Cybersecurity Insights and our Financial World with James Fair
Illustration of Blockchain Technology security features explained by James Fair, Executech.

Securing our Financial World with James Fair of Executech

Episode Overview

Episode Topic:

Welcome to an insightful episode of PayPod, where we explore the dual impact of generative AI—it’s a boon for hackers and a blessing for cybersecurity professionals. James Fair, the senior vice president of IT services at Executech discusses the challenges and opportunities presented by the mainstream adoption of generative AI and the enduring impact of blockchain technology. The episode navigates through the evolving landscape of cybersecurity, exploring how advancements in AI have both empowered malicious actors and provided new tools for defenders. Additionally, it sheds light on the transformative potential of blockchain in enhancing security measures, particularly in supply chain management.

Lessons You’ll Learn:

Listeners will gain insights into the dual nature of generative AI’s influence on cybersecurity. James Fair highlights the challenges posed by AI-powered phishing attacks and the evolving tactics employed by cybercriminals. On the positive side, the episode emphasizes how AI tools enable cybersecurity professionals to efficiently gather and analyze information from diverse sources, ultimately strengthening defense strategies. Furthermore, Fair shares his perspective on blockchain technology as a game-changer in security, offering immutable records and enhanced supply chain traceability.

About Our Guest:

James Fair, the featured guest, is an expert in the field of cybersecurity and cloud services. As a representative of Executech, a prominent IT services provider in the western United States, Fair brings a wealth of experience to the discussion. With a focus on cloud security, he provides valuable insights into the challenges faced by cybersecurity professionals in the rapidly evolving technological landscape.

Topics Covered:

This episode covers a range of topics, including the mainstream adoption of generative AI, the implications for cybersecurity, and the ongoing battle between cyber attackers and defenders. James Fair sheds light on the nuances of phishing attacks, the evolution of ransom notes using AI, and the potential benefits of utilizing AI for information analysis and reporting. Additionally, the episode explores the transformative role of blockchain technology in enhancing security measures, particularly in supply chain management. The discussion offers a comprehensive overview of the current state and future prospects of cybersecurity in the face of advancing technologies.

Cybersecurity Vanguard: James Fair’s Impact on Fortifying Digital Frontiers

James Fair, a distinguished expert in cybersecurity and cloud services, brings a wealth of experience to the podcast as the featured guest. Serving as a representative of Executech, a prominent IT services provider in the western half of the United States, Fair has been actively involved in navigating the challenges and opportunities presented by the rapidly evolving technological landscape. His expertise extends to cloud security, an area of paramount importance in the contemporary digital era.

As a seasoned professional, Fair plays a crucial role in Executech, contributing to the company’s reputation as a leading IT services provider. The western United States benefits from Executech’s expertise, and Fair’s role allows him to actively engage with the cybersecurity challenges faced by businesses in the region. His practical experience and strategic insights make him a valuable resource for understanding the nuances of cloud security and the intricate dynamics of the ongoing battle between cyber attackers and defenders.

James Fair’s contributions extend beyond the realm of generative AI, as he also provides a compelling perspective on blockchain technology. Recognizing blockchain as a game-changer in terms of security, Fair emphasizes its immutable record-keeping capabilities and its potential to revolutionize supply chain management. As the podcast unfolds, listeners gain a deeper understanding of Fair’s multifaceted expertise and his role in steering Executech through the complex landscape of cybersecurity and emerging technologies.

Episode Transcript

James Fair: So you can imagine if you look up and you see this entire thread, you’re going back and forth, right? And then here’s a link and everything looks exactly the same. The domain looks correct. You click it, you’re going to pay it. That’s what happened. And they still owed the money of course. So unfortunately complacency is a really big deal in this day and age. We must remain ever vigilant. There is no time at which we’re going to be like, oh, I can relax now. We’re targets. And especially in the financial industry, you’re especially targets.

