Recorded at WatchGuard’s EMEA Partner Conference, in Dubrovnik, Croatia, this episode of 443 – Security Simplified features Peter Johnson from Schwartz GmbH for a conversation on how cybersecurity priorities are evolving across Europe. Peter discusses the increasing complexity organizations face when balancing security, compliance, and operational efficiency, along with the challenges of supporting customers and partners with varying levels of cybersecurity maturity. The discussion also covers the growing influence of AI on both attackers and defenders, regional differences in security approaches, and the practical steps businesses can take to strengthen resilience against modern cyber threats.
View Transcript
Marc Laliberte 0:00
Hey everyone, welcome back to the 443 Security Simplified. I'm your host, Mark Laliberte, and joining me today is Corey the Kingslayer, Nachreiner, the King Slayer.
Marc Laliberte 0:10
Oh,
Corey Nachreiner 0:10
we're in Dubrovnik.
Corey Nachreiner 0:11
This is where they film Kings Landing on Game of Thrones. I'm a King Slayer, Mark,
Marc Laliberte 0:15
and it is too early for me to have gotten that reference, unfortunately, but that's fantastic. And also joining us today is Peter Johnson from Schwartz. It, hey Peter.
Peter Johnson 0:23
Hey, good morning. Everything good?
Marc Laliberte 0:25
Everything is very good. Yeah,
Peter Johnson 0:27
you are still awake?
Marc Laliberte 0:30
Awesome. So, on today's episode, if you haven't already guessed, we've got another one of our awesome partners on to discuss all things about SMB security and MSP security in the great country of Germany. This time, Peter, looking forward to diving into it with you.
Peter Johnson 0:47
Yeah, so thank you for having me. Such a pleasure, because I follow your podcast, as I should, all the time. So that's pretty cool to hear a little bit about that one, where I'm driving to my office every morning will be fine, and bring up me a little bit.
Marc Laliberte 1:05
That's awesome.
Corey Nachreiner 1:05
That's cool. Driving to the office is much better than when you go to sleep at night.
Peter Johnson 1:12
Well, no, you don't be in my dreams. Be sure space for other things.
Marc Laliberte 1:20
Just glad it's more than just my dad listening to the podcast, so Peter, we always start with new guests with what we call the hacker origin story, and really it's just we want to learn about you, what got you into cybersecurity, and what got you to where you're at right now. So you want to give us like the quick rundown of what made Peter become a hacker?
Peter Johnson 1:42
Yes, sure, I Well, I started my IT career, I think it was 1988 so a long time ago.
Marc Laliberte 1:50
Wow, wow,
Peter Johnson 1:50
yeah, implementing an email system in our company. So we started email while we are first time selling
Corey Nachreiner 1:57
that's back in the day of Lotus Notes, maybe even before..
Peter Johnson 1:59
no, no, it was what perfect office still under DOS a long time ago, and yeah, starting networking with Novell, of course, and yeah, then the thing with the email comes up more and more, and the internet came into companies that was cool, and then we first time I got virus into a system that was, I think, something about 1994 to five,
Corey Nachreiner 2:34
that makes sense.
Speaker 1 2:35
So, and that then the cyber security started, because then I recognized, oh, damn, there's something you have to take care about, and again, long time, long story short, told I thought that it will be a good idea, as a company I'm working for, to be more security driven, so we're going forward and forward became Watchcout partners, no, I'm pretty sure 22 so also a long time. I still have the welcome mail. It's still the same account.
Corey Nachreiner 3:11
Did you ever use the Firebox 10 or 100 the big thick
Speaker 1 3:15
one? No, it was Firebox three.
Corey Nachreiner 3:16
Firebox three. Okay,
Speaker 1 3:18
starting with Firebox three, though. That was my first training with Composchak, yeah, they trained me first, so far that one, that was awesome, cool time, and yeah, so 2022 I decided to buy the company, now I'm the owner, that's pretty cool, so my story is still going on, and I hope I will have the 100 year anniversary of my company in 2036 because we were founded 1936
Corey Nachreiner 3:46
Wow, that's amazing.
