 Hello, everybody, and welcome back to the Think Tech Hawaii studios. Andrew Lanning, the security guy here for another exciting episode of Security Matters Hawaii. And today, you know, we're fresh off of GSX InfraGuard, got one of the industry heavy weights in the house and a couple of heavy weight players. John Boer is with me. Charles Duncan is here, live in the studio, gentlemen. Thank you so much. Appreciate it. Taking the time to come out here. Thank you, Andrew. You're not surfing, right? I know I drug you off the beach. No, I wish. I'm sure you are. Thank you for that. Yeah. If you are an audience, if they don't know you, maybe give them a little bit of your histories. John, you can go first. Just whatever you want to share. You know, you never know who's watching, so be careful. Okay. Sounds good. So I'm John Boer. I'm a regional director for Linnell. I cover Arizona, Nevada, and Hawaii. And I've been with Linnell for about 12 years. I've been in the industry for just a little over 30 years. I started in 1987. So I don't want to make myself look old, but I'm getting old. It's a great industry. I love the technology and I love the fact that it is constantly evolving, constantly improving and constantly making people property and assets more safe and secure every day. Charles. Well, good. Thanks, John. Thanks, John. Thanks for having me. No worries, brother. Welcome. Welcome to the studio. My role is director of strategic accounts. And what that really means is that, like John, I've been doing this for 30 plus years. I've seen a lot of big, big customers out there that look for assistance. They look to push the envelope and they look for people to help them to accomplish kind of what's new in security and how do we do that with the parts of pieces we have today. So that's really what I do. I work with what I now call some of the titanium customers, some of the biggest fortune 50 on the planet that are moving super, super fast. So I think, you know, for me as I attend these kinds of shows and things, what I really try to figure out is what they try to figure out is how do we do more with what we have? How do we make dumb devices smart? And then when we do leverage and invest that dollar, how do we move to use the right equipment and to move it forward? So always a big balancing act. A lot of these guys have hundreds of millions of dollars worth of security. So we can't just rip it all out, but we got to make it better, safer, faster and easier to use, especially with something like this that everybody has. Sure. Thank you. I'm excited to be here. I saw Bill Gates gave away $35 billion last year, and he still made money. So there's some resources out there for people with resources. Anyway, I love your point on technology, and John, you seem to develop. I've seen develop. I think between us, we might be at about 100 years of technology in this industry. So I'm not the youngest guy in the house for sure. Let's talk about that a little bit. I think on the forefront, you pulled up your phone. Let's talk about credentialing and the way we've moved. We've seen the historical 125k Hertz is hacked, broken, can't use it if you do your fool. Yet, I think 80-some percent of the legacy market is still using that credential. Correct, yeah. But we've got a lot more to offer today. John, what are you seeing for adoption in the marketplace today for the other types of technology you can use to get in and out of the door? Yeah, so there's really two tracks. There's the traditional credential, plastic credential, but a secure credential. A lot of the conversation we're having with our legacy or long-time customers is getting that upgraded to a secure credential. We all also have the ability now to encrypt that signal from the credential, the reader, to the reader controller, all the way back to the database, and now to the point where we can encrypt the data at rest in the controllers. So the cybersecurity aspect of it has really had an impact on our industry where three, four, five years ago, that wasn't even a consideration. The second track is really the mobile credential, and that is, you know, is there an app for it, right? Everything in technology has to have an app. You know, some states are testing driver's license as a mobile credential. And so we've implemented a very proven technology in our Blue Diamond mobile credentials. It's our own intellectual property. It's developed and has been around for about a dozen years through a couple of our other business units, and we rolled it out about three years ago. And as it has matured, and we've done a lot of voice-of-the-customer feedback on how do you use it, how would you use it, or what's the easiest way for you to use it. And it, you know, is evolved into now where you do not have to interact with your phone. You just have the credential running in the background, and you can walk up to a door and just like on Star Trek, click, and the door opens, and you walk in. There are other applications where they do require interaction with the phone, but choices, right? I mean, we give people the choice to use it the way that it best works for their application. Yeah, and in the enterprise, I mean, so here's guys with tens of thousands, hundred thousand dollars, I'm not sure how big, I know you scale globally. So, you know, that consideration for, to get this open supervised device protocol implemented, which