Jacob Hollabaugh: Welcome to PayPal, the payments industry podcast. Each week, we’ll bring you in-depth conversations with leaders who are shaping the payments and fintech world, from payment processing to risk management, and from new technology to entirely new payment types. If you want to know what’s happening in the world of fintech and payments, you’re in the right place. Hello everyone, and welcome to Pay Pod. I’m your host, Jacob Hollabaugh, and today on the show, we are going to be diving into the world of cyber security with every episode of Pay Pod, no matter what portion of the payments infrastructure world we are dissecting. What new fintech darling we might be speaking to. Every conversation we have had on this podcast always finds its way back to the question of security. In our highly digitized world. Bad actors are unfortunately everywhere, and our financial infrastructure stands out as the semi literal pot of gold for those actors to seek. So keeping our payments, our data, our everything in our lives secure is of paramount importance now and will only continue to grow in importance throughout our future. So today we’re going to look at cybersecurity in the financial industry as well as just in general. So for those SMB owners out there listening, this is going to be a lot of good information for you. I’m pleased to be joined by an expert in this world to walk us through it. I’ve got James Fair with me, senior vice president of IT services at Executech, the award winning managed IT service provider that’s been providing people first IT solutions for 20 years. James, welcome to the show. Thank you so much for being here today. Thanks.

James Fair: I’m honored and excited to be here. Man. This looks like this will be fun.

Jacob Hollabaugh: Yes, I’m thrilled to have you. As I say there in the intro, it is. While cybersecurity isn’t necessarily the focal point of this show, it is probably the. I don’t know if there is any other topic that is as reoccurring. Maybe I have been using the joke all year that I have to ask everyone about. I and I will eventually probably ask you about I at the end of this conversation, but literally every single episode that we have comes back to the question of, well, that sounds like a cool new thing you’ve got, but is it secure? Is it? Are we able to keep all of our data, all of our money, all of our everything is safe. So I’m very excited for this conversation. And I do know that throughout this conversation, the proper answer, probably from you for a lot of the questions, is going to be all of it’s important. Everywhere is important. So hopefully for you, myself, the listeners, we’ll keep that in mind. All of it is important and we’ll hopefully drill down on some specific areas while keeping in the back of our mind that it’s all important. But let’s start with some of the different types of threats that are out there that we should be concerned about today. What are some of the most common cyber threats that we see affecting the financial world? Either at the consumer level, at the institutional level, just in general, what’s the most common cyber threats that we should be aware of in the world of finance today?

James Fair: Yeah, great question. And before I dive into it, I do want to say that the only person who has a bigger target on their back than you folks is us MSPs have the keys to everybody’s kingdom, so we have the larger target. But yeah, unfortunately, we are all targets. And I’m sure this goes without saying that we put all these great cybersecurity tools and services and software in place to try to prevent these attacks. And the attackers out there know that. So they are obviously targeting the humans, the busy human being. It’s 6 p.m. they’re just trying to get through their 200th email. They just want to go home for the day, and they’re clicking on things they maybe shouldn’t have or getting a little more careless. So. So I want to say probably the number one threat out there is complacency. It’s a willingness to I’ve done this a hundred times now it’s 101. I’m just going to go through the motions. I’m not going to actually sit down and take the time to do it. And let me give you an example really quick of why this is so important. We worked with the financial organization that lost six figures not long ago, and the way it happened was that they were working with a vendor and the vendor’s email had been compromised. And no one knew this because we’re waiting, watching, looking at the transaction, going back and forth. And right as the amount was decided upon, that’s when the attackers made their move. They jumped in. They did reply to all. So all the previous email was in there. All the people in the were in the correct two and CC lines. The attackers had purchased a domain that had two V’s in the place where the original domain had a W. So you can imagine if you look up and you see this entire thread, you’re going back and forth, right? And then here’s a link and everything looks exactly the same. The domain looks correct. You click it, you’re going to pay it. And that’s what happened. And they still owed the money of course. So unfortunately complacency is a really big deal in this day and age. We must remain ever vigilant. There is no time at which we’re going to be like, oh, I can relax now. We’re targets. And especially in the financial industry, you’re especially targets. The next part of this would be what we see mostly is also impersonation and credential harvesting. So phishing attacks, this is probably the most common attack vector we see out there in the finance industry. Most of us are pretty good tools in place, security services in place. What gets them is the phishing email. Someone’s from a fake fake domain sends an email trying to change their ACH information or things like this. That’s probably the most common thing. We see ransomware that’s not going away and that’s been in the news a lot. I will say those are probably the top three things that we see out there.

