Site icon Easy Prey Podcast

AI: Double-Edged Sword for Cybersecurity with Vincent LaRocca

Easy Prey
“Being able to monitor and know what is happening with your data is very important.” - Vincent LaRocca Share on X

Cybersecurity is more crucial than ever. It’s essential that we proactively safeguard our data and recognize that no one is immune to attacks. We are all vulnerable. As malicious actors continually enhance their tactics, we must stay one step ahead by consistently improving our defenses.

Today’s guest is Vincent LaRocca. Vincent is the CEO of CyberSecOp with the commitment to protecting sensitive data and mitigating cyber threats. With over two decades of experience, Vincent has successfully steered CyberSecOp to become one of the world’s fastest growing managed security providers, specializing in cybersecurity assessments, breach management, and risk management consulting.

“A lot of the trends are moving towards AI. Threat actors, those that are looking to exploit our vulnerabilities are taking advantage of it.” - Vincent LaRocca Share on X

Show Notes:

“We need to make sure that as we are growing these tools, we’re able to understand what we’re doing with it and how we are utilizing it.” - Vincent LaRocca Share on X

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

Transcript:

Vincent, thank you so much for coming on the Easy Prey Podcast today. 

Thanks for having me, Chris.

Can you give myself and the audience a little bit of background about who you are and what you do?

Sure. Vinnie LaRocca. I am the CEO of Cybersecurity Operations. We are a cybersecurity and security compliance consulting organization. I've been in business for about six years now and growing fast.

How did you get into cybersecurity? 

My background way back in the day—I worked for IBM some 30 years ago, and I did what we considered network security. Back then, there really was no cybersecurity. I always had a little bit of a background when it came to security.

About six years ago, it came out of an MSP where we recognized the fact that organizations were trying to do IT technology for businesses and security, which is a bit of a conflict of interest. You're basically checking your own homework. If you're installing and maintaining a network, and then you're doing a vulnerability test, for example, most orders won't allow that. That's a no-no. I made a decision five or six years ago to kind of separate out and become an MSS, not a security service provider.

Nice. Before we get started in the meat of our discussion, I really love to ask my guests that are in cybersecurity, counter fraud, counter scams—have you ever been a victim of a cybersecurity scam or fraud? Because if you and I can't get it right 100% of the time, those that aren't in this space, we need to de-stigmatize these sorts of things happening as part of our lives. Has that happened to you?

Yes, I dealt with a fraud issue with my bank where my checking account had gotten breached. It ended up being an internal fraud with the bank. Luckily, I got my money back. But it took a while. Somebody had forged a check. They knew what our last actual check was, wrote the next one, were able to forge a signature. Luckily, it wasn't close enough that we were able to win that battle. I mean, it does happen to just about everybody.

To be honest with you, because I work for a cybersecurity company, we've got so many controls in place that it almost prevents me from making an error that would get me scammed, and if it wasn't for that, I probably would be on a longer list.

Yeah, I think everybody has had a credit card compromised. Particularly when it's a bank account, it really is a violation of, “Oh, they got inside.” 

Absolutely. Once again, I've seen some individuals that you would think would be the last people on the planet to get scammed and they've gotten scammed.

It's something that we all should never assume won't happen to us. We need to be prepared for it to happen at some point.

Yeah, quite the opposite. You should assume it's going to happen.

Got you. Let's talk about what's going on today, and cybersecurity and compliance, and where the emerging threats and responses are coming from. Where's kind of the current trends of where you're seeing things move? 

A lot of the trend is moving towards AI. I'm sure you're hearing a lot of that. It's in the news every day. Threat actors, those that are looking to exploit our vulnerabilities and take advantage of it, have started to use AI to automate their attacks and be able to extend their reach. We've seen a number of potential breaches, and breaches grow exponentially over the last six to eight months, and I'm assuming that's going to continue to go in that direction.

Threat actors, those that are looking to exploit our vulnerabilities and take advantage of it, have started to use AI to automate their attacks and be able to extend their reach. -Vincent LaRocca Share on X

Now, on the opposite side, we're starting to integrate AI into our monitoring detection, our response capabilities, and even have industries more prepared to look for AI and understand how they use AI.

Another thing that we're a little bit concerned about is now you've  got more and more organizations that are using your ChatGPT and your Copilot. These things are utilizing your data and manipulating your data. You can't just throw it out there and let everybody have free rein as to what they do with it and how they use it. You need to put some parameters around that and make sure you're protecting the data that's yours or your clients’ so that it's just not out there on the dark web.

