dnsUNFILTERED: Cam Murphy, Sondhi Solutions

Podcast > Episode 7 | November 01, 2023

In this captivating episode of dnsUNFILTERED, we invite Cam Murphy, a seasoned cybersecurity expert with nearly two decades of experience in various fields, including the US Navy, Raytheon, and Sondhi Solutions. Join us as we delve deep into Cam‚Äôs remarkable journey through the world of cybersecurity, electronic warfare, meta-data analysis, information systems, and leadership.

View Transcript ▼

[00:00:00] Mikey Pruitt: So I'm here with Cam Murphy of Sondhi Solutions. Cam, tell us a little bit about yourself.

[00:00:06] Cam Murphy: I am the cybersecurity director here at Sand Solutions. I've been at Sondhi Solutions for about 18 months. This is the first M-S-P-M-S-S-P. That I worked at. Prior to that, I worked at a small penetration testing company for a little bit.

Prior to that I was in defense contracting, where I worked at Raytheon Technologies Raytheon. I worked in their cybersecurity engineering department. So I really learned a lot there was able to do all kinds of cool things with the weapon systems, both weapon systems that were already fielded and in use.

And weapon systems that were brand new in development. So that was a really exciting opportunity. I was able to do cybersecurity, engineering and penetration testing and all the different types of assessments that are required for military systems in order to, either remain fielded or get permission to be used.

And then prior to that, which is how I got into Raytheon, I was active duty military. I joined the Navy right after high school. Just lucked into a really good field. Didn't really know what I was getting into. I knew I wanted to be electronics technician of some sort. And that's exactly what the recruiter signed me up for.

And I went back, looked at it, I said, Hey, I wanna be able to get outta here sooner. What else can we do to move my. Departure data up. So he looked at it, he said I can get you something close to electronics technician, but it's in the cryptography field. I said, I don't know what that is, but it sounds cool.

So that's why I say I lucked into it. So what I ended up doing was electronics maintenance onboard submarines. So I would install kinds of equipment onboard submarines. They'd go out, do their mission, come back, and then I'd uninstall all of that. I was about to get out after one tour was, lucky enough even to go into, to go to Pearl Harbor.

That was my first duty station. But thought about getting out after that and the Navy said no, don't get out. We're gonna do this new thing and we need technicians to do it. We want you to go into cyber. And I said, all right I would reenlist if I can go into cyber. That sounds cool.

I was a young man. I had no idea what I was doing. Just the opportunity was there. I, lucky enough, I said yes. So they sent me off to training and got into cyber exploitation analysis. Analyzing networks and doing reverse engineering. And at first I totally hated it because I liked working with my hands.

But I learned to love it because it's very much like solving a puzzle. And when I found out what I was doing is actually creating target packages for offensive cyber operations, it became a lot more exciting. So I stuck with it, really dug in, and I think found my niche there. We can, safely say.

So I ended up doing some work for NSA satellite site. Actually had the opportunity to go up to NSA work with some of the other agencies up there building some more specialized target packages. I was actually gonna get out again after that tour and had the opportunity to go into Navy Special Warfare.

I found out Navy Special Warfare. They needed nerds like me to take 'em out there and do operations. So that instead of seals kicking down every door, we enabled them to have to only kick down one door. So it made operations a lot more safe, a lot more expedient, and more accurate, ultimately catching the bad guys.

So really over the course of, almost a 20 year career, I've been able to do offense, defense exploitation, cyber. So I feel like I can. Sometimes I like to joke, say I'm the state farm of cybersecurity. I know a thing or two because I've seen a thing or two. And I'm also getting old.

So that just becomes more applicable.

[00:03:44] Mikey Pruitt: That's great. You you said a lot there, cam, I'm not even sure where to start. I didn't realize you're, you had, you served, so you retired out of the military then, 20 years, correct? Yep. That's awesome.

[00:03:57] Cam Murphy: I actually, I did 16, ended up taking a medical retirement.

[00:04:00] Mikey Pruitt: Yeah. It's like same thing on paper. So you had three distinct jobs it sounds like in the Navy. You started off, working with your hands doing repair or some type of deployment. Let's tell me a little bit more about that or what you can, 'cause I know you did say submarine, so I'm sure there's a lot of things that are not allowed.

