 Hey, Aloha, and welcome back to the Think Tech Hawaii studios for another exciting episode of Security Matters Hawaii. Today we've got one of our West Coast sort of premier integrators on this sort of the voice of the integrator episode. We've got Gary Hoffner. He's not in the studio, but I do have him remotely. I think he's broadcasting out of his office. Gary, thank you so much for joining us today. Hey, Andrew, thanks very much for having me, man. I greatly appreciate it. Right. Gary's from Photoscan of Los Angeles. Basically, everybody calls it PSLA, and I know you guys have been in business a long time out there. Gary, can you give our audience maybe a little bit of your background? I know you're a cyber guy. You don't want to share everything, but share as much as you can, and it's a little bit about the company as well. Sure, sure. Me personally, I'm in my 38th year in this industry, so I've seen a lot of changes, so it's been a while. The company, we're a 45, almost 46-year-old system integrator. Started out doing, well, actually one of the three founding members of PSA, actually, I think we had enough. So, started out with video and ended up doing access control and intrusion detection and eventually fire, and we're known for system integration where we glue a lot of those things together with software to come up with innovative solutions for our customers. And we're known for unifying the platform and giving something simple and easy to operate with as few moving parts as possible to accomplish the objective. So, it's turned out really well for us. It's a great model for virtually every part of what we do, and we've gleaned some very nice, very appreciative customers because of our approach, so it's been good. So, I know that system integration sort of came, we started building software-based platforms back in the later 90s, kind of after back office, and there wasn't a lot of industry adoption right away. I think a lot of security companies weren't necessarily IT savvy or software savvy. Did you experience that in California or was it more of an early adopter? From Hawaii, we think of California as this big, huge market, and so what were the drivers that sort of brought system integration into PSLA? Well, I was fortunate. Well, that's a good question, actually. In my former life, I've only been with PSLA for six years now, in my former life, in my former company, we were kind of an out-of-the-box integrator. So, we were part of a national program with a manufacturer that, you know, we were saddled with their technology and how it would work and play together or fail to play together more accurately. So, you know, so, you know, working from that knowledge and understanding and appreciating the value from the customer's perspective of actually having a system that operates the way many of our contemporary office systems and environments work today really showed us the kind of the past. So, over at PSLA, you know, we are a true integrator where, you know, we actually appreciate, you know, the different platforms, manufacturers, and we have a way to marry them together and keep them married so that we can deliver a solution that is sustainable. Is the demand high? Like, do the calls that you get in your office, are you brought in for an integrated solution or do you still get the, hey, we just need a video system? We don't want it to work with our access control or we don't need system integration. How's that, how's the demand? You know, the conversation often starts that way, Andrew, you know, we might be called in for a video system or an intrusion system. One of the four different, you know, technologies that we typically integrate and, you know, as the discussion evolves with the customer is it often evolves into system integration because it just makes sense. There's no sense in trying to operate disparate systems that are doing up very similar, if not overlapping jobs. So for us, we just, we show the value of system integration and how, you know, a camera can, you know, pretty much dictate what happens with an intrusion detection system or an access control system and access control and intrusion can dictate what happened with the camera system. So we always, we have a philosophy that, you know, we rule by exception. We design our systems to manage by exception. And essentially deliver exceptions to the people that need it when they need it. So yeah, that's, it's a really important point. You know, you walk into many places where it seems like a system's been delivered and the operating screen has got 5,000 alarms in it that are not really alarms. They're not really exceptions. They're just normal events that no one even turned off. And so you get this operator fatigue. I think it's critical that we have these event driven capabilities in our systems today that can be filtered down to what's important to the operations of the business. And I mean, I'm just going to say half the time we get called in, no one's configured it properly. That's that I would say that's not just in your neck of the word. Things be, you know, that companies will buy into a certain technology and they'll run it and operate it. And perhaps they're not doing it in the most efficient manner. And, you know, before you know it, they've got logs that are enormous in size because of all the false positives they're actually generating. So, so yeah, that's one of the keys is in our success is to squash those false positives, just rule by exception and deliver those, you know, without fail. That's awesome. And you know, go ahead. Videos, I was going to say video, you know, the evolution of video, particularly in the last five years is a lot to do with our success as well. Because, you know, I mean, analytics are actually becoming functional, usable and mercantile, where we can actually rely on them to do a job. And we have deployments where the video signal is used as an intrusion detection device. Awesome. And in pretty harsh environments, you know, and it works pretty