Jacob Hollabaugh: And with that, I’m guessing to extrapolate from that answer what the answer to this might be. But where are then the biggest vulnerabilities within? Is the financial ecosystem actually located? Is it much more so on the employee or consumer level like my phone, my device, my email? Or is it the financial institutions themselves? They’re the data center that they might be running? Or where do you see the most common entry points for if someone’s trying to get into a bank and get into a large financial institution, a company where the most common entry points for it? Is it more on the personal level or more on the company-wide level?

James Fair: I’m going to say there are probably two answers to this because we certainly see this impersonation attack. We see what we call spear phishing attacks, where someone’s targeted and they’re coming at them from different directions. But there’s also an infrastructure concern as well that we see most often are outdated servers, and unpatched systems, not the latest firmware. That’s probably as far as not human aspect goes. That’s the number two thing I would look at is outdated equipment, outdated software, outdated firmware, switches, routers, firewalls, and anything like that. That is an area I think it’s overlooked. Far too often we don’t do good inventory. We don’t see where the updates are. We don’t know if there’s a hack on the latest switch we’ve got in our environment. So I’m going to say out-of-date servers and equipment. It’s probably number one.

Jacob Hollabaugh: Okay. That leads me to then in a similar vein, most of the companies we talk to on this show are one of the big themes is all these little niche service fintechs that have started up that as a service world, has just exploded in the last half decade especially. And so the the financial ecosystem already was a complex web of data, money, and everything moving around. And it’s gotten astronomically more complex in recent years as more and more little companies come in and add to someone’s tech stack and suddenly where things were never streamlined before. But certainly, if the old way of things had a tech stack that was pretty streamlined, whether it was up to date or not is obviously a question. But nowadays it’s that Tech Stack has had an integration in all of these little pieces and parts to it. And I’d imagine from your standpoint with what your company does, my guess, my theory would be that makes things a lot harder for you because it does open up all of these extra entry points or all these other places that, yeah, they’re new fancy fintech companies. So hopefully their security standards, their text is up to date and you’re adding nice, flashy new tech, but you are still adding a bunch of extra things. Am I on the right lines? That’s probably making what you do more complicated when you go to work with a company and keep them compliant and you’re like, wait a minute, you have how many partners you have? How many touching your tech stack Here? Am I on to something with thinking that’s got to make what you do a lot harder?

James Fair: Yeah, absolutely. I get the question often like, well, if we introduce in the system let’s create risk. Of course, it’ll create risk. Everything we do creates risk. Everything we plug in at creates risk. And now we’re creating risk. That you put it very well right? Is that the vendor we’re engaging with? Are they properly secured? Did they go through the procedure? We know we did. But are they and is the next person of them flawless? You know probably not. Right. Chances are pretty good that this is going to be a concern. And APIs are still, as far as technology goes, still fairly new. I interviewed an API specialist not long ago. They were a security API security specialist, and they said something like 80% of the requests out there from the internet are all API-based. Now, if you think about a cell phone, it’s all API calls, right? There’s nothing else going on. And the same thing in the financial industry whenever we’re just doing all these integrations with everybody. Well points. Com I’m sure everyone’s familiar with that one. That happened pretty recently, right? I go in and give myself unlimited miles. And so that’s an example of an API left open. So I don’t know if anyone knows. But the data that was extracted from there was out of an API. They just sit there and pulled all the data out of the API call until they had it all. So yeah, APIs are a potential threat. There are definitely things that API developers should be doing to ensure that their systems are as secure as they can be. What? There are obviously security best practices, but what I don’t see a lot of is that there’s a framework called OWASp. I’m very familiar, with this Wasp open-world application. Okay. So you’re familiar with it. So I think that needs to be applied to the API developers as well. So let’s make sure we’re taking that framework and applying it to APIs. We’re protecting the security from applications at that level as well. Because there is no compliance regulations there are no minimums. You have to have an API security. We’re just all hoping we’re all doing the right thing out there. There are no vendor risk assessments that involve APIs that I’m aware of. So yeah, this is a big challenge for us out there and one that we really need to get better about because there are just way too many out there. There are thousands, right? Every day, thousands of them are added.

