 everybody, welcome back to the Think Tech Hawaii studios for another episode of security matters. I'm Andrew, the security guy. And today, my guest Ryan Schoenfeld is the founder and CEO of RIS watch. I think one of the more progressive companies in our industry. And I think you're going to find out why today. Alright, thanks for taking so much time out of your schedule. I know you're a busy guy, man, with the with those kind of titles behind you, you know, there's there's never any rest for the weary. Right. Thanks for having me. No worries, man. So a lot of our audience may know you know, RIS watch, I know I was on another panel with you. So you've definitely had some industry exposure. But maybe take some some time to share, share your sort of your history in the industry, as much as you want to share, you know, on this day and age, we don't, you don't give everything away about ourselves, because everybody hunts us down via social media and steals off our info. But whatever you think, and let our audience get to know you a little bit and some of your vision for RIS watch. Yeah, it's been a it's been an interesting road. So I started my career in law enforcement on the East Coast. And I was always kind of a weird guy examining the role of technology and crime. So I was I was a cop that went and got a master's in IT, specifically system design and development and since then have focused on kind of the intersection of crime and technology and security and technology since my move to the private sector. I've been a consultant and instructor for the State Department Training Foreign Governments and high tech crimes and investigations. And then since moving to the private sector, I've worked in the contract guard world and as an end user as a manager of global investigations and then head of global security technology for a global fortune company. Left, left the end user space and started our consulting firm where we worked in a lot of different verticals, but one of them is fast moving tech companies. And one of the things we found with those folks is they would close large rounds of funding double triple the size of the company in a matter of months or a year, and that the security teams and infrastructure there weren't necessarily scaling with the business. And so RIS watch was kind of born out of that need for our customers, where they didn't either have the capital or weren't going to invest the capital in in growing that program. And so we built essentially a fully baked security program that they could subscribe to as a service with with no big capital investment. That's amazing. Did the how how frustrating for you back to your investigative days? How frustrating was it to go to the technology people who should have some, you know, data, maybe evidentiary, maybe not. And then oh, it wasn't working or oh, we, we, we don't have it or oh, that's already been written over. Did was some of this born out of that because you know what you're doing is quite proactive versus the reactive nature of a lot of security, especially on the investigative side. I'd say that the majority of my entire career to date has been driven largely by frustration. As a police officer, the criminals, they were always ahead of us. They were leveraging technologies in ways that we couldn't keep up with from an investigative standpoint. And as a, as an end user, you know, there were so many ways to leverage technology to make our program more proactive, catch people faster, have higher close rates. So my career largely has been driven by how we can leverage technology. And really, because I've come into kind of roles in historically antiquated functions that could have been optimized by attack and looking for ways in which to do that. Wow, we, we surely need that sort of fresh perspective. I think a lot of I did military law enforcement, which was even we had no tools at all. But that that's a bit of a dated industry in some cities, not all, you know, you see a New Orleans is doing some stuff with their, it's not owned by law enforcement per se, but they've got their city, smart city, you know, application going on that the police and law enforcement can use as a subscriber, things like that. So I love that model. You mentioned that some of the enterprise customers you had initially had trouble scaling out their departments. What tells us a little bit more about that? Was that was it driven by just the people or was it a lack of knowledge about how to do that? Or was it just an inability to invest in, you know, the heavy hardware lift or whatever it may be to scale program? I think it's a combination of everything you just listed. So for some companies, you know, while capital isn't technically the problem, especially after you close a major funding round, that doesn't necessarily mean that investing all of that capital and security is where your investors want it spent. Yeah, you know, as most people are accustomed, security is generally seen as a cost center within an organization. So in the venture world and venture backed company world, you know, people want capital spent in areas that's going to drive increased valuations, drive them to their next financial milestones, and security is not seen as that. So that's where the capital piece comes in. But the other