Calculus of IT - Season 2 Episode 11 - Part 1 - Long-Term Resilience and Autonomy Artwork

The Calculus of IT

An exploration into the intricacies of creating, leading, and surviving IT in a corporation. Every week, Mike and I discuss new ways of thinking about the problems that impact IT Leaders. Additionally, we will explore today's technological advances and keep it in a fun, easy-listening format while having a few cocktails with friends. Stay current on all Calculus of IT happenings by visiting our website: www.thecoit.us. To watch the podcast recordings, visit our YouTube page at https://www.youtube.com/@thecalculusofit.

All Episodes

The Calculus of IT

Calculus of IT - Season 2 Episode 11 - Part 1 - Long-Term Resilience and Autonomy

May 29, 2025 • Nathan McBride & Michael Crispin • Season 2 • Episode 11

Welcome to the Calculus of IT double feature you didn’t know you needed. In this two-part journey, me and Mike stare down the end of the world - at least, the IT version - and ask: what does it really mean to be resilient when everything is “as-a-service,” your best people keep quitting, and zero-trust is somehow both everywhere and nowhere?

In episode 11 Parts 1 and 2:

Why true resilience is about more than just backup plans and disaster recovery - it’s about knowledge transfer, adaptability, and culture.
How to build “graceful degradation” instead of catastrophic failure into your tech stack - and why sometimes, “just go get a coffee and wait it out” is the right answer.
Rants on SaaS fragility, fourth-party risk, and why duplicating your data across every vendor is fun until AWS gets nuked.
The real-world pros and cons of zero-trust, passwordless dreams, and whether we’re just dumbing people down for the sake of convenience.
Practical frameworks (and a few philosophical tangents) for building knowledge resilience, operational resilience, and maintaining autonomy - even when the world is melting down.
The Resilient Orchestrator archetype: that unnervingly calm IT leader who’s already got Plan B, C, and D (and maybe some snacks).
Plus: job updates, security news, the fate of Box, why “five nines” is a myth, and the launch of Micro Spin - IT’s first trance supergroup.

Whether you’re prepping for the next cyberattack, pandemic, or sudden urge to form an EDM band, this is the survival kit for modern IT leaders.

Stay resilient, stay witty, and don’t forget to document your runbooks before the next person quits.

Support the show

The Calculus of IT website - https://www.thecoit.us
"The New IT Leader's Survival Guide" Book - https://www.longwalk.consulting/library
"The Calculus of IT" Book - https://www.longwalk.consulting/library
The COIT Merchandise Store - https://thecoit.myspreadshop.com
Donate to Wikimedia - https://donate.wikimedia.org/wiki/Ways_to_Give
Buy us a Beer!! - https://www.buymeacoffee.com/thecalculusofit
Youtube - @thecalculusofit
Slack - Invite Link
Email - nate@thecoit.us
Email - mike@thecoit.us

Season 2 - Episode 11 - Part 1 - Final - Audio Only
===

AI Trance Bot: [00:00:00] Our world where signal, we compute our dreams, data streams, and by make us

the,

Nate McBride: you know what? I hate [00:01:00] Zoom.

Mike Crispin: Why?

Nate McBride: I had to do a OS update. And of course with Mac, you know, it's so like, it just kills everything that's good and set up about your machine. Anyway, so Zoom comes in and it sides, it's gonna update after my computer restarts and then it updates, but I won't launch because it's updating, it's, it's overly massive payload in the background for many minutes, unnecessarily.

I have, I totally

Mike Crispin: know what you mean. Unnecessary un, unnecessary, unnecessary payload.

Nate McBride: I was just looking for a little bit of acknowledgement there. That's all I was looking for. Okay. Not really a whole, I didn't need a whole lot of pomp and circumstances. Some acknowledgement. You need a whole,

Mike Crispin: you need a whole sentence?

Nate McBride: No, just a little acknowledgement. Like a head nod or a, you know, salute. Something that.

Mike Crispin: Hey, I hear your pain

Nate McBride: now indicates you feel my [00:02:00] pain.

Feel the pain. How are you doing? I'm good. I'm good. We had our company offsite the last two days. It was awesome.

Mike Crispin: Oh,

Nate McBride: oh, really? Awesome. So it's go anywhere fun. Well, it's an on onsite offsite, so we went down to the first floor of our building to use a space that's, that's rarely used and we, we kind of blocked it out for the day.

And, uh, yeah, I was the mc, I was co mc with another person who, and she did a great job. And we just had a good time, man. It was good. Awesome. Any dj? I didn't get to dj. I had some epic sets planned, um, and some karaoke stuff planned, but I didn't get to that. So it's all good. It's all good. You know, I can see it for another day.

Mike Crispin: Okay.

Nate McBride: Okay. These things mature as they age, so I'm not, I'm not super worried about it. Um, yeah. You, [00:03:00] how you doing? Good. I'm

Mike Crispin: doing good. I'm working on a new, uh, progressive trance single right now.

Nate McBride: Holy

Mike Crispin: shit.

Nate McBride: It's freaking awesome. We have, we only have like two or three more episodes of the season left. You can have to drop it before we, uh, we conclude for the season.

Absolutely. I think you'll like it.

Mike Crispin: It's got some,

Nate McBride: uh,

Mike Crispin: Paul Van Dyke influence. Little PVD. All right. Okay. Yeah. I'm down. I'm hip. Yeah, it's, uh, it's coming out. Came out good. I'm making my, uh, I'm starting to learn a little bit more about electronic music and how to create it and all that good stuff. So, uh, it's been a nice outlet the last.

Probably a month or so

Nate McBride: time. Like I see when the end of the world comes, like in December and we're all sort of standing on the hill watching for the, you know, the bombs drop. I can, I can totally picture like the kick ass EDM background. [00:04:00] We're all, we're all watching kinda like the, the bomb fall. It's like, oo, in the background.

I can see it. Yep. Well there was a, once you go

Mike Crispin: an article I think, uh, it was just in the New York Times. Um, lemme see if I have, I can still find, well while you're

Nate McBride: looking for it, I wanna just honestly say it Mike, and this, I mean this from the heart. I want you DJing my end of the world party.

Mike Crispin: Okay. Uh, that's, I might be able to, I might be able to pull that off surprisingly.

Nate McBride: Okay. Alright. You'll be there, you promise.

Mike Crispin: Maybe we'll see, we'll see. I see my con where my confidence is. If it's the end of the world, I guess I could just go for it.

Nate McBride: I bet you'd kill it. I bet you'd slay

and you should record it to non destroyable data so you can, like, after they pick up the pieces and all the moles come out from like underneath their caverns and re restart society, they'll find this, this [00:05:00] unassailable brick of amazing music content and say, what is this? Is this how they talked?

Mike Crispin: It's amazing.

They did talk like this. Let's see, I gotta find this. Yeah. Uh, New York Times dance music is back again. It's booming. Booming. And uh, there's a whole article on how it's reemerging and becoming, uh, a thing as if it's ever left. I mean, I guess it's, uh, well real.

Nate McBride: For our listeners out there, now is a good time to get back into the MDMA market.

Um, if you are previously a distributor, now is a good time to make some cash since it's, why is my microphone now? Oh, there, I gotta do this one there. There I go. Alright. Welcome back to the End of Civilization as we know it. Podcast with me. As always. Celebrate the end of days as Mr. [00:06:00] Michael Crispin and he is joining me in the nexus of the nether where James and Pony still play.

In the world of happy times. AKA, the calculus of it podcast, AKA, the Home of the Sad Salad. We are a IAF tonight that we are now we are. This could very well be the last podcast season you ever listened to before we all die. So the pressure's on. Mike gotta deliver. We gotta, we gotta bring home the season over the next, uh, three episodes.

I can't wait to talk

Mike Crispin: about what's gonna end the world tonight or the

Nate McBride: people. Are you ready? Oh, no. We have a couple. We, we've, we've, we'll get to that in a minute. I have a couple theories. You have a couple theories. Um, we'll get to it. Sure. Last week Mike was gracious, gracious enough to give me some, uh, relief in my token economy Jones.

So, um, we did a little jort and now we can get back to business, so to speak. So, um, last two weeks ago we talked [00:07:00] about episode 10. Let's get, get it. Going to episode 10. We discussed the, uh, always fun and never dull regulatory landscape and compliance requirements affecting them being affected by autonomy.

Right? Sure. Epic show. One of the best ever reminds me of those governance episodes from season one. Oh, those were the best. Oh, so much fun. So much fun. Oh my God. Just loads. Just literally tons and tons of loads.

Mike Crispin: So many

Nate McBride: ropes. It's only ropes and loads of fun. Ah, awesome. Well, anyway, talking about compliance, it's like talking about governance.

Um, but we tried to put some emphasis into how good compliance is and respect to all the things. And you know, we did it with a straight face because we really truly mean it, even though it does suck. And we acknowledge that. I mean, uh, it's still compliance. It's like eating cardboard instead of rope steak for dinner.

But I think we made the point. So go [00:08:00] listen to episode 10 when you have a chance. This is a progressive series, like each episode does build on the priors except for the jorts, of course. And I think we only have maybe three, four of the most episodes left this season. Depends how, um, diligent we are in getting through them.

And, um, if we have any other jorts in between, which means we should be done. Mike, like mid-June. Any who this week we're tackling something that ties together many of the themes we've explored this season. Uh, namely building long-term resilience. We're kind of bringing it back together. We've actually dabbled in the idea of resilience and how it aligns with autonomy.

But tonight we're gonna go full ham in the paint. Uh, good. The big question is, in a world where executive orders are seemingly written by a third grader using chat, GPT, write me an executive order that fucks half of America enter. [00:09:00] Um, disruptions are becoming the norm rather than the exception from pandemics to supply chain collapses to AI driven transformations.

How do it leaders like you and me build resilience that preserves their autonomy through whatever comes next? So that's what we're talking to you about tonight. But before we even get to that, guess what's back? The jobs list, the jobs update is back. Woo. Here we go. First of all, I'm looking for somebody, an associate director of everything.

So you can go to the website, alio tx.com/careers and apply. Yep. It's literally the associate director of everything, specifically middleware, ai, automation, and cool stuff. And you, it's really cool if you read all the Pierce Brown Red Rising books and you also are a big fan of trance and yacht rock. Um, all pluses for the role.

[00:10:00] Um, Akea still, Mike, five weeks later. Oh, still looking, looking for the VP of it, noble. Also still looking for a VP of it. If you like to go to work in your shorts and your noble shoes and show everybody how CrossFit buff you are every day, but yet the company doesn't understand you. Well, noble, N-O-B-U-L-L is looking for you.