There was an organization I was talking with and they said, “We've gotten questions about how we might utilize AI to find resources within our organization faster.” One of the people was like, “We've got a lot of proprietary private information. Let's do this real, real slow because that's the last thing we want becoming public is the secret sauce of what we do and how we do it in a kind of personal information that's out there.”

Right, and on top of that, almost every state now has got some sort of data privacy protection law. If you don't have an understanding of how that AI tool that you're using is maybe manipulating that data and making it available to resources you weren't aware of, it can get in a little bit of trouble.

Let's talk a little bit about it and we'll kind of meander around when we're talking about a corporation using AI or on their own data. What does that look like? And what does that entail? 

Right now, once again, it's an area that is really starting to grow. I've seen more and more businesses that are using it to summarize meetings, for example. That's on the low end, but you get some more sophisticated programs. There are a lot of AI integrators now that are using that to take your data and create access to maybe your applications.

I'll give you an example of an organization right now that's taking data out of the CRM and then loading it into QuickBooks, a program for their accounting. You're taking data from one place using AI to put it into another place where the original store that you're taking it from, there's a set of rules and a set of users that have access to it. You put it in another place where there's a different set of rules and a different set of users that have access to it. You need to make sure that you're encapsulating that and where it's coming and where it's going and who has access to it.

Yeah, I think that there's this general feeling with a lot of people that like, “Oh, AI is going to solve everything. AI will sort it all out.” Maybe someday, but we're not quite there yet. It's a mixed bag.

Yes, but it is going to get there. I did hear—and I would love to, but I can't recall—there’s about 300 companies in the globe right now that are going to spend a trillion dollars in research and development in AI in 2025. With that kind of investment, AI is not going away. It's only going to continue to grow. We just need to make sure that as we're growing those tools, we're able to understand what we're doing with it and how we're utilizing it.

It's only going to continue to grow. We just need to make sure that as we're growing those tools, we're able to understand what we're doing with it and how we're utilizing it. -Vincent LaRocca Share on X

From the cybersecurity side, is there a concern that AI will exponentially grow the attack surface so much that you just can't keep up with the attacks and can't keep up with the complexity of the attacks?

There's definitely that fear, and there's a lot of conversations going on around that. Once again, AI is still unknown, so we're not really sure where it's going to go. We do know that the threat actors are usually one step ahead of us.  They're utilizing that quite a bit. Now, we would expect that to grow.

On the other hand, we've got to use that to be able to prevent it. If we know they're using it as an attack tool, we've got to use it as a defense tool.

If we know they're using it as an attack tool, we've got to use it as a defense tool. -Vincent LaRocca Share on X

How does that play out for your clients in terms of, is it massive hardware, massive costs, or are these things just kind of a relative add-on to things that they've been doing? Not just with your company, but in a larger sense. 

Overall, it's a bit of a cost right now. Really, the issue right now is the hesitation. Because it's so new, we've got a lot of businesses and industries that are hesitant to implement something. Is regulation going to come down tomorrow and say, “Hey, you can't use this”? “Did I just spend a lot of money to do something that I might not be able to use?”

There's a lot of hesitation right now. Just about everybody is saying that their tool and their application uses AI. I'm not 100% sure that that's accurate. You'd have to start doing some research because everybody claims that, but I do know that we're going to be using it more and more until somebody tells us we can't. I don't want to see that happen.

Got you. On the attack side, is AI creating new attacks, or is it just using a wider range of things, or doing a better job of stringing things together?

For the most part, it's just doing a better job, and it's enabling threat actors to do more attacks quicker. We do see a lot of sophistication, for example, in phishing attacks. In the past, you'd be able to read an email and be able to get a feel for was this something that was written with intent? Or by the grammar, for example, you can tell it was coming from overseas and it wasn't, it was a scam. Now with AI, they're becoming way more sophisticated and becoming harder and harder to detect.

Is that because they're now starting to integrate kind of data sources into those emails that in spearfishing, we can now do research on the CEO and find out that he's a 49ers fan and include a reference to that in the email and make it seem more natural to the recipient?

Sure. They were doing that before. It just allows them to do it quicker and target a larger audience. Where in the past, let's just say they were creating 15 attacks a day, whatever that number is, now you can multiply that by 10.

It's kind of the escalation of when we went from manually hacking to becoming script kiddies to this is the next level. 