piece too is in a lot of the tech world where companies are moving quickly or even are launching without any physical infrastructure from technology and an IT perspective on site. And the physical security world is has been a little slow to adopt to cloud first initiatives and the ability to either virtualize or just leverage other companies infrastructure. There's so you see these companies where the only server on site is the recording server for the VMS or for their access control system. And in many cases, that was a fight even to get in. But it's this disparity between what a lot of the physical security practitioners see is the right way to do things. And one of the things that frustrates me to no end, the way we've always done it. And the way that IT within organizations are moving to the cloud and leveraging new technology. Yeah, I've been it's I think it's not I don't want to say sad, but I think it's remiss of most of our integration integrator population to go out and assess an organization's needs and see that they're entirely in the cloud. Oh, but I'm going to drop a server on prem, which you know, they're not going to update, they're not going to patch their if they even know if the AC stays on all night long to keep the thing cool. I mean, you know, there's just a lot of problems with dropping these boxes into organizations that don't have IT people there to take care of. I still think that's 80% of the integrators out there. I mean, what's your your take on? Are you are you the 1% are you the 10% with your approach? Probably more than one less than 10. Good answer. You know, we're we're not an integration company. We partner with integrators. So I certainly have nothing against the integration community. I think if if nothing else, COVID should be a wake up call to that community about some of the ways in which they've historically done business, the types of work that they go after, you know, you and I have spoken before about the recurring revenue model versus the project based model and and what that means to companies like right now. But but yeah, it's it's it's a real challenge to if you don't evolve to stay relevant. And I think that's the problem we're having right now. Yeah. So tell me about the consumer appetite. Obviously, an organization that's, you know, living in the cloud digests security. Oh, you got in the cloud. Awesome. We'll take it, you know, that's an easy buy. Do you get calls from folks still who have had traditionally had their stuff on prem and want to move or are they on prem and they just heard about you and they want to know how you could help an augment and they you know, is it is it still a teaching sort of a of a call quite often? Absolutely, probably more teaching than anything. You know, I think one of the things where the integrators in their road to evolution here, I think need to understand it's not just everybody needs to really understand or help the end users understand what cloud really means. And when you're looking at the cost of cloud services, because that's, I'd say one of the number one reasons that somebody doesn't go with the cloud solution is either they don't understand what it really means, or they don't understand how to truly calculate the ROI and total cost of ownership. Because they'll see this, I could pay $10,000 for a server now, but if I go a cloud model, I have to make these payments every month into infinity. But they don't understand, you know, the the true total cost of ownership of that, you know, that you may buy that one server now, but over time, the infrastructure, the maintenance, the power, the, you know, the on site IT support, whereas, you know, in a in a truly hosted cloud model, how much of that is done for you and what the cost savings look like over time? Yeah, and especially these the non non IT centric organization, I mean, it's it's just a win-win. Yeah, here, we pay 41, 41 cents a kilowatt hour. So the power consumption and the cooling or paying for the cooling to cool the service is another piece. A lot of people don't calculate in there. And the cloud model wins wins quite often. We've got some commercial clients that are we have fully in the cloud, I do have like a firewall on their premise, because they didn't have anyone to run a firewall for them. So I do that and manage it remotely. But so when the, when the market saw I understand sort of the market, when can you give us a range of the sort of client base that you've been successful with that say, moving from Prem or that contacted you and that you were able to say, Hey, look, here's what we get no sort of the low end and the high end, you know, in the range of differences for some of those. Sure. So watches is a pretty new company. We locked launched in the tail end of 2019, which also, you know, going into a pandemic certainly wasn't wasn't part of our roadmap for many companies. But our focus when we launched was really looking at middle market companies that were growing and probably weren't primed for internal operations center, at least within the next couple of years, maybe it was on the roadmap a couple of years out when they saw more growth. And an interesting thing happened when we quietly started talking in the market to our contacts about the business was the first five