You jacked, you drink 400 milligrams of caffeine before his am. Lift weights for seven hours. Uh, throw medicine balls at walls. That's, that's your job, Samsonite. Every time I hear Samsonite, by the way, I think of, um, dumb and Dumber. Dumb and dumb and Dumber. Swanson Swanson. Samsonite Samsonite is looking for a VP of it for the Americas.[00:11:00]

That would be north and south. Mike. There's no East and West America, north or south. North or south. North and south. So Samsonite, if you're big into luggage, luggage, your thing, like putting things in luggage. Using luggage, then there you go. American Tower. I don't know what they do. I think it's probably building things that are tall, is looking for a VP of IT infrastructure and yeah, a VP of applications and platform delivery like towers.

Boom, MIT 12 weeks later, still looking for a CIO. Wow. Makes me wonder if no one's applying is like nobody applying for that role or are they looking for like, I don't know. Um, might be. That might be

Mike Crispin: one there.

Nate McBride: Yeah. Well. Honestly, Mike, you look good in a suit. I've seen you in a suit. You [00:12:00] look good. You fill out suits.

Well, if you like wearing suits, feel good in suits, like wear, like wearing suits every day. State Street is looking for a VP of Tech and Cyber Risk Governance. That's what it's called, VP of Tech and Cyber Risk Governance. And you get to wear a suit while being a suit. So you get the trifecta. Western Governor's University, WGU is looking for a VP or dean for the School of Technology.

Huh? Incidentally, here's one of the requirements of the job. You have to be able to have prolonged periods sitting at a desk. I couldn't do it. I, I can't do prolonged, prolonged, prolonged. I can't prolong it. So if you can prolong yourself sitting at a desk, you probably already got the job. So Western Governors University, Ipsen is looking for a VP of [00:13:00] Commercial Digital and it Alnylam still looking for that VP of data and AI still hunting Boston Children's, looking for a vp, cso and so is Mass General Brigham.

What happened to these guys? They just leave go people. A lot of positions

Mike Crispin: open up there.

Nate McBride: Yeah. Maxwell Bond, looking for director of it and, and if you'll indulge me for a second, so that's it for the jobs. So go out and get those jobs. People. Um, if you'll indulge me, I have some news from the world of the internet fuckery machine.

Yep. Yep. These come from 4 0 4. So Cita, which we talked about last season, which is an AI model backed by Andreessen Horowitz, um, Horowitz. Is allowing a users to AI generate non-consensual porn or real people despite the site's policies against type of content? [00:14:00] So Cita basically only blocks non-consensual porn generation for celebrities if you are not a celebrity.

So Mike and I, you don't have this problem. Uh, we're celebrities, but if you're not a celebrity like Mike and myself, you can go on to Cita, generate as much non-consensual porn of your enemies as you want, and then share it, and it costs nearly nothing. And Cita just simply doesn't care. Um, I'm summarizing the article, but basically you can read it yourself on 4 0 4 media, but ultimately Cita is saying, we're doing our best, but you know, we can't block all this stuff.

And of course, entries and Horowitz continues to pump money into them. So at this point in time, you have to wonder c Tie. Might have a problem with non-consensual AI pouring generation, and I guess [00:15:00] I don't get it why people would pay for this and even more, more, uh, disturbing as why people would see like there's an economy here.

But, um, those are both rhetorical questions. We don't have to answer those, but, but F minus is cita for still not doing shit to block this type of terrible stuff. But there you go. There's AI for you. And then the second point was the other article that came out today about this research team in, um, south America that created a bot, uh, which scraped 2 billion discord messages from public discord sites from 3,167 servers and published them.

Um, two. That's interesting. Yeah. 2.05 billion messages were scraped from 3000 servers and published online as [00:16:00] A-J-S-O-N set. And according to this group, they did it this from Brazil. They did it in, in the, in the, uh, under the banner of research.

Mike Crispin: So these are just random discord sites. And they went in and they published everyone's messages basically online.

Nate McBride: They basically created a library of every single public discord server. Yep. Then they took 10% of those, about 3,100 of them, and they, from between 2015 when Discord started in 2024, they scraped every single message from 10% of those sites, put 'em into A-J-S-O-N and set this downloadable, and they did it under the, again, the banner of research and.

The researcher said they created the dataset so that researchers could study bots, politics, and mental health.

Yeah, I see. That's of course, [00:17:00] violating every Discord policy out there for the developer policy into the API and Discord did nothing to stop them.

Mike Crispin: So again, I'm surprised that didn't hit, hit them from a, that that didn't send off a ton of alarm bells.

Nate McBride: That's, that's the distributing part. Yeah. How a company was able to scrape again, 2.01 billion, uh, discord messages and publish them online without anyone bringing an alarm bell.

So those, the, those are the shitty news headlines from the week. Um, I don't have any positive news headlines, but I did want to hear about your impressions on io.

Mike Crispin: So there's two iOS. One is Google io, which I think, uh, was fantastic. It was great. Yeah, I

AI Trance Bot: agree.

Mike Crispin: There was so much in there. Um, from the creative [00:18:00] elements, uh, to diffusion to the, the coding tools to, uh, having a was awesome.

You know, a large model that's a real large, uh, pricing model in which you can really get access to the stuff right now and not in six to 12 months, which has been Google's kind of way of doing business the last few years. And now I'd say like 70% of what they announced is available right now, which is, is awesome.

Yeah. Fantastic. Um, but I think the AI mode search is what's gonna bring, if people have aren't already on the AI sort of train, they'll get on it now that it's really built into Google search. And that will be interesting to see how I. Organizations that are still sort of running scared from AI deal with that.

Um, but it's, it really showed, I think that this is kind of the turning point that brings it more mainstream. So I think it was a pretty, [00:19:00] a pretty, uh, exciting conference. I think the abilities to create things just by being able to think about them or getting closer and closer. So that, that's really exciting and in parallel, almost in a reactive way.

The other IO is the new company from, uh, open ai and Johnny, ive and Sam Altman getting together. So they put out a nice puff piece video about seven hours ago about their partnering. And Johnny Ive is now part of Open ai and um, they're gonna build some hardware, so it'll be interesting to see what that looks like.

And I, I think what it says is, I mean, if you take those two things together and you point them at Apple, it's pretty, pretty interesting to, or pretty, it's gonna be pretty interesting to see if Apple takes a more, Hey, we're, we're, we're gonna [00:20:00] let this the wind blow by us and just kind of take a more, we're focused on hardware, we're focused on software, this AI thing.

We don't need to be as plugged into it, we're just gonna leverage everyone else's services. Or if they're gonna talk about the Siri that's been delayed, which is already, you know, even when they release this Siri product, it's gonna be behind what everyone else is doing a year from now. Um, so it's gonna be interesting to see how the three of them go to battle on the AI and on the, on the consumer front over the next, next six months, I'd say.

So it's WWDC in July. Uh, June, sorry. And we'll see what happens there. But those two things, I think it was kinda interesting to see. Google IO comes out, there's a lot of big news. It's like, oh, open AI is, you know, gonna be a little bit like, this is pretty substantial. What was announced from an ecosystem and a capability and a scale perspective, huge, huge.[00:21:00]

Um, in terms of how many tokens it's able to consume in terms of that, it's available right now that they, their benchmarks of a model that's been around for three months now almost, that is still the best, one of the best, if not the best. Um, usually they're leapfrogging each other every month and that, then the next day there's a nice video posted by OpenAI with Johnny Ive, and they make this big announcement, so it can't be, it's totally intentional.

And uh, so it'll be interesting to see what happens. Those two things are. I think big news and open AI is a little more of a, yeah, kind of a light video. It's not really saying anything at all other than we're getting together and trying to get people pumped up. Whereas o uh, Google IO is very much, here's some real products, here's what we're doing.

We're building this into hardware that we're building. We're [00:22:00] building this into our development tool set. We're building this into the consumer products and the enterprise products and it's all available now. Yeah. So that's pretty exciting stuff.

That's awesome. Very, very exciting. And I did go and get an ultra license for, uh, for Google to start the, it like half, three months license. So I, yeah, I did, I got one yesterday and, um, it's, it's half, half price for three months and I said, you know, I might as well 'cause I'm doing a lot of. Uh, video and music stuff.

And, um, I'm also looking at their, I'm looking at Gemini as, uh, kind of the base for a lot of the AI stuff, you know, as kind of an enterprise perspective. So that kind of helped, helped edge me in that direction a little bit and look a little deeper there. So I said, why not? Let's, then I did it on my cons, my personal account, um, and [00:23:00] so far just doing some work with flow.google on the video, audio side.

Um, I've also done some, ive did some deep research that I don't think I can, I, I kind of had that on the pro, the pro license and then, um, starting to look at some of the API related components of it. So from an enterprise perspective, you call open ai, they're not gonna talk to you if you're under, you know, a thousand people.

So it's like you go to Google, you can just slide, sign up and get it. Let's start working with it like right now. Um, and get, you know, you can get an MSA in place, you can get the security elements as much as you can with Google, which is same as OpenAI, really. Um, you can't get the security levels, probably the, the, the contract that you want, the companies that our size.

But it's nice to know you can just plug it in and start seeing how it works. [00:24:00]

Nate McBride: So I, we, we had a big breakthrough today. I can't really give all the details, but ultimately, um, a certain critical function of ours figured out that they could generate, um, comparison data. Mm-hmm. Uh, and I was working with them for most of the afternoon comparison data through Gen ai and.

Basically save them in the magnitude of maybe 200 hours of work to run the, to run these queries that we developed most of the day. Um, and it's pretty awesome to see that result. Now, the flip side is that that's the kind of thing that we don't need more power to do. Yep. So when I'm driving home, I'm thinking about this thing.

You know, that was pretty good, pretty good use of this technology, but do I need the next 16 versions of this platform? Do I need this company to in invest, you know, [00:25:00] $200 billion and destroying rainforest to get the same function? No. Like, they're done. They're good. Yep. Fucking worked. Yep. Uh, you can stop.

But, um, no, I think the sooner we get to the end of the world, the probably the better at this point if we're all gonna go ahead and up and. Make our lives dependent on this thing. I saw a Substack post today by, i, I, and it was one of the slides that was presented at io, but that was called out again, that, um, we're not in a fed anymore, sadly.