Jacob Hollabaugh: Yeah, I’ve talked to a lot of them. And that actually was something I wanted to ask you about. The word compliance is really the way security ends up coming up on this show often is that first, the word compliance comes. So I know there are all of these standards. Does that have to be met in the financial world from a cybersecurity standpoint, that there are actual measures to be compliant with everything? And like you said, it’s one thing for is our company compliant, but now is this new vendor we just added also compliant. But you reference there. Those compliance standards may maybe different for each part of this world or something like APIs may not have the same compliance standards as a different part of your tech stack might. So is that true? And then also just with that where you use the word best practices as well, where would you say compliance standards that everyone has to meet is required to meet are in relation to what actual best practices are? Is there a big gap there between hey, we did what we had to do, we’re compliant versus or is compliant also pretty close to best practice?

James Fair: Yeah, that’s a good question. Lately, certainly, we’ve seen those compliance regulations become best practices, there’s no doubt. And that in cyber insurance are actually the ones that are pushing the edge that we see the much-needed change that we need out there. So while I’m not thrilled that insurance companies are deciding for us what needs to be implemented, I’m glad that is. Frankly, we’re getting some minimum because if you want insurance, you have to have these things in place. And yes, absolutely, that’s true across the board all the way up to compliance spectrums. But soc2 and those kinds of things, are stringent. They’re diving into your development systems. They’re making sure all of that is properly laid out to avoid attacks whenever possible. So it’s definitely out there, just not yet really with APIs yet.

Jacob Hollabaugh: Yeah. Well, I do like hearing especially the Soc2 one, because with many of the fintechs I have researched always, they always do a really great job of having like their business timeline on their website available or somewhere available. And one of the biggest milestones is always like Soc2 certification and everything. So I like actually hearing that, hey, that’s not just them trying to check a box to the person. Researching them or looking them up like that actually is a big milestone for them. They it’s hard to do and they did it. And now that actually does mean something for the company.

James Fair: And it’s ongoing. So they’re they’re maintaining compliance. Someone’s checking and monitoring their stuff as they go. So it’s impressive for sure.

Jacob Hollabaugh: So, you’ve referenced a couple of different recent news stories. And we have there’s these are always happening unfortunately that’s the world we live in. That’s why companies like yours exist because we need to obviously be fighting the good fight against it. We did, unfortunately, have a recent news story about a bank specifically being hacked. Could you tell us a little bit for those who weren’t familiar, didn’t realize that it happened, what kind of happened at Hatch Bank and what what the vulnerability was and what use that as a way to highlight the importance of everything that we’re talking about here?

James Fair: Yeah. So this was a bit of a scary one. And I use this as an example. So I’m sure most of you know that Maine is requiring disclosures of and that’s so that’s where we’re getting all of our information. We can go look at Maine reports and then we pull out information from there. So hatch Bank reports 139,000 customers had been hit by an attack by a breach. And when it was traced back, it was nothing these folks did wrong. It was what they call a zero-day attack. I think most of your listeners are familiar with it. It’s a vulnerability that no one knows about or hasn’t fixed yet. In the security software, the bank was using. Right? If it’s your security software breach as the breach, then what chance do we have? Right? That’s the attitude I get, right? Okay.

Jacob Hollabaugh: Now what if that’s the way that the place they get in? Then I guess all the doors and windows are open.

James Fair: I’m going home. Forget it. So this is a really good lesson for every potential vendor. Even your security vendor is a potential breach is a potential attack vector. So let’s prepare ourselves as best we can to deal with that eventuality as well. That’s unfortunately, the only way to do it is let’s do a scenario where that vendor is attacked or breached. Let’s do another scenario where that vendor is breached or attacked, and let’s step through all these. How do we react? What are we going to do if this happens? There is no better planning than those exercises and those tabletop just even simulating. Hey, let’s step through it. Okay, I’m going to do this. I’ll do that. And people go, oh, we forgot about this and we add things. So tabletop any kind of vendor breach is super critical. Yes, it’s important we check for a power outage and the internet going down, all those other ones. But let’s also make sure we’re dealing with vendor breaches as well.