[00:04:21] Cam Murphy: Yeah, sure. So I, yeah, obviously I'll give you the unclass version here. I'll get in trouble if I go too deep, but yeah, so that's not a submarine pun, by the way. It was a good one. Yeah. So my accidental, so yeah, my first gig in the Navy doing the crypto tech maintenance is the shorter version of it.

Basically that took me to Pearl Harbor working in the submarine fleet submarines that deployed in the Pacific Fleet. What the mission was there is those submarines would go out, they would patrol, they would come back, but also sometimes they would do special operations where they needed different type types of equipment.

And for those different types of equipment, I was the installer and maintainer. So we would outfit new racks completely new equipment racks, install completely new equipment, run cables, all the antennas, all the different cables that were needed. You're talking about maybe. 40 boxes of equipment with a thousand cables.

And so we would go in there, a four man team, get all that installation done. One of the maintainers would stay on that boat during its deployment and then, make sure everything was continued to run. So I did a few of those deployments as well. And then when the submarine came back at the end of that appointment, we would uninstall everything, get everything out of there for the next boat that needed up.

[00:05:39] Mikey Pruitt: Very cool. So you were installing equipment at beginning and then it sounds like you transitioned into cyber where you may have been, operating with the software or whatever is happening on that equipment.

[00:05:52] Cam Murphy: Similar. Different, yeah, similar. So it was technic, it was a completely different field.

They, I had to do what they call cross rating, which is actually changing your job title. To go from, so I was actually CTM maintenance, so Cryology technician Maintenance, and then I went to Cryology Technician Network, so CTN. So one small little change of the alphabet there alphabetically had a big difference in job type.

So I went from being an electronics technician to cybersecurity analyst at the time.

[00:06:25] Mikey Pruitt: I gotcha. And what type of tools was the cyber unit in the Navy using at the time?

[00:06:31] Cam Murphy: So the tools that I had access to that is something that I'm not actually gonna be able to talk about because that was, so I worked at an a satellite site for the NSAI.

Gotcha. The satellite site that I worked at was in Pensacola. We had access to a lot of the databases that NSA uses for analysis. So I was monitoring the data that would be collected on our targets by the NSA. So the specific tools that I used can't really go into what those are. Over the years there's been plenty of leaks and dumps that have come out on that.

None of those I can,

[00:07:07] Mikey Pruitt: I can either confirm nor deny. Yeah, totally fineing

[00:07:12] Cam Murphy: that.

[00:07:12] Mikey Pruitt: Yeah. So like, how would you say that you were. Like, there's the red team and blue team and purple teams, colloquial speak, colloquially speaking. Would you say you were on one of those?

[00:07:26] Cam Murphy: No. So red team, blue team those typically imply that the cyber teams that are doing, those are red team and blue team.

Against our infrastructure, the US infrastructure. So they exist to improve the infrastructure of the United States. And of course our partners, our allies as well. The red team goes in, they try to they do the red teaming against the US military infrastructure. Blue team goes into NU and fixes.

[00:07:55] Mikey Pruitt: Cleans up. Yeah,

[00:07:56] Cam Murphy: exactly. So typical red team, blue team, I was never on a red team or blue team. I was specifically focused on. Enemy infrastructure. So everything that I did was building those target packages against our enemies for follow up offensive cyber operations.

[00:08:12] Mikey Pruitt: I gotcha. So after your stint and more of the hands-on installation maintenance, you did cyber kind of networking, and then you went on to special warfare, I believe you said.

[00:08:24] Cam Murphy: Exactly. So after that sounds

[00:08:25] Mikey Pruitt: even more classified, so maybe we'll just leave it there.

[00:08:29] Cam Murphy: It's probably less so to be honest. You know when the Special Warfare teams go out, they make a lot more noise. It's a lot more kinetic and it's a. It's less sensitive to talk about things that were done rather than things that are coming up.

If you find people that are in special warfare today, they're probably not gonna tell you what they have coming up. But, things that happened years past Less sensitive.