And we're not getting any closer to a, um, trough of disillusionment. We're now stuck in an evolutionary cycle of always, there will always be an improvement. There will never be not an improvement. It's just the pace of it is until

Mike Crispin: we're not, until we're dead. [00:26:00] And I mean, this is just in terms of the scope and context of what we do every day is, you know, from, from an IT leadership perspective is this is where I, I have a hard time with someone saying I have a three year AI strategy.

Yeah. I, I just don't think we can keep up and combat this or slow down. We, we we're battling against, you know, uh, intelligence. That's right. Now it's, it's, it's like you're saying, we're talking about the end of the world here a little bit, but like, what's your strategy if you can just go ask something to do something for you?

And I mean, there's just, there's, and yeah, there's, there's cost implications to it, but when there, it's not even, um, like this new shiny thing we need to implement that's gonna come out every week or two weeks. It's three weeks. It's like, just [00:27:00] ask. And that's a little different than anything else. Very different than anything else we've ever had to implement and control.

I'm just saying that I think that a lot of the governance and or rules and tools are like, technology has always been, um. You know, new tools, same rules, right? Like kind of this Yeah. Gone. I, I just, I just don't think that we're gonna be able to keep up if we try and put a lot of rules in place. Well, and here's, there's other businesses and other companies and other innovators, other countries, they're not gonna do it.

They're gonna throw it away and start, go to the next thing. And it's, it really is gonna be interesting to see how that all pans out. Um, yeah. And there's gonna be a lot of waste. There's gonna be a lot of waste. There's gonna be a lot of junk, a lot of crap. Um, so is it diminishing returns? Is it gonna be a huge [00:28:00] enabler for, for human beings?

I don't know. We'll see. Well, I don't know how Keep up with it. This shit is just, it's moving so fast. I can't, I

Nate McBride: can't

Mike Crispin: keep up. You can't.

Nate McBride: Like I, I used to, I mean, I still subscribe to it, but even the weekly newsletter from, from this guy Elvis on, on Substack, that was basically the weekly roundup of updates.

Um, it's like six pages long now, every Sunday. And I'm just not even gonna bother because let's just assume, assume that everyone's coming with an update next week. I'm not gonna bother to uns assume it's when it comes down to like a one page, I'm gonna be like, okay, who's still left and why? You know, the, the whole, um, the meeting that happened in, in Saudi Arabia last week.

Mike Crispin: Yeah.

Nate McBride: The five gigawatt line being brought into the center, the, the AI Center of Excellence that they're gonna build between the US and [00:29:00] I. I, I I. Great. Good. But to one end, how much faster can you make it? Like why? There's a, there's, there's, there's a limit. Anyway, we're getting sort of philosophical and this show is about dumb facts, not philosophy.

So, um, just kidding. We should probably at some point in time recognize the real depth of the insanity, but, uh, maybe the last episode, we'll do that. Sounds good. And we'll just go to the bar and get drunk and talk about it. So we have a slack board. We say this every single episode. Join this, the fricking slack board teams sucks.

Get off teams, come to Slack, join the board. Talk. It's fine. We'll be, it's a safe place. Um, like our show. Give us all the stars. Not that it matters. We're all gonna be dead in six months, but at least we can [00:30:00] go out being a highly rated podcast. That's if you wanna Yeah, if you wanna buy some beer. Always, it's pretty easy.

Click the little link, give up $4 if you're hard running money or $3, whatever it costs. And honestly, we'll just go to the bar with you so you can also send us a note. We'll be there, we'll be there. Um, all right. Back to tonight. And Mike, I think we're gonna have to do either a two part episode or we're gonna have to shrink this one up a little bit.

Okay. 'cause it's not, it's not small, but we're getting back to long-term resilience. Yeah. And not just the ability to withstand shocks as we've previously discussed, but the capacity to adapt, evolve, and thrive through disruption number. Sure. Shit. Going through a disruption now. Um, we'll discuss how to build resilience and disservice provider relationships, how zero trust architectures might and can evolve beyond current implementations.

I. [00:31:00] And how to create financial flexibility that supports rather than constraints your strategic options. Um, I mean, so far the season's been about finding that sweet spot, balancing risk and innovation and productivity. Mm-hmm. While preserving the autonomy that lets it leaders like you and me make decisions that truly benefit our organizations.

So resilience is in many ways the culmination of this balance, right? The, the capability that lets you maintain your autonomy against the four pillars of, um, like what we've been talking about the whole season, even when the world around you is changing so fast. So before we go into this tonight, quick question for you, a pop quiz, if you will.

So. And, and I, I'm, I'm trying to be respectful of Kurian. If you don't have to use Kurian, but if you worked at a company that experienced major disruption [00:32:00] tomorrow, cyber attack, key vendor, collapsed like box, had an outer this afternoon where something completely unexpected, what's the one resilience capability you'll have wished you invested more time in or money or both?

Mike Crispin: Business continuity, uh, just as a overall program. And it goes for any, any company I've worked at. I think it's, it's always something that everyone wants and it's, you know, it's enterprise risk, risk management. It's often on, on the table, but true business continuity is always a important practice as a company to have.

That being said, I, you know, I. I think it's important to have some maturity around that, but what I, I also want to highlight is one of the biggest disasters and disruptions [00:33:00] in our lifetime we've already been through. Yep. And we were just fine. So, I mean, in terms of the companies that we've worked for, right?

There's impacts, I, I think, to COVID, but that's as pretty drastic as we could expect to have happen. And Sure. I think some companies suffered through that and others worked through it and didn't have certain impacts. Um, but others who had large manufacturing organizations had to retool local, you know, local environments and lost time, hours, money.

There's some of those disruptions you can't really plan for because the probability is, is so low. So I guess it's, it's business continuity planning. Just having a matrix in terms of probability, uh, not just risk, um, probability of risk and, and zoning in on, on those things. 'cause it's always, it's always kinda like, yeah, we need to do [00:34:00] this.

And it somehow, it doesn't, it, it doesn't rise to the top, but you can always look back at that COVID disaster and go, wow, wow. I'm proud of how resilient Yeah. Companies I was at and the companies my peers were at, and some family members were at that got through it. Not to say there wasn't a lot of damage and a lot of, um, pain and probably a, a lot of lost revenue.

Um, but I think the resilience of people sometimes emerges above the. Structured planning and throw the, throw the runbook out the window, we're gonna do this instead. You know, type um, yeah, yeah. Attitude just to get to a better place. Well, I always good to plan, but

Nate McBride: I think business continuity for sure, for me at the top of the list as well.

In addition to business [00:35:00] continuity, the one that came to mind when I thought about this was knowledge, resilience. And this comes from like a lot of experience, not only with companies that I've worked at, but companies I've, I've helped consult for. But that making sure critical knowledge isn't locked in one person's brain.

And you and I have worked at companies where this has been the case. Yeah. Um, where one person has all the secrets in their brain, it's not documented. I've seen too many companies struggle after losing a key person 'cause they never documented the tribal knowledge or created meaningful cross training.

Um, it's always in the to-do list, like a business continuity, but rarely gets prioritized until it's too late. Uh, I remember years ago I was doing a long run with a friend of mine, and we were talking about Netflix and I'm, and I'm drawing a blank, but I think it was them that they used to randomly shut down a server.

Maybe they still do. They would just pull a plug on a server somewhere, uh, like once a week [00:36:00] or monthly, and the whole organization had to run without it until they figured out what it was and fixed it. I think literally it was a weekly exercise where they would go, pull, plug, somebody would randomly pull a plug on a server.

They had to figure out where it was and fix it. Um, through these simulations, they were able to identify and fix dozens of single points of failure, whether it was, you know, hardware or something else, or a person that would've never been apparent otherwise. Now, that's obviously a little bit egregious, but it illustrates.

I think a point of how much time you would actually need to spend. I mean if you were gonna truly build in bulletproof resilience like that level, probably plus some more, right? So you can't do that. I mean unless you have the budget and the people and the time. But I like the idea [00:37:00] of a resilience, at least a sidewall where you're putting some cash or some time where you could earmark a portion of essentially your budget that's for investments that might not show immediate ROI, but build the long-term capacities that withstand shocks.

I

Mike Crispin: just think it's important that the piece, like the big, one of the most important pieces of that criteria is the likelihood. I mean, people plan for things, that there's like a 1% chance that it can happen and whereas the, some of the things that are more likely to happen and have an impact. Um, in the shorter term, you know, aren't, aren't big enough and they can just snowball into something much worse.

Well, so yeah, cyber, even on cybersecurity risk, it's, it's sometimes hard to, to kinda figure out what the probability of a, of a, a, a certain type of attack is. If you're getting into the [00:38:00] weeds. So, well,

Nate McBride: what are the three things that people invest in for? Um, what are the three things that come top of mind for we have to invest in this?

For resilience, it's cybersecurity.

Mike Crispin: Yep.

Nate McBride: Disaster recovery and business continuity. Yep. Do you invest in, um, knowledge duplication? Do you invest in, um,

Mike Crispin: to me that's piece, uh, the biggest piece of, one of the biggest pieces of business continuity is, is your knowledge transfer, your documentation, your run books, your, um.

Your overall just processes being documented. Yeah. Your data location being documented. So that's, I mean, you similarly out even outside of, um, it it, that's true across your manufacturing quality organizations and

Nate McBride: Yeah, yeah,

Mike Crispin: for sure. Having, having stuff in paper and digitally, uh, you know, it's all, all also a part of, and so I think that's a big [00:39:00] piece of business continuity.

Um, is just the knowledge, like you said, the knowledge management and having the knowledge objects, knowledge transfer, um, methodology and process that's sort of baked into your culture. Um, having a more learning, learning driven organization where people share their ideas and how they do things and having, uh, sort of job shadowing and other ideas, other ways, uh, apprenticeships, things that, uh, sorry.

Um, apprenticeships is, what's the other word I'm thinking of? Um, I know what you're talking about, preceptorships. Yeah. Yeah. And just have, having those other things, which are also great development opportunities for people, but also help feed that knowledge transfer and business continuity mindset and culture as, as a company, like a learning organization, really helps with business continuity component.

And who

Nate McBride: thinks about this, this, this adaptive resilience effect. Like who thinks about this stuff? Like [00:40:00] your, your org, I mean at large, but also your IT org's ability to respond to unexpected challenges, which has more to do with culture skills, decision making frameworks, like everything you said, project planning, um, than any specific technology.