Jacob Hollabaugh: And those, I made me laugh a little inside when you mentioned the trainings and different things that could be done or the testing and like let’s actually go through the systems. Employee education is paramount in this world. It’s one thing for at a big financial institution, the CTO and whatnot, to get together and put new standards in place, bring in a new security firm like yours or whatnot to work with them. But it really is passing all of that down, because earlier in this conversation, we talked about, a lot of the entry points are that phishing emails to the one random employee at 6 p.m. when they’re tired and they don’t recognize that two V’s instead of a W, so they click on it. And we had talked before we got on the microphones here that I, in a former life, did briefly host a cybersecurity podcast. And one of the most interesting episodes that I had done was with someone who they had for an IT management firm, but their main real goal and driver was building better education software because probably anyone listening that has worked for any company. And think of the once a month you have to watch the five-minute video on like where phishing emails and right. They’re not always the most entertaining or interesting, and it’s just the thing to get off the to-do list like another email itself for a lot of people at a company. And so I was really fascinated by the one conversation I had about, like, that’s the most important thing is educating the employees on what they need to be doing or looking out for and finding ways to do that isn’t totally boring or snooze fest for the employees that they’ll actually take in. This is a huge risk, and I should do this, and it’s not too bad to get through. So hopefully that person finds a lot of success and we can continue to help folks be a little more educated in this world. Your company, Executech, uses what you call a risk register and then you have a risk scoring system. I don’t think that’s anything that’s pretty typical across the industry, but I’m interested to know, can you describe to me what the risk register is and then how you come up with a risk score for a company, what the kind of factors that go into that score are?

James Fair: Yeah. Great question. Before I do that, do you want to touch back on what you said and thank you for doing that because that is, like we said, that busy human being is the most common attack vector these days. So let’s make sure we’re a person. And in some cases I get pushback from organizations saying, well, we don’t want our people to feel embarrassed or stupid, and people get that a lot. Like, oh, I clicked on that. Oh man, I gotta watch this stupid video. Why are you punishing me this way? And I do want to try to reset that mindset that what we are doing is not trying to embarrass anyone. What we’re trying to do is raise awareness. We see it all the time. We go into an organization, we do an internal phishing campaign, and for the next month, we get bombarded by email. Is this legitimate? Hey, is this real? And then it starts to fade out over time. So people become complacent and they get used to doing it. So periodically redoing that. And I encourage people, yes, you could do the five-minute once-a-month thing. I encourage doing it on a kind of surprise. From our perspective, we are trying to get people to click on things, not because we’re trying to embarrass them. We’re just like, oh, look how good I am, but because I want to show you where your weaknesses may be.

Jacob Hollabaugh: It’s not embarrassing, by the way, the thing that it is and you should never hopefully the companies treat if something goes wrong. The people that are at the behest of it kindly and fairly and help them out and everything. But it’s not embarrassing to fail a fake test that your company is trying to teach you something. It probably is. If it ends up your company loses millions of dollars and you’re the one that clicked on the email or something that started it all off, you’re probably talking to your therapist about that. One of like, I feel a little bit of guilt over this one. Yeah. So that’s what we want to avoid. So small little bits are fine to deal with to help avoid the big one.