[00:08:51] Mikey Pruitt: Yeah. And it, so it sounds like you really had every aspect of cyber and, attacking, for lack of a better word, like you saw some kinetic, you saw networking, you saw the equipment, like you had your hands on a lot of stuff. What do you think is like some of the key things that you learned or like just a mind shift change that really sets you up to be like a cyber leader in your future career?

[00:09:19] Cam Murphy: I would say one of the similarities between digital effects and kinetic effects is ultimately they can have the same end result. Obviously when a bomb gets dropped and makes the big boom and changes the battlefield that's pretty obvious. But a digital effect, something sent digitally can really have the same effect.

It may not be as obvious at first, but the end result. Can be the same, if not worse than dropping a bomb. There's been plenty of stories over the years as far as some of the effects that have destroyed Iranian, nuclear enrichment facilities. That was a digital effect that had a very large kinetic effect.

And it's not surprising to me that the military actually finds pilots and officers that are familiar with ordinance and calling in kinetic effects, and they're transitioning them into cyber because they understand. Battlefield effects and effects over the cyber domain can have much of the same impact.

[00:10:22] Mikey Pruitt: Yeah. So it's no, no oddity that the cyber industry has adopted the right of boom terminology. 'cause it's like you say, it's very similar sometimes even more effective.

[00:10:35] Cam Murphy: Yeah, sometimes even more effective. Yeah. It's everything's traceable now too, to a larger degree. So I think people are getting away with a lot less now.

It's, there's a lot more digital footprint. And

[00:10:46] Mikey Pruitt: do you mean in private life or in like military life or both?

[00:10:50] Cam Murphy: Both honestly, because the cyber community has gotten much larger. Now granted, we're still undermanned, but there's so many more professionals today in cyber, in cybersecurity than there were 20 years ago.

So just the. We've learned a lot of lessons since then. There's a lot more people looking at the digital trails, if you will. And for that reason attackers have gotten smarter. But so have the good guys. It's it's, you're gonna continue to be a cat and mouse game, for sure.

[00:11:19] Mikey Pruitt: Yeah. Let's put a pen in potential privacy discussions.

Maybe we'll pop that up again in a bit, because I would like to get your thoughts on how Cam Murphy stays private in his personal life. Maybe some tips for your friend type of stuff. I'm sitting here doing

[00:11:34] Cam Murphy: A interview with Mikey Pruitt here, so maybe not enough.

[00:11:39] Mikey Pruitt: Hey, I'm very convincing, so you're out of the military. You're basically like a dream come true for someone like Raytheon. They've been waiting for you, their whole business careers and, you're, you come and do you, are you applying for jobs at Ray Raytheon or are you recruited that look?

[00:11:56] Cam Murphy: Yeah, certainly I never looked at myself that way. As far as I was God's gift to Raytheon or anyone else. I would never think that about myself. I worked. Everywhere I've worked, I, I've never been the smartest person anywhere that I've worked. There are, working at the NSA Special Warfare, Raytheon Penetration Testing companies, even here at my MSSP, they're, we, I have been fortunate enough to work around some very talented individuals.

Raytheon especially, that is a mega corporation defense powerhouse, and there are some very gifted minds there. I think I was set up to be able to go into Raytheon, transition into Raytheon, right out of military service because for a couple of reasons, honestly they're developing weapon systems that I had used.

But one of the things that impressed me is working with their field service representatives or their FSRs, as they call it. Basically the technicians that travel with their systems to make sure that the military operators know how to use 'em. They were some of the most professional and most talented people that I had met while I was in service as far as the civilian community went.

And I had worked with several other companies and the types of companies that had developed the weapon systems that we use. But Raytheon stood apart to me at that time for being one, developing very good systems, very intuitive systems with very good interfaces that were very easy to understand, but yet extremely effective.

And all the professionals that I had met. That traveled with that equipment that instructed us on how to use the equipment. Definitely a cut above. So I knew that I wanted to work there. It was actually the first job that I applied to. At all. So the very first job I applied to out on my way out of the military, it wasn't the last job I applied to.

Obviously I applied for others, but I did get that job ultimately interviewed and get hired for that job.

[00:13:46] Mikey Pruitt: Were you looking to do one of the jobs that you had seen in your military service or something else?