So yes, a platform, a cloud platform goes down that sucks, but does it suck as much as the person leaving who knows how something works And they're the only person that knows how it works. I mean this is applicable to any industry. I mean, even like the guy who knows how to fix a certain kind of car, he's an expert at it and you hire him, he comes in, your business is booming, you're getting that kind of car.

Then he decides to leave. Now you're fucked. 'cause you don't have any idea what he did. Yep. Or he did. Right. Same kind of adapt to resilience. Like it's good to focus in, I think a [00:41:00] lot on the technical. I mean that's what we're being paid to Do. You and I, is our system's up? Are they backed up? Is data good?

Yep. But

um, is somebody in your department left? Do you have the capability? I mean, you have to if you don't have the capability, basically you or I, we lose somebody. We take the brunt of that. Yep. We have to unpack what that person did and then take it on ourselves until the next person comes in and we don't learn our lesson, that's the problem.

Sure, sure. We don't learn our lesson enough. It has to be so severe and even then we don't learn our lesson. So for years, I think this whole, hey, let's just focus on disaster recovery and business continuity is kind of like the low hanging fruit. But if we're really gonna do this and build resilience, [00:42:00] uh, and our autonomy perspective, we have to do it for everything else too.

I mean, there's like a whole giant list of the things you really need to focus on. And the challenge of course, is that a lot of the things you can't just justify from an ROI perspective. Like I can't put in all these factors and say, oh, the ROI is sound on this money. You can put in disaster recovery or business continuity and say, well, if the business went down, yeah.

This money will be well spent and it's pretty like, you know, easy to, to make that relative, but it's different. Sure. When it comes to the adapter resilience, and I think that's where the autonomy challenge comes in, is just building this resiliency that doesn't show an immediate return and decisions you make that are very sub suboptimal in the short term.

So, hey, listen, uh, you know Jane Smith, who is the only person that knows about how this thing works, I need you to document everything that you [00:43:00] do. You're not getting fired. We love you, but I need you to spend 10 hours a week documenting your life. So very, very bad investment, but the payoff is huge. When Jane leaves and you're like, thanks Jane.

Got everything good to go. I think a lot of times too, depending on the person's role or the nature of the resiliency, it can be a difference between like success or failure. You can have a really hard time if you don't have that shit taken care of. Yeah, sure. So, um, one of the, one of the things that sort of comes up when I think about this is the, as a service model.

So, you know, you and I go back to Cloud 1.0 2009, 2010, um, as a service is very nascent. But the big question is, and we talked in this last episode, episode 10, [00:44:00] um, from a compliance perspective, but the shift to the, as a service model way back 15 years ago, gave us huge benefits, agility, scalability, focus, but it also introduced to us, and we all remember this very well, this fragility.

Sure. That impacted our ability to maintain autonomy. Um, core issue. You adopt a SaaS model platform, like I'm, I'm ape shit over Airtable. We'll try to use it for so many things that are data oriented. Mm-hmm. But putting so much into the, the dependency bucket on this company, when you do this, you're, you're basically introducing external, external dependency into your, into a critical business process, which Sure.

Then is, is chain effect in terms of failure. Sure. They get an outage, they get acquired, they decide to change direction for their product. Um, you're screwed. [00:45:00] So just, I'll throw it out there, I'll throw it out there. So we can talk about this, but I'm interested to hear your thoughts, like how do you build redundancy and flexibility into technology landscape without losing the benefits of as a service models or creating a.

Unsustainable complexity. Yeah.

Mike Crispin: I think that's where, and a huge fan of, of Airtable and Smartsheet and those type of tools is that you, you've gotta have, make sure that you're not building too much automation into those tools that you're using a maybe a more stable, you know, solution to, to do the integration, the work that's being done.

'cause even like if you look at Zapier or you look at make these other tools, like they, they're in the same boat. Uh, you build a lot of integrations pushing data around that's, and they break, or they're going away, or they're changing, or something along those lines. Or the price per zap goes up through the roof or whatnot.[00:46:00]

Right. Um, you know, there's, there's all those risks. But I guess from a data perspective, you have a way to get data out and moved to some other tool. You're in a good, you're, you're kind of halfway there. I think what I worry about in the, in the, the SaaS tool market is you almost need a, and I'm certainly not there at cardian, is you just need like a a, you need really a central data repository, uh, for structured data.

You know, if you're, if you're working in the Airtable space, for example. Yep, yep. For sure. And you need an additional place. You need, you need, um, a, a snowflake or some database in the cloud, something where that stuff is living. And I think that's where the, um, it's interesting to, it's gonna be interesting to understand what Airtable strategy is in particular, because, um, you're absolutely right.

If something [00:47:00] happens to them, they, uh, it's some people are building some really important shit in there.

Nate McBride: Yeah, exactly. And

Mike Crispin: they do have an integration with, uh, snowflake. I think, um, there's some databricks, uh, integration there or coming. Those, those are important things. I think it's like you've gotta go with a more proven vendor for some of these, but they can even have problems.

So I'd say if you can take data and you can export it, and you can have good snapshots of data that you feel you can reimport or readjust, that's one way to go about it. But when you're talking about terabytes and terabytes of data, then you really just have to have redundancy and, uh, sort of like you, like we've talked about before, an exit strategy for these, the top tier vendors that you have, other ones, you know, that might be lower risk or lower impact.

You can, you can take that risk, but, all right, if you're building your,

Nate McBride: lemme

Mike Crispin: lemme throw, lemme

Nate McBride: throw in a question for you. Sure. So we haven't [00:48:00] changed the model. It, in your opinion, is resiliency always an NF two? I. Because you just gave me the perfect example, Airtable to Snowflake. Yeah, it's a great immigration.

It's wonderful. But yeah, this basically means you're, and again, I don't wanna put words in your mouth. Let me ask this question. Yeah. Are you stating that in order to have a successful as a service model, you must have an end of two, not an n of one,

Mike Crispin: N of two. For tier one, would you consider the, the, the tier one services that run your business?

Let's say you, I don't think you have a, have to have a, like for, like, you have to have a way of exporting in, in service standard data set where you can import it somewhere else. Or, you know, I think of data warehouses a lot, commercial data warehouses in this, in this re refrain, right? You always sort of, you always have some, um.

Sort of archive database or you have something pumped over to S3 or Yeah, it's a, it's a mirror, [00:49:00] uh, built really to, because that's some of your core data and that's a much cheaper, cheaper, cheaper solution that's sitting there just, just in case. Um, you've got a mirror in place and that, so it's not like an NN two.

I mean, technically from a system perspective is, but from a cost perspective, it's probably like a NA 1.5 and just that's, and and sometimes it's, it's not software technology. It's, it's, okay, I'm, I'm gonna have a process in which I recover. That's the disaster recovery process. Right. Or the, or even business continuity process where it's like, yeah, if, if Airtable goes away, we've got, we know that, uh, this, this data is sitting somewhere else and we're just gonna load it into Excel for a month, you know, like that.

We have a, we have a, a way to get around it.

Nate McBride: Can I pause you right there? '

Mike Crispin: cause you just

Nate McBride: Perfect answer. Because the next question was, since data, the data layer is not the same as the operational [00:50:00] layer. We can build, we can build in resilience for data. We can, we can make sure we have the data that we had.

But what about the operational resilience? So you just mentioned, yeah, we can pump into Excel and you can, automation Excel for some period of time is obviously a process in which to get into Excel and make it usable and share it and get permissions and whatever. But let's assume all that happens as a matter of course.

Yep. So, so there's actually to build resilience, EG to bring back autonomy for an, as a service platform, you would need to have, um, like for like data resilience, you'd have to have perhaps not necessarily like for like, but you have to have some sort of operational resilience. You'd have to have a way to make the data operational.

Which isn't resilience, it's more of a process. But, and then you'd have to have a, like, for, like, to bring back either the [00:51:00] original vendor for the, as a service model or move to a new vendor. So, and I, but before you answer that, lemme just, lemme just give you the, the flip side. The old way of doing this, as you'll remember, was you'd have a server, a physical server in which you stored your data and had the operational experience usually either on the same box or shared, you know, a nas and a, and like a operational server.

And you had a redundancy for both. So that when one went down, there was nearly an automatic failover if your, your infrastructure team had their shit together. Nothing was lost. Business kept going. So there was, there's basically like almost a near zero time, zero downtime effect. Yeah. And then unless you had like the second server fall down, you were good to go.

Now we're talking about multiple layers of resilience you have to create [00:52:00] to have an as a service model.

Mike Crispin: Yeah. I think, and it's also, I think again, it's back to that kind of, um, likelihood component too. Like you gotta have that sort of re recovery time objective or that, that, that expectation set what the organization, how long can your core systems be down before you enact some sort of change.

And I think that, oh, sorry to interrupt your train thought. If it's, let's say it's a day. Let's say it's a day, the likelihood of even Airtable being down for a day. Very low. Yeah. Any as a service platform, right? Right. So, so in some respects, if you are, if you, if you don't, if, if your organization is like, you know what, look, I don't want you spending double to keep us up an [00:53:00] extra day.

We'll send everyone home for the afternoon. It's gonna suck, and I'm gonna be pissed, but we'll send them home for the day. Yeah. And you work overnight and you'll bring it back up instead of investing double or instead of building out all this, I, I think that is more realistic for most companies than we gotta do this big thing if the systems go down for, you know, a day.

You know, I think that's, that is part, and I, I think that's why we don't see as much of it happening and why it's not as prioritized as much as it is. Because reality is, if like Slack goes down, or teams goes down for an afternoon or email goes down, it's like, gosh, you know. I'm gonna, I'm gonna go get lunch and hope it's back up when I get back.

And if it isn't, instead of going, oh, we failed over in two hours, it's like, yeah, at what expense and what's the cost? What's, what's what, what do we lose? And I think that's where you gotta, like, as a leader, you gotta balance that likelihood and the probability of these things happening and, and, and make sure you're communicating.[00:54:00]

Look, the worst things can get is being down, our system's being down for a full day or full two days. Yeah. And if you get agreement from your risk, your legal or risk team and executives of the team company, then that changes your strategy as to what your, your company feels like they can consume or they can, they can deal with.

But if you're in a high, you're in a real time data organization where every minute counts, it's a different strategy. It's a different need, uh, to put in place a different, different sort of investment strategy, different business continuity strategy. Um, as we saw with COVID, I mean there are a number of companies that were pretty much outta commission for weeks.

Yeah. And survived.

Nate McBride: So do you think, sorry, I have two questions to develop on this point. One is that, what is more important in your opinion, bringing up a core system or bringing up the core data? Let's suppose that, and I'll give you a scenario. Yeah. Two scenarios. One is [00:55:00] as a service box goes down the ui, but you still have access to the data.