is our end-in encryption from the reader back into the hardware, which we didn't have a few years ago, enterprise has got to look to change that hardware out, which is a big lift, right? Expensive. I know that they're engaged in getting that done globally, I mean, especially the financial sector, the regulated industries. What do you see now to your big eyes? What's their appetite for making access control really secure? So that's a good question, and I think as John was talking about the mobile credential, the world that I live in is much higher up, as you say. If you think about the CEOs today, their most important is safety for their employees, most important, but really dovetailing with that is productivity. So as people now work home, abroad, anywhere throughout the world, it's really having a mobile lifestyle and having a way to, you know, access what I need to do, whether it's the desktop, the phone, and have everything kind of vectoring to where I am. So what's interesting is John was talking about mobile credentials. I know a lot of people have some knowledge of our industry, but if we zoom it all the way up, we came here from the mainland, we got on an airplane, we used a mobile credential, we looked at Avis, they told us what lot to go to. So, you know, everybody talks about millennials and what they're doing, but I think we're all millennials when we look at the ease of use. We start looking at the phone, and so what we're starting to see is the mobile credential kind of fits into the ecosystem. So let's do the life of a CEO. So this gentleman is inviting somebody to his firm, somebody from the outside, maybe a CTO or something. Well, somebody has to go in and schedule a visit. There's a visitor management solution that we can take care of employees and contractors, but we need to know visitors are on site, should something happen, so we want to control that. So this visitor is going to get a mobile credential sent to him. He looks on his email, he says, hey, you're coming to Andrew's show at ten o'clock today, by the way, download this credential, you'll get in the parking structure and you'll get in the front door. We'll also know that you've arrived. So one way of that ecosystem is that CTO shows up, he has a credential on his phone, he walks up, he reads the credential, it notifies the CEO that he's there or the assistant, and that's one part of the equation. So now we all approach, we do the introductions and we want to walk through the turnstiles. As John said, we can structure it now where the phone is a badge, it's a very secure credential, but he can just go and walk through the turnstiles and we're not worried about having a badge on his property or using a badge to get in and not only can we manage that visitor, but now we can start to manage the people that use that whole facility, right? Sure. So that goes from visitor management to the employees. Now, here's the other part of that. So I'm an employee, I work in a building similar to this. It may be a floor that my company owns, but the building management owns the company, right? So once again, if we think about what this could do, we can have a wallet that has multiple credentials securely in that wallet. And so now I'm once again, going back to my phone, which I look at every 10 to 15 seconds a day, but I can use that to get into the parking structure. I can use that through this credential to open that parking structure. So what we're really talking about now is the frictionless, millennial way of just making it easy to move around. And the next step is now we're starting to deal with the we works of the world. A lot of these companies are saying, we have such a mobile workforce that we want to employ we works. What is we works? One moment it could be Amazon, one moment it could be General Motors, one moment it could be FedEx, one moment it could be Microsoft. That reader has to understand all of this. So we're starting to look at, as we've talked before, developing some corporate or industry standards so that that reader can read multiple credentials and multiple technologies from different companies. So yeah, we're looking at ease of use and really trying to take it to the next step. But I think the common equation is going to be the problem. I saw the PLA demo last year where we passed a biometric credential and a car credential across your from a NEL platform into a competitor platform into another platform. And you know, from a different type of biometric reader onto a different type of biometric and that all went via active directory integration. Very nice stuff, very spelt, which is the enterprise is looking for that out of a mobile workforce. Really cool stuff. We've got an amazing opportunity to watch the industry change, right? Because I know we all came from hardware integration into now the software base world is going to fix everything. We had a cyber hiccup there. We really didn't get in front of cyber. I think access controls come around and corrected a lot of that. We do have legacy out there that's got to be fixed. And those guys will have to come forward with some spend. There's no real way around that, you know what I mean? What do you think is next on that horizon for credential? Because people sure don't like to be interfered with. We've all done a brand new implementation and no one wants to carry their card. No one's going to be tracked and all