[00:13:53] Cam Murphy: Yeah, I had looked at, because obviously I was coming outta special warfare, I was traveling all over the world and getting to use equipment in the battlefields and I didn't want to, get too far removed from that.

So that's why I looked into that field service rep field service technician role. But because of family, I also knew I wanted to come back to Indiana and Indianapolis is a very large city. There was a lot of opportunity in Indianapolis. Then as there is now, and Raytheon just so happened to have an office in Indianapolis, which is why I applied to the roles that were available at that office.

And I found out they had a cybersecurity engineering team that was working on several systems.

[00:14:33] Mikey Pruitt: What do you think the main differences are between your military career and your, stint at Raytheon? Raytheon is like dipping your toe out of military service. They're still very connected, but it's, it's definitely on the vendor civilian side.

So what were the differences you saw?

[00:14:50] Cam Murphy: Yeah, that's a very good way to put it. It's it is a very graceful transition out of military service because you're still very much working with military. The military is your customer you go from serving in the military to serving the military.

So that transition is quite a bit easier. I believe, or certainly was for me, I'm sure. But you still do have to learn the differences from working in the military and working in the civilian community.

[00:15:18] Mikey Pruitt: Yeah. There's probably a lot of

[00:15:20] Cam Murphy: that's more difficult than it is for others. So yeah,

[00:15:23] Mikey Pruitt: there's probably a little bit more social things that you have to be more cautious of.

Yeah. Like office politics type of things in the military, it's like somebody tells you to do something, you just do it.

[00:15:36] Cam Murphy: Yeah. There, yeah. There's definitely that. Distinct chain of command, but there's a little bit more wiggle room on the professionalism within the military that, you still have your boundaries and everybody knows those boundaries, but that wiggle room gets a lot tighter on the civilian side than it is in the military.

[00:15:54] Mikey Pruitt: Gotcha. So after these, military service close to military service at Raytheon, you were, seemed, it sounded like dabbling, like you were honing your skills perhaps. Like what would you call the period between Raytheon and Sandi?

[00:16:10] Cam Murphy: Going into Raytheon, that was my first defensive job in cyber.

Everything else was exploitation and offense. And then now post-military, it's all been about defense. How do I harden the system? It's not just about breaking into it. How do I harden the system now? So an MSSP was a natural landing point for me, I believe because. Having worked on the offensive and exploitation side and understanding how those target packages are built to going into Raytheon, where you learn all the processes and all the different types of ways to secure those systems.

And then landing at the MSP, now, bringing all of that knowledge with me and helping defend our clients, which are we have a wide range of different types of clients and different businesses. And just bringing all that experience to be able to help them understand. The risk, the actual risk that's out there.

And then two, the mitigations, not all risks are you have to accept, we can actually mitigate a large number of the risks. So being able to explain that to 'em like that is the best part of my job. Being able to develop solutions for them that are attainable, realistic, affordable, and effective. That's the best part of my job.

[00:17:27] Mikey Pruitt: Yeah I can see how you would enjoy that because it's almost like you're doing exactly what you were doing in the Navy. Like you are a shield to people, to protect them from the bad guys, for lack of a better term. And that, Sandy, did you did they have an existing MSSP style department or were you one of the kind of instigators of that

[00:17:49] Cam Murphy: science solutions actually started as.

A staffing and recruiting firm. So it was more around HR services providing talent acquisition for our clients. From there, we saw the common pattern of. Our clients needing IT services. Our owner and CEO, Jason Sandi had a background in it and just a general interest in it and started standing up the MSP side.

You can see where this story's going. Now we've got our clients good IT services, they need cybersecurity services. So it was about almost five years ago, the MSSP side was stood up. Cybersecurity services started becoming part of our standard offering. A good friend of mine, actually, Cody Tyler, who you've met was the first cybersecurity professional to be hired in to work on the MSSP side.

He took what they had, which was a couple of cybersecurity services, and started changing that into an actual cybersecurity package that we could start to offer. Of course over the, over several years after, up to today, we still continuously evaluate the solutions that we have to make sure that they're effective and affordable.

Over the last 18 months, that's exactly what I've been doing. Obviously, we wanna secure our clients today, but cybersecurity's evolving, so we can't just stay still. We have to make sure that the partners that we have. In developing the solutions that we offer, we have to make sure that our partners are evolving, that the products are continually improving, new features are getting added, and if they're not, that's when we have to start to look for other partners because there's, the attackers are on the move.