Mm-hmm. Uh, and, and in that same vein, your physical server goes down that has the data, but you're still still able to access the interface. Um, like the data's more, what is it? The data's more important. I agree. Okay. Definitely. And the second question is. And this is more of a, I'm gonna ask you to go out on a limb here, but do you think we've adapted better?

Say, and I'll give you a timeframe. The last 10 years think we've adapted better to shit, just random. Like every now and then going down for a couple hours because I mean, box went down for I think just about two hours this afternoon and I put a thing on Slack, you know, Hey, it's down. Keep an eye. I'll post when it's back up.

Not a fucking peep, man. Everyone was like, and I, I [00:56:00] went, I went into the lunchroom. Everyone was kind of sitting there and I'm like, Hey, is everybody okay? And they're like, oh yeah, no big deal. We'll just wait until it almost back up. Not a single person was like, this is bullshit. I can't believe it's down, not a one.

And we have an awesome company.

Mike Crispin: Granted, the, the culture's changed a bit and, and also your, your previous question, in a scenario like box, there's a really good chance that if someone really needed to get that work done, they have a local copy of the file. If they're working on something that's really important, they've got the access to the data.

They may not have access to the system, they have access to the data. But you are right. I do think that, and maybe this is just the companies and industries have been in, sure people are, I think people will be frustrated, but I think they also realize that we we're consuming a lot of these services like a utility.

And it's not like we own the data, we own not own the data, we own the hardware, we own the. Utilities that run the hardware. And [00:57:00] now it's kinda like, yeah, you know, we've had technology blips and that's part of life. Yeah. It's kinda like, I think that's a, that's changed in our career timeframe, time span, you know, is, yeah, okay, I'm gonna go get a coffee or there's a thousand other things I need to get done if I, if I have to use this one system now it's different if it's like, we've got a major document we need to submit to the FDA and system down.

Yeah. And we can't do it and we've gotta have a way to do that. Or we're gonna, you know, we're gonna make a big announcement tomorrow and we, we need access to the, you know, the, uh, the corporate communications systems and tools and, you know, the, it depends on the kind of urgency. And I think in that, in that, in that situation, it's you, you've gotta have systems that allow for offline usage.

And I think that's where, you know, a lot of systems, I know we've both. Put in, still have that capability [00:58:00] or have a way that you can access it. So even if, even if we are using Google Docs, let's say, which is a pretty much strictly online system for the most part, yeah. There's a really good chance that if you're doing things in a, in a good way, you're backing up those Google Docs and with a system or a tool that's storing them as a Word document, right?

And you can bring that Word document back and the person can work in the shit storm that you're in and, and get it done. And I think that if you don't have that, if, if basic technology back up and recovery, then you're gonna be in trouble in a lot, in a lot of instances, not just outages.

Nate McBride: It's, uh, interesting how we've, we've kind of diverted to down this path of resiliency from a data backup, recovery continuity perspective.

Because I mean, it it is, it is what. People that are non, it would consider, I think, to be the most important part. I [00:59:00] can't access it and my data's there like A and B. So I need to get in, I need to get my data and do my work. And that's the biggest thing. I don't get that with the email. I don't get it with Slack, but I do get it with working files, especially during sort of key times.

Yeah. And I think it's very difficult for, for IT leaders. You know, I can't really call box and tell them to rewrite their terms of service and build resilience into it. Um Yep. 'cause 'cause they're not gonna do that. I have to be the one who's more sophisticated. Like I have to be the one who comes up with a savvy, novel way to build a resilience.

And so I think. When, if you're the IT leader who's looking at the, as a service world that's around you, you have to be more sophisticated too. You have to evaluate not just features and costs, but like what's the resilience [01:00:00] capability? What is your, uh, response? If this vendor goes down for six hours, are you a shrug your shoulders and life goes on kind of, kind of person?

Uh, or do you have to have resilience capability? What about, what about evaluating the track record of this vendor? Or transparency? Like when I do vendor assessments, I don't have track record because I've, you know, my whole career I've got vendors telling me they're, they're five nines. Well, five nines isn't actually that hard to achieve.

You know, you can have a six hour outage on a Wednesday and still achieve five nines, everybody. So yeah. They're transparent to hearing outages. Everyone's got a status page. It took box almost 40 minutes to update their status page today. So transparency, sure, but I don't, I don't know what transparency means in that case.

And lastly, the ecosystem strength. [01:01:00] So who does this vendor work with and how reliable their vendors and their partners. So like, I think there's a whole bunch of capabilities you have to think about when you're really trying to be build a resilient, uh, service provider model. Um, and I also think sometimes too about designing for that intentional degradation.

So I'm gonna assume in a scenario that box will be down. When I assume this, what am I gonna do to keep operations going? This is not so much business continuity as it is, Hey, let's plan on. What will happen in this scenario, but even more important, how will we just get off of box? Like what would we do and move to something else and how will we continue to flow?

So business continuity means I'm sort of targeting the same system, like how do I get box pickup and running? But in a business degradation model, like you [01:02:00] mentioned, let's say I have all of my box data being synced to Google Workspace, you know, using Cloud HQ for instance. Mm-hmm. So degradation is, well, fuck box, let's go to Google Drive, keep working.

It's all synced. You're good to go.

Mike Crispin: Yep. And then at Google used to actually sell their services in that way. Yeah. They call for especially Gmail and Google, go Google apps at the time. Yeah. Was, hey, we'll we'll charge, we'll charge you $3 per user per month. You just back up your email with us.

Nate McBride: We kind of do the same thing. I mean, with Cloud hq, we're duplicating our world in Google Workspace. We don't have to use it, but we had it. But even today didn't trigger this need. Like it'd have to be such a substantial outage. And, and honestly, as morbid as it sounds, if boxes down for 24 hours, we got a bigger fucking problem in the world.

'cause [01:03:00] some sort of like, like Virginia's been blown up or something like, it's Yeah. My, my problem, my concern at, at this point, I think,

Mike Crispin: I think you're exactly right and you said it, I think you said it perfectly. Like there, there's the, this is what we call, like in a lot of instances, like fourth party risk, right?

Is

Nate McBride: Yes. Fourth

Mike Crispin: party risk. You've got, you've got, you've got. The boxes of the world. And these, you know, all these services that are built upon fourth parties, which are Amazon and Google and Microsoft and other network providers, data centers

happen connect to my AirPods. That's weird. Can you hear me? Yeah, I hear you now. Good, good. I know what the hell that was. Someone must have knocked my AirPods off of my table upstairs or something. Um, it's for, so fourth party risk is, and even from a cybersecurity [01:04:00] perspective, I think you talk to a lot of cybersecurity professionals and like, not gonna do fourth party risk if, if Amazon gets hacked, we're all screwed.

You know, so, I mean it's Exactly, and granted, I, that's, that's I think a little bit of a generalization. No, but, but there's a lot actually from Amazon, but. It's, it's just, it's just, um, there's only so much you can control and there's only a, a certain level of likelihood that these things are gonna cons that are gonna happen.

So you got to, you, you gotta think about that when you're building kind of out your, your continuity and resilience strategy. 'cause it's, it's, you don't want to go overboard and be too, too protective. Um, especially if you, you have a culture in the company in which the, they're gonna be okay with a little bit of downtime and they've given you, you, you're, your leadership has given, given you sort of [01:05:00] the, I this is what we can live with.

Yeah. And I think that's important piece to, to get an understanding of. Um, but like you, I mean, I, I pretty much every hour I work it's an inconvenience if something is down, but shit happens. Right. I mean, like, I think there's some people that don't, still may not think that way, but it happens and they know that the IT team or the facilities team or the legal team or the finance team, they leap into action.

They're gonna make sure it gets fixed. Should there be proactivity, uh, proactive measures to try and keep things like this from happening? Yes. And that's a big part of our job, but there are some things that are outta your control. And I think more so now that we source infrastructure through the cloud, I think people sort of give, you, give a little more understanding, uh, that we are consuming a utility or a service and people lose electricity and it [01:06:00] sucks, but they're, you know, if they're outta electricity for two days or three days or there's no internet on the airplane.

You know, it's like all hell breaks loose. Right. But it's,

Nate McBride: yeah. Well, I mean,

Mike Crispin: expectations that have every day. The, the

Nate McBride: irony, Mike, is that we're, so, let, let me give you example of irony, and it occurred to us at the time, but we were willing to duplicate the number of eggs in our baskets so long as we had more than one basket.

So when I was back at Amag and, uh, Phillips and Simmons were working for me at the time, we came up with an idea in 2011 to build a universal cloud backup layer. A-U-C-B-L. Yeah. Uh, as we called it. And that was basically to duplicate all of our cloud environments to another completely independent cloud environment.

Of course, the irony was that if Amazon Web services got nuked, [01:07:00] it didn't matter anyway. Like everything was going down. Yeah.

Mike Crispin: So, and you've taken, you've taken an additional risk by doing that. Right? And that, and that's essentially you've copied all your data to another place that could be compromised.

Right? And, and then of course the Right, right. So it's like

Nate McBride: you're just moving the risk, the logical, exactly like the logical responses. Well, either you create 95 copies on every single type of media and, and cloud service, or you just do your best in one. Which we eventually said, you know what? Okay, let's make a good one.

We'll test it frequently will try to segregate as much as possible from the, from the mothership, but also have this data place. And we did it sure. And it was awesome because we had to build so much shit that didn't exist at the time to get this done. But, um, [01:08:00] then it brings up a new, another problem though.

Again, in terms of resilience and autonomy, you say, well, shit, now all my eggs are in this AWS basket. Now what am I gonna do? So, so that's

Mike Crispin: fourth party risk, though. Fourth, I think

Nate McBride: that's a different, well, it's fourth party risk, but then it becomes, but when Amazon becomes your number one party, it's as well as your fourth party.

The problem becomes, okay, well have to have to, we have to be able to assess these vendors. So if you think back to, uh, 2000, I don't know, 13 ish when CAS Bs kind of started to emerge, the forward proxy, reverse proxy, uh, vendor grading platforms. So we toyed with this idea of building a vendor resilience assessment process.

But right around the time we were doing that, we, we met with a company, um, that was backed by a few gentlemen from Israel that went on to become. Another company they had bought by [01:09:00] Cisco, very, very good friends, but they had built a proxy CASB system that not only did, what's that? Was it CloudLock? It was, yeah.

