 This is Think Tech Hawaii, Community Matters here. Hey Aloha and welcome to the Think Tech Hawaii studios for another episode of Security Matters Hawaii. Today we've got a live guest, not a remote guest, which is really good, Brandon Lester's joining me. He's the Vice President of Technology for... SRC Technologies. SRC Technologies, thank you. And I met Brandon at AFSEA, so we're going to talk about sort of some of the local groups and some of the things they're doing with technology. He's showed up in Hawaii and engaged a lot of his community. And we'll get into some of that. And I'm interested myself in some of the sort of workforce development aspects of this that he sees, you know, from the experience he's had around the mainland and compared to what we got going on in Hawaii. So Brandon, welcome. Thanks for coming in, man. Thanks for having me, Andrew. Good to see you. Right on. So give our audience a little bit, much as you care to share about your background, if you can, and kind of get us up to bring us up to the current days. Sure. Yeah. I have a background in mechanical engineering, actually. Oh, right on. Came out of University of Maryland, lived in Maryland pretty much my whole life. My wife and I met there and then we ended up living in Germany for a few years. Came back to Maryland and ended up jumping over to the IT sector about 10 years ago. So I've spent the better part of the past 10 years doing a lot of cis-admin work, information technology, you know, information assurance, that whole world of things. Wow. I've been doing SRC technologies about six years ago and have really, really enjoyed my time working with small businesses and opportunities to always learn new technology, which is kind of, you know, where the whole world is nowadays. Yeah, it's nothing. That's why you picked up some search along the way. So did you do the PMP as a ME or did you do that later on in IT? I did it in IT, actually. Okay. So I've always had an interest in the program side of the world to understand how the way to get projects done, you know, the whole... I'm just starting them. So I understand we need people that can finish, trust me. Sure. Yeah, I think there's a lot to be said for understanding the technology and the program and being able to bring it together. It's not often where you can kind of live in both sides of the house. So that's really where I pride taking time and effort is learning how to do that kind of work. That's awesome. And you also had a CISSP. So which came first? CISSP came first. Okay. A lot of times, you know, you get onto a new opportunity and the contract says, hey, go out and check out this cert. So I started... Cool. I started as a mechanical engineer, jumped into IT to see what it was like. Okay. Wow. Spent some time, got Windows certs first. Started that job, found out, had nothing to do with Windows. Looked into what the next thing was, learned how to do CIS admin on whatever systems were out there, a lot of time on Red Hat systems. Oh, okay. So went out and got a Red Hat cert. A couple years later decided time to take another level. I think the government regulations said you had to go get Security Plus, Security Plus, and then onward and upward, CISSP. But I really do enjoy learning new technology, taking the time to go find what certification can help back that up. So since the CISSP and PNP, I've spent a lot of time in the cloud stuff. Google Cloud certs, Amazon Web Services certs. It's so different. It's a night and day technology jump. Is that right? It's really exciting. I think to see the opportunities that what used to be, take a piece of hardware, throw it in a rack, go find your disk and then Pixie Boot or whatever's going on. Nowadays, it is click, click, click and you are up and running. Wow. In the cloud. I saw you can purchase images. They're certified. It's from CSC and things like that of all types of builds. It's amazing. You can just load those images and be up and running. Absolutely. And have some security sort of baked in. I guess you've got to still configure it, but it's got some standards there. So give me a little bit of, since you've been looking at cloud, because I'm interested in that, because I know a lot of the sort of development these days is headed that direction. Are pure software developers that are writing software? Let's say, for example, for malware, the physical security industry, maybe an access control software that you're going to run on a Windows server versus some cloud-based software that you're going to run. I see terms like containers and Kubernetes and these types of things. What's the advantages? Can you give me the pros and cons of both or something? Absolutely. From a software development perspective, I think there's a lot of times where you've got people just coding on their system locally and then you're going to put that into some sort of code repository, get whatever you're using in your office. And ultimately, where things have changed is the deployment of that software. I see. So the process of coding is not a lot different, although there are many, many new tools and tricks, right? Sure. But the process of deploying that software went from, you know, let's come up with some new ideas, new releases. We'll plan a quarterly release. Oh yeah, two builds a year. Yeah, I understand. Okay, gotcha. Modern-day software companies are deploying 700 times a day. It never ceases. And it's continuous. Wow, that's awesome. And so now that's a new mantra, continuous integration, continuous delivery. Wow. And you really don't even think