Our solutions need to be improving.

[00:19:30] Mikey Pruitt: Absolutely. Did you maybe see hints across the internet about DNSFilter adding URL filtering to our DNS security?

[00:19:41] Cam Murphy: I have not seen this, I'll be honest.

[00:19:43] Mikey Pruitt: Spoiler alert. It's coming soon. We'll put you on the beta program for sure.

[00:19:49] Cam Murphy: Awesome. I must have missed that alert.

So good to know. It

[00:19:51] Mikey Pruitt: wasn't an alert, it was more of a hidden Reddit comment or two.

[00:19:56] Cam Murphy: Oh, good. Good. No, and believe me, the we need to make sure our partners are continuously evolving. That was no threat at DNSFilter. Oh

[00:20:02] Mikey Pruitt: no. We I love that about you and about a lot of our partners. 'cause we don't want to be complacent either.

And as long as we're getting pushed, we are going to keep pushing. So we totally at DNS folder appreciate aggressive strategies, for security. So let's step back for a second though about Sondhi Solutions, it sounds like they evolved naturally to, into an MSP. It's a very common thing like where, maybe they're like, servicing printers in an office or several offices, and then they're like, oh, there's a lot of it stuff that needs to be done. A lot of like wires need to be run. There's computers, there's all this stuff. And it evolves into this MSP. And it sounds like Sandi Solutions was. Ahead of most when it came to the cybersecurity evolution.

Some people are still making that transition and we can like, talk about cloud, transition to the cloud too. That's still an ongoing thing that I'm like, really? There's people are still working on that. Yep. Still working on that. But cybersecurity is the same, like people are still trying to get there, a foothold and understand really what cybersecurity means. And there's no offense to my fellow vendors, but there's a lot of. Marketing speak out there that confuses people and luckily it has you and Cody who can decipher that and, reach through and say, what does this do?

DNSFilter has a trial, so you can go in there, you can sign up for a trial, you can put it through some paces and either say yes or no and be like, no, this is. The market, the what's on the website is not accurate or not robust enough for our needs. So I forget exactly where I was going, but you're the evolution.

That's where I was, the evolution of cyber cybersecurity division essentially at Sandy has really culminated. And it sounds like you and Cody are leading that team.

[00:22:00] Cam Murphy: Correct. Yeah. So we're leading the MSSP effort.

[00:22:04] Mikey Pruitt: So where do you see that evolving to like the, the cybersecurity in general and as Sandi to protect your partners.

How's that look in your mind?

[00:22:13] Cam Murphy: Yeah. It's growing, right? So most, I think we can safely say every CEO now understands that they need cybersecurity, protecting their business, right? We're seeing as you're talking about the evolution of cybersecurity in business. It's certainly not unnoticed.

It should be noticed by everybody at this point. You have cybersecurity insurance companies. Most businesses are opting for that now. I believe it's largely majority. I think I saw a stat the other day. It was something like 70% of small to midsize businesses now have cybersecurity insurance. And that's quickly on its way to a hundred percent.

Because they understand the risk now. So because they understand the risk, they don't want to just rely on an insurance policy. They probably won't get insurance if they're only relying on the insurance policy as well. By the way, because underwriting, we're seeing as that evolves is getting a lot more intrusive into those businesses and trying to understand, what do you have in place?

Don't tell us you only want a cyber insurance policy

[00:23:11] Mikey Pruitt: They're starting to sign up to that. You have to be doing it as well. It's like getting health insurance and they come and check your blood pressure and your weight and your height and all that stuff. It's like we're gonna check exactly.

[00:23:23] Cam Murphy: Exactly. Yeah. So it's the same thing happened with cybersecurity insurance. So we're seeing businesses sign up for more cybersecurity services. One of the first steps we made in that evolution is we made a baseline cybersecurity package, what we call our baseline package effectively, hey, these are the minimum things you're gonna need to do based on what we're seeing in the insurance market.

If you need to have. Basic you need to have MFA, you need to have some geo policies. You need to have some updated firewalls. You need to have some patch management. You need to have EDR, you're gonna need some business email compromise security solutions in place. You're gonna need some internet web content filtering solutions in place.