companies to approach us about interest had internal GSocs. And so, you know, while that wasn't originally part of our plan to go after that market sector originally, what we were finding is organizations were spending a lot of money on programs, they were minimally effective in terms of showing ROI. And we even had one company say, look, if you can save us money and just not do a worse job than our GSoc, then we would call that a win. Now, that would never be, you know, my metric for success. It was an interesting revelation to me in terms of who the potential market was, and how underserved the spaces, you know, certainly there's companies out there today that do video monitoring as a service and do different pieces of what a GSoc offers. What we wanted to launch was the ability for an organization to come in with any range of a security program or no security program at all, and have what they need from, you know, whether it was monitoring and access control, whether it's intelligence, travel tracking, mass communication, social media monitoring, the stuff you'd expect to see in a large Fortune security program to have any or all of that as a service, but also we provided in a white labeled service so that it feels like it's their in-house program, as opposed to some third party vendor. That is brilliant. I want to get into the GSoc services more a little bit. We're going to take a break. We're going to pay some bills for about one minute and we'll be right back with Ryan Schofo. Aloha, I'm Lillian Cumick, host of Lillian's Vegan World, the show where we talk about veganism and the plant-based diet located in Honolulu, Hawaii. I'm a vegan chef and cooking instructor, and I have lots of information to share with you about how awesome this plant-based diet is. So do tune in every second Thursday from 1 p.m. Aloha. Hey, Aloha. Welcome back to Security Matters. I'm Andrew, the security guy. Ryan Schofo is with us from RAS Watch, and this is some forward leading security technology. RAS Watch has got a GSoc sort of as a service. Ryan, you're relating to us how the ability to package a lot of really the kind of things a Fortune 500 GSoc would have and deliver that to customers almost as if it was their own. Talk, expand on that a little bit more for some sort of the ranges service offerings and what you found the appetite that consumers had. What did they want the most that they didn't have or that you were able to bring that they hadn't considered? Sure. Yeah, I'd say that the majority of companies that we talk to that have SOC or GSoc programs internally, very few of them are actually truly global programs. Very few of them offer services to the company that go much beyond the video and access control components. And so one of the things that there's been a lot of appetite for is our intelligence and travel tracking for employees. And certainly the mass communications piece. Now, probably obvious that in these pandemic times, travel tracking has kind of stopped. But presumably corporate travelers will start picking up again and hitting the road in the coming months. And so we anticipate that service picking up again when that happens. Hey, do you think there'll be an appetite for knowing if it's a COVID hotspot? Like, you know, because you got to fly people in and out of these places, right? So what's the expected delay to get through the airport? Like how will I as a 14 day quarantine if you fly into here today's things like that? Sure. And that actually as part of our program started in late January. Before there was even a lot of discussion around travel restrictions and the pandemic here stateside. We were looking at corporate travelers in Asia and Europe and other locations around the globe and monitoring what was happening in those countries with travel restrictions. But then again, as the US started imposing travel restrictions on people coming in, making sure that all the corporate travelers knew that they had to be on a flight by this date and time. Or, you know, they might not be able to get back into the US until, you know, who knows. Yeah, who knows when. Pretty interesting stuff for especially the business community. Is the, do you have a feeling a lot of them are going to start traveling again? I mean, it's sort of been shut down, you know, and that's an interesting, I was kind of wondering, I know some of the really large organizations that we work with are not traveling all year and they've already announced that. I was like, wow, those are, it's kind of early in the year to be making statements like that. But that's the way to look at things. Yeah, there's going to be a lot less travel for sure. You know, it's been interesting actually talking to customers as they look to getting back to work, you know, physically, I suppose, you know, everybody's been working from home. But what's different? Travel program is a huge part of that. How much of their corporate offices are actually going to reoccupy of any, you know, the cost savings to organizations by reduced travel. And, you know, we have one company that we work with that said they're going to save $3 million this year, just in not providing lunches and snacks to the employees. Wow. So it's there's a lot of secondary expenses that that's been interesting to monitor. But I