James Fair: Absolutely. So all right. So yeah there’s a lot out there. We get news every day. There was a phishing campaign a video phishing at MGM Caesar’s Palace. Someone called the help desk and took over like so these things are in the news, in my experience, they tend to drive the priorities of the security teams, right? Teams and organizations. And this isn’t anything new I’m sharing here. But instead, let’s do things based on risk. So let’s make sure we’re prioritizing based on what’s at most risk for this particular organization. And it’s different across the board for everybody. So what we do initially when we sit down with a company is we put together a list of everything that could potentially go wrong. So that’s from internet outage and power outages to phishing attacks, laptop stolen, whatever it may be a zombie apocalypse, a pandemic. There we go. That was one we didn’t have on the list for a couple of years ago. But these are things that we need to address now. So let’s put every one of those things on risk. And as other things come up in the news, in our day-to-day, if someone gets a phishing email like, oh, let’s add that as well. Whatever it is, let’s continuously work on a list of risks that are out there to the organization. Then let’s call them in a couple of things. Number one, what is the likelihood of that eventuality occurring? Okay, ransomware or a phishing email. Yeah, really likely right? Zombie Apocalypse is probably a pretty low pandemic I don’t know. I don’t want to guess anymore. So let’s take that. And then let’s also look at the impact. So should this event occur. What’s the impact? Someone gets a hold of an account. It could be pretty serious. If someone gets into our server it’s catastrophic. So then we score these let’s say the ten scale on both of those. Then we can combine. Or I like to multiply those two numbers together. Now we’ve got a risk score. Now we can sort based on that risk. And now we know what to work on first and second and third. And yeah there’ll be some things like okay there’s some low-hanging fruit. The third one on the list is very easy to do. So let’s implement that one first. But nonetheless, now we have a path laid out. So now we work the organization to because not everyone has an infinite budget. So let’s work with the organization to create a roadmap. Yes, we would love it if you would implement these 37 things right now, but it’s probably not realistic or it’s going to be too traumatic for the users anyway. So rather, let’s put a roadmap together. Let’s put a plan together where we’re going to implement this at this stage. We’ll start this next year. This goes into the next quarter. We’ll bump up our number of whatever it is. Let’s map out a path to success for the organization that works in its budget, works with its administration, their overhead. So it’s a collaborative effort. I’ve seen too many security firms want to go in and rip everything out, and then users are just up in the arm. Because nothing’s working. They can’t do the job that we used to. I want to avoid the adversarial relationship, and instead, let’s make it collaborative. So it’s really what we want to do. Let’s make a list of risks, and work with the business units to create a roadmap. And let’s start putting these things in place.

Jacob Hollabaugh: Yeah love that sounds like a fantastic approach. Let’s finish off by talking about some new technology I referenced earlier. I do the other most. The Common question of this episode is the one I’m going to ask you now. 2023 has been the year that generative AI went mainstream, is being adopted by anyone and everyone, and is advancing rather quickly, we too quickly, even the heads of it would say, as we see the chaos that ensued a week or two ago, which certainly made the rest of us all just feel so great to see all of that happening already. So that’s for a different podcast, though. How much does the proliferation of AI and other new technologies make your job? Both? I would assume harder in a lot of ways, but also easier because you can use it yourself. It seems like it would just accelerate this ever-going battle of the bad actors, the hackers of the world, versus the cybersecurity professionals of the world trying to stop them. Is it made it harder, easier, a little bit of both, what’s the impact from your point of view?

James Fair: That’s a really good question. I’m going to say both. So it has assisted the attackers. It’s making it easier for them to do their job.

Jacob Hollabaugh: Now those phishing emails definitely look a lot better. It was exactly. It was great. I remember growing up how easy it was when it was the prince from whatever country and half the words weren’t spelled correctly. And it’s like, well, they don’t need to speak English now to use ChatGPT to write an email.

James Fair: Every security awareness training, I ask people, what’s the red flag for you for phishing emails and the answers are always the same.

Jacob Hollabaugh: If half my coworkers use ChatGPT already, then I’m not going to notice the difference when a hacker uses it to write it.

James Fair: Exactly. So it’s only a matter of time before every single ransom note is out there we’re going to have ChatGPT for bad actors right there. Write me a ransom note. Now comes this flawless ransom note. On the plus side, I can use AI in a way that has never been available to me before. I can use AI to gather multiple sources of information and find the commonalities between them that humans may not be able to do right. The SIM type of approach, however, you pronounce it, coordinates events that may be disparate. Now I can do that. Or I could say, hey, grab me every event from the last seven days and create me a graph and a spreadsheet, like whatever I want to do now I’ve got reporting is so much easier for me to do. I don’t have to go create the thing and try to put in the data points and pull all that out myself. I just go tell AI, hey, I need a good graph and here’s the information I need. So in that respect, it’s been a blessing for us because in the security world now we can gather information from multiple sources, collaborate that together, look for commonalities and alert based on that. So it is both a plus and a negative. And of course we also have the security challenges of okay I’m going to use an AI, learn some code, but I put my own code in there. So now that code is available to the whole world. And so now we’ve got code protection and other privacy concerns that come up that’s a little bit different and probably different situation. But in general, the answer is both.