those privacy concerns. We didn't get in front of cyber and I haven't seen this out in front of privacy. You know, I know they banned some facial recognition in some areas for our industry. What do you think the argument is going to be for privacy as we go forward and the we work guy can run around with my NEL credential over the world and everybody knows me and can track me and let me in where I'm supposed to go. What do you think the questions are going to come? You know, what's going to happen? I think one of the key elements in the successful implementation of this kind of technology is how do you manage that information? So I'm managing thousands of card holders across thousands or tens of thousands of doors. And the traditional way it's always been done is if I need access to a different door, let's say I'm working on a project in a different department or I'm changing from first shift to second shift as an employee, I would send an email to my boss. Hopefully my boss would send it to the security people. Hopefully the security people would make the change in time for when I have to show up at three o'clock. Hopefully you can actually work. And my card won't set the door. So what that workflow does is it creates ad hoc workflow. Little bottleneck there. And basically everything gets funneled to the security department to make those changes. Which they don't have time because they're responding to security events. They need more people. So some of the things that we've been working on as a software company to really improve the user experience are workflow tools. So for example, we introduced a new version of a product called Access Manager. It used to be called Air Access Manager. It's an app now. It's an app now. And with Access Manager I can say Andrew as the person in charge of Hawaii, I'm going to give you access to all of the people, all of the doors, all of the access levels in Hawaii. You can move those around however you want to. You don't have to call security. You don't have to bog our team down to make these daily door-to-door changes. However we're not going to let you create new doors, create new card holders, create new time zones or access levels. We're going to give you a tool that's going to allow you to very effectively work within the system you have. Now we have a companion or sister program to that called Card Holders Self Service. This is where as an employee I can log on to the URL on my corporate internet site and I can look up my name and it'll tell me all the doors that I have access to and I can make my request right through this Card Holders Self Service portal. I also can change my own PIN if I'm doing two-factor authentication with the card and the PIN. Very nice. I can manage my own PIN codes. I don't have to send it to security and say, hey, can you, I know, my PIN was compromised, I need a new one. Yeah, yeah. So that's a lot of the focus that we have right now in terms of really developing an enterprise platform, a system that can work efficiently, doesn't require you to hire more people to manage it, it pushes authority down to the people that should have the authority to make those decisions and overall provides a much better user experience. It's awesome. We're talking about making life easier in access control here and Linnell's really sort of leading the industry with a lot of these developments. If you've ever been frustrated standing at a reader because you can't get in and thought the reader was broke but the problem was you and your access level, you know what I'm talking about. We're gonna take a break. We're gonna pay some bills and we'll be right back with John Bohr and Charles Duncan. See you in a minute. Thanks to our ThinkTech underwriters and grand tours, the Atherton Family Foundation, Carol Mun Lee and the Friends of ThinkTech, the Center for Microbial Oceanography Research and Education, Collateral Analytics, the Cook Foundation, Dwayne Kurisu, the Hawaii Community Foundation, the Hawaii Council of Associations of Abarbon Owners, Hawaii Energy, the Hawaii Energy Policy Forum, Hawaiian Electric Company, Integrated Security Technologies, Galen Ho of BAE Systems, Kamehameha Schools, MW Group, the Shidler Family Foundation, the Sydney Stern Memorial Trust, Olo Foundation, Yuriko J. Sugimura. Thanks so much to you all. Hey, welcome back to Security Matters Hawaii. We've got in the studio lab with Charles Duncan and John Bohr from Manel S2. We've been drilling into credentials, been drilling into usage, we've been drilling into security. We talked a little bit about the sort of the spectrum of what's happening out there in the industry. We talked about what the enterprise is swallowing, what they're not swallowing, what they want us to do next. Cyber security sort of beat us up. How long do you think it's gonna take for industry to redeploy these millions of dollars of hardened solutions? I know the DOD's moving quickly, I work a lot in that space. What about the other, where do you see this appetite in the other maybe regulated industries or in your market space? Yeah, and if I could address that. So again, let's zoom back up. So, Bob Hyre, to properly address that, it's such a broad perspective, right? Yeah. What I see is I see kind of the three levels of what I would call maturation of a company and security. And I'm kind of seeing that in the industry as well. To understand what I'm saying