about the deployment at that point, which is really the goal of it. You've got code, you commit it, you get it into your system, and it's up. Yeah, it's sort of a living tool. It is, yeah. A living build that is as dynamic. I mean, so is it looking at user input even, or user UI like experience reporting and saying, this needs to be quicker? I mean, is it that dynamic? It is. It's to the point where we've got whole teams of people coding wherever they are, whatever software they're using. And Netflix is a good example of leading that charge where they're deploying many, many, many times a day. Wow. It kind of removes the need to worry about what kind of changes you're making as long as you're following the best practices of your company and your organization. You've got code up and live, whether it's in a development scenario or A-B testing where you've got some customer seeing one thing, other customer seeing another thing, and you decide how that works. Wow, interesting. So is the containerization of these things, I hear microcontainer, I hear you can bring your own container on-prem even and all this kind of stuff. Is there more portability in this design architecture? Is that why this is so advantageous, I guess, is the word? There's definitely more portability. It's also much easier to ramp up, ramp down, recover. Wow. And that's really the goal, I think, is going back about, I think, five or 10 years now, the concept of development and operations were this far apart. Okay. Someone came out with an idea, let's start bringing that together and there's a new term, right, DevOps. And that mantra is let's have both groups work together and let's build our processes so that can happen. And the DevOps world means you can deploy. The code goes into your repository. You've got automation on the back end that says create a build, release the build, put the build in production. You don't have sysadminsu in that work anymore. That is completely automated and it's a pipeline now. Wow. So that whole premise kind of got people thinking in a new way and that's where something like containers came out of because when you start up your Gmail, when you start up any SaaS kind of application, the software application that you're running on the web, usually the back end of that system is going to spin up a container just for you and you've got your own little mini micro VM there. Okay. And that is the container that says, here's Andrew's going to run all of his stuff. You're done, you blow the container away, it's gone, right? It's dead. The resources are back where they were. And that's why you've got so many really easy cloud deployments now because you can scale up and scale down very fast just by systems, whether that's an AWS, you know, elastic cloud instance, or something like a Kubernetes, it's really the orchestration of those containers. Okay. So the terms start to mingle and you don't really know. Yeah, I'll read about it, but I don't understand, I don't do it, so I don't understand where they sort of work together. Absolutely. Yeah, the container systems, one of the big ones a few years ago was Docker and that's still a big format. But Kubernetes is really the ability to just take Docker to the nth degree and automate how you're going to spin this things up and down as you need to. Wow. Yeah, so there's a group that I actually had on this show called Archulis from my industry that's all Google, Kubernetes containers, they have video access control and even some audio now integrated all in that platform. And they're doing this and it was blowing my mind how quickly they, it's like you mentioned a feature and it's there, like it goes from ideation to application instantly. And I was like, wow, this is amazing because my industry is archaic, comparatively speaking, you know, and so I don't know where these guys are going to go with their product, but I would do wish them, well, they're funded out of Canon, they're back in, so looking for big things out of them. So let's kick a little bit into the workforce. So you're a bit of a hybrid coming from the ME space into the IT space. Where do you see the greatest sort of need out there now? If you're looking at the kind of work that you're doing that you're aware of people are doing and the youth that are programming, are they, you think, are they, you know, I had COBOL and FORTRAN, right? So they're not doing that kind of garbage. Are they learning different types of code for cloud applications? Is that the future? Is it mobile? Are these the same things? Yeah, the coding languages out there don't need to be particular to a specific space anymore. You do see some differentiation when you're trying to optimize for mobile. If you're writing for something like iOS or Android, you're going to have to live in that different marketplace for very obvious reasons, right? You're trying to optimize, you're trying to figure out how to write the best product in that space. But in the cloud world, it's still pretty wide open. You've got a lot of folks that either live in Java, JavaScript space, or shifting over depending on your application. A lot of machine learning and artificial intelligence work is done in either Python because it's got so many libraries to go with it, or, you know, that's the data science half where people are writing code in TensorFlow or people actually doing machine learning in some of these other open source products that people like Google or Facebook or whomever are putting out. I see. And is this, is that where the sort of the, in a university system like