Jacob Hollabaugh: Yeah. Just makes it the new frontier of the same battle on the same two sides.

James Fair: We both got different weapons to use.

Jacob Hollabaugh: Yeah. New weapons, but unfortunately delivered to both sides at the same time. Yeah. So the one other technology that I wanted to ask about is blockchain technology. And we occasionally cryptocurrencies certainly come up within the financial world now a little they’ve cooled off a bit. But the underlying technology the blockchain technology has not necessarily cooled off. That was the one easy way for that technology to be understood or potentially adopted by a bunch of people and went crazy during the pandemic and everything. But while people might think what they want to think about cryptocurrencies, blockchain tech is still here and being adopted in different ways. I would imagine the whole idea of blockchain being this radically different type of setup and server and decentralized. It means a radically different way to secure it or keep it secure. So is that a huge headache? Is am I is blockchain actually way easier? Or what does the cybersecurity world think of blockchain technology?

James Fair: I’m not gonna get into crypto. This is a financial understanding. The audience may vary on that. But blockchain is absolutely a game changer. There is no doubt about this. This is an absolute game-changer in terms of security. So for any kind of supply chain, it’s 100% of a game changer. It is absolutely secure. I have been nothing but impressed by it. The more I look into it, the more secure it is. And yes, there are bugs and flaws. There’s a Bitcoin development team constantly updating as they find problems with it and that won’t change. Blockchain is going to be the same thing, but whether it’s a public or a private blockchain if you’re doing any kind of supply chain, I would 100% recommend looking at blockchain. It is an absolute game changer to be able to track a piece of broccoli from the farmer. All. All the way to the person that bought it. That’s impressive and have no way to for that. I don’t want to dive too deep into the technology of blockchain itself, but the way the blockchain is built is such that previous records cannot be modified. So it’s an immutable record in time. It’s very secure. And so far I am nothing but impressed by it and I hope we deploy it everywhere. I hope the web turns into a blockchain method actually.

Jacob Hollabaugh: I love hearing that certainly. Where would you say that your industry is in adopting to being able to offer similar services as you do now for blockchain technology, or is it going to be brand new companies and people that come up with, uh, these are the measures, these are the compliance standards, We know how to do it. We can help you out with it? Or Is your community and industry slowly but surely adopting that into what you do?

James Fair: That’s a really good question, and it is one that we’ve not addressed yet. We’ve looked at it and thought, okay, this is coming and we need to want to get ahead of it. I think it starts with blockchain tools, the ability to pull data out of that blockchain and do so securely. That’s really where it starts. But as far as the security in our world is not there yet, we deal primarily with SMB space. Not a whole lot of people come to us. We want a blockchain for our 30 users. So yeah, not yet, but it’s coming.

Jacob Hollabaugh: Yeah. ?It’s one of those the market has to be there first. And it’s going to be it ends up being a chicken and egg scenario of like the market needs to get big enough for there to be the companies that say we service just that, but then, the market to get big enough. They need the companies that would maybe service that. And at some point, there will be a tipping point where it’ll be a big wave will crash over us. So James has been a real pleasure for those listening who may want to either follow you or learn more about what you do, and what Executech does. Keep up with everything you and the company have going on, where it’d be the best place for them to go to find you.

James Fair: Oh well, you covered it really well. I appreciate the intro. There we are. Executech comm. We are our cloud security and IT services provider in the western half of the United States. And probably the best way to reach me is for us. We set up a separate site just for podcasts. So it’s executech.com/cast. I’ll spell execute. It’s executed.com.

Jacob Hollabaugh: Wonderful. We will add those and many more links in the show notes below. So anyone listening wants to check it out, just use those. And James has been a real pleasure. Thank you for your time and knowledge today. I’ve greatly enjoyed it and hope to speak to you again sometime soon.

James Fair: I look forward to it. Jacob, I hope everyone out there, stay safe out there. It’s a dangerous world folks. So be safe and have a great holiday. Thanks very much, Jacob.

Jacob Hollabaugh: If you enjoyed this episode and want to hear more, head on over to soarpay.com/podcast to subscribe to your podcast listening platform of choice. That’s soarpay.com/podcast.