is the first level is you commonize everything. You get one standard, you in essence put a boundary around your assets and when the CEO says, are we secure today? You can say, out of 186 doors, four of them are down, we have a service call, we've got three cameras down, the rest of it, like a military briefing, we're up and we're good, sir. 100% gotcha. So that's first. Second is, then you have to figure out how do I use this system as a productivity tool? So as we're talking about, maybe this phone does other things, maybe I can go to the cafeteria, maybe I can access other sites. Maybe when I'm working from home, there's some sort of I'm on the VPN, so it's compared to see if I'm logging in some other IT security things. That's level two, and then what I call level three is really where individuals start thinking outside the box. It's innovation, it's what can we do? It was what I used, let's empower the CEO to meet people with high technology, sending that credential through the visitor management, using a high security credential to access doors and different things. So that's that level three, and that's where I think it takes kind of level one and level two to get there. And the reason I bring that up is as I see companies go through this maturation, kind of this three cycle, this is I think where the industry is. We've commonized a lot of things. We now have very large companies. I mean, some of, we talked, I have a customer that has over 100,000 portals. Wow. So that's entry points. Wow. And if they didn't have a standard, there's no way construction-wise they could manage it. They're growing phenomenally. So we've met kind of one and two, but three is, okay, so now what do we do different with that portal? What if we do something like this? What if we use a credential and it's a high-secure credential? Our mobile credential is a rolling key with 128 encryption. So every time you use it, it changes. So it says, Andrew, I'm talking to you on 1171716. Next time I talk to you, it'll be on 1121215. So very secure. So we know the credential is secure. That's to avoid the replay attack for you out there that are paying attention. Right. But now when I go through the door, it's also looking at, okay, so if I'm accessing the door, because a lot of companies are gonna go through transition, there's gonna be cards, there's gonna be other credentials, high-security, low-security. Sure. And I'm using my credential to go through that door and I do some soft facial recognition. If it's a high-security area, I know that's Andrew. If it's not, I'm gonna ask Andrew, what's his mother's maiden name? I'm gonna make you go through, you know, extended- Ask for additional biometrics or something else, sure. And a lot of people look at it and they say, okay, you brought up the fact that, you know, facial recognition. Okay, what if I could figure out a way to capture your face, your gait, and some personal biometrics and store it in a 56K, like a one-paragraph email, with no discernible information of somebody who were to extract that, use that as soft confirmation to you. That template, sure. Which we know, these are templates. I think the public doesn't know that, but we do. And so I think as we start going through portals and doing things, we can start to address some of the cyber by hardening the devices and then using devices in a benign way to do checks. So I walk through, another phone is detected, another Bluetooth is detected, and it's not something that's recognized. Maybe somebody just walked in the door behind me. Sure. So there's a lot of things I think we're starting to get through on a benign way. And by hardening the edges and doing things, I think it's starting to make sense to begin to spend the money to what I call taking care of the people, making it more productive. And then through doing that, then you start upgrading boards and different things. As you can imagine, this company with 100,000 portals, one board could control 32 portals. So those boards are a couple thousand dollars. So why am I replacing this? Because I'm also hardening the edge. So that's one way of getting there, but I think we've just begun. As you and I have talked, I think the industry really needs to sit down, raise their hand, take responsibility, and say, we have a problem. Yeah, talk privacy. We need to get standing. So John, you've talked with a lot of the dealers out there in the industry in the Western region, I believe. What's their appetite for what Charles is talking about? Are they getting out there? Is everybody so busy hanging wire and hardware? Oh my God, they can't think about this? Or what's your feeling about the maturation of our dealers, our dealer network out there? Yeah, that's a great question. And I see the whole spectrum. So we work with integrators that have complete IT department. So they do network design, they do the build out, structured wiring, end to end. So in those instances, we're working very closely with the IT folks, with the security folks. That's the ideal situation. I think so. Because then you're getting ahead of it at the beginning, right? You're getting ahead of it at the beginning. But we do have other, what I will call more of an old school where they're a security integrator. And they are now investing in people and resources that have the skill sets to talk to the IT people, to understand the requirements on the IT side of