do think there's some businesses that have to travel. But I think there's going to be a more complicated internal approval process to get approved to travel. Whereas before a lot of people just booked their flights and jumped on plans. Yeah, yeah, for sure. Hey, we had a question from our audience and I hadn't really considered it. But what's stopped the people who, you know, you went in, you've got a cloud offering cloud GSOC GSOC as a service to fit in, however you want to call it. What's stopping people from moving into into acceptance or adopting a cloud based service that you've ran into? Yeah, I think part of it is the kind of unknown that we talked about a little bit and not understanding it. I think, you know, there's kind of a big picture transition that the organization as a whole needs to look at. So if they're a largely on prem company and security starts talking about going to the cloud, it may not be comfortable with that strategy yet. We've also found that a lot of organizations that the IT folks may feel threatened by a move to cloud in that there may not be as much of a need for all of their positions at the company anymore. So there's a whole host of things that factor in certainly cyber is is and should be a consideration. But generally speaking, most of the good cloud applications are probably more secure than most of the on prem, you know, except in certain applications. But we we often actually almost always recommend third party pen testing and a vetting process of of the solution, whether it's going to be on prem or hosted. Sure, yeah, and I have I've run in, I mean, I think we've all run into these systems that have not no one's touched them for two years. So there's been no patchwork done. There's and I mean, that means the windows patch is nothing, you know, it's just sad because it worked, right? You know, these lot of systems are old and stable and they'll run on old versions and people don't need new features. So they just sit there and print their badges and look at their reports once in a while. And it's interesting, you know, the dynamic nature of what's available through the cloud to me should bring bring more more appeal, especially when we talk about machine learning starting to add algorithms to the existing data sets that we're building about these companies and the way they operate. Are you getting more requests for like business intelligence out of the systems that you've got in the cloud for these folks? It's funny, we propose a lot of business intelligence solutions, not finding yet a great deal of adoption. Although post COVID, we're starting to see more interest in the types of analytics that people can pull from their infrastructure, whether it's to look at occupancy stats or try to pull some semblance of social distancing data from turnstiles or other infrastructure. You know, we're certainly working with players that have cloud applications for the same thing. I'd say some of the biggest things we're getting interest in right now from a cloud application perspective are things that are so simple, like system health monitoring, making sure that your cameras are actually working, particularly as all of these sites are sitting vacant and remote. Sure, there's, you know, any security practitioner knows that so many times you go back to look at the video and you realize that camera has been down for three months. And so there's so many cheap solutions for those problems. So that's one of the things that we're getting a lot of requests for as a service right now. And then the other thing to your earlier point is patches and updates as a service. So whether it's camera firmware or updating passwords on a somewhat regular basis. Again, a seemingly simple thing, but it's those little things that are often forgotten. Yeah, for sure. Well, I think we've got a minute or two left, Ryan. What advice would you give the industry kind of looking forward, you know, from the perspective of managed service provider? And then also, as we sort of exit this space, is there even more room or more even more leverage that you can use as a managed service provider to bring more value to the industry and to, you know, security offerings for a customer? Well, I think the big thing we're finding now is as companies look to emerge from, you know, these times and this answer is a little different than I had given you a few months ago. Cost savings is probably one of the number one drivers of the decision process right now. And so managed services and cloud and, you know, reducing that internal footprint and kind of the redundancy of everybody having their own programs and duplicating things across sites, whether it's, you know, a service like RAS Watch or any other managed service or cloud offering, I think is going to offer the types of cost reductions that just about every company is looking for right now. Awesome. Well, thank you, Ryan. Again, I really appreciate your time today. I know you're a busy guy, so we appreciate you sharing your insights with us and we wish you well. Hope the West Coast comes back to life. Hope our economy gets cranking and hope to see you soon in like in person, you know, at one of our events. That would be great. Awesome. Take care, man. Aloha. Everybody be safe out there and wash your hands.