And so we started building a baseline package based on those most common requirements of an insurance. Company for a business. So that was one of the recent steps that we took. But the business itself, the way that we're growing our department the way that we've grown our office, even going into a new office building because we had just outgrown the alt space.

We're getting more clients here in Indiana that understand the demand and importance of cybersecurity and we're able to demonstrate that. And, that's another part of the evolution is. When we look at our business partners that provide the solutions that we implement and deploy in our client environments, we need to make sure that we're able to demonstrate the value.

Like you said, you can either sign up for a trial and try to demonstrate the value that way, but in all honesty, a trial may not be enough just because there's a free trial available. Is that gonna be enough to demonstrate the value? No. What business business owners, what CFOs need to see, what the CEOs need to see is how is this protecting?

One of the other steps in the evolution of our security practice is we provide monthly reports where we show all of the metrics. You had these malicious attempts, you had this kind of software, you had your users doing, this certain activity may be taking the bait and a phishing email, but they were stopped.

So we wanna show 'em all of those metrics. Here was the attack attempts. Here's the successful mitigations and why it works. So we need to be able to have good metrics reporting to show our customers who are investing into that security need to be able to show them that it's working. And I think we've effectively done that.

DNSFilter, if I can give you a shout out has been a big part of that. When we change the DNSFilter, it was because of the metrics reporting, we can actually show them, here's the activity that your users are attempting. Here's. Here's how we've mitigated that, and that's powerful.

[00:26:07] Mikey Pruitt: Yeah, I agree.

I was just posting on Reddit yesterday. Someone was asking a question about how to get the, like a usable version of the logs from their firewall. I get which one they had doesn't really matter, but their firewall was locking up all this valuable information and they didn't have an API that they could.

Use to grab like a malicious domain that went through the firewall. Show those to me. I would like to see them. And my suggestion, of course was a DNSFilter, generically a DNS filtering solution. Typically they all provide logs that you can grab via API. Just like user DNSFilter does.

So it's great to hear you say that. And it's also, I'm happy that you mentioned kind of your base package and what those solutions are, not necessarily their names, but I'm also glad to see that DNSFilter itself is in your core package. Tell me, and I'm also happy to see like EDR and you're getting to, your basic package is still advanced enough to protect people and a lot of people new to the cybersecurity space don't really recognize that. So that's really good to see. Do you have do. Like an elevated security package that req are required by some people. And why is it required?

[00:27:22] Cam Murphy: Yeah, so we do have an advanced protection package. Typically that would be for our clients who are beholden to hipaa. So you know, healthcare clients. Anyone protecting a large amount of PII we may implement the a, a sim and soc protection for them as well as everything else that we would offer.

Typically, we see those clients wanting more aggressive patch management as well. So instead of doing, an annual vulnerability scan, we're gonna do real time vulnerability monitoring as well as. Os first party and third party software patch management.

[00:27:59] Mikey Pruitt: Yeah, that makes sense. And do you guys offer like consulting and like consulting with those insurance company paperwork as well?

[00:28:07] Cam Murphy: Oh, yes. So for all of our clients, we'll do, we basically assist through all of their insurance documentation. We actually have partnerships with insurance brokers. And a lot of times they'll just tell us, Hey, we have some clients that are needing insurance. They're either not meeting the requirements or they would like a review.

Somebody to help them understand what are the other metric measurements they need, what are the other measures they need to take in order to ensure that they maintain their coverage and just talk through what their solutions are. So we'll do that for prospective clients that consulting service.

And of course we do that for our current requirements, whether they have baseline cybersecurity package or. Everything that we have to offer, we're always gonna help them with any kind of vendor management. So we'll always do vendor management. If their security cameras go down, we're not gonna just say, oh, sorry, that's not part of your scope of work.

We're gonna do that. Vendor management, because it's, all things touch the network. So it's the same with their insurance process. We'll review those with them. We'll help them get those. Either procure insurance or get those renewals expedited.

[00:29:15] Mikey Pruitt: Very cool. I hope people are grasping what you're saying there.