Correct, yes, to that extent, and why going back to what we were talking about before, we say everybody should assume it's going to happen to them with the industry growing like it is, I almost feel bad calling it an industry, but cybercrime is now an industry. Add AI to it and the amount of money that these threat actors are taking in, they're going to continue to attack more and more organizations.

In the past, we would see the smaller organizations have that mindset of, “It's not going to happen to me. Nobody wants my data. I don't have that kind of money.” It really doesn't work that way. With these kinds of automated attacks now, they're just looking for a vulnerability, and they're going to exploit it. Yeah, you're a smaller business; they'll just take less money from you, but they'll still attack you.

With these kinds of automated attacks now, they're just looking for a vulnerability, and they're going to exploit it. Yeah, you're a smaller business; they'll just take less money from you, but they'll still attack you. -Vincent… Share on X

Is the philosophy of smaller businesses like, “I don't have anything of value< so why would they attack me?” Do you find that with smaller businesses?

Yes. I mean, that's less and less today. That was more the mindset over the last couple of years. I think with all the number of breaches that have been in the news, more and more organizations are understanding what they have to do. Also, with all the regulation laws that are out there now, more and more businesses and industries are required to do something whether they want to or not.

I guess it makes me wonder, like a cybersecurity compliance officer role becoming a need at larger organizations to make sure the right technology is being used and used in the right way within the regulatory infrastructure for that industry? 

Oh, absolutely. A lot of regulations require businesses that have somebody who's qualified to fill in that type of role as a CISO, for example. One of the services that we actually offer is a fractional CISO. If you're a small organization and can't afford to have a full-time person in that role, we'll handle that for them.

Let's talk about that a little bit. What is a CISO and what is their role within an organization?

A CISO, Chief Information Security Officer, it's not like it's evenly spread across every business and every industry and how they use them. Some businesses will use that as a catch-all. Anything that has to do with data and security and all falls under this one individual. Some will have a little bit more of a streamlined look at it. But for us, it's really about giving a resource that can look at what your security posture is today. What do you have in place? What should it be? What controls should you have in place?

Especially if you're looking at specific industries, if you're looking to follow a framework or a standard. You've got HIPAA; you've got NIST; you've got ISO; you've got SOC-2, so there's a number of them out there. We'll basically come in, look at where they are today, where they should be. Create that kind of roadmap of how they get from the current state to the future state, and then manage that for them.

An easier way of looking at that is what we call Governance, Risk, and Compliance, GRC. We'll help them create a program, implement the program, and then manage that program going forward so that they meet all the criteria of regulations, laws, and the framework that they're looking to adhere to.

I can see that as being a challenging position, a role, and the reason why you get a fractional person doing that. Is that almost one of the challenges is that there's not enough people that have the relevant experience that are current with everything to be able to fulfill that role?

Well, there's a number of things. There are more and more individuals that will have the qualifications for that role on paper, but there's no getting around experience. Having someone who’s actually done it and been through the wars is way more valuable. We make sure that our people not only have all the qualifications, which are required, but have that experience to say, “All right, I've been through this. This is how this is going to work. “

Yeah, I could see a small business being in a very overwhelming process to having not had someone in that role. To even having a fractional person in that role and having to rethink, “How do we manage our data? How do we manage to protect everything?”

Yeah, and it's new for especially in that mid-market, smaller organizations. It's new to a lot of them. They're used to what the minimum requirements I have to have in my IT to get me to be able to run my business and now you're worried about things like policies and procedures, which is not something they've ever had to really worry about in the past regulations requiring that.

Then as we always say, you don't want to have a policy that says, “I do X,Y, and Z,” and not be able to do it and enforce it. That's even more important. There's a lot of change that's going on in that mindset for those smaller organizations. Now I’ve got to say I do this and I’ve got to make sure I actually do it.

I know in the history, there's a lot of organizations that needed to check a checkbox saying, “Yeah, I had a pen test done,” but there wasn't the following checkbox. “Did you follow all the recommendations?”

You can be secure. It doesn't mean you're meeting the regulatory requirements. -Vincent LaRocca Share on X

Right. That's almost the difference between security and regulation. “Hey, I meet the regulatory requirements. I checked all these boxes.” That doesn't mean you're secure and vice versa. You can be secure. It doesn't mean you're meeting the regulatory requirements.

Yeah, it's a scary world, a complex world.

Very complex and security compliance don't go hand in hand.

You had said that you shouldn't be having one person do both.