Speaker 1 3:47
That's an old company, it's an old name. I think we started with typewriters and bicycles, that was something that was common in this time
Corey Nachreiner 3:54
back
Speaker 1 3:56
then. Now we are doing some cyber security stuff, long journey with different things.
Corey Nachreiner 4:02
We just celebrated our 30th, and we're proud of that. Like, most small businesses don't last 15 years, and having it sounds like 90 years. That's pretty impressive. Yeah,
Speaker 1 4:12
so that's pretty old.
Marc Laliberte 4:13
That's awesome. And I recognized a few of those names. That was a little bit before.
Corey Nachreiner 4:18
Okay, boy. Okay, little guy
Marc Laliberte 4:20
or not starting out, but when you were starting with Watch Guard, I think I was still like in computer lab planning.
Corey Nachreiner 4:26
Did you ever see a novel network where you had to terminate the ends?
Speaker 1 4:31
You mean that he's in the cable
Marc Laliberte 4:36
Ethernet was very much a thing when I started, that's awesome.
Corey Nachreiner 4:42
I'll go back and die now.
Marc Laliberte 4:43
So, Peter, we wanted to have you on, mostly to learn about, like, how things like cybersecurity in Germany, specifically, and then, like, the wider Europe region too. And I guess maybe we can start with, like, what are some of the biggest cybersecurity. Concerns that you're hearing with small and midsize businesses in Germany.
Speaker 1 5:05
Well, at the moment there are different things over there. The most thing we are struggling with at the moment is how to implement AI in a correct way into companies and in a secure way. That was something we everybody recognized now, and as the attacks are getting more and more complicated and more and more personal, because of that AI possibility for the other guys, for the bad side, for the dark side, that makes it a little bit more complicated, but that's part of the job, of course. Yeah, so love to have a new challenge that one of the concerns, and stealing of identity
Corey Nachreiner 5:53
is the
Speaker 1 5:54
next one at the moment. Yeah, you always see that spoofed mails, something like that with, hey, I've changed. I have new bank account. Please go to that one.
Corey Nachreiner 6:07
We've seen that before. Yeah, I think you can combine them too, right? Yeah, I think AI is going to make the dark side better at the social engineering and the email, so just get more convincing,
Speaker 1 6:18
better and cheaper for them.
Corey Nachreiner 6:20
Oh, absolutely.
Speaker 1 6:20
To make something easier to make an easy attack, so we
Marc Laliberte 6:26
have a
Corey Nachreiner 6:26
demo we'll show later, talking about deep fakes. How a lot of the social engineering we see in email is turning to me, like on a video talking to you, or me in quote Corey, specifically one social engineer. Yes, this is this is all a front. I'm actually making billions that I don't even know why I'm here.
Marc Laliberte 6:47
The sad thing is, I.. it's possible.
Speaker 1 6:57
Could I get a copy of that one of the seven? Because next week I make a training with the
Corey Nachreiner 7:05
content to do it
Speaker 1 7:07
on Tuesday, so that was a real question that will be cool, yeah, so I can show it to them. Hey, that's a completely new..
Corey Nachreiner 7:18
I'm curious, you mentioned AI, your customers are looking for help to do that, security wise. And at this conference, we'll have, I think, analysts will cover a little bit how they see AI developing among MSPs, but Gen AI, you know, customers using it for LLMs and just questions, versus the more mature agentic AI, where they're actually using it to automate, where are your customers in figuring out how to use that to innovate, but also secure it when it comes to Gen AI versus Agent Tech.
Speaker 1 7:50
No, that's that's completely different.