darn well. Yeah. And your, your operating environment is your southern California. So you don't have, I guess, or maybe you do have huge variabilities in in temperature, like if you're using thermal in a large, you know, desert area or something like that. What is the range? Um, because I mean, I don't know, LA is huge to my brain. California is huge to my brain. What, what's your sort of operating area there that you cover? Is it desert, mountains, cities, you know, farms? What's going on in your neighborhood? You know, pretty much all of the above where we're located in Ventura County, you know, just north of us is a very large farming community. And of course, just south of us is where we're at in culture. Just south of us is metropolis LA, right? And then all the way down to the, you know, Mexican border and, you know, out to the desert on the east and, you know, to the west, we have military bases, you know, at the coast. So, so we have a, there's a variety of, of climates. There's a variety of requirements. There's a definitely a variety of need and it runs the gamut, sure. It seems like, um, interestingly, you know, you talked about a lot of the critical infrastructures that we all like to work for. You know, they seem to be well funded for, I would call it advanced security type solutions. Um, how is the agricultural community? Do you guys get to dip your, your toe in the egg out there? Cause that's, that's basically what feeds our country. I think are all the farmlands that start out there. You know, not, not a lot. Um, we kind of looked at that, you know, and, and there happens to be, you know, as a part of the agricultural community near us, a lot of wine grapes, which is, you know, kind of interesting to me. Sure. So, uh, you know, so we were trying to find an angle, uh, a while back, uh, on food safety and, uh, now that's actually getting some traction. Yeah. And, uh, I think the former administration actually had put it in place, some, some, some measures for food safety that we thought would, uh, you know, kind of open up a market for us. But, uh, in terms of agriculture right now, I think the thing just gaining the most traction is probably, uh, video and, uh, other signals via drone and, uh, and livestock. So, you know, measuring, uh, measuring the temperature of livestock for, for health and things like that. That's interesting. But we, we've never done any of that today. Yeah, yeah, that's interesting though. Is, um, and so you've got, uh, uh, health care down there. You've got a financial sector, obviously in LA, you've kind of got all of the businesses. Um, is there a big tech sector down there as well? Like you've got up in Northern California that you guys work with? There is actually, uh, Ventura County is a large tech sector. In fact, Ventura County is, is a big tech sector, uh, North of here in, uh, San Luis Obispo County and Santa Barbara County. There, there are a lot of defense contracts because of the proximity to some of the major bases in California. So, uh, you know, Vandenberg Air Force Base, Point Magoon, Naval, uh, uh, Naval Station, a Los Angeles Air Force Base, Pendleton, Dalton, Father South, so there, there's, there's, there's a, there's a large military influence here. And, uh, because of that, they're also, and because of the tech sector, there's a lot of, uh, defense contractors in our next one. Yeah. That's, that's one of the dear ones near and dear to me with the, uh, you know, the defense industrial base. You know, I work on that with Infragar quite a bit is, um, are those clients moving? I mean, we're, you know, I know we're going to get to this cyber discussion a little bit, but are you seeing a lot of activity in those sectors for, for upgrades or using, you know, we have the OSDP now and secure channel out to the card reader and a lot of technologies that we didn't have. Um, we're sort of seeing DOD lead with those requirements here. Is that a similar situation in California? We find ourselves more frequently educating our customers, OSDP, for example, and secure channel. Um, you know, I would say that, uh, most of the deployments up until, I would say very recently from our competitors, uh, and, and it was, we've seen to see out in the field a lot is still, you know, weak in communication and pretty, pretty low being in fruit with the card technology. So, so, you know, aside from, you know, the OSDP, we, we always profess, you know, uh, much higher, greater security on the, on the card technology, even if it's for a commercial plan. Yeah, I think that this year and next year, we're going to start to see this proliferation of, of that requirement for secure channel. It's, um, obviously, as you know, it's expensive to forklift access control. And I know our customers like to get that 20 year, you know, life out of it. But, um, I, I feel like there's going to be a lot of, uh, forklifting, which has not happened, you know, in our industry in the past decades, in the way that I think it's going to have to happen now. Yeah. Yeah, I agree with you, uh, 100%. I think there's this compliance factor that's coming down from above, you know, and, and I think it's going to start making a very large impact on some specific verticals here in the next, I would say 24 months to where we're going to start seeing, you know, these customers coming to us saying, Hey, you know, we need to consider this technology and what can you do for us here? And yeah, I, I, I believe that, uh, it'll be commonplace for OSDP pretty soon, but you know, weekends have been around for what, 40, 42 years? Yeah. I mean, it's, uh, everybody got their money's worth. Yeah, no doubt. Yeah. Okay. Well, let's, um, we'll, we'll take a short break about a one minute. We'll jump out and pay some bills and we'll be right back with Gary Hoffner. Hi, I'm Rusty Kamori, host of Beyond the Lines on Think Tech Hawaii. My show is based on my book, also titled Beyond the Lines, and it's about creating a superior culture of excellence, leadership, and finding greatness. I interview guests who are successful in business, sports, and life, which is sure to inspire you in finding your greatness. Join me every Monday as we go beyond the lines at 11 a.m. Aloha. Aloha, I'm Yukari Kunisue, the host of Konnichiwa Hawaii, Japanese talk show on Think Tech Hawaii. Konnichiwa Hawaii is all Japanese broadcast show and is streamed live on Think Tech at 2 p.m. Every other Monday. Thank you so much for watching our show. We look forward to seeing you then. I'm Yukari Kunisue. Mahalo. Hey, welcome back to Security Matters Hawaii. We're talking with Gary Hoffner of PSLA out in California. We were talking about the sort of the lay of the land from the voice of the integrator. Gary, you hosted a couple of sessions recently in Denver that I wasn't able to attend on a piece of technology that's growing near and dear, I think, to our industry's hearts and I know to yours in mind and that's cyber security. I think you had a session entitled cyber risk is business risk or something like that. And I didn't get to make it in there. Why don't you talk to us about how that how that session came about in your concept and who helped out on the panel? Maybe what got shared with that room? I think that's a I heard that was a really good session. Yeah, great. Thanks, Andrew. You know, it was, you know, it was, it was delivering information that that really I don't think most companies consider a lot of people know now today what cyber is, if they don't, they should. Cyber security is becoming very. Holific in the news. You know, you can't really go through it a week without hearing about somebody that's been hacked and in all reality, you know, one in four of us will be as as businesses and 60 percent of all cyber attacks come through the supply chain. So companies like yours, you know, I mean, so, so if we are kind of well, we're right in between the attackers and our customers. So, so three records, we really should know, at least be aware of what's going on around. Sure. So what a lot of companies don't think about are more of the obscure risks, you know, involved with cyber. There's the obvious risk, you know, operational and financial risk. Okay. We all know what costs money to get hacked. That's all the risk to it. The operational side, we all know that it can, you know, really render, you know, networks useless, could really just eliminate your data, eliminate your recovery process. It can even it even makes machines just useless where you have to forklift those in order to get your network back up and running. So, you know, just for security's sake, so you don't rein, you know, reintroduce something into your network that you didn't know was hiding. So there's the operational risks that's always there. But you don't think about the other operational risks that, that, that, that many of these companies experience, you know, and, and that was a, that was a pretty spirited discussion about, you know, I'll tell, I'll take Hawaii, for example, because, you know, you guys are genuinely warm there, temperature wise, genuinely human there, temperature wise. And I bet there aren't a whole lot of office buildings there that don't have air conditioning. And I'm sure you agree. So, so let's just say for sake of the conversation that, you know, you had a 600 person office and the air conditioning went out for three days. Yeah. You know, would that be, would that be a place people would, would, could work or would want to work? Probably not. Yeah, I think they don't come in on day two for sure. Yeah, exactly. So, so what if the lighting didn't work? You know, what if work didn't lock or unlock? All these things, you know, generally controlled by network these days. And when you think about the safety related issues and the comfort related issues of working and you take them away, do you really have a bona fide place to work? I don't think you do. And if your network is down, then how effective are you going to be remotely with remote workers? You know, so, so there's a big operational cost involved with, with being hacked there, you know, other than aside from just the regular equipment damage thing. And then, you know, then we talked about also the legal and reputational risks. I mean, these are, these are tremendous, tremendous exposure points in terms of, in terms of cyber breaches, reputational in particular, you know, reputational, you know, you pick any really high profile company and it really depends on how they respond, what they say, when they respond to a hack. I mean, if you're, if you're responding, and I'm not going to, I'm not going to cite the examples because there's plenty of them out there. But if you're a large company and you're responding two months after the attack took place and data was lost, then, you know, the public's perception of you and your company is pretty low in terms of, OK, why are you telling me now? And why couldn't you tell me before? So what's missing that you weren't prepared for? Or if you need your data breach, I know there was a, there was a, there was a big city on the, on the East Coast, I believe it was last June that had a ransomware attack. They had land. And this, yeah, exactly. And they were down for, I think, three or four days. And it was like they couldn't, they couldn't pay their, all the government services were shut down. I mean, so what do you think the perception of, you know, the constituents, the city, the people living in the city, what was, what was their perception of their, of their city, city leadership and their preparedness? Yeah. So all that stuff takes a toll. Now, not so much with the city because, you know what, I mean, there might be a couple that may or may not get reelected. There may be some city officials that might be looked at pretty hard. But, you know, people want to live there, they're going to live there. But if you're a commercial establishment or retail outlet, then certainly people have choices as to where they spend their money. And, you know, the heart of