in the UH system or in Maryland where you went, was this, I guess you went for ME, but are they teaching that stuff or is it still, you got to learn to hold back in to understand where it fits and then TensorFlow, for example, becomes a bit of your specialty or your language of choice or whatever it may be. I think it's a little bit of everything. I think you're going to have classes that specialize in, you know, let's learn Java 101. But if you want to get into the meat and potatoes of a specific instance or application where you want to learn how to use specific tools, you're going to probably spend time on a project doing something like that. So depending on how the school structures, the class, obviously you're going to do some coding while you're there, probably have an end of the year project. So there are always options to go out and say, I want to learn this component or this library even. You know, a language like Python is so big that there's lots and lots of opportunities to say I want to learn here or I don't learn here and then you could spend another month just working on that section of the code. Wow. And are these deployment teams, is this project based? Do they teach that in school? I mean, you have that P&P perspective on sort of like software development or application development or whatever you would call it. I guess you still call it software development or is it just DevOps? It's software dev, yeah. And even in the world of software development, you've got different categories, right? I have a lot of experience in analytics development. Okay. If you're doing an analytic, you're going to write that somewhere. Usually that somewhere is going to be a cloud. So you have to be familiar with what you're doing in the cloud, whether it's the administrative side or the DevOps side, just to have that code work properly, right? If you're going to take those analytics and you want to put them on a dashboard, you've got to have some UI developers experience on that stuff. Okay. And those always have great areas where you're kind of going between and you can have a full stack engineer. And that's kind of considered the unicorn of the space where they know everything about everything, right? And whether that's a person that you get, whether you're lucky enough to have someone like that, nine times out of 10, I think even if you have a few, you're going to want them to diversify and focus on a certain component anyway. So there's so many pieces to a full product nowadays that I think you really end up having to have different teams and that project mentality go out. Let's do this piece of the work and then bring it back together. Awesome. I think it's amazing that myself, I'm sure most of our viewers don't really appreciate how much work goes into that experience that they have on that mobile device or on that page or in that app. You know, there's, it's all been planned. It's all been designed. There's a reason. And in fact, they're learning from you while you're using it how to improve it and make it better, which is, I think, that it's not like the Noem and the Noesis and this whole noetic pole of, what's it called, forget the words now, but how this, where things are created instantly, but it is getting closer and closer to that. Yeah, it really is. And we're going to get to a point where people are going to be worried about, you know, machine learning and the code writing itself for us. We're actually at a point now where you can probably teach a machine based off of good examples of code to get you most of the way there. Oh, wow. But a lot of the work done there is now going to be a focus on how do I help the people that are doing their jobs now do it better, smarter, faster. I see. There's always the fear of, you know, when are the machines going to take over or who's going to steal my jobs? It's going to be this kind of computer. It's never going to get to a point where you don't want a human involved. Sure. The best scenario is we're all doing 10 times the amount of work we are today in 10 years from now because we've all got those toolkits where it gets you past all the hard stuff. And right now, most of the focus is on how do you replace the tedious work. I see. But as we mature and go down that path, it should be, you know, more and more efficient. We don't have a scenario where you're spending all day doing code cleanup, right? Something should be able to do that for you. Wow. There may be hope for me yet. We're going to take a quick break. We'll be back in about one minute after we pay a couple of bills. Thanks for joining. Hi, I'm Lisa Kimura. I'm the host of Family Affairs on Think Tech Hawaii. Join us every Tuesday at 11 a.m. to talk about the issues that really matter. Everything from policies that need to be changed in Hawaii to the fact that we need better gender equality so that we can all have a better shot. Again, join us every Tuesday at 11 on Think Tech Hawaii for Family Affairs. Aloha. Aloha. I am Howard Wigg. I am the proud host of Code Green for Think Tech Hawaii. I appear every other Monday at 3 and I have really, really exciting guests on the exciting topic of energy efficiency. Hope to see you there. Hey, welcome back to this episode of Security Matters Hawaii. We've been drilling down into what's going on out there in the world of IT and high tech and it's kind of become this cloud, instantaneous sort of UI design and development where the consumers are, I think, driving the business decisions that are being made. You know, they're really trying to appeal to you and Brandon's