It's checks and balances, church and state. Just think about that. I think the example I used is you've got one organization that implements and maintains your network, your server infrastructure. Then you've got that same organization that says, “OK, I just did a risk assessment, a vulnerability assessment, because some regular regulation is requiring it.”

They're not going to come to you and say you’ve got all these vulnerabilities; all these portions will fail, because that's going to potentially make them look bad. I know a lot of us don't really allow that. They wouldn't let the same organization provide that kind of information checking your own homework.

It's one of those things. If you're building a defense, you're building a defense against the stuff that you know about, not the stuff that you don't know about.

Correct and really where we've grown quite a bit over the last, I'd say 24 months, is we work more and more with those IT companies to let them know this is not something where we're in conflict with, we're competing for; we're probably your greatest asset. We protect you, we protect your customers.

Kind of got to use it that way. We're now part of a team. We'll come in, show them, “Here are the holes that should be remediated. Listen, you go remediate them. Now you're protecting yourself and your client.” Everybody's happy. Don't look at us as your enemy. We're probably the best thing that could happen to you.

What are some of the most common gaps that you see where companies are not taking the right measures to protect themselves and their customers? 

One of the easiest ones is patching and what we call hardening where you're keeping your OS and your systems and your software patches up to date. There are things that come out every once in a while that we call you a zero-day vulnerability.

Some applications all of a sudden got exploited with a vulnerability they weren't aware of right now. Once that gets out there, the threat actor community, they know about it. They're going to go attacking everybody.

If you're not patching that, whether it is an application or infrastructure, now you're vulnerable. I've seen organizations where they do their patching once a quarter, once every six months, which is not really best practice for that.

The other thing is having a secure password policy. Once again, the controls to maintain that we've seen organizations where they say, “Yeah, we use strong passwords. It's got to be changed every 60 days. It's got to be 12 characters, except that applies to everybody but the CEO. He doesn't know it.” That ends up being where the breach is.

Everybody's got this understanding or belief that cybersecurity is going to be expensive, and that's really not the case. There’s a lot of things you can do, which is very little cost, if any. It's just a matter of paying attention to it.

Everybody's got this understanding or belief that cybersecurity is going to be expensive, and that's really not the case. There’s a lot of things you can do, which is very little cost, if any. It's just a matter of paying attention… Share on X

Did the CrowdStrike, kind of their patch fiasco, make companies more hesitant about patching more frequently or applying real-time measures?

I don't think so. I think, for the most part, it's now when we talk about the cyber world, it's a cyber event. One of them's happening all the time. It happens, you learn from it, and you move on. I think the expectation is that even CrowdStrike learned from it, and that it'd be better for it. It's just like anything else: learn from it and improve.

For companies that don't have their infrastructure managed by somebody else, and they're a small 10-person, 20-person shop, what are some of the things, like how should they be managing when it's hiring an outside firm—is it within their budget, potentially? 

Let's talk about your landscape today. What is it you think you have? What is it you believe you don't have? Then what is your budget? It doesn't have to be, “Let's go boil the ocean.” Let's take steps to improve your security posture.

What we'll do a lot of is let's work within your budget. What are the controls that you can put in place that will give you the biggest bang for your buck? And we'll work that way. We'll tell them, “Here's our recommendation, so maybe you don't have the budget for it now, but you do. Here's something you should do because this is a glaring vulnerability.”

I would think the biggest thing we deal with quite a bit in that mid-market space is most organizations don't know. When you tell them that they really should do a risk assessment or some sort of vulnerability testing, they feel like they're spending money to do something that they're ultimately going to have to pay more money to do.

But I mean, if somebody is coming in and telling you you should spend money to put this control in place without knowing what your vulnerabilities are, that's got to be a bigger waste of money. It's really knowing what you don't know.

There's no point in putting a really fancy lock on the front door of your house, when the door isn't even there. It's just an open door frame.

Great analogy. I'm going to use that one.

I'll charge you two cents for every usage of it. Aside from patching being a big thing and password management, is there other one or two other areas that are kind of this relatively common, maybe they've kind of got it right, but most people get it wrong?

I would say logging and audit trail. So when we deal with organizations that do deal with some sort of breach or believe they may have gotten breached, by default, most organizations have another trail that gets overwritten every 24 or 48  hours. By the time you come across what you believe may have been a breach or data exfiltration, if your logs are overwritten if you don't have a DLP and data loss prevention solution in place, there's no way to really know. In that case, you have to act as if you had data loss and that can get expensive. Being able to monitor and know what's happening with your data is very important.