I would consider Sandi Solutions a top tier, MSP. I've actually interviewed a few others and they have a very similar package structure, and I, just off the top of my head, it goes like this. Basic cybersecurity package is most people's advanced cybersecurity package. You have carve outs for specific needs like hipaa, as you mentioned, and then you're also actually doing the work as a trusted IT advisor.

Like I know that's the saying among MSPs is like the trusted advisor. The trusted advisor, but you actually have to do it. And if you don't want to touch insurance. Insurance contracts 'cause they're messy and cumbersome and you're not a lawyer. Like you gotta get over that and you've got to dig in with your client and be that trusted advisor.

So it's really good to see Sandy doing that. And I wanted to ask you, so you guys are, have a very holistic approach to protecting and servicing your clients, which highlights why those pictures of your new office space are so amazing. Sand has really leveled up.

They're a leveled up MSP in my opinion. How do you guys go about like selling motions or are you even involved in that at all?

[00:30:35] Cam Murphy: As far as the sales efforts,

[00:30:37] Mikey Pruitt: yeah. Do they bring you in to tell people? In human language, the risks out there.

[00:30:43] Cam Murphy: I am asked to attend many sales meetings. I definitely don't consider myself a sales person.

I consider myself a cybersecurity engineer. I consider myself to be a problem solver. One of the things that IT and cybersecurity professionals need to understand. Is your inescapable collateral duty will always be to train others. I grew up watching Bill Nye, the Science guy, right? I loved Bill Nye the science guy as a kid because he can explain the most technical things the most detailed things.

To a, a grade school student, right? So he can explain anything to anybody in a way that you understand, not in a way that's degrading or demeaning, but in a way that you genuinely understand that you're genuinely learning. So I try to take that approach with it and cybersecurity when I'm talking to be uninitiated and get them to understand that, there's this.

There is this aura of mysticism around cybersecurity for sure. But we need to dispel all that. We need to be able to show them explain to them you need these services because here are your risks and here are the mitigations for them. Here's how the attackers are going about their day. Here's the methods that they use.

And a lot of it'll ring familiar, they're getting. Everybody's getting the phishing emails, everybody's getting the text messages. Microsoft just changed the authenticator for MFA and enforcing that now. So everybody's getting a flood of emails with the QR code scan here and.

Most of our users are spotting that as fake. And a lot of them are asking us, Hey, what do we do with this? So we're starting another educated education effort. So we're showing them, Hey, this is why this is happening, and here's what we need to do about it. So we're always educating, we always need to be out front of that.

And because we've taken that. Approach. Yes. I'm asked to do mini sales calls to I, assist in that effort and help at least help the prospective client understand what it is we do, how we do it, and why it's effective.

[00:32:52] Mikey Pruitt: What does that pitch, so to speak, sound like? Or is it more like question and answer?

How does that go?

[00:32:59] Cam Murphy: I try to explain them explain to them that, there's no cyber silver bullet or cyber iron dome. There's no one product that you can deploy and set it and forget it. We need to build a defense in depth solution because, you wouldn't lock your front door of your house and call it a day.

You're probably locking your front door, you're locking your back door, you're locking your windows. You've probably got a ring camera installed. You've probably got some motion sensors that you activate when you leave the house. We need to be able to do the same thing with your network, and I'll explain to them that, we've built a comprehensive protection package too.

Mirror the same kind of protections for your network that you would expect on your home security system. The other thing is, employees are working remote a lot now, it's not uncommon for employees to take their laptops home and work from home at night or just work remote as part of their normal routine.

You may have some firewalls in your office that are doing a decent amount of protection for that network while they're there. But those laptops are moving and they're going to a home network that I guarantee you is not as secure as the office space. So you know, all of our solutions that we deploy, we want those to travel with your mobile devices as well.

So I explained to them the benefits of. Agent based solutions, software based solutions, rather than the physical solutions that only reside at the office. It's important to have those two. Typically I'll explain to them how that, how those benefit their network as well.

[00:34:33] Mikey Pruitt: Yeah, that's a really, go ahead.

[00:34:36] Cam Murphy: I was just gonna say, I would also explain to them that, even with a lot of the solutions that we have, you still need a cybersecurity professional. Monitoring the alerts of those tools where I've seen a lot of other MSPs go wrong and not to throw any of 'em under the bus, but where I've seen 'em go wrong is they try to have IT professionals deploy the tools and then they don't really have any cybersecurity professionals monitoring it.