their reputational damage, or the greater the reputational damage, I should say, is the greater propensity for people not sharing their money with you. So, particularly if their data was lost. And, and, and you, you failed to notice, notice them in a while. So, yeah, that issue of rebuilding trust or, or going from trusted to untrusted is, I don't think, considered well. And, was there any discussion of the, sort of the valuation of that? I know, like, a Marriott lost about a billion dollars of market cap on that recent breach that they had. Was there discussion, I think you had some lawyers or some from the Attorney General's office in there on your panel, was there a discussion of the cost of, of reputational trust, you know, recovering it? Or, is it years again? Or, you know, you can't buy it. That's a great question. I wish we wouldn't look to that. I mean, we, I think we had such a, you know, you only had an hour. And to be honest with you, it was such an invigorating discussion that we couldn't squeeze all the topics in that you would want to talk about. That would have been a great one, just to, just to set an index as to what the stuff really cost on the reputational side. We did talk about, we did have, we had Hannah Hofflinger, who is with insured trust and she is a legal advocate and, and a policy writer for the organization. We had Wayne Dean, who is a well known in our industry and other industries for his insurance work for cyber. We had Sal Diagostino, who is like the cyber guy. He's a really solid cyber guy, well known and a lot of different creative processes and pieces of equipment under his belt that he runs. And we had Paul Jacobson from Silver Jacobson. They're a crisis management PR firm out of DC and Denver. And I think that probably, I think there's a lot of interest in the crowd because they never heard from the public relations side about, you know, kind of do some don'ts of what you didn't do, you know, after a hack. So, but the quantify a hack, we didn't really quantify the hack, but we did, we did, I think quantify that roughly 15% of all companies that are hacked go out of business. So that was impressive. That was, that was a big number. I think that was a cumulative effect of, you know, all the risks that they take in terms of, you know, the legal, operational and reputational risk. So, so it's a big risk. Did, was there discussion in the room about sort of like planning to recover? Did the audience or did anyone, you know, open up about their sort of, you know, time to get back to 100%? Have any, you know, did I discuss about those plans? I hear a lot of people buying, you know, bright shiny tools to stop this and stop that, but I don't hear a lot of talk about an understanding of what, how do you get back from fully breached to fully operational? And how long is that going to take? Yeah, well, we, we, we illustrated that there wasn't a lot of, there wasn't a lot of panel discussion about it. And there, there wasn't a lot of rebuttal or discussion from the, from the audience. But what we did do when we started the session, we started out by kind of polling everybody in attendance there to find out who had a fully vetted, fully baked, you know, cybersecurity program within their company. I mean, full governance, you know, from, from the CEO down through the CISO, down to the lower management, an awareness program, a detection program, a remediation program, a recovery program, and only one person in the room actually raised their hand. Wow. Does he know them? Yeah. So, so this gives you a sense of how it'll prepare, you know, most I'm sorry, I, I, I, I was an audience, I would not be with my hand either. Wow. I'll try. So because it is a lot, there's a, there's a tremendous amount involved in getting prepared for a cyber attack and to be, you know, and in your, your question for recovery, which is obviously one of the most important factors, you know, which, which really, if you're not prepared for being attacked, you're genuinely not prepared for recovery. We had, we had a customer that had a pretty, pretty sizable attack and not pretty, pretty recent history. And, you know, I can tell you that they are still filling the effects. And it's, it's been, I don't know, we'll call it five weeks. Wow. So there's still not 100%. That's devastating. Well, we've got a couple minutes left. Gary, you want to give our audience your last prep, the words of advice? What, what can you share with them from your sage chair there and that they can take home? Well, you know what, I would say that if, if you're watching this because you're a system integrator or in our particular industry, then strongly consider your next two years and see how cybersecurity fits into that for one, your own organization to for the systems you deploy on your customers networks and for three, if we're actually offering it to your customers, a combined package of physical and cybersecurity is, is something that, you know, we feel is going to be almost commonplace in the, in a not too distant future. If you're watching this from the perspective of a business owner or just an interested party, I would say that the more you can learn about cybersecurity preparedness, the more you can learn about creating your own cybersecurity program within, within your company, that, that, if that's the better, because as I said earlier, you know, 25% of us in four of us will be hacked. And, you know, we don't know if it's gonna be a hack, you know, cost you 20 grand or ransomware or it's gonna cost you, you know, 20 million in, in, in legal fees and loss business. So, so it is generally a big problem and the problem is much, much bigger growing faster and much more well funded than the solution is today. That is some sage advice. Gary, thanks so much for joining us today out there. Get your cyber act together. We've been preaching this for a while. Okay, Gary, thanks for backing us up on that. Aloha everybody. Be safe out there because security matters. Thank you. Thank you.