Human Risk Management with uSecure (EP 861)

Hello friends, Uncle Marv here with another episode of the IT Business Podcast, coming at you from Pax8 Beyond in Denver, Colorado, continuing on with day two. And we are joined by the company USecure, and I messed up that because I was so worried about the name, and Nihil Majorio, Morjaria. It's a tricky one.

That was very close. So there it is. I was focused on that and messed up the other name there.

But thank you very much for stopping by the booth here. And as you were telling me before, I'll just get it out the way up front. You guys were named Most Valuable Vendor.

Yes, very, very exciting to get that award from PAX, yeah. Very nice there. Yeah, a really good representation, I guess, of all the work that's gone in with the partnership.

So yeah, really, really thrilled to get that award. All right. So that means that you had a very productive year.

You were just entered into the marketplace last year. So what's the last year been like for you guys? Hectic. Yeah.

A challenge. It's been very fast moving, but it's gone even better than expected. Really? PAX 8 has given us very good exposure into, obviously, America, but also global distribution with their marketplace.

So it's always quite hard to tell how quick things might grow when you launch with a new partner. Right. PAX 8 have been brilliant.

PAX 8 have made the whole process with their partner education, the vendor education, that collaboration between those different elements really, really smooth. So yeah, it's been a very, very exciting, fast-paced year. Very nice.

Now, most people will look at U-Secure and just think of it as another awareness training platform, but you guys seem to be much more than that. Of course, you have the cyber training, the phishing, the policy management, dark web monitoring, but you have a thing that you call human risk management. Of course, everybody talks about the fact that the weakest point in cybersecurity is us.

So, explain to the listeners how you guys have incorporated that into your platform. Yeah, it's an important development because training and phishing is still absolutely crucial and those are still fundamental parts of what we do. We found a few years ago it was a little bit reductive for what we do because the ways in which human beings should be monitored and should be helped is quite different now from what it was three or four years ago.

There's a lot of different elements and vectors where malicious actors use them to their benefit or compliance and legislation means that we need to be a bit more structured. So that's why we developed it beyond just training and phishing. It's about understanding the human as a whole, having a more comprehensive understanding about where their gaps are, what sort of development they need to be a layer of security because like you say, Amar, typically it is the end user in front of the computer that's a bit neglected and then all of the work you've done in the infrastructure or the investment that you've made almost can be made redundant by one mistake by someone who just wasn't given the education they should have had.

Okay. What are the types of things that you've incorporated that makes sure that the users are completely engaged because most of the time if they know a training is coming, they're just going to listen just enough to pass it and move on. But I think from what I've heard from you guys is that you actually have more engagement from the users.

So I wanted to find out how does that happen? So the content itself is really important. People will often look for excuses not to engage with training. Like you mentioned, they'll put it off, it'll become a lower priority.

We understand that we need to keep the training as short and as engaging as you possibly can. So we've built all of our own video content. That video will have two, three minutes of content.

It will have real life scenarios with a little bit of humor injected. So we're not trying to make people technical wizards. We're looking at your receptionist, your HR rep, what kind of situations they could be in where they might not understand the best practices or fall foul of a malicious attack.

By keeping it short and simple and with scenarios they'll relate to, they'll get into a habit of doing those courses much more easily. Okay. Your title is Chief Revenue Officer.

So of course, MSPs are probably asking you about the money side of it. Is it low cost, easy for us to add into our stack and stuff? Exactly that, yeah. So the product is exactly designed for MSPs.

Our goal with the product is to essentially keep the MSP out of it. If we can get you to set up the platform and let it run itself, then not only will you get better engagement from your clients because it becomes a habit, it becomes a routine, it becomes part of their standard processes, but also for the MSP, you then get time to spend on perhaps more complex projects, things that require a lot more handholding. So we actually at PAX 8 events previously have had the product set up live on stage in front of MSPs.

It's a big risk, things could go wrong quite quickly. Thankfully it didn't. In 20 minutes, the product was set up live and you could in theory leave that tenant alone forever.

It would import new staff members, it would deploy personalized training, simulated phishing attacks, monitor the dark web, and also send key company documentation. That system would in theory run itself forever without any need for admin intervention after those first 20 minutes. All right, so that sounds like there has to be some pretty good integration in there because how else is it going to know to onboard and offboard employees? So it's pulling from Azure AD, 365.

Exactly, and Google Workspace as well. So we can simply pull in different groups, different users, and that will update every single day. So part of the thing with human risk is that new starters are often the people that get targeted the most because they are learning new processes, they're being invited to lots of different systems, they're keen to show that they're quick to respond, and that urgency where if somebody spoofs an email from the CEO, a new start is much more likely to click through it because they want to impress and they don't know the normal routes of communication.