given us some real insight on some of how that's getting done and why it's so getting simpler, I guess, is the word. So the workforce in Hawaii, and you've been out here now a few years? Just under a year actually. Just under a year, okay. So the workforce that you've seen, and we'll get into some of these folks. I know you're a member of FCA, which is our Armed Forces Communication Electronics Association. I've seen you at HICTA, the Hawaii Information Communication Technology Association. We have a group at UH under Scheidler and the ITMA, which is our Information Technology Management Association. Yeah, it's something like that. We've got a lot of groups. So there's a lot of input for the kids that are learning and wanting to learn. You know, in your experience, as you've been on the mainland and here, what do you see in the kids here? We got talent. We have a reason to keep them here. I mean, what do we got going on? Yeah, there's really, really good talent out here. Awesome. I've been really pleasantly surprised to show up and see what an active community the folks are doing here in Hawaii. And that's from middle school, high school, and into the colleges. Awesome. There's a really good program out there called CyberPatriot that folks here do very well in. And part of that is the locality of all the different expertises here on Island. You have a lot of DOD presence that gives those folks an opportunity to go out and spend time with students. But it really, really helps when kids have opportunity, right? Yeah. Yeah. So CyberPatriot has been around for a little while. And I know, I mean, the NSA has done a fantastic job here. I think they've got a program run with some instructors at, like, even Lilihuah High School. I don't know if they've gone down below that level yet. And then our UH program, we've got kids that have gone on. They've interned up there and then gone up to the NSA, CSS here. So, and into other, I think we have a pretty reasonable Air Force and Army intel community out here as well. So there's, you know, there's guys that are getting in there out of our schools. We don't want them all in there now. They need the great ones. So below that, we need them in industry, you know, for low-voltage technicians, right? We have some technology. I think my guys go up to, like, Security Plus or sort of the highest level assurance that my team has. And so, you know, we do have a path to training folks in low-voltage industries. And it's starting to bleed into AV systems. You know, they're hacking phone systems now. People are trying to get into any system. They can find a way into your supply chain, you know. The deliverers of low-voltage technology systems are a bit of a target there. So we do need to have a security mind in this about our industry. Where do you think they can go if they're not a stellar, you know, if this programming world, if they're not NSA material, what do you think they can look for in Hawaii? What do you see that they can be getting into? Because it seems like it could program anywhere. Clouds anywhere. I can do it from here. So, for lack of better references, I'll throw out a few different of the, you know, the modern sayings where big data or data is new oil. Okay. Well, what does that mean? Data is new oil. Love it. Data is new oil to me means any organization is going to care about their data and they're going to need to do something smart with it. Yep. There's also the saying nowadays, software is eating the world. Yeah. Right? So, software is everywhere and that ties right into the data components, right? So if you can take a new mentality, no matter what industry you're in, no matter what vertical in that industry you're in and see that there's value in software and there's value in data, you can embrace that. But the cybersecurity part of it is really the pervasive need to be able to defend all of that work that you're doing, right? Yeah. Yeah. It keeps somebody from taking it or taking the data or whatever it may be. Absolutely. Building with security in mind, you know, security by design, you might say, which my industry left out, by the way, we built a ton of software and cameras and access control systems and they had no security baked in whatsoever. So my industry is going under a correction now, which it's taking NIST to come in and UL to come in because the manufacturers didn't want to do it on their own. In this application world that a lot of the consumers and business people are dealing with, what's your feeling? Is that stuff being done better? You know, when it lives in the cloud, is the security implicit? The mindset is changing. Okay. But I don't think we're there yet. Okay. Even in that container world we were talking about earlier, I think it's kind of magical to some people that it works, but there's always something that's going to happen, something that's going to go wrong. So there was a pretty significant container vulnerability not that long ago and those are going to continue to happen because it is still just software and you're always going to vulnerabilities no matter where you're looking. I think the key is really to stay as up to speed as we can and it's really challenging to be able to go deep down into your project and code and stay there, develop really good things but also be completely aware of what's happening over here with vulnerabilities or the latest type of attack on the cybersecurity front and that's why the industry sees itself as really far behind on the staffing part of it. I see. Because no matter whether we were able to go