Corey Nachreiner 7:52
Yes,
Speaker 1 7:53
some are still on using the Copilot, Chat G Chat GPT stuff,
Corey Nachreiner 7:58
yeah,
Speaker 1 7:58
putting something in Chat AI and AI. I have some that are trying to implement own agents that are also.. I still have a question now I have to answer today to implement a cloud system
Marc Laliberte 8:17
for
Speaker 1 8:17
them, and where what should be hosted and stuff like that, that's an actual question from one customer, not so big, I think, something about 150 employees.
Corey Nachreiner 8:27
Yeah,
Speaker 1 8:28
so
Corey Nachreiner 8:28
interesting thing with AI is it can help smaller businesses too, so they might adopt it quite early.
Speaker 1 8:34
Yeah, that customer in special maker had a good idea, he, before one of their employees getting retired, they took him for half a year into an interview room.
Corey Nachreiner 8:47
Okay,
Speaker 1 8:47
to get all this knowledge, put that one into an AI. Now the so it won't get lost off the company.
Corey Nachreiner 8:56
That's well, that's good. Am I training you how to replace me
Speaker 1 9:03
to save that old knowledge still. And now they have a chat bot where you can put in an answer, especially to the company, and his answer will come up with a new one. Yeah, because it's what's great. No, you can answer to old questions,
Corey Nachreiner 9:21
that's very
Speaker 1 9:22
good. It's gone, then pretty nice thing.
Corey Nachreiner 9:24
You have certain people like I, whenever Mark or I are traveling, it's like, don't want that plane to go down, so it makes sense to, you know, transfer that knowledge. Yeah, it
Marc Laliberte 9:33
was genuinely a really cool idea. Like Corey, you've been a watch guard for what, 60 years?
Corey Nachreiner 9:38
Hey, I'm not that old, only 27
Marc Laliberte 9:41
you have a crapload of knowledge, and that would make a lot of sense for us to make a Cory bot before ride off into the sunset.
Corey Nachreiner 9:50
As long as I get a ride off to the sunset, I'm not like the dog that's being taken to the farm.
Marc Laliberte 9:55
This whole time I've just been like training AI to try and spoof your voice to give me a raise, but. The actual benefits
Marc Laliberte 10:02
to it.
Corey Nachreiner 10:03
Thank you for saying a nice thing. For once,
Marc Laliberte 10:05
Peter, you mentioned one thing in there with customers asking, like, how to deploy stuff like cloud, and I know, like, in Germany specifically, like, data sovereignty is very important, and data protection is very important. I'm curious, like, like, how does that play into AI adoption. Do you have people asking specifically about locally managed versus cloud managed? Yeah,
Speaker 1 10:25
but I also work with German AI builder companies, so I don't run into that problem because I'm always GDPR compliant, because the knowledge completely, the data completely resides still. You
Corey Nachreiner 10:40
have to be,
Speaker 1 10:42
that's almost the challenges. In addition, we come back to the interest question, what will happen with the data to get a little bit awareness training to their clients, to their employees, that they don't put every data inside the ChatGPT question. Yeah, please give me out a spreadsheet of that one, and so what will happen if I have set symptoms for a doctor or something like that? Yeah, maybe they use it also.
Marc Laliberte 11:08
Yeah, well, I mean, Samsung had to ban artificial intelligence pretty early because their engineers kept pasting source code into it to ask for, like, to look for bugs.
Speaker 1 11:18
Yeah, this
Marc Laliberte 11:18
is before, like, cloud code and, and codecs were a thing, and they were just using the free version of Chat GPT and willingly giving away very important intellectual property.
Speaker 1 11:29
Yeah, that's some things that need to be trained.
Marc Laliberte 11:31
Exactly,
Corey Nachreiner 11:31
we've talked about it before, but it's the issue with AI is it's data hungry. I mean, it's all based on feeding, the it gets better by feeding data, so it's going to see be interesting to see how it goes with GDPR, because on one hand, I mean, we don't want our private data to leak, at the same time AI companies want all the data they can get, because it's the only way their AI really gets smarter. So I foresee some cases and issues coming up with some AI companies in GDPR over time,
Speaker 1 12:00
yeah. I think in the future we will work with different AIs, so some for the internal information that's your own, your private AI,
Corey Nachreiner 12:11
and the other one is
Speaker 1 12:12
for the external. Yeah, so don't give completely access of your all over SharePoint to an AI,
Corey Nachreiner 12:19
exactly.