things. And so we're all getting there. It's obviously, we like everybody to get there at the same pace, but that's not realistic. I think part of the challenge for our industry is finding good people. And to me, I see it whether I'm in Minneapolis, Phoenix, or Honolulu. If I could find five good people, I'd hire them on the spot. So I actually have an integrator in Las Vegas who created an apprentice program. They do IT, they do AV, and they do access and video. And they bring a tech in, or a young kid out of school. Doesn't necessarily have to have a degree in anything, but he has the aptitude and the desire to learn. And they have their own certification program to allow these people to test up into a higher pay grade, test up into a better role rather than start off pulling wire. A couple years later, they're a system programmer. A couple years later, they're a project manager, right? So those models work well. But ultimately, we try to get the message out there to our integrators that it is vitally important if you've got customers on older versions of the Lonell-Ongard platform, that they really need to get them upgraded to the current versions. Because we fundamentally change, rewrote the Ongard application into a more modern programming language. It is, from a user experience, user interface, it's much more modernized. It's much more like a Windows 10 iOS type of view than the old school kind of Windows XP kind of work, right? And a lot of our customers are kind of on the mindset, hey, if it's not broke, don't fix it. But they don't realize the benefits they're getting by doing the upgrade, which with a software support plan doesn't even cost them anything for the software. So that's a lot of what we're seeing and the focus right now that Charles and I have, Charles is not as much, because he's working with customers that tend to keep their systems on a version of a version. They're pulling the rest of the industry with them. But I'm working with school districts that are running Ongard 6.4 or some older version. And we go in and talk to them about the benefits and what they gain by upgrading both in cybersecurity, usability, scalability, web clients and mobile clients and those kinds of things that weren't available on those older versions of Ongard. So there's a lot of moving parts to it. And it's, in my opinion, a lot of it is us going out and evangelizing to the integrators. These are the things where we really need to focus for customer retention, customer satisfaction, as well as the ability to allow them to get into some of these new capabilities that aren't backwards compatible with the older software version. That's true. And so we're fortunate enough to have another out here every quarter of the last 20 years in Air's Akron Cobb not seeing any other vendors doing that for this community in Hawaii. And we're literally on an island. So we do need that sort of support. So I want to thank you for that. We've got about two minutes left. If you guys want to throw in a final comment, piece of advice for the marketplace out there. A challenge, whatever you feel like. I mean, with my closing comments, we talk a lot about technology. This is all money. We know that you have budgets. It's hard to get money. A lot of people see security as a cost, not no profit centers. What I say to people is, take the time to at least stop. We like to do what we've been doing. We like to do it over and over and over again, but it's good to stop and ask the question. I'm coming along to maybe maintenance levels where I have to replace things. If I'm doing something new, if I'm growing, if I'm spending dollars, just ask yourself the question, am I investing this dollar properly? Five to eight years ago, you probably did, but it's as easy as a phone call and it's as easy as having somebody come in, sit down and say, I have this card. People call it credentials. Is it secure? Is it not secure? What could I do to add to my system? So when you're investing that dollar, make sure that you're investing it in the future. And getting a couple of dams back maybe or something. It's not just a hardware spin. John, your thoughts? Well, I would agree with 100% of everything Charles said. Additionally, I think that the security industry, working with security professionals, has not been as aggressive in driving technology. As we could be or we should be. And if you compare our industry with other IP video, IP intercom, servers, everything is in VM now. We need to actively go out and promote that. And when you go to a customer and you say, hey, we really recommend you upgrade it. And they say, well, I got to spend the money on this stuff. I've had it in here for 15 years. It works great. And I look at it and I say, what other technology do you have in this building that's 15 years old? And so when you put it in the context of, yeah, it works. It ain't broke. Don't fix it. But put it in the context of, what are you missing out on? What capabilities are you missing out on? And things that can make your life easier, more secure, easier for your employees, and contractors, vendors, everybody that's associated with needing to get in and out of the building. Awesome. Use access control to fix your ecosystem, to make it safer, protect people, to protect assets, figure out how to make it better for you. Hello, everybody. Thanks for joining us today. We'll see you soon. Take care.