And many, its do go on or many cybersecurity professionals were previous. Its I consider myself to have an IT background from. The experience that I spoke about earlier, half of our team were previous. Its here at our MSP. That's a great place to get your cybersecurity professionals and grow them from there.

But analysis is required for every cybersecurity solution that we deploy, and that's one of the major. Benefits. One of the major advantages that we see at our MSSP compared to other MSPs is we actually have a dedicated staff of cybersecurity specialists who are monitoring all of the alerts of all of our solutions for all of our clients.

We don't, like I said, we don't set it and forget it. We constantly monitor for changes. We constantly monitor the alerts and respond accordingly.

[00:35:53] Mikey Pruitt: This is the way I believe is what they say on the Mandalorian. You said a lot of things there that I wanna touch on, but we're coming up on time here.

Is there anything that you

[00:36:04] Cam Murphy: filibuster

[00:36:05] Mikey Pruitt: No, that's great. Is there anything that you would like to convey to either MSPs or just people in general that you're, like a soapbox, so to speak? Whatever you want.

[00:36:17] Cam Murphy: I guess my soapbox, part of my soapbox is, like I said earlier, the inescapable collateral duty for cybersecurity and IT professionals is always take the time to educate.

Educate your users, educate your business partners, educate each other. We have to cross train each other. Nobody can be expected to know everything, but I expect anybody to be able to figure out anything. So that's part of it. We have to dig in. The enemy's always changing the way that they do things, and we always have to be learning.

That's why I always say if you wanted a job where you could learn your field once and not have to learn again, you need to become a history teacher. The rest of us have subscribed for a life of learning the rest of our lives, and that's definitely accelerated if you go into cybersecurity.

So always keep moving, always keep learning. And to those who are out there thinking about their cybersecurity package and wondering. If they're actually protected, odds are you're probably not because it should have been explained to you how it is those cybersecurity protections are protecting you. And if it wasn't explained, then you may need to go back and find somebody to explain it to you how it's working.

And if you're not getting a good explanation, then you can give us a call and we'll talk you through what you got.

[00:37:36] Mikey Pruitt: I love that. How would you, just real quick, how would you say that Sandi is differentiated from other MSPs?

[00:37:44] Cam Murphy: I think you said it earlier, we were early into the MSSP space. Our leadership here.

Recognized the need early and not only recognized the need, but took the bold strategy of making the investment, bringing in that first cybersecurity professional, trusting them, and they got a really good one, obviously, with Cody when they brought him in and said, look, I, we need to step it up.

We need to add some other protections. We need to get some other personnel in here. And that was the, the continual improvement of the cybersecurity offering. And we're not stopping. We'll continue to improve it.

[00:38:22] Mikey Pruitt: Very cool. And I think

[00:38:23] Cam Murphy: That's given us an advantage in our market space here.

[00:38:27] Mikey Pruitt: Yeah, I agree with that. And that's very cool. Sandy Solutions is definitely a standout. MSP and you Cam and Cody, I've actually met both of you guys. Y'all were guests at our was it the week before the Indy 500 I believe?

[00:38:41] Cam Murphy: Yeah. Before the.

[00:38:42] Mikey Pruitt: The Grand Prix Yes. At, in Indianapolis. And it was so gracious meeting you guys and getting to hang out and, have some fun at the racetrack and have some meals and it was a pleasure meeting you and Cody and just thank you for being here with me.

Is there anywhere online that you would like the people to go to find you and Sandy Solutions?

[00:39:01] Cam Murphy: I'm hoping we can link it because Sand Solutions is a long domain, but if you go to, Sondhi Solutions.com, you'll find us there. Tag me on LinkedIn here for this. You can find me there and we're, Sondhi Solutions is on LinkedIn as well, so you can find us any of those locations.

[00:39:19] Mikey Pruitt: Yep. S-O-N-D-H-I solutions.com. Correct. Thanks Cam, I appreciate you being here with me.

[00:39:27] Cam Murphy: Thank you, Mikey. It was a privilege.