I could think of a number of situations where there's no logging in place, and if something was exfiltrated, there's no record of it. There's no history of it. There's no anomaly. It's just out there.

We've had organizations that say, “Well, I can't prove it was gone, so I guess I'm good.”

“We can't prove that anyone took anything, so it must not have happened.” Have you guys kind of ever brought in on managing when a breach has happened on how to figure out what was accessed and kind of like what do you do when there are limited logs available?

We've got a number of tools that we can go out and look at; we can look at memory, we can pull things from there, but in the end, a lot of times I'll tell organizations up front what they want, especially if they're going to pay us to do forensics and detection. You could be spending a lot of money to find out that there's no way of knowing.

In some cases, you might be better off just acting as if it happened, which is probably going to be the case anyway. Let's assume it's the worst-case scenario and take it from there. But yeah, I mean, we do have tools that can do a lot of that and we've got individuals that are skilled at doing forensics. I would tell you that's a 50-50 probability.

I guess it helps to know what happened, but if you still have to go through the same hoops afterward.

A lot of times, they'll be—especially if you've got partners or vendors that are, “I want to know before I do business with you, again, because I was impacted, I need to know what happened and you've remediated it.” You can't go to your partners and vendors and say, “Well, it happened so we're going to go do some patching and we're all doing it.” That's probably one of the largest growing areas in our cybersecurity space is third-party vendor management.

Now that you've gotten more and more organizations that understand and are becoming sophisticated in cybersecurity in the regulatory space, knowing what they need to do, they've made that investment to become secure. But if their vendors and partners, especially those that they may potentially share data and infrastructure with, are not doing the same thing, well, you're only as strong as your weakest link. That behavior is getting driven out by those that understand, that are more sophisticated.

Got you. We need our partners to disclose what happened so that we can make sure that we're protected and that we're protecting our customers in an appropriate way.

Correct. We're an ISO 27001-certified organization. I've got partners and vendors that we'll go to and say, “Hey, to continue doing business with me, you need to meet these minimum criteria or I'm not going to be able to do that and you're going to potentially lose business.”

As an example, more and more of that is happening. That's really what's happening with CMMC. That's a certification that came down from the Department of Defense a year or two ago, and said, “If you're part of the supply chain, you need to meet these requirements in order to continue doing business.” You're going to see more and more of that happen.

Yeah, it's what needs to happen. I can't imagine how many data breaches have happened that we just aren't aware of or will never be aware of. The data is out there and it's just been mixed up with so much other data. We don't even know where it came from anymore.

I think the last time I saw, it was a data breach occurs in the United States every six seconds.

That sounds about right. I thought it was about seven seconds.

It could be a second or two. [inaudible 00:28:50].

I guess it kind of puts consumers in the position of you just have to assume that any data that you've ever given to anybody will get out into the public at some point.

Unfortunately, that is a mindset I see more and more of, where individuals and businesses will say, “I assume my data is already out there, so I'm not too worried about it.” Even if that's the case, as a business owner, I don't want to hear that from somebody that I'm doing business with.

Yeah, I want to assume it's out there and take appropriate precautions to prevent it from being used in inappropriate ways, but to stick my head in the sand and assume that no one's ever going to get my Social Security number. Someone's going to get it. In fact, I'm sure plenty of people already have it.

When you come home one day and somebody else is living in your house, because it was sold from under it, that’s when you can say somebody had my Social Security number.

Hopefully I'll figure it out well before that happens. Kind of coming back to AI. How long do you think before, kind of in this inflection point with AI. I think that where we see this great upside, we see great downside, but we kind of don't know where the horizon is or when that horizon is going to get here. When do you see things starting to settle down and kind of reach a new equilibrium?

I guess it depends on what you mean by settle down. I read an article recently where I believe Boeing just came out with an airline that the only reason they'll have a pilot there is to make the passengers feel comfortable. They really don't need it. It can fly on its own.

The landscape I believe over the next two, five, 10 years, has changed drastically. We're just at the beginning of this AI revolution. Like I said, I deal with AI in the cybersecurity space so I don't want to pretend to be the savant of what's going to happen in AI and the rest of the globe, but I believe that these threat actors will use it more and more, become more and more sophisticated, and they're going to identify vulnerabilities that we're not even aware of yet. That's been the trend historically, so I don't see how that's going to change going forward.

