boatload of money thinking, they’re like, “We’ll build a website, we’re going to do this, that, and the other.” It was all cool-looking stuff, but it wasn’t stuff that had, there were no metrics on it because I couldn’t track anything. It delivered a zero ROI. I looked back on it, and I was like, “No wonder it happened, I didn’t know what to look for.”
Once I started to learn a little bit more, I was like, “I should have asked this question because these guys clearly didn’t know what they were doing, but they sounded good.” They knew more than I knew. I just went that direction and said, “You take it and run with it.” I didn’t have enough knowledge to be able to hold them accountable. That was a challenge. Once again, it was an expensive lesson to learn, but now I look at everything that way. It’s like, “I don’t need to be super proficient at it, but enough to realize that either A) You’re doing a good job or B) You’re full of shit, and I need to go in another direction.”
That’s part of why I broke MFG Monkey out into its own manufacturing sister company is because I’ve been down that road with so many marketing companies myself, either for myself that the money was mine or for a company that I was in charge of the marketing aspect where you’re right. There’s not many marketers. If there’s very few marketers out there that only concentrate on manufacturing, the manufacturers now have to teach Mr. Marketer what manufacturing is and the keywords and the lingo of what is a lathe. What is a CNC? What is a stamping press?
The marketer doesn’t get it. As I thought about it, a year ago, we launched the show, and then with what we do with our repping, more people started saying, “You’re doing this, just go ahead and do our marketing too.” It’s like it’s a little more than just go ahead and do our marketing too. That’s when we thought, let’s just break it off and tiptoe into it, but it’s for that exact reason you’re good at doing what you’re doing. Then you entrust a marketing firm to market you. Then you get done and you’re like, “I just spent $50,000 or whatever it was. I should have had some kind of ROI.” You’ve got nothing but a cup, some invoices that you’re bitter about paying.
I would say the other challenge that I experienced through that whole thing was when I looked to replace them, didn’t find somebody else, and this is what led me down the path of aging, you need to learn this stuff yourself so that you at least know what you’re looking at because some of the numbers that people were throwing out of if you’re not doing at least $25,000 a month in ad spend, we can’t work with you. I’m like, “I don’t have 400 grand to just sit up there and do marketing. That’s not an option.” I’m like, “Why are they charging so much?” That’s why I started going into it.
What I found was that a lot of markers, IT isn’t the same as manufacturing. There’s not a lot of markers that really understand technology because one, you have to know what you’re talking about because if you put something stupid out there, my industry will call you on it quicker than anything else. You have to make sure it’s factual. You have to make sure that what you’re talking about, but a lot of the marketing firms I came across tried to fit me in this box. It was like, “We’re going to do this for you.”
That’s great. It might work for this industry, but are you sure that’s going to work for mine? I don’t think that my clients resonate with that. I would say for anybody that’s talking to a manufacturer or talking to a marketing company, don’t be scared to push back because if it doesn’t make sense, if it doesn’t feel right, there’s usually a reason why it doesn’t feel right to you. Follow your gut, man. Ask the question. If nothing else, make them clarify why they’re doing it and substantiate it because I, once again, mother the lesson learned that’s why I wasted money.
Marketing Challenges In Manufacturing
If the company that you’re talking to gets defensive or upset because you’re asking the question, you’re working with the wrong person.
That’s a telltale sign too.
Tyler and I talked about this with even attorneys if a group’s not willing to sit down with you and spend an hour or two hours and go through what your needs are and create a custom package for you that works for you or even to give you some ideas. It’s probably the wrong company to work with.
Or if nothing else, if you’re not willing to sit down and go through it with you to make sure that you’re 100% comfortable, then this probably is the wrong company for you.
There’s a reason for sure. I’m sure it’s the same thing in your world. There’s probably so many cybersecurity companies out there that just try and force you into this package where this is it. This is what we have.
Oddly enough, we’re in a unique spot because all we do is cybersecurity. We are strictly a security play, and there’s a reason for that. We have no intentions of growing into an IT support company because we understand the reason why data breaches happen and they go undetected on average data breach goes undetected for almost seven months. Think about that for seven months, somebody has access to your systems to pull out anything that they can monetize because there are two approaches or two objectives in every cyber attack.
1) What can I monetize? I’m going through your systems looking for anything I can take out, exfiltrate, monetize. 2) I’m going to use your systems to launch more attacks. I’m either going to use your servers and store my dirty porn on there because we’ve come across that where a company had a server, and on their server, a criminal had compromised it, and there was child pornography on it. They had no idea it existed, but the criminal was using their server to house all of their child pornography and then we’re streaming it out through torrents and everything else like that.
I would lose my mind.
It’s one of those things that you just don’t know what you don’t know. That’s why I tell people. You’re not the target. You’re a crime of opportunity, but don’t think that you don’t have anything of value. If they can’t steal your identity, your financials, your intellectual property, you’ve got something worth protecting that they’re going to try to monetize. But even let’s say you don’t have anything. They’re going to use your systems to launch more attacks.
That’s crazy. I think one of my biggest fears is just the whole holding your information, constant ransom. Like the whole ransomware scares the ever-living hell out of me.
I mean, cybercrime is a multi-trillion-dollar industry. In 2019, it did $1.5 trillion in cybercrime. That’s from IP theft, that’s from paying ransoms, you name it, $1.5 trillion globally is what it was. It just blows my mind, especially if you create the correct atmosphere and teach people how to put security over convenience first, and just take an extra half a second before you click on something or do something, then we can minimize most of those because 95% of all data breaches happen because of human error. We get into a rush, we click on this, we do something, we did something that we probably shouldn’t have done, and then now we’ve compromised the systems and that’s what usually happens.
I know that you left your email for Bunker Labs, what is your email? How do they get in touch with you for Simple Plan IT?
Check out the website, SimplePlanIT.com. Then my email address is just AORR@SimplePlanIT.com. I’ll make sure that you have that. Drop me a line, and shoot me an email, any questions. I don’t care how simple or stupid you think it may sound, to me, there’s no such thing as a dumb question because you don’t know what you don’t know.
I think that’s where a lot of people may get themselves in trouble. It’s like, “This feels dumb.”
I get a lot of that. They’re like, “I was going to ask you about that, you make me feel dumb.” Dude, there’s no such thing as a dumb question because you’ve got an area of genius, whatever it is that you do, I don’t know anything about. I was like I could ask a basic question. It’s because I don’t know it, but I’m comfortable enough to realize that I don’t know. I don’t make people feel bad for the things that they don’t know.
Thank you so much for coming on. I can’t believe we’ve been talking for over an hour.
No, this has been fun, man.
New lude digs and a little bit of background noise, but I think overall the sound quality is going to be way better.
All your other episodes are going to miss the background noise. See, it’s not authentic.
We’ll do these after 5:00 PM now or not schedule the concrete guy on the day of the show.
You’ll have to loop in that background noise just so that people are like, “Now it’s the MFG monkey.” It was too quiet before. That’s too pristine. These guys are manufacturing for real.
Exactly. Thanks again for coming on. If any social media out there, you can hashtag MFGMonkey and find just about everything that we have. We’ll put contact information on the description and on our posts and everything so you can get a hold of A-Jay directly or Bunker Labs.
—
Thanks, everyone, for joining us for this episode of MFGMonkey. If you have any questions or suggestions for future episodes, please email them to us at Info@MFGMonkey.com.