Podcast: 2022 Cybersecurity Trends CISO Anthony Leatherwood pt. 2

This is the second half of our episode with Anthony, CISO at Centre Technologies. Anthony is new to the role but not new to the industry. It was great to get some space inside his brain on what's to come in the cyber landscape. 

The following transcript was generated using an automated voice recognition tool. Some small discrepancies may exist between this written transcript and the original audio recording.

Taylor (00:09)
Welcome back to When Bits Hit the Fan where we keep an eye on tech news so you don't have to and when bits hit the fan, we bring it right to you. I'm your host, Taylor Uden. While James is out on the  road this week, we'll bring you a continuation of last week's episode with guest Anthony Leatherwood. We broke his interview into two parts because we just loved what he had to say about the trends in cyber, and what's coming up with AI, what to look out for, the entire cyber landscape. We're excited about this second half. Let's go ahead and jump right into the second half with CISO Anthony Leatherwood. Enjoy.
[Music] (00:47)
Anthony (00:53)

Right, being prepared is making sure you have the right investment, the right solution, the right platforms, and the right EDR solution in place to protect the organization and contain it, right, so.

James (01:04)
So, after all those attacks occurred, we decided to shift our news stories to Colonial Pipeline and JBS Food Systems. Those impacted America's supply chain- the new supply chain attack- and when that occurred, we saw the government then step in with new litigation for certain industries. One on election providers, one on midstream providers, um, there's been rumors, that more is coming and that came from the White House through the- through a memo of what minimum things that we should all be doing. Is it- if you put on your- your- your crystal ball, I don't know how you put that on. If you looked at your crystal ball, are we all going to live in a world where the government's pushing what we have to do at a minimum standard?
Anthony ;(01:50)
I mean, you know, with Biden's executive order, right, he just succeeded not- not too long ago this year, cybersecurity is important right? And companies are starting to realize, right, from your universities, to your local state governments, to your state, to private entities that, you know, cyber security is important, right, and if you want to be viable in the supply chain you have to protect it, right. I think with this new focus, right, that's a long time coming, right, I- I call it a harbringer- harbringer, right. Did I say that right?
James (02:23)
Anthony (02:23)
Harbringer. Right. I call it a massive, kind of brain, of-of activity.
James (02:28)
Anthony (02:28)
Right, not just from the U.S government, but from the public and private sector. I think with all these things at tangent, you know, coming into play, I think the focus here right now is on cyber security. Folks are at the point where they're saying that 'Hey if I don't focus on this,' right, 'I won't- I will no longer be in business.' you know? I think folks realize that and that's why the focus is there.
James (02:51)
So I- I- I hope you're not getting tired of hearing it but you know that we've been preaching that the four things you have to have to make sure that you're in good shape is a clean copy of your data, a proactive threat hunter, visibility in your security gaps, an incident response plan but if you could make one recommendation to the CEO's and the executive teams that are listening, what what would you tell them 'you need to make sure before end of year, you have at least looked at or shored up'?
Anthony (3:14)
You know, I- I'm a big ISO 27001 fan. I-
James (03:18)
Explain what that is real quick.
Anthony (03:20)
Yeah, ISO is international standard, right, and it includes a lot of different controls, right. You have a lot of controls out there, you got CMMC, you have COBIT, you know, you have ISO- you have multiple, multitude of standards, out there but, what ISO is good at, is taking these controls, right, these common controls that are important to protect the company in the industry and the SMB and making sure that they're deployed, right. So you do that, you know, the first and most important thing any company- company could do is a risk assessment, right. You know, across any CISO, any CIO risk assessment is the key to understanding what's there, what's impacting you.
James (04:03)
Not just a VRA but a larger risk assessment as a whole. 
Anthony (04:08)
Larger risk assessment for organizations, VRA is really for your-
James (04:09)
Anthony (04:10)
Yeah, well you know you're assessing product and services, right, if I need it, right.
James (04:15)
Anthony (04:16)
But, the other part of that too is, I think we spoke about this earlier, was the assets, right? Knowing exactly what assets are protected- or connected rather- on your network, right. You talk to SMB, you talk to enterprise, you say 'Can, Can I get a full list of all your assets that's connected to the network?'. Most of the time, you get a question mark, right. You don't get a good response there, right.

James (04:41)
It's definitely an area where people think they know. 'I know what employees I have. They all have a laptop, therefore, I know'.

Anthony (04:46)
Yeah, I think they know, but, you know, if you conduct an audit in the environment you find out differently, right. You know, so, don't get me wrong, some- some organizations do have that level of granularity, and they understand what's connected to the network, right. But the idea is that, secondarily, after the risk assessment- that- that- asset inventory would be key. That's going to be the next, most-important.
James (05:09)
I don't want you to get alarmed but, I've worked here 11 years,
Anthony (05:12)
James (05:13)
I have three laptops at home-
Anthony (05:15)
James (05:15)
-that you may not know I have.
Anthony (05:17)
James (05:18)
How about that? Is that what you mean?

Anthony (05:19)

Let me do some checking on that.

James (05:23)
I know- I know for certain that they were fully, like, removed from everything, but that- that- that's an area where I feel like a lot of our business leaders forget to consider that. Listen, who are they going to attack first? Your executive team, your CEO, your CFO? If that person's been in the company a long time, they've certainly been through some laptops.
Anthony (05:40)
I mean, you have- and SMB's struggle with this- but, enterprises as well, you know, running SAP, whatever major system they have, you know, CRM tools, right, Gmail, It's called joiners, movers, leavers, right. So, you know, join a new joiner to the organization, mover lateral, or promote it within the organization. Leave remedy, leaving the organizations, a lot of organizations have issues with keeping up with those type of movements, right. I think part of it, what you want to do, is make sure that you understand the JML [joiners movers leavers] process and make sure you can account for who's in your organizations, who's connected, and who's gone, right? Those state changes are important.
James (06:23)
That's good, yeah. We have a- a personal wish too, to not be hacked. So I know that there was the- a giant push for identity theft protection. That was what, four or five years ago, it seems like everybody was buying something they could make sure their identity wouldn't get stolen.
Anthony (06:42)
James (06:43)
I know the credit card companies are doing their end of it, your- your applications you signed into now at MFA, but there's still a concern about our own personal data, and will it ever get hacked or picked up. What measures do you recommend people take and maybe, what's too far? 
Anthony (06:57)
I mean, you have some industry regulation, you know some products out there like the neat locks and things of that sort but, well, it was- I'm big on prevention, more than detection, right. I- I think you, you get smart on where your data is located. You get smart on leveraging encryption, you know across any of your sensitive data, especially PHI data or whatever data you may have and you get smart on, you know, one key work. Where I kind of advise SMB's is that, you know, you have accounting software that's probably web-based. Use a dedicated browser, right, you know, for that accounting software. Don't- you know, don't use the general browser, you know, your employees use to access the internet. Use that dedicated browser and it's only to be used for the accounting software. You limit your threat surface, as we call it, and you limit your exposure and your risk, right, because we all know one of the most important, you know, life is first- right you want to protect life but we all know that SMB's is important for the revenue, you know, liquidity to remain- remain intact.
James (08:02)
Sure, yeah. Business interruption would be second to life, yeah. Yeah, for sure, I would imagine life comes first, yeah. Some CEO's might argue otherwise.
Anthony (08:12)
Yeah, life is most important.
James (08:14)
Anthony (8:14)
At the end of the day, we're all here to protect life, you know,
James (08:18)
This is a completely, the most- by far, this is the most important question- are you ready for this one?
Anthony (08:24)
James (08:24)
We're going to finish on this. You can only go to one barbecue joint the rest of your life. Which barbecue joint you're going to?
Anthony (08:31)
Yeah, that's- that's a- that's a tough one for me. I- I actually, you know, if I had rest of my life?
James (08:39)
All the other ones closed down. There's only one left.
Anthony (08:41)
Just cook at home. Do I got the smoker at home? You know? 
James (08:46)
I find- you know, I find your ability to analyze the risk and recognize that you're going to isolate somebody's business by saying- saying a name and therefore taking the easy way out to home,
Anthony (08:56)
Yeah, yeah
James (08:57)
It's uncanny, you're good at that.
Anthony (9:00)
I- I could but I think that the key is the smoke and the flavor that you're looking for, you get the- you know, what you- what you like or what you know just like SMB's they kind of know what they're looking for, right, in products and services, right. You kind of know what you're looking for at home and then you can cook the best barbecue you possibly can.
James (09:17)
So you build yours at home as opposed to outsourcing? You see what I did there? I would outsource mine.
Anthony (09:22)
You would?
James (09:23)
Yeah, because- well I- I'd like to go to my kids sporting events and games in the morning and not worry about that barbecue pit while I'm gone-
Anthony (09:29)
James (09:30)
-and then if I come back and turn it on, I don't want to take a shower right after because I'm all smoky. I like to go to Pinkerton's and have a- a- a dollar beer on a Thursday and some brisket, or over the Truth barbecue and enjoy some, some tater tot casserole, yeah.
Anthony (09:44)
Yeah I mean part of it too is- you know, when you think about it, you're smoking the brisket at home but you still have to go buy the brisket at the store, right.
James (09:54)
I don't want to make two trips.
Anthony (09:54)
You know so, yeah, I mean if you haven't on the farm and then you get- you could handle that. Most folks don't have that type of acreage, right? So the idea is that, you know, whether you kick it at home- where you procure it from, you still have to procure that beef. You have to procure that brisket, right and so that's the most important thing to remember, you know. You can cook it at home how you like it but you still have to procure it.
James (10:20)
So the next thing I want to cook is a Creekstone brisket at my house. What's the-
Anthony (10:25)
James (10:26)
Yeah, that's one of the places that some of these joints like Pinkerton's, like Goldie's up in Fort Worth, they're buying stuff from Creekstone.
Anthony (10:32)
Oh yeah, yeah, yeah. 
James (10:33)
Where- where would you- what would- where would you procure- what would you make next that you haven't done yet?
Anthony (10:38)
Ah man, I- I've been watching-
James  (10:41)
the whole hog?