Speaker 1 12:20
That's something
Corey Nachreiner 12:21
that's an internal only you control,
Speaker 1 12:23
and that's something that part of our job will be to introduce our customers and to give them the right advice, which will be the right way, and that we are that's a new journey that's now started for us, for everyone, yeah, but we need to be first, so we could support our customers going the right direction, in our opinion, of course. Maybe, maybe it's,
Corey Nachreiner 12:50
we're the same, almost for you, because you're, we're a vendor, so we're seeing more and more questionnaires. We've done security validation questionnaires to show to MSPs and customers that we take security, our own security, seriously at WatchGuard. Now, all of the questionnaires are about AI data handling, so we've seen the same and have to do it very early in order to answer, like when you want your customers to use WatchGuard, we'll be using AI for protection, and you'll want to know how we handle that data. So, I think we're all in the same boat, having to be the leaders, because we're the ones providing the technology you provide to your customers, we provide to
Speaker 1 13:28
ours. So we need to close the same like that one.
Marc Laliberte 13:30
It's pretty, yeah, it's feels like the wild west still, with a lot of us trying to figure out exactly what the heck we're supposed to do with these really powerful tools, and
Corey Nachreiner 13:40
they're changing fast, changing
Marc Laliberte 13:41
very fast, which is exciting, right?
Speaker 1 13:44
Yeah, but I'm old. Speed is really hard for me sometimes.
Corey Nachreiner 13:49
I do want to sleep occasionally. That's why we need to AI, Cory, Mark, and Peter.
Speaker 1 13:56
That'll be fine.
Marc Laliberte 13:57
How do you know I haven't already replaced
Corey Nachreiner 14:01
this? Could be a robot.
Speaker 1 14:02
Yeah, who knows that we don't know at the moment a perfect fake. This will be a fake video. No, not at all. Be sure it's me.
Marc Laliberte 14:11
I still have a hope by the end of the year for us to do a fake podcast at some point. Yeah, that'd be cool. I generated everything, and no one will know.
Speaker 1 14:19
For
Corey Nachreiner 14:19
all the people out there that think it's a simulation, but we're not really helping their conspirator. We all need to take a red pill,
Speaker 1 14:26
so the blue one
Corey Nachreiner 14:27
or the blue one. Which do you want? Maybe we don't want to know.
Marc Laliberte 14:32
Peter, I'm curious. In Germany, is there anything you think that SMBs are overlooking when it comes to security, like we talked about some of the concerns you're seeing, but what do you think? Maybe companies are missing.
Speaker 1 14:44
Well, as the complexity rolled up a little bit more, I think one of the most things is that they forgot to create a plan when they are attacked. That's something that need to be prepared. You need a good documentation. Question, you need a plan. What happens when?
Corey Nachreiner 15:03
So,
Speaker 1 15:04
keep calm.
Marc Laliberte 15:05
Yeah,
Speaker 1 15:05
you
Corey Nachreiner 15:06
don't want to be making it up when you're in the emergency. You want to be prepared, drawing them after the virus. Yeah,
Speaker 1 15:13
that's something they should be prepared. So, they should have something on paper, on paper, because it don't work, of course. Yeah, whereas the right phone numbers are, they know who to call, because maybe sometimes won't work, and that's something that's missing out most of the time. We're coming to a new customer, we ask them about their documentation, will be the first thing.
Marc Laliberte 15:36
How are you seeing in general? Do are companies struggling with documentation? Do you have to come in and fix that pretty often? Yeah, or yeah,
Speaker 1 15:45
yeah, most missing things.
Marc Laliberte 15:48
I could see that
Corey Nachreiner 15:50
as a CISO to love our company. I think it's like we're a company that helