#250 Staying Ahead in Tech with Bob Lamendola: Insights on People-Focused Security, AI, and Cloud Strategies

0:00:02 - Mehmet
Hello and welcome back to any episode of the CTO show with Mehmet. Today I'm very pleased to have with me joining me live, bob. Bob, thank you very much for being on the show. The way I love to do it, I keep it to my guests to introduce themselves, so please tell us more about yourself and your work. 

0:00:19 - Bob
Well, mehmet, thank you for having me. I appreciate being on. So My name is Bob Lamendola is Bob. I'm the Senior Vice President of Technology for Ricoh North America. You know my background is in corporate IT. My first half of my career was spent in corporate IT, second half spent as an IT services managed service provider. So I always tell people I have the benefit of being a consumer of technology and then being a buyer or a settler of technology. So it's always given me a unique perspective on both sides of being a provider as well as being a consumer In my current role I've been in. 

The current role I'm in is really two parts of it. It's infrastructure, it infrastructure applications and security sort of the internal responsibilities for Ricoh North America. But I also have a R&D a technology R&D part of my job where I'm building new services for our customers, a newbie based XS service mentality. So again, I have a wonderful team that works very well together and really bringing the external internal world together is where I've been focused to make sure that we actually, when we sell new services, we can deliver them successfully and, most importantly, safely. 

0:01:25 - Mehmet
That's great. Now, as someone who was also, you know, came from the same domain, I would say I always ask my piece, like, what draw you to this side? And you know why did you choose to be? Because you know, like when we talk about the thing that we do, it's not easy, it's challenging. So what attracted you to that book? Sure. 

0:01:49 - Bob
And I've been in IT for such a long time you know and learning through experience what threats can exist and having many experiences through my career, both as internal corporate IT but also delivering services where you have responsibility for customers, infrastructure and their data, you gain a huge appreciation, particularly through real scares that challenge you and it puts you in a position where you gain a very real world understanding of the responsibility to protect assets, data and companies. 

So that is really where I come from. I come from I don't want to call it fear because that makes it sound so negative it's not that place, it's a. It's really a respect for the threats that are available and they could be very small. Sometimes they could be the most mundane things that create the biggest problems, but you gain respect for managing and what's required to manage large, complex infrastructure. And in today's world where it's so hybrid, where it's so intertwined, where the boundaries of your organization extend far beyond the walls of the building you sit in, it becomes an immense challenge for companies of all sides to really meet that challenge. So I find it to be a challenge. It was through scare and frighten kind of experiences where like what is going on and how do we? How do we let this happen to gaining respect for proactive and perspective planning for security and then understanding that it's a never ending cycle. 

0:03:21 - Mehmet
You always need to be on your guard 100%, but if I want to, I'm asking this because people think that this is something very new. Of course, things are evolving, but if you want to compare the amount of threats out there, you know the amount of things that we needed to think about before, like, say, because I'm also like old in this. So, but just for to give the audience an idea how things are evolving and how they are evolving and you know why, do you think also like this is something becoming bigger and bigger over time. 

0:04:00 - Bob
Well, it started from people just being inquisitive. People were trying to challenge I can do this. I wanted a challenge. Getting through security. No one's became like a little bit of a technology challenge. 

Then people realized they can make money and there's ways to actually monetize being a threat actor or monetize and using ransom as a way to gain money. And then you get digital currency that made even the transactions associated with capturing money and people paying ransoms. It became big business and it is big business at the end of the day. Now, of course, you get nation state threat actors that are after sort of information to use for whatever political gains they may have. But that is, I would say, that's just one aspect. The bigger aspect is because it becomes become big business and that really exploded. I think, the opportunities and the people that get interested in this to use that as a competitive advantage, to use it as a way to extract money from organizations, to use it as a threat, and I think that's really where it started to change and become something that's just an everyday, 24-7, always on situation. 

0:05:06 - Mehmet
Now the question that immediately comes to mind, bob, is we have been sorry, we've been investing very heavily and these things keeps happening. Why? 

0:05:20 - Bob
People at the end of the day. So most threats and most challenges, most exposures come from people. And it's not people doing things purposely although there's an element of that too. There's people that specifically get coerced into creating opportunity. So, really, at the end of the day, the weakest link in the chain. You could put a lot of technology in place, you can have all the business policies and procedures in the world kind of adhere to what are right principles and good principles to have, but at the end of the day, people still tend to be the weakest link. 

So the focus always has to be on people. How do you raise awareness? How do you accentuate the sensitivities? How do you bring people to the brink of understanding, not just in their personal life equally important but in their professional life. They have a responsibility. So I always look at the people aspect of it as being the most important thing to protect, and you have to constantly be there. You have to constantly remind people there's new and challenging ways. Ai is changing sort of the matrix, so to speak. It's great to have a whole host of new and interesting challenges for people to recognize when I'm being attacked or not. So it's the people part of it. Of course you need all three. You need people, process, technology. All three need to be in harmony, but I always look at people as the thing that really, for a chapter, focus the most attention on. 

0:06:37 - Mehmet
That's great, and I have like two follow up questions which are related, if you don't mind, bob. So the first one you know we talk about people. So when we say people, is it like are we not educating, you know, the end user, you know enough, or is it? Do you think it's just? You know it's a human nature that we do always mistake. Where do you think we can put more effort to? At least I know like we cannot eliminate it 100%, but at least make it better. 

0:07:09 - Bob
Yeah. So you know, I think we there's enough education. You can always do more. There's what like when is enough? Almost never is enough. So there's more education we can do. 

You know we go, we overeducate in some way, so sometimes it comes a little white noise. You got to be very careful. But really where the awareness comes in is you have to have specific use cases. The sophistication that has entered into sort of this arena is really where the challenge comes. So it's, yes, a limited education, but also people get so the tools are so easy to use that sometimes they just get enamored with the fact that I can do things quickly and not necessarily recognizing that maybe I'm not doing the right things. So it's not just do it quick, am I doing the right things in the right way? So it is definitely a little bit of an education, but I'd say we educate the good amount. But I think really comes down to the education has to be very specific awareness and I think you have to make users understand that there are different ways in which it could be attacked and it's not easy sort of cycle. 

It always becomes a challenge. Whatever you taught last quarter, you got to look at what news out there and remind them is a different way and that's the hardest part. So I think it's a human challenge. I don't want to say it's necessarily an individual. I think it's a human challenge. Some people have this I'm a tinkerer, I like to try things, I like to do things, and ramifications sort of all deal with that secondarily, and you really have to sort of look at those folks and brace them in the right way, not stunt the creativity and the innovation and the curiosity, but understand, make sure there's respect for it, and that's the hard part. I think that's the balance striking the balance between the two. 

0:08:46 - Mehmet
Yeah, and this is related to the second question Do you think that people, and even sometimes mainly small organizations, they underestimate the threat or the risks? 

0:09:00 - Bob
So absolutely Absolutely. I think now, where this was a big company problem several years back, it's an every company problem now. There is nobody that's immune. And SMBs, mid market, even customers, some customers live in market and we, because our IT services really lean into mid market and SMB you get to see a lot and when you start doing simple things you want to improve their password policy, which should be one-on-one you get pushed back from people like I don't want to put a 12 character password in with and I look, you know, sometimes people say that you shake your head. I'm like, okay, there's a problem here, it's a cultural problem. So, yes, I do think you get a wide breath of that. I do think big company problems really are every company problems. I think it's a cultural thing. Companies, it has to come from the top. The company has to have a culture that we are stewards of the data we're responsible for and if it doesn't come from there, you're going to really be fighting a tough battle. 

0:09:57 - Mehmet
Yeah, that's true, and this is also, I believe, like you know, there is a little bit something on us, you know, the professionals in the field to keep educating. And I know and this is what I want to ask you, just out of curiosity, because one of my guests told me like, because also as end user, as me, as customer, right. So I'm sitting, you know, behind my desk and I am bombarded with information and I'm bombarded with multiple people trying to tell me hey, if you just have this one more tool, you're fine. 

0:10:35 - Bob
Right. 

0:10:36 - Mehmet
So, bob, like you have the experience you know, and you just mentioned that the landscape have changed. So let's just take one step back and let's say I am a CISO or I'm maybe an IT director, infrastructure manager, and I'm trying to make things better. So where should I start and how I can eliminate the noise and get the buy in? Because you know, at the end of the day, it's money that's gonna talk. So what do you advise? 

0:11:06 - Bob
him. So you know, the technology leader of the past is a different character. It's a different personality. You need to be a unifier, you need to be a collaborator. You need to spend the time to work with different people to have them understand. If you come in with a hammer, all you're gonna get is resistance. So you need to find a way to invite those folks in and help them understand and help build the strategy, make it their strategy. 

In the past, you know, because I've lived through this in many ways, we would just come in hard. This was the rules. You couldn't break the rules. And you know, in a company of the large, particularly large, even a mid-sized company they say, yeah, but I know better than them, I can do it myself and I can do it fast. And if you don't understand that, that is a natural human reaction to influence and you don't embrace those people and bring them in and help them understand, now that takes a lot of time and patience. So it is a different way. 

Your personality, your charisma, your ability to work with people have to be part of the equation, because if you don't do that, you're always gonna open the door for someone to go and break the rule or someone's gonna go and extend what you mean by I can't do or look at doing. So yes, I hear what you're saying, but I need this to do my job better. So you have to embrace the leadership teams, you have to embrace the people on the line and you have to really work at it. That is enormously challenging because it takes a different mindset and you have to take a deep breath and recognize everything you hear you're not gonna like. But don't fight it. Learn from it. It's the only thing I can sort of give as a prize. 

0:12:49 - Mehmet
Yeah, great advice. Now you mentioned a little bit, bob, about it's not only what is in our building. So now we have cloud workloads, we have remote work, which became almost the standard like, of course, like, still, hybrid model is one option, but majority of the companies across the globe, they understood that hybrid is here to stay. And when we say hybrid, of course we need to rely on more services, we need to rely on more technologies which are not under our direct control. So how do you think this is first, you know, a direct challenge for companies because they're gonna be relying on other services and assuming that, yeah, we have to accept it how we can enhance our security postures when it comes to cloud? 

0:13:44 - Bob
Sure, and this is a reality. This is an everyday reality too as well, because even the most secure companies that we've seen so many things come in the news, the best SaaS companies, still wind up getting attacked as well, and they become an extension of you. So a few ways to look at this. Number one your procurement processes really need to evaluate companies and security assessments and understanding what your requirements are and having your vendors certified to certain levels. It sounds very mundane and sort of like very pedestrian, but it's an absolute requirement. You have to make sure your contracts, your vetting security, the vendors are responsible, they have a response capability, there's an understanding of liabilities and again, it sounds so boring to say that, but it's so super important that you bring on vendors that share those values and there's some contractual requirements for that. That's step one. Step two you must treat identity management and the extended world with the highest reverence, and what I mean by that? As you extend out shared authentication or identity management capabilities, it must extend into those cloud partners. So you must spend a good amount of time understanding how to bridge together your identity management is the structure and those third party vendors that when changes are made, they propagate immediately. The biggest gap you find in Cloud Services is an employee leaves an organization but they don't have it extended out to their Cloud partners or SaaS partners and you still have authenticated capabilities at those third parties which create exposure. That extended view of identity management and identity and overall how you build that structure is super important. Of course, it has multi-factor to a very high degree and that you embrace that as a core principle. That's a very technology-oriented point of view, but you must do that. If that is not part of the ecosystem you're building for your Cloud architectures, you're creating an exposure. 

The third thing you mentioned is hybrid work. Now, we've had hybrid work, even for the pandemic Pandemic, just put it on supercharge. It just meant everybody was doing it. Okay, we have more capacity issues, quite frankly, than anything else, but it did expose a few things that we had to take care of, things that you just say when you have a small percentage of remote workers. It was something that was important, but you got to Now, with the extent of that hybrid workforce that gets created, everything that's an edge device is important. 

Everything, printers of all things, anything with an IP address that's connected to your VPN is a problem, is a concern. You must look and have the ability to not just touch all the edge devices of your remote connectivity but also monitor those. That has really been a realization. I think that everyone's gone through in this pandemic and now it's a forever thing. It will forever be something irresponsible for. So the vulnerability management programs that you have, that actually good inventory of what's connected to your network have, quickly be able to identify those things and react, even in the hybrid world, is super important. You must be able to take focus on that. 

0:16:46 - Mehmet
Right, and just a reminder, or let's say disclaimer, for people because they think, okay, now we migrated to the cloud, security of the data is not our problem anymore, which is not true, right? So, because even the big hyperscales, they will tell you, just providing you the infrastructure, the data, is yours and it's your responsibility to secure that. So, just as a reminder for everyone who's listening or maybe watching us, that you need to put this onto a priority, which spot on what you mentioned, bob, around that. Now, if I want to advise and I'm asking you this question, so a leader where they should focus their strategies. We talked about a bit the people, we talked about the technology, we talked about some other stuff, but if I want to make a priority, where do we start? 

0:17:43 - Bob
Yeah, so it's the same three dimensions as people process technology. But let's talk about technology first. Right, the best defense is a good offense. So what I mean by that is is you really need to focus from the inside out. You got to protect your edge devices, go to your network layer, go to your identity management, go to your third party providers and have a vulnerability management program over the entire structure. If you don't look at that, if you think one point solution is going to be the answer to everything you need, you're missing the vote. You have to have defense in depth methodology. You must have a layered approach and the vendors you choose much work together. Overall, you need to have some type of scene or security event management overlay to make sure that any sort of anomalies in the environment you have an ability to detect. 

Now move to process. You must have not just the ability to train and have procedures and policies in place, but also your incident response processes must be tested thoroughly. You must do table type exercises repeatedly, because organizations change, people change. The most important thing to happen is response. If you think something's happened, you must move quickly. So that means you must test your response processes, your incident management process and your communication process associated with that. Sometimes what happens is in a chaotic situation or an emergency situation. The team gets so focused on fixing the problem that they forget there's an outside world that you must communicate with. So you must thoroughly vet those processes. I would suggest to everybody spend time to how would you react if you had a breach. 

And then we talked a lot about people. When we do the table type exercises, we invite every department to participate. We ask them to participate. We do it really tight. We only make it an hour to two hour kind of session. We do it very, very streamlined. But we ask them to simulate. Then we throw curve balls at them. 

I'm going to say the communications person is going to be on vacation. So I privately go back and said don't be on the call, see how the team is going to react. And I try to do that in such a way to create chaos, a little disruption. And the reason why we do this I want to see do they have the wherewithal to figure out who's going to do it? What are we going to do? How are we going to ask late? 

Because the norm is not the norm. The norm is what you build and then you have to adjust for the abnormal. So those are really if you're going to start, you have to start with technology. Make sure you have a good framework, understanding where your gaps are, go in into the process, make sure you have a good business process, a good incident management process and good training programs, and then go to the people. Will the people, will the teams react accordingly to situations that occur? If you can do those three things and it's always an evolving situation you're really setting yourself up for the best success. It's not a matter of this is sad to say it's not a matter of if it will happen to you. It's a matter of when it will happen to you. Nobody's immune. That's just the reality of the world we live in today. 

0:20:44 - Mehmet
Yeah, and again, thank you for mentioning this book because, again, back to the point that, yeah, it's just the big guys who might be affected, it's not the case. 

And especially because you know I focus in my show on startups and even like small, medium and businesses and guys, you are in more danger because probably you know the bad actors will know or will try to think this way Okay, they don't have enough budget, so probably they are easier targets for me. And you have IPs, you have intellectual properties, like anything that you have sensitive data, like it might be just the list of your customers and that's enough, right? So? And they will tell you hey, if you don't pay the ransom, we're gonna, like put the data on a dark website or whatever. Now, because we mentioned and you touched base on in the beginning on the cryptos and how this allowed ransomware to become like more widespread across these bad actors. But other than this and we just mentioned also the governance but I want to hear from you what, from what you are seeing, bob, what are, like, the other business challenges when it comes to cybersecurity, like, especially when, when it's something related to the industry itself, like where do you see it more fragile? I would say. 

0:22:05 - Bob
Yeah, that's a great question because it's it's, it's a diet, it's almost a dynamic question, but I see the biggest fragility comes into people only looking at what's considered the IT as the exposure. 

Now, with the Internet of Things, where everything has an IP address, some things that would fall into even if you go to industrial manufacturing shop floor, the devices on the shop floor now have IP addresses right and those become, and they have their own security and their own software and their own patching cycles and whatever is proprietary software. 

Everything that in the connected world is a potential exposure. So it's no longer just what's in the data center anymore, it's extended so much beyond that. And so the challenge that I see is I don't think there's a vibe or broad enough recognition that anything that connects to your network is a potential concern, even those things that connect wirely see. So I think that's the biggest gap that we have in terms of just the technology architecture point of view. You know, for Ricoh, because NFPs and copies are a legacy, we are take a high concern for those kind of devices, but I see this in large companies where the the exposure comes from something you would never expect, just something you would never expect, because it's not considered technology or IT and therefore it does not get same consideration. That is what I find to be the biggest concern. 

0:23:23 - Mehmet
Yeah, it's interesting because you know, I think there are some stories, like couple of months back, where you know some organizations were hit, sorry, because of some printers or some edge devices, you know where, where the hackers or the bad actors they were able to to find their way in Now saying this how much is the role of the dealers, say technology dealers, to minimize also the cyber threats to the customer? 

0:23:55 - Bob
So, by extension, dealers now are part of the equation. Dealers must also pay attention to these because they become, you know, when they're selling into these SMB marketplaces and they go to these customers and they're putting these edge devices on there and they're doing the services support. Sometimes, if they're not running on the on the manufacturer, they present themselves. They can expose their own businesses by being guilty perhaps of leaving something open that they shouldn't, but also they're exposing those customers. So the dealers and I work with many of our dealers sort of that have understand this, but it's not as pervasive as you would hope. 

There is now a renewed recognition that the fact that those devices now some of them rely upon the manufacturers to fix that. But often when they're installed, they're installed depending on how they're installed. So of course if people leave all the default user-user password, there's nothing in the world you can protect that. Now there is some technology help that's coming along that's allowing us to go to the edge devices and understand when fault settings were now changed or something. We can do that for dealers. But dealers must also embrace the same capability. So there's much more emphasis placed on remote management, remote monitoring even of edge devices like printers. But dealers have to really be on that same path with us and really understand and work with their manufacturers to make sure what innovations that they're creating so that they can extend it out to their customers. It's no more a password. Dealers are part of the equation, for sure. 

0:25:18 - Mehmet
Yeah, yeah, it's like part of the supply chain, right? Exactly, yeah, yeah, now you know this is an interesting one because you also have this long experience. But, from your perspective, which department you think is the most vulnerable one, where attackers usually start? 

0:25:40 - Bob
Yeah, it's shifted a little bit, but I think there's really two. It's procurement Procurement tends to be a real good opportunity because procurement people get invoices all the time from vendors and they think you just click on here and you know it's passed through. Those tend to be a good one and believe it or not. Hr HR tends to be a really good one because they're acquiring talent, new people coming in, linking in. It tends to be an easy way to gain some information if they're not aware. So those are the two departments procurement and HR that we see a lot. And the third would be sales. 

I have a great love for salespeople I really do, because I enjoy talking to customers and I love when salespeople get involved. But they move very fast and sometimes they move because they're moving fast they're not always and they're so excited when they get new opportunities. Sometimes they're not looking through the opportunity to understand is this really an opportunity or is someone trying to coax me into sharing information that I shouldn't? So those are really the three dimensions. Procurement for sure, there's a lot going on in procurement supply chain area, where you see very targeted fishing, attacks, spear fishing where they gain some information from the vendor and then they come to the procurement organization, they try to sort of get them to share a little bit more and then they use it as a way in HR. Talent is a huge issue of most companies, so they use that to recruiting methodologies, to sort of get in and find opportunities. And once they get hold of names and people, then they use that for targeting spear fishing attacks. 

And then the third is sales Opportunities and leads where customers, where sales people get very enamored when they're trying to sell a lot and they get sort of they just I'm gonna say it's not sloppy or lazy, that's not a fair way to put it, it's excited. They get over excited by the opportunities and maybe go a little further than maybe they should. So the awareness has to come in those three dimensions because those are most likely getting some external influence and they would get like if I get an external email, I pretty much know what it's about. If it's somebody, I know it's somebody I know. If somebody I don't know I'll be, but I'm not getting barrage like those other three groups. Those three groups get barraged each and every day with external email. 

0:27:43 - Mehmet
Yeah, and just because I remembered something mentioning these fishing attacks, bob, the challenge thing is and because you mentioned at the beginning, it's about human nature. So these bad actors, really they are getting better and better. So, for example, they choose a weekend, a Friday night, to, for example, impersonate someone, maybe an executive, or maybe the CEO, cfo, whoever hey, I need this now. Please send it to me. And, of course, like if you are in the office or sitting at home, whatever you panic, and just you click the link or you send the document and it goes there. So it's really really challenging. And because you mentioned about little bit with you, you said about the changes of the cloud and all this and remote work, and you mentioned AI. Do you think AI will help us reduce at least the amount of attacks we see? Or do you see, like, because of the bad actors using the AI, actually now we're gonna see like more attacks happening. What's your point of view around this? 

0:28:47 - Bob
So the answer is absolutely both. Let's go to the dark side first. We'll talk about that first. Ai is definitely having an input and impact on threats. The impersonation capabilities are far superior the ability to use AI and aggregate data and then come to you with things that sound so legitimate and real in the language, in the terms that the reader, that the writer would actually use, because they start understanding and they use external communications as a way to sort of shape the spear phishing attack that it sounds like they're writing it in the person of actually legitimately who they are, so they create hallucinations and all kinds of other things. It absolutely is a bigger threat, much more than ever before. Same token, let's talk about the positive side. Ai is already having an impact. 

The most important thing you can do is aggregating data and reacting. Ai has the ability to predict. So when you're doing event correlation from multiple sources and using AI to look for patterns in that event correlation and then be able to recognize hey, this is based on all the predominance information I got this is a severe go, take action. Or, if you're even more advanced, use that AI to actually take an action. Shut down a service, shut down a capability, shut down an access proactively. So AI absolutely has a great ability to accelerate the ability to event correlation. Event correlation is the key, that's the holy grail. And response the holy grail and response is right there. Event correlation, aggregation as fast as you can possibly well, in the case of AI, in you you can possibly but also AI has the ability to then help you take predictive actions. 

The climate and the attitude. And this is where it gets into culture. My company, our company, in the past, if we shut down services, even if we knew it was a threat, we would get incoming emails. What are you doing? How come this is down? It's crazy. We've raised the sensitivity and awareness of the culture where we've proactively shut down service for a period of time because we were not sure, and the climate is such that people understand it and it's changed completely. 

So, getting back to AI so we're actually investing in a few different ways to use AI for event correlation and then eventually taking action or writing scripts associated with shutting down service whether they're suspect. So those are things where I think AI has great promise. I think it's really. The AI ops was something that got created a few years back and you know, using AI to improve operational efficiencies. Security now has taken that up a significant level. All the naval providers and vendors I get inundated with hey, let's sit down for half an hour, do a briefing on what we're doing with AI. Everybody's doing something with AI and specifically, security vendors, the leaders of the industry. 

0:31:35 - Mehmet
Yeah, true, it looks like we will be seeing AI fighting against AI in the cyberspace Only there is that Low fighting doesn't make me sleep very well, but yes, that's true. 

In one side. The good thing on one side. Of course it's not good in the sense of good, but I mean at least us people who work especially in, maybe, security operation centers will have tools that allows them to react faster rather than doing trial and error. And again, I'm highlighting this couple of times the bad actors are really sneaky. They change their even before AI. 

They keep changing their tactics, they keep changing the way they interact, even with their victims, and this is, guys, if you're listening to this like this is an important discussion with Bob mentioned now, this is just a small part of the biggest threat that you might be under and, bob, do you think we will reach a phase where these things will become something minimal or we're going to see it always happening Like no end to that? 

0:32:55 - Bob
So I think it'll always happen, but I think the sophistication is starting to swing, and what I mean by that is swing back where the like I said, the awareness, recognition of companies and people to be protective and to be less, like I said, start from the very beginning. We talked about where do I think the weak is link? Unfortunately, it's people right, and I think we're trying to starting to address the people aspect of because it's so pervasive in the environment. You hear and sense it everywhere. Turn on the news, listen to a podcast, go on some news feed you're going to hear something about cybersecurity each and every day. It happens all the time. So the awareness is certainly starting to grow. So when you talk to customers, even small customers, about hey, what do you do in cybersecurity, you get at least an interest before you get a blank stare like I don't know, if we're doing anything but we have the AD like no, any virus is not going to be enough to do it, you need to go a little further. 

So again, I think we're the tide is turning on that, but it's always going to be a constant battle of wills, meaning that they're the threat actors because the money is so severely. It's such a huge opportunity to gain money and create wealth that there's always going to be a threat to data. So there's as much as I think the tides are turning, it's not going to be. You're never done thing. It's always going to be. You have to just up your game a little bit more and up your game a little bit more and stay astute and common and really on task. And that's why companies that don't have somebody that live breathe put their head down a pillar. Wake up in the morning thinking about security is probably going to have concern. 

0:34:31 - Mehmet
Yeah, true. Now, as we come to an end, bob, like you said, like you're doing some you know work on in R&D, can you share some cool stuff you know with us? 

0:34:42 - Bob
Sure, well, I'll go down the AI thing in a moment there because it's kind of interesting where we're trying to apply it most. But a lot of R&D is building. You know, we're trying to take a lot of our standard services and building in a framework where we've adopted digital platforms as approach, meaning that we deliver our services through a same common interface so that the customers can experience a similar way. And that's all different types of solutions traditional solutions as well as new digital capabilities so that the interface that customers very common, they get familiar with them. And then we driving analytics insights and then using some predictive analytics and some AI to actually give customers advice. Hey, you know, if you did this and change the way in which you scanned or created these forms, as we're capturing that data, you can improve your efficiency by 15% over the next 12 months, and we're doing that based on predictive analysis. Those are the things that are really gaining market share and opportunity in the industry, because customers are looking for ways to uncover new revenue streams and we're trying to expose that. So, if we're doing data capture in a claims management workflow or we're doing remote patient monitoring, because hospitals are suffering through severe issues with staffing and we're able to provide and expose that information and help them allocate their resources where they're needed most. If we can help companies do that and have a single interface for all of them to experience many different solutions, now we're bringing extreme value and making ourselves extremely important to those organizations. So that's what we're focusing AI there's a lot of opportunities for AI. It's almost like I could do a whole podcast just on that alone. But specifically, where we're learning the most is so much of this country is still paper based, still paper based, and in an order amount. Honestly, so much in healthcare still depend on facts such an old technology and it's almost like shocking when you sort of understand how some of these business processes work, because all investments in some of these businesses go to different things. It's not about operational efficiency. It's a huge opportunity for us to bring chaos I mean order to the chaos. That's why our slogan is too much. We love too much information. We literally love it. Everyone says they have too much of it. I want to go in there, I want to talk to them. We have a way to organize that. We have a way to manage that. We have a way to bring value out of that because there's technology, specifically AI with data capture capabilities and applying that learning from what it did last time to do it better the next time where it's sort of an easy adopter. So that's the exciting part. I love that part of R&D. It's really where we can bring value. 

I'm not into technology for the sake of technology. If anyone asks me, what is your theory? What is your? What is your? What do you believe in, what is your belief in technology, I said if we're not innovating around customer requirements, if we're not innovating with our customers, we are wasting our time. If we're going to sit in a back room and sort of dream up something and bring it to the market and are we going to find something that's not it Now, in startups, that's an excellent way to go. You want to build in sort of in that sort of quarantined area. Let's build something really exciting and go find a market. But in large companies you have to be able to be innovating around your customers. So R&D for me is very close to my heart and I do enjoy it a lot because I like working with people. 

0:37:58 - Mehmet
That's a great one, but, to your point, actually even startups, they have to research the market and see. They have to go out of the building and see what actually the market needs. So this is why I also enjoy working with customers a lot, because to solve real business problems using technology. This is why my passion, I would say, but where people can find about you and about your company. 

0:38:32 - Bob
Sure, if anyone could look me up on LinkedIn. I think the team our communications team, pr team does a great job of keeping me forward, but I always often find things that drive interest for me and I'll post those very clearly. I enjoy I would say I'm a moderately active person on LinkedIn. I'm not overly active because if I'm posting something or putting something out there, it's because it's personal to me or, believe it, it's a passion of mine. I just don't do it for clicks and likes. I'm not really like that, but I do so. Please feel free, folks, to reach me out on LinkedIn. 

I enjoy connecting with people and then when I'm not there, I'm traveling with my family. My family is. You know my heritage, my background. I'm Italian, very close, italian family very close, very big family. I'll always with you know. If I'm not working, I'm definitely with my family where we're going playing golf or fishing or doing things together. It's what it's. You know, it's way for me to break away from always being working, but that's where we can find me. So please reach out to me LinkedIn if you want to connect with me. I would more than happy to do so. 

0:39:39 - Mehmet
Great. Thank you very much, bob. And of course, you know, like I think this is a reminder for a lot of us that sometimes we need to take time off and enjoy far from all the noise that's happening. You know, I've been in this, you know, like since nine months and, wow, like it's a lot of changes happened in nine months since I started the podcast. So at two point yes, definitely, we need, we need, you know, a clean mind to be able to perform. And and then you know again, thank you very much, bob. Is there anything that you know? This is the thing I always ask. Is there anything that I should have asked you? 

0:40:19 - Bob
about cybersecurity and you know, I don't believe so. I don't believe so, and it's the only other thing I would say is it's nothing to fear. And you know, sometimes people get I get, I get. It's a challenge for me. It's, you know, when I look at things like this and there are really problems where, oh, that doesn't seem like we can solve that, I think that everyone has to look at these situations as we can solve this together. You don't have to be fearful of it and really, if you embrace the challenge, I think there's always way to make it important. 

So it's about being positive in that way and not really cowering back and thinking this is insurmountable. I don't ever believe any challenge, any problems insurmountable and I think if you could take that attitude just even a little bit, it's something that we don't think, that for the most part, us as an industry can resolve. 

0:41:04 - Mehmet
This is, I would say, a great advice from you, bob, at the end of this episode. Thank you very much for your time and I appreciate, you know, all the valuable information that you shared with us today, and this is how I end my episodes usually like, for, you know, people who tuned in. Thank you very much. If you're listening to this or if you're watching this, thank you very much again and please keep the feedbacks coming. I enjoy reading feedbacks and also, if you are interested to be on the show, don't hesitate, reach out to me. We can arrange for that. Timezone is not an issue, as I always say, and thank you very much for joining us today. We'll meet again very soon. Thank you, bye, bye. 

Transcribed by https://podium.page