Anthony (10:42)
Oh man I- I whole hog that's- that's- I'm- I'm an I.T. guy, so you know security- so whole hog, I will be totally lost.
James (10:49)
Anthony (10:50)
I could secure it, right, maybe we'll have some- some IOT devices connected to measure the temperature, right, and they need to secure that- we need to secure that connection right, but that's when I work with the professionals, you know, that- that- you know, this is what they do, right, so.
James  (11:08)
So what would- what do you think you'd do next? If you could go store now and pick something up that you're looking forward to cooking, what would you want to do?
Anthony (11:14)
I don't know man. My wife has been talking about, you know, cooking some- some- you know, like, got Franklin they- they- picked the- what do you call it? The hall? I'm not a- not a smoker but, you know, you- you smoke out the- not the whole hog but, it's the- it's the pork butt?
James (11:35)
Yeah, the front shoulder.
Anthony (11:36)
Yeah, yeah. Okay, okay-
James (11:37)
Isn't that funny that they call the front shoulder the pork butt and the back shoulder, the back hip? It's a ham.
Anthony (11:42)
Yeah, that's weird.
James (11:43)
Anthony (11:44)
I mean, good. Thanks for the clarity. I- I- I don't know where the meat came from but, now I know.
James (11:49)

I got a lot of anatomy, I could teach you.

Anthony (11:53)
I know the wife was wanting me to focus on that.
James (11:55)
That's a- that's a great cut. I'd love to talk about that, yeah, that's a fun one.
Anthony (11:57)
I've been watching a- a couple of videos on that.
James (12:01)
Yeah, you mentioned Franklin. I think I know where you're headed with that, you bought that master class, didnt you? 
Anthony (12:07)
Oh, yeah yeah yeah. You know, definitely, you know it's a service and I- I think he- he- has good instructions on the master class.
James (12:15)
Now, Anthony's dropping some wisdom on us guys so, it's- it's fair that you can go guess and check and you can try to cook your own great brisket and pork butts at your house but, if you want to learn how to do it right the first time and not waste that investment in time and money, you can join Centre and many of our marketing events as we talk about how to procure and produce some of the best brisket, turkey, and soon, maybe even whole hog. I don't know, just throwing it out there. We might be doing a Centre whole hog.
Anthony (12:45)
James (12:45)
A Centre whole hog, well, that was my nickname in high school.
Anthony (12:51)
Right, okay.
James (12:52)
All right. Well Anthony, thank you so much for taking the time to be with us today. This has been outstanding, really appreciate it.
Anthony (12:57)
Thank you, sir.
James (12:58)
You'll come back and join us some other time? 
Anthony (13:01)
Oh yeah. Anytime you guys have a podcast, just feel free to drop by.
James (13:05)

Number of the people listening are our prospects and customers. I'd love for them to be encouraged to reach out to us directly on security questions they have. Are you open to touching those?

 Anthony (13:14)
Any- any SMB, even large enterprise, want to reach out to us to get some directional guidance or if they want our products or services, I'm totally open to that 24/7. They can call us anytime.

James (13:25)
They can definitely call us any time and we do have people picking up the phones but, I'd love it if general requests would hit our info mailbox so, info@centretechnologies.com. Direct it to Anthony or to James or to Taylor, our producer, and you can make sure we get that question in front of Anthony. He'll get back with you directly.

Anthony (13:44)
Definitely, we'll look forward to hearing from you.

[Music] (13:46)
James (13:52)
Nothing Anthony enjoys more than talking to our customers and prospects about these security matters. If any of the topics we discussed have driven any questions in your mind about how it might impact your business, we'd love to carry that conversation forward. Feel free to let your account executive know, but if you want to bypass that, and go directly to Anthony, email info@centretechnologies.com. Info@centretechnologies.com is a mailbox within Centre that we watch on the marketing team. We'll forward those directly to Anthony and have him reach out directly. 
Originally published on December 16, 2021

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Centre Technologies Centre Technologies

Centre Technologies is a full-service IT consulting and managed services provider headquartered in Texas, with a focus on mid-sized businesses. As a trusted IT partner for well over a decade, Centre is recognized for its local experience and enterprise-grade cloud and cybersecurity solutions. Centre is committed to helping organizations harness the power of technology to maximize their operational efficiency and exceed their business goals. Learn more about Centre Technologies »

Follow on LinkedIn »