Um, cloud lock was awesome, but Cloud Lock was at the top of the sort of industry moment and they had built a scorecard. So not only did you get to control where your data went and sort of get some ideas about uptime and track record and transparency and ecosystem strength, but you also got a scorecard about the vendor from the aggregate group sourcing effect.

And this was awesome at the time. So we used these assessments to determine what additional resilience mechanisms we needed to build for each service based on criticality and profile. So it's kinda like this resilient resilience of where service adoption. Which gave us the autonomy that I wanted [01:10:00] by ensuring we could, we could continue even knowing when key service providers were having problems.

The irony of course, is that, uh, I mean, among all the other ironies, so we had no idea it had anything to do with autonomy at the time, or resilience. We were merely doing CYA at a gorilla level, but we were thinking mostly about that. Oh, shit moment. Yep. And we had to have the capability to still treat the cloud as if it were an on-prem data center.

So that was our motivation. Now, in retrospect, of course, it was all about resilience. I mean, over the top resilience, but some might categorize it as that, but it was about resilience at the time.

Mike Crispin: Sure. You wanna think? Sure. Make sure things keep running and, and keep, keep operating. I said, I think the, the, the, this world of having [01:11:00] these big three, big four vendors, yeah.

It makes it hard. I think if, if you are putting all your eggs in the basket of a cloud vendor that has 10 employees in the data center in Providence, Rhode Island, that's different. But if you're putting all your eggs in the AWS Google or Microsoft basket, or IBM or even Oracle, your, you, your prob, your probability of having a major meltdown is, is pretty low.

Nate McBride: Low. Right. And yes, back to our earlier point, at this day and age, low seems to be pretty acceptable for most. I mean, unless you're doing like on the spot mi micro microtransactions for crypto or FinTech or something. Yep. Um, you can generally handle and bounce back from a disruption that's a couple hours long,[01:12:00]

don't you think?

Mike Crispin: A couple hours long is fine. Yeah. I mean, I even think if you have an outage for even a day, it's, it's, it's not opt. People don't want that to happen. But I think it's not, if, if you said, look, and I, I think what's important is that you have, okay, if, if you want to say we can't be down more than three hours, which I think it is crazy for anyone to even to say that that's possible.

It's an

Nate McBride: absurd statement.

Mike Crispin: To me, it's impossible. So you say it's almost like, it's like writing your, your own death notice, right? Okay. Yeah. Uh, for $2 million, we won't go down for three hours and then they spend the $2 million and something happens, it's outta your control and you go down for three hours and you're fired.

I. Yep. You spent the 3 million bucks promising that it can't, it's not gonna happen. And, and that's where, you know, it's gotta [01:13:00] accept some risk and stuff is going, things are gonna go down. And you know, what you, what you were talking about earlier, what we were talking about earlier is just around knowledge transfer, what to do.

Resilience is about what to do when shit happens. Yeah. Not about what systems you have. So it's what process do you fall? Who do you need to sit down and talk to? Who do we need to get decisions made with? That's, that's to me like the real crux of resilience, of making sure things go well. Because sometimes people think on their feet, let's run to the store and buy this thing that'll hold us over for a few hours.

You know, that, that's resilience.

Nate McBride: Wait, are you saying, when you say store, do you mean, do you mean micro, do you mean microcenter,

Mike Crispin: Mike? Exactly, I'm going to microcenter. That's what I mean though, like, yeah, you need commit major incidents, major cybersecurity attacks, or you know, major business interruptions or vendor outages or things like that.

There, there's needs for structure around some of that. I, I think [01:14:00] definitely, but I also think that when those huge moments do occur, uh, I, I, I really do believe people don't get out the binder and say, okay, what did we do first? They're like, oh shit, what are we gonna do? Let's be pragmatic. Let's write, let's get plan.

Did you say the binder right now in the moment? Because the thing in the binder is old and no one knows what it says. We're just gonna get the right people in the room and get it done. And I think that's more reality in a lot of companies than, and, and I might be speaking completely crazy here, but I, I think that as, unless you're in a, and I'm talking non GXP, I mean, if you're talking about regulated processes, industry practices, manufacturing practices, that's one thing.

But you're, if you're, if you're talking about, hey, one of our systems went down our enterprise file system, or, um, you know, our data center went down, unless it impacts those compliance related items, then maybe that's the discussion we have is [01:15:00] like, those, those compliance systems, you need to have a formalized plan.

Whether you follow it, you should follow it. But the reality of we gotta get this up as soon as possible. Are we gonna go through this 46 step process we wrote down six years ago? Or are we just gonna bring it up? 'cause we know how to bring it up. Um, is just, is the balance of, uh, of reality when stuff goes wrong.

Nate McBride: Um, I'm just, I'm still struggling with the word binder. I can't believe you still, you don't use a binder now I'm

Mike Crispin: using that as kind of a archaic term to describe some of, for sure. Not as it is to go through. Like a, a huge document. Oh, I understand what you're saying. Been written. Yeah. And it's really just f the figurative, you can show people.

You, you have a plan. Is it the plan you follow? I don't know. Ah, maybe. All right. Well,

Nate McBride: yeah. We all, we all remember the binder. Yeah, you're right. You're right. [01:16:00] Grab the binder. Okay. Step one, uh, go to the bar. Okay. So anyway, um, uh, okay, we have to move forward because I'm looking at the clock as well, but I wanna talk about zero trust, which is, is one of these things that is, I talk to five people at a security conference.

You get five different answers from about zero trust. Nobody really knows what it means. Boy, it's, it's a concept as much as, um, as much as, uh, beer is a concept, I guess. So Zero Trust is one of the dominant security paradigms of like, I don't know, the last seven years whenever Google came out with this idea, ZTF.

Um, the traditional perimeter based security model simply does not work in today's distributed as a service model. I mean, it's fact. So the [01:17:00] principle for Never Trust, always Verify is always sort of the best case scenario for this world. But the problem with zero implementations is as they mature, you see their strengths and limitations kind of come in full force when it comes to resilience and autonomy.

Um, of course she was that first Generation Zero trust implementations focused almost I entirely on identity and access control almost entirely. And you and I both fell victim to this, like we both fell into this. It's all about the identity of the user, their acls, what can, they can see, what they can't see.

Um, basically making, making sure people have access to the right stuff based on identity, context and policy. And it's a huge improvement over what we used to do. The perimeter approach, perimeter approaches were, well, I mean, just almost nearly impossible to run, [01:18:00] but it's the beginning, right? The, the next frontier is the continuous verification.

So move, moving beyond like point in time authentication to ongoing assessment of behavior and risk. Not just who you are when you log in, but is your behavior consistent with your role And the normal patterns, and this has been going on too for a while, like this whole uh, XDR perimeter observation layer that companies are putting in is watching is this Mike's normal behavior.

Is this what Mike does every day? Sure.

Mike Crispin: Yep, yep.

Nate McBride: Um, but

Mike Crispin: the shift has it's scary privacy perspective, right? There's certainly some Oh, it's huge. Yeah.

Nate McBride: I mean, the shift that we've undergone has profound implications. Uh, on the one hand it does, continuous verification can obviously enhance your ability to detect and respond to anomalous behavior [01:19:00] before a bad actor can do bad things.

But on the other hand, it requires a lot of sophisticated monitoring analytics. Mm-hmm. Policy management, which creates additional dependencies on specialized vendors and technologies. So it's a trade off, right? I can gain a ton of benefit by going towards ZTF, but then I'm becoming dependent on security vendors and platforms to do this for me.

Absolutely. Yep. And, and I guess to a degree we can all say, well, that's the price you pay of having a company that has data. But in truth, I'm not sure this is the way it should be. If I, if I can verify that Mike is Mike when he logs in, and do I need to keep verifying that Mike is Mike or should I only verify when Mike [01:20:00] is not Mike?

Like, if there's a mic logged in, another Mike tries to log in. Obviously that's not Mike. Yep. One is and one isn't. I don't know.

Mike Crispin: Yeah. I think, you know, I have problems with the idea. I, I've thought about this too, and why, you know, I, I, I remember when, when Snapchat first came onto the scene, one of the things that, and, and WhatsApp did the same thing, is you could only log in from one device at a time.

Mm-hmm. And I think because. The application on a phone can just controlled in a jail basically, that they can just kick you out when someone else signs in. Right. Similarly, on web applications, the same could be said, should, should be able to happen. And I've always wondered why. Maybe that's why isn't that an option?

And the reason why I, that I've come up with is if someone is [01:21:00] trying to get in

Nate McBride: Yeah. There's

Mike Crispin: a, there is a large denial of service possibility now. Yeah. You know, something's wrong. You keep getting signed out, something's going on. Yeah. But if you can't catch that person, figure who's doing it, or you can't figure out how to do it, you could say, oh, we can reset the password or something like that.

Nate McBride: Yeah. But

Mike Crispin: if they're figuring a way to trigger that, then you're, you're, you're gonna a denial service risk. And I think that's why the, the, um, applications don't allow for that. That being said, like, I think. Once you, you're asking, but once someone's logged in, we verify that they're them. I think, I think there's less need to reverify because of the, the, the likelihood that, uh, a device is left unattended.

Um, yeah, it's debatable because people work remotely. This may be more of a risk, um, is that [01:22:00] maybe behaviors have gotten better in some respects. Um, and this is, I guess this is where I get to the point where you're, you're enterprise, uh, and, and works based security. Uh, when we're talking about, you know, sort of the Citrix models and the VDI models and all these other components, things that really is what Zero Trust was leading us to.

Yeah. Is so different from your consumer and, uh. Technology experience that you're creating this more lack of a better term, convoluted experience for people when they're at work. And that is just, I, I think that is something that we've gotta figure out. I'll give you the example of like the web browser biggest fan in the world of this, this island, you know, enterprise browser.

Nate McBride: Yeah. But I also

Mike Crispin: realized that like, yeah, a lot of people can go home and use a Chromebook. I think [01:23:00] there are probably sort a few, a bunch of those people who that's probably all they need. Um, but I think there's also so many, uh, industry specific applications that still require these, like, thick applications.

Like why do we still use these things? Uh, or at home they're using Microsoft Office or they're using, you know, Photoshop or something along those lines and they get into the browser like, I've lost all these options. I'm not able to do any of these things. All the name of, really, at the end of the day, it's security and portability.

So it's. Getting that zero trust place is like this balance, like anything else. And what are we really preventing? Um, you know, we're preventing data loss protection and we start talking about data loss Protection is probably the single hardest thing to do without slowing everyone down. I think it's, it's probably, you know, people need to work on documents.

Yeah. Like remember liquid machines? Remember that? The, the, oh, yeah, yeah, yeah, yeah. All that stuff. It was [01:24:00] like, it was a great technology and, and, uh, and, and, and, uh, EMC had a product for a while. It, it did everything we wanted. We installed an agent on the machine. It kept the, kept the document safe if anyone ever copied it.

And then we found out, well, more than these three people that we think are gonna work on this document are gonna work on this document. I. There's really six people are gonna work on the document. We're gonna know about four of them. The other two are gonna be asked in an emergency or something along those lines to work on the document.

Yep. Yeah. And it's gonna happen a hundred times over and we're gonna ditch that technology. And I think the same thing, you know, is, is that's why we've gotta be careful with, with the, with the amount of zero trust implementation, is that you don't want things to get so laborious for people that they just go around it however they can.

You know, they just get, and, and even breaking policy and the rules [01:25:00] that they, they will just go around it because, oh, I didn't know, and then you're in bigger trouble. So it's like finding that balance is so hard in a zero trust, sort of zero trust mindset where you're doing all the right things and you're, you're following the NIST.

Guidelines and you're trying to protect the, the, the data and you have the data classification policy and everything in place. But, um, I think that's, that's a real, it's a real struggle getting there, um, for, for companies because they need to work

Nate McBride: well. So this idea comes up that I started fucking around with at, um, at Amag and then continue to modify over the years about Sure.

Um, this composable zero trust archite architecture, which is basically, okay, I'm gonna log through this s so vendor over here that has nothing to do with anybody [01:26:00] else. They're just gonna sit there, they're gonna be the authentication broker. Yeah. Then I'm gonna go, go into this tool that ha deals with access control that tells me what I can and can't do.

Then I'm gonna go into this other tool that where my, my data sits, but the anomalous detection's gonna occur at each level, and it's gonna compare against each other to determine if I'm me. Along the way, I'm sort of building trust as I get in there. Then there's policy enforcement, and last, I can do the work on the machine that I've been authorized to, to work on.

So multiple levels. The problem with this is it's a very, I, it doesn't always work wonderful, number one. Number two, it has a certain amount of, well, I could do this yesterday, but I can't do it today. Kind of effect where things change. Sure, and they change. You have to figure out which level of the stack did it actually change in.

And obviously you can't manage this through [01:27:00] change control 'cause it's way too complicated, too many variables. But you have to kinda like do a lot of forensic work on why when Mike worked in this document yesterday, clearly he's not able to. Today. Could be that something simple like the person who owns the document, changed mic to a viewer and we're all gonna dig down rabbit holes to figure out why that's the case until we look at the simplest solution.

But other times it could be something else. So that's where this, you know, you have to have some sort of intelligence in here. The intelligence allows you to understand Mike's role and what Mike does, and then assess Mike's patterns and then evolve the zero trust model based on only in the org, but also on mic.

And then lastly is defense in depth, which we've all always heard, it's been around for years. But then the idea of [01:28:00] defense in depth through diversity, which is that you have all these multiple systems in place, and if any one of them fails, all the other ones continue to operate. It'd be impossible to bring them all down at once.

That means that Mike's gonna get to his data. He might not take the most straight path some days. Yep. But he's always gonna get there. That's right. I mean, that's, that's the model we strive for. We, we, you and I, and we're not so unique in our view of how SSO should be detached from the rest of the stack and operating kind of in its own own layer.

But in truth, it's not that common, I think for people to say, well, the shortest path is to have everything. In one place with authentication in that same place. It's basically a fox in the hen house model, in my opinion. Right. But the price you and I pay for having SSO abstracted is we have to have [01:29:00] then another layer and another layer and another layer, yeah.

Before they're able to start working on

Mike Crispin: docs. I think if, I think one of the interesting things about not to go too far into the SSO or the identity realm, but why not is, is uh, in theory what the most secure thing you can do. I think if I'm just thinking out loud, is if you had a user who could remember passwords.

Right. I mean, I'm just saying like, just if in theory and you had a different username and a different password. For each account and maybe a different MFA mechanism for each account, then your single point of entry goes away and you've, you've, [01:30:00] you've distributed the risk. You truly jailed each application.

If someone gets into your Enter ID or gets into your Okta through some sort of, you know, social engineering, which is how it will happen. Yep. Um, they're in everything. So can I, can I, sorry. As much as we say, you know, um, that and it, I do think that single sign on and Okta and or intra or whatever, JumpCloud or whatever you want to use.

Still, uh, levels and levels above are what we would usually have at a company. Yes. Because of the audit trail and the, the ability to have one place really to monitor and make sure, uh, you know, we're securing it properly. But at the same time, you know, you, you, you know, it's kind of like a password manager.

You know, if someone gets into your password [01:31:00] manager, uh, and it's got the MFA stored in there, um, they're, they're into everything. And similarly, if someone gets into Okta or into Enterra, they potentially could be in everything. So you, I think there might be at some point, you know this as people get more, as maybe it's pass keys, maybe it's zero, no password off, you know, type scenarios happening at the application level.

We may see a little bit of a distributed identity model come back into the, into the fold. Because right now we don't do it because people can't remember passwords and they'll write 'em down somewhere 'cause it's too many passwords to remember. But, but I'll just go get, we've able this, a free password manager and put a five digit password on it and that that'll, and you know, that'll be it.

Nate McBride: We, but we've enabled this Mike, I mean, garner 2011, like, [01:32:00] like we gotta get, we gotta passwordless experience. That's when this whole idea began. But maybe that was the wrong approach, maybe the wrong approach this whole time was to restrict them from using passwords and remembering three or four accounts.

Like why is that so hard for us to do and to push that model? I mean, obviously people's memories are what they are, but people are not idiots. Well, no, sorry. People are idiots. People are not so dumb. They can't remember. Four combinations of things, uh, or four 12 character passwords. They can remember all kinds of terrible shit.

So we're, we're, well, we're dumbing them down a bit, but we have to, I think, I think zero. It's

Mike Crispin: still more secure to do it the way that we are doing it. I totally agree. Okay. I, I, I think, you know, as long as you've got a, a rotating multifactor password and you know, you can't, let's take, let's [01:33:00] take Okta Verify and, and the Microsoft Authenticator.

You can't go in and grab the TOTP key. Out of either one of those apps, right? So that's, that's one thing. Now you give someone a password manager, whether it's the one on island or it's proton or bit warden or you know, TPAs or whatever you're using, you can go in and all, all that. TOTP is, is another string that sits in the manager and that generates that code off of, uh, an a, uh, uh, some sort of algorithm somewhere.

And if you cut and paste that into Google Authenticator, you, you just moved it. So there's, there's no, there's no different, just another password that's in the password safe. So in some respects, if someone's got a password safe, that's a real single point of failure that we can't control. At least we can control Okta or we can control Enterra and we can see what's happening to a, to a degree, if you put a password manager out there, um, you, we, we really can't [01:34:00] see if it's secured with the right type of password.

We can't see if it's encrypted. We can't see any of that stuff. We're just kind of putting it out there. So I think that's why today it's the same, but you know, we're doing the best thing today. I really do believe so. But if we get to the point where more and more applications have a better zero trust model, maybe they've gone passwordless or they're moving some device model, or it's related to biometrics and it's just built into the app, um, I think that's where you get a more distributed model that's more secure than even having SSO.

So when you do it at the app level and you're able to break it up, uh, outside, and the user experience still remains, uh, easy and, and simple. The worst thing I've seen is the windows. Hello? In the pin code.

Nate McBride: Yeah.

Mike Crispin: I mean, you, you could, someone could, you can walk by your machine after getting a coffee and your machine unlocks, you know, that's like,

AI Trance Bot: [01:35:00] yeah.

Mike Crispin: And then the first thing they ask you, now I realize you can. Deal with this, with Intune and everything else, the first thing they ask you is like, gimme your four digit pin. It's like, what?

Nate McBride: You only have three. You only have three tries, Mike, with, with that, it's not infinite tries. That's true. That's true.

So you But I, I hear your point. I hear your point. So I, I, the, the, the question was, are we dumbing people down? But even the way you answered it brings up another question, which is, um,

are we so far beyond the tube and the toothpaste model that we'll never go, we'll never go back towards remembering things. We'll go, we'll only move forward towards remembering nothing like you should only ever, because that's what, that's, I mean, honestly, that's what I'm going for. At Alio, we are one pastor away, one left [01:36:00] towards being passionless one.

Yep. And my goal has been to eliminate them from the, from the very get go for, for even before alio years and years. Get rid of the fucking password once and for all. And it's still, there's still one password left. But I've always had the existential crisis question. Once I get them past that line, now what do I do?

Because they have no password. That's

Mike Crispin: right. So they can't get anything. You're very, very, very reliant on whatever is presenting that to them. Exactly. Right. Exactly. Yep. You're very, you're, it's a big, that's a big, big, I imagine its been someone has a password.

Nate McBride: Someone has a password. Yes. Some fail safe.

There's a fail safe. But, um, the end user does not have a [01:37:00] fail safe. They have, oh, oh, you forgot your badge With your token, with your Yuba key attached to it. Well, that sucks. Oh, you forgot your phone. Well, that's terrible. Um, I need an, I need you to have something else. Yep. Biometrics. Okay. We can work with that.

But yeah, I mean, resilience wise, I'm, I'm at the, I'm at the top of the XX axis. I'm way up there. Nailed it. Great. But, um, business continuity. If you forget all your stuff, I'm at the, the bottom, I'm at the zero.

Mike Crispin: It's, I think it's, if you think of how people get into their phones, right? Like the face ID component, like, people are probably so used to that.

That is, that is gonna be their expectation. And I think with this windows, hello thing I. I'm not [01:38:00] sure how secure it is, but it works pretty damn well. I mean, you sit down it pretty well and there's nothing you need to do. It's awesome.

Nate McBride: It's awesome. It's, it's hashed. Well on the pc, I mean, we have Windows Hello mucked with, uh, Okta Verify and it's awesome.

Most people do clamshell mode anyway, so it doesn't, it's not useful to them. But the, but those that actually have open laptops, it works really well. I mean, the majority of people at our company use UIC Keys because they're in clamshell mode. Um, they have two big, big displays in their desk. They don't need a laptop open, so most of the biometrics fail anyway.

Now you can buy, do these

Mike Crispin: link to device specifically?