To be honest with you, one of the few things I think that we can get to that would stop ransomware is when we get to a point where legally, you're just not allowed to pay the ransomware. We have to deal with the fallout. I don't think we're there yet, but if that would come down, if you're a threat actor and you can't get paid, even if you're successful.

That kind of stops the financial incentive of, “If it's now criminal for me to pay to get my data back, or pay to unlock my data….I don't want to go to jail.” 

Correct. Somehow they'll find another way. They'll find the next trend, but I mean, that's the only thing that I can even see slowing it down right now. So much money for them being made.

Do you envision where they're moving next? If ransomware becomes difficult, what's the next soft target, so to speak?

If I knew that, I'd probably not be on this call right now.

You'd be building and selling that solution as quickly as you could.

Correct. I really don't. I've been shocked at some of the things that I've seen already. Nothing would surprise me, but no, I wish I was out in front of it. I'm not.

Is there any aspect of this that kind of keeps you up at night? 

Oh, I mean, all of it, especially as a cybersecurity company. My biggest fear—and I've got some really great people that work for me—I don't want to be the cybersecurity company that gets breached. That's probably death now. That's one of the things that keeps me up at night. We have just about every control you can imagine in place. It takes me about 15 minutes to log on. But better safe than sorry.

Do you see that, I don't want to call that paranoia, but that level of security, starting to just be in more and more everyday organizations that just becomes part of life?

Yes. For a while, I would deal with a lot of C-level executives that would say, “It's just not worth it. The impact it's having on my work. Is it just too much?” I'll roll the dice only to find out that that was a mistake and they'll go back in the other direction.

But the tools that we're using today are getting better and better. There was a time where they were putting a lot of overhead and they were utilizing a lot of resources on your machines. That's kind of gotten corrected, so it's gotten better and better.

But just everybody, when you log on in the morning, you're probably logging on to your machine. You're logging out to your application. You've got two-factor authentication for every one of them. Then you've got tools in the background that will make you sure you don't have data exfiltration. There's a lot going on. Even when somebody sends me an email, I know I'm going to wait 10 minutes for that email to roll our systems and checks and balances.

Yeah, there’s definitely part of my routine is, “OK, now which authentication methodology is that second factor? Was that a hardware token? Was it an app? Which device does it go to? Does it go to this one? Does it go to that one?”

Right.

It becomes a little bit of a shuffle. I'm intentionally keeping certain things separate and then you're like, “OK, I just don't know what number am I supposed to enter in that field and where am I supposed to get it.”

Luckily, some of those applications become better. Also, most of these systems will allow you to choose your authentication. Once again, getting better and better. Same thing with like these password creators; they’re getting better and better.

I remember having a meal with a family member overseas and they pulled out their key chain, and this is maybe 10 or 15 years ago and they probably had like 15 or 22 of a physical hardware tokens on their keychain. Where they were living, it wasn't allowed to be SMS and the authenticator apps weren't really participating and weren't in full force yet.

Every entity that he worked with had a different physical 2FA token he had to work. I was like, “That's much worse than a pile of keys in your pocket because they can stack those tokens.”

I don't miss those days at all. Although now, I've got to bet you lose your cell phone and [inaudible 00:36:15].

I think every methodology for 2FA has a drawback that you have to make sure that you understand and you have to understand. “If I lose access to that methodology, how do I regain access without it?” It becomes its own little challenge.

We lost our cell phone. We have bigger problems than that too, right?

Yes, that's true. As we wrap up today, any additional parting advice for either businesses or consumers?

Don't make the assumption that cybersecurity and protecting your data is going to be costly. -Vincent LaRocca Share on X

My parting advice would be not to turn a blind eye to what's out there. Don't make the assumption that cybersecurity and protecting your data is going to be costly. It's going to take up a lot of your time. There are a lot of things that you can do that won't cost you a lot of money and will make a big impact on protecting your employees, your customers, your vendors, your partners, and your data.

As we talk about don't make the assumption it's not going to happen to you, you should make the assumption it's going to happen to you.

Got you. If people want to be able to connect with you or your company, where can they find you online?

The website cybersecop.com. I'm on LinkedIn—Vincent LaRocca. Always looking forward to meeting new individuals and helping to ask questions. Through the website, you can also actually contact me and the organization.

Awesome. We'll make sure to include links to those in the show notes. Thank you so much for the time and for coming on today.

Thanks for having me, Chris. Greatly appreciate it.

 

Exit mobile version