out and train a million new cybersecurity experts today they're not only going to have to come up to speed on whatever systems they're protecting so you have to have some domain knowledge there but also you have to keep up with the latest pace and latest trends and there's some pretty good podcasts and blogs and all kinds of ways to consume that information but it really takes time and effort. Ah, so training. I argue, don't argue, I shouldn't say argue. I've been talking with my, our teams for example about time budget. You know, you've got to build in time budget and it's sort of a business expense, right? It's a cost of business to do this training that's so necessary and I'm just going to guess that the closer you are to the leading edge of technology development the more training you probably have to do. It's got to be constant. Um, off the top of your head what would you say? Four hours a week? A couple hours a day? What do you think people need to be doing you know to keep their, to keep up with what's going on in this world of technology development? The world of technology development doesn't really matter what technologies you're using you're always going to have to stay abreast of what's happening in that particular space and it really depends on how fast the industry itself is changing. So it is inherently part of your job now. It's not one of those things where you need to learn. To learn, yeah. It's not one of those things where you break away and I'm going to go take you know, a Windows class. I'm not going to go take a VMware class, etc. etc. It is really a scenario in which if I'm writing code in a specific language I'm referring to those docs all day long. If I get to a library I haven't used before I'm looking at it and I want to find out how I'm supposed to be using this in the calls and all those kinds of things. So it really turns into an opportunity where you have to bake it into your process. Wow. So do you think people let me ask you how much mobility does a person have if they've gone down a path for developing let's just say something an app for a mobile an iOS device. Can they then jump into some perhaps let's say Google cloud development of another app of some other type. Is it are these skills fairly transportable across the domains I guess there? If those are really different domains maybe I don't think they really are transferable. Not just the tools where you kind of know how to code in one language you're probably going to be okay jumping to another one as long as you get the little tweaks and the mindset differently. The back end the cloud type of stuff is far more accessible than it's ever been. So to go out and learn how to use any of these cloud opportunities is really just a matter of finding the right application to do it in. So I want to go out and I want to build a new project I'm going to I'm going to go spin some servers up and there's certainly a lot of time and effort you can go to learning the back end of the architecture and you have to understand a lot of that to do security right? But you have opportunities to say all right I have my architecture team I have my DevOps team now I have the platform I need and if I'm going to write some code I can live over here and it's very easy to use and deploy. Wow so in Honolulu if you want to meet some of these bright brains and find out what some of the ideas are that are going on this week tomorrow night there's going to be an event Wetware Wednesday tell me a little bit about I think you've driven some of that or attended some of those tell me a little bit about that group I'll jump around a little bit Wetware Wednesday tomorrow night is traditionally a software networking social and they have them every month always the last Wednesday of the month and traditionally what what the team does is they bring in what we consider kind of a sponsor that's going to pay for the food and bring in some new ideas and some new flavors so this month that's Afsia so that's my tie in awesome okay young Afsians is basically anyone in Afsia that's part of the community under 40 and really has a unique set of care about within the Afsia community what we have done is tried to partner with many of the organizations on the island to do these kind of joint events where I want to bring the Afsia community to the software development community Wetware Wednesday is the perfect opportunity to do that so tomorrow night we're going to be talking about what young Afsia is doing a little bit later this year all of our different events whether it's mentoring or tech talks basically have an opportunity to announce that to a community we don't usually get to work with that's awesome and we're going to be at aloha brewing aloha beer aloha beer down in cacaaco so come on out there tomorrow night you know if you're looking for some young talent in the IT space there's a lot of those folks working there if you want to do some mentorship and help some of these folks understand the needs of a business community go down there under 40 group by the way a national award we have some really good folks in the organization that are able to go out and do some good things that's amazing thank you so much I mean that's really important so get on down there check out where Wednesday tomorrow night in cacaaco at what time 6 o'clock 6 o'clock 6 till 8 or 9 so come on out if we don't work on workforce development together we're not going to develop a workforce in a lot of capacity here for us to do that so come on out we'll see you down there because security matters Allah