Nate McBride: Yes. Each device. Good. Each device, you can buy external USB biometric authenticators if you really want to go that route, but we're not, um, that's for. Insanely private [01:39:00] companies, which we're not. So, um, so yeah, like I feel like we, I've achieved a certain amount of autonomy in the model because we're able to rip out something that we don't like.

If we had to at a moment's notice and replace it with something else we do, like, without affecting the entire stack, like that's an, that's a level of independence I wanted for a very long time. I wanna be able to rip out anybody on the chain and replace them and have users almost notice nothing, preferably nothing, but in case of Okta, they would, they would notice that.

So, but, um, like that, that's what I think when I come, when I think about zero trust, I'm thinking about, okay, I hired a user. Their job is this, their role is that they should only see this. Why, why would there be an exception? So therefore, I'm only gonna do these things. That, to me, is pretty zero trustee.

You are a director [01:40:00] of X, well, your director rights give you access to everything below it and you can see X. That's it. You're done. And when you log in, that's it. It's all you get. There's not a possibility for exception. That's the level of autonomy that I think has helped both the employee who has no predilections about what else they could possibly do.

They're very restricted to what they can do, which is the thing they were hired to do. Yep. But, um, we're just being redundant now, so we got, we got almost halfway through the script. Um, I think we should pause. Sure. Uh, makes sense. Yeah. We're coming up on some good time. Uh, but that was awesome. I think we're, I mean, building resilience, if you're not already [01:41:00] doing it now is a good time.

I mean, it's the son of a bitch, but it's possible and you can do it in a way that preserves autonomy. You should probably have a lot of infrastructure in place already to handle this change. But, um, even if you don't, it's cool if you walk into a company that's owned by an MSP and they have 45 switches for 10 people, um, you can gain back some of that autonomy.

Just fucking fire them. Get control, man of the situation. Uh, boy, boy, boy is right. Bunch of boys in that company. Okay. Uh, so next week we're gonna finish up this episode. I. Then the week after that, episode 12, [01:42:00] which is shaping the future of technology adoption, we're gonna focus on innovation driven autonomy, considerations, uh, leadership, leadership challenges, infrastructure and architecture, things we tend to ignore here, and talent and skills.

We're gonna kind of bring them together. And then lastly, the Big Kahuna Burger, episode 13, the Big Kahuna Burger. Yep, the Big Kahuna Burger. We're gonna do an all out, no holds barred Thunderdome version of the podcast where we're gonna actually talk about all the ways Phil Collins could have murdered his best friend

and why and how The Beatles are totally complicit. With the decision to do this? What all the mafia, how the [01:43:00] mafia was involved. I mean, it's gonna be, we're gonna, we're gonna, it's gonna be exposures, let's put it that way. Probably some lawsuits

Mike Crispin: that's gonna, yeah. I don't think I, I think we'll talk about Phil a little bit, but we need to, we need to give him his space.

Nate McBride: Mike, you're always the first to defend. I, I find it so odd. I don't have to wonder what involvement, what, what, what role you played, um, in this whole thing. But, you know, maybe that's not for this podcast. Maybe that's for other people to think about.

Mike Crispin: You wanna do a side podcast on the, the defense of Phil Collins?

I'm just,

Nate McBride: I'm just saying. So we're getting, we're getting to the end of the season. You guys have been great. We, we assume, we have no idea actually. We just assume you've been great and Mike and I are great. I've been great. [01:44:00]

Mike Crispin: I'm great. Yeah. We're doing great.

Nate McBride: Mike's making his new trance epic. We're going on the Road Trance Festival in Miami, so EDM 2026.

We're gonna be there. Mike's let's doing a three. Let, let's do it. Three hour, three hour set at one in the afternoon Prime slot.

Mike Crispin: Yeah. It'll be a, it'll be a, uh, a six minute set,

Nate McBride: dude. Honestly, I'm not even kidding. We should get together and make a trance album like a whole album.

Mike Crispin: I, I'm telling you, I've got all I I I have a few ideas of how we could do that. Then I have some of the equipment too.

Nate McBride: We could, we could remix some of the, uh, some Phil, some Beatles. Into all of it? No, bring it.

Did you bring it together?

Mike Crispin: My, uh, do, do I gotta tell you, I'll tell you the name of my, my new, uh, band. [01:45:00] Do you wanna know what it is? Yeah. You wanna save it for next time?

Nate McBride: No, no. Go, go ahead. No, no.

Mike Crispin: Let's do it. And I, I've got the domain and everything for my new, uh, my new, oh, you gotta have the domain. If you can't announce this, the

Nate McBride: podcast without having the domain.

Go ahead. Wait, wait, hold on. What's the genre of the band? It's, uh, it's

Mike Crispin: EDM Dance Trance. So you have a whole band around EDM already? It's an artist.

Nate McBride: How come I wasn't asking? Be in the band.

Mike Crispin: Well, anyone can be in the band. That's why you get a band and you don't, you don't make it a solo act. All right. Well, I didn't know there was tryouts.

I wanna be in the band. Yeah, maybe. Hey, there can be, there can be, uh, anybody can participate. Maybe. We'll figure, make it that way. You're,

Nate McBride: you're being kind of vague. You're not a movement. Not saying Nate. You're not saying Nate. You could be in the band. You're saying anyone could be in the band. You're being basically being, I'm saying featuring, featuring Nate and DJ Sweet Apples.

No, not [01:46:00] featuring, but on Percussion. Nate and Brett on

Mike Crispin: Triangle.

Nate McBride: Yeah. Listen, it could be the first trance group to have Trance Triangle. Anything to be sampled doing by the way, doing by the Love Triangle. People Love Triangle. By under, by Underworld On the triangle. Oh yeah.

Mike Crispin: I like, uh, what is it? What's that song called?

Nate McBride: Born Slippy,

Mike Crispin: two Months Off. What's that? Is that one of 'em?

Nate McBride: I had no idea. Two months

Mike Crispin: off, three months. Two months off. I think it is. Awesome. Great song.

Yeah. We'll, uh, we'll, we'll, we'll wait for next episode. Well, I'm a, I'm,

Nate McBride: I'm a little hurt that you didn't invite me to the band, but I'll show you what I got. You'll regret it. [01:47:00] I'll make a competing band. We'll have a, I'll have an alt band

Mike Crispin: you're in, man. You're just gonna, you produce some tracks. I can do tracks. This is my, I'm, I'm a producer now. Come on. I'm a producer.

Nate McBride: Okay, come on now.

Mike Crispin: That's where we're going. Come on now to make a full $5 and 60 cents off of this next year in streaming revenue.

Nate McBride: Well, why can't we have that in the podcast? Why can't you make some streaming revenue off the podcast?

Mike Crispin: Well, I think we, we create a separate podcast. We create a separate entity for this.

I.

Nate McBride: Okay.

Mike Crispin: Definitely.

Nate McBride: Is this the podcast where we listen to trans music and then talk about it?

Mike Crispin: No. No. It's not a podcast. Like, it's just, you just play the tracks on the podcast.

Nate McBride: Oh. Have

Mike Crispin: you seen what they go on the [01:48:00] podcast? It's just like Paul Van Dyke or Oakenfold. They have podcasts now and it's just the tra it's their mixes.

It's awesome.

Nate McBride: Why don't we do this, Mike? We'll do a podcast that plays our portions of our favorite live sets from ever every episode. We'll talk about 'em. Yeah. Then we'll always, we'll play a, we'll play a track from our album.

Sure. Yeah. It's, uh, great. And we'll, we'll talk about how, how it came together. Like my, how my harmonies and my, um, my intense deep emo A SMR sound brought out the best of the song. I. What's the name of your, what's the name there? The, um, the band or the group? Micros Spin.

Mike Crispin: You like that?

Isn't that sick? Come [01:49:00] on. Good man. Jesus. Hey, I'm thinking I've got a lot, a lot going on in my mind. Micro Spin. Micro spin. Okay. Domain was available. Everything was good to go. What happened to the last band? Oh, that's, it's still going. Okay. No, no mic. The Micro Crispin Band one. Oh, that's that. We we're gonna feature him in, in some of the songs.

Okay.

Nate McBride: Well, I'll just say it right out there. Like, I have tremendous depth in my, my, uh, classical rock singing. Like my karaoke skills are second to none. Yep. Um, I have, I could play a drum, not all the drums, but a single drum. Like I, I've got some skills. You should, you should let me audition.

Mike Crispin: Is that coming through at all?

Nate McBride: No, it to do the, do the zoom [01:50:00] thing?

Mike Crispin: Yeah. I can, I can't. I gotta share it, don't I? Yeah. Stuff's coming out pretty good.

Nate McBride: All right, well next week everybody, we're gonna get a sample of Mike's new demo to open the show

Mike Crispin: here. You can cut me. You can cut me out here. I'll do it right now. Oh, I can't do it. Freaking Mac.

Nate McBride: Yeah. Okay.

Mike Crispin: So enter my password and shut down Zoom to share stuff. God.

Nate McBride: Yeah. Yeah.

Mike Crispin: Me nuts.

Nate McBride: Yeah, exactly. So next week Mike will debut his new single Love Tush. Uh, from Micro Spin Records. Yep. New label. Yep. Um, and then we will get into the second part of episode 11.

The song

Mike Crispin: is only

Nate McBride: [01:51:00] 45

Mike Crispin: minutes long,

Nate McBride: so Got, we're gonna decide a of Mike's new album,

electric Tush Rope is the name of the, the name of the album, but drop it for you. I already got, I got a few few names. Okay. Okay. Well thanks for being here tonight. Um, be nice to animals. Yep. Be nice to old. Be nice to old people. Be nice to your IT staff. Don't be dicks. To each other, to your IT staff, to anybody.

Um, have your pet speed or neutered. Uh, give us all the stars on the thing. Mike,

Mike Crispin: have a good time. Be good. Take [01:52:00] it easy. Don't get pissed.

Nate McBride: There you go.

Mike Crispin: Or from the work or get pissed if you want. Sometimes

Nate McBride: get pissed, but kinda like get pissed in a controlled at home by yourself. Yeah. Where? At the gym. At the gym.

Get pissed. It's okay to get pissed. Actually, I shouldn't say don't get

AI Trance Bot: whispers that glow. So

soy, we

the,[01:53:00]

through the cyber paths, we glide in the circuits. We confide. No restraints, no need to hide in the system. We.[01:54:00]

We control

whisper in the night flashing so [01:55:00] bright.

People on this episode

The Calculus of IT