So if we can get them in the product ASAP and then deploy the key processes that we want to involve them in, the key training that they need, again, it's all about increasing that baseline, making sure that that weakest user in the organization isn't going to fall foul of these types of attacks. Okay. All right, let me shift gears here real quick because it just popped in my head that I wanted to ask you this.

You're the CRO, but you actually started with a degree in psychology. Yeah. So I want to ask, how did that route go? Because listening to you talk, it's as if you've been involved in tech the whole time and you understand everything, but I wouldn't have guessed that starting out with a psychology degree.

Yes. I think it's not a coincidence that I am in human risk within security. So people fascinate me, what makes them tick, what makes them work, how to relate to people.

I find that endlessly interesting. And tech obviously has grown incredibly quickly, so I've been very fortunate to find a role in the industry which is growing and that is evolving, but I can still utilize the human element of it. So much of security is around infrastructure and technology and the human element gets forgotten about.

So it's nice to be able to exercise that background whilst also being in a security sphere. Did you do any tech growing up or anything? Were you a gamer? A gamer, but not so technical. I've had to learn a lot in these last seven years to sort of build up that technical knowledge and sort of understand the interconnectedness.

What was your transition over into tech? So I initially started off in payroll and HR software and then realized that it was so detached from anything that I'm interested in. That's pretty boring. Oh yeah.

No human stuff there. Yeah, exactly. Trying to make pensions and payroll interesting is a challenge.

But I got a feeling for sales, I got a feeling for software, and I thought, okay, let's look for the right sort of marriage of what I'm personally interested in and what actually I feel like I can talk about naturally and passionately about, but also stay in the right sphere of an industry that's going to grow very quickly. Are you living here in the States now? No. I'm in Manchester in the UK.

So still there. How was the flight over? Long. Very long.

A good 24 hours door to door, but good to, I can catch up on podcasts, I can catch up on films. You know, it's, you can use that time wisely. Did you come early and try to like do anything around the city? Yes.

So we arrived on the Friday. So Denver, there's quite a few good breweries, you know, some hiking trails. So it was good to get a feel for Denver as a city.

So you did the hiking trails? Around Red Rock. Now if I have my map correct, elevation is not an issue for you? Usually not. But Denver, the city, it pushes that to an extreme.

Yeah. And maybe not quite as fit as I thought I was, to be honest. Gotcha.

Gotcha. All right. So how's everything else going here at the conference? A lot of traffic at the booth? Absolutely.

It's flown by. It's amazing. It's day two and we're sort of midway through it.

So yeah. It's notable at Beyond compared to some other events where there's a lot more intrigue around new products. Right.

So there's a lot of very interested partners who are genuinely curious, perhaps they do a great job of putting vendors sort of in the limelight when it's needed, you know, not making it too vendor heavy, but also introducing vendors to the partners. So yeah, it's a great event. This is our third Beyond and it gets bigger and better every time.

Okay. What is the market of the US versus the UK and the rest of the world? It's a very, very interesting question. So a lot of US MSPs naturally have more clients.

And I think what that does is it forces them to standardize their offering more quickly than UK MSPs do. A lot of UK MSPs still have individual products that they'll license on individual licensing. A lot of US MSPs are a bit more commercially aggressive and will have a bundled offering where they'll include things like EDR, password managers, security awareness training.

And they'll basically say to their clients, in order for you to be secure, in order for me as an MSP to do my job properly, you have to take all of these elements because this is what modern security is all about. If we take any of those elements away, we have a weak point that could then cause the house of cards to tumble. So the UK is having that evolution, definitely are seeing it more, but in the US it does feel like there's that greater confidence in leading that conversation with their clients to say this is the package that you need to be secure.

Why do you think that is? It's very odd that the US is leading in a tech area because usually the UK stuff is there first and then it comes here, right? I think it partly stems from, I think again, the scale in the US. So I think a US MSP typically will have more endpoints that they manage and therefore need more scalability. So it makes it simpler to have one licensing model and push that.

Got you. All right. Very interesting.

Any questions for me? No, to be fair, I think that's been a very, very useful, a very useful chat. I really like how you've dug deep into my psychology past. I wasn't expecting that.

You know, sometimes I got to go find a little gem of a question to ask that is off the rails there. Catch them off guard. Yeah.

But thank you very much, Nihil. Thank you for having me on. Am I going to say the last name again? But thanks for stopping by and continue to test for you guys.

Can you win that award more than once? The most valuable vendor? I hope so. Well, maybe we'll go for the global award rather than the EMEA one. Okay.

We'll see. We'll see what we can do. All right.

So uSecure.io, right? Yes. Is the website? That's correct. So go there, check them out.

Of course, they're in the Pax8 Marketplace. And get yourselves and your clients secure and take away that human risk that we all have in our stack. So that's going to do it with this episode.

We'll be back with a few more here from Pax8Beyond. Thank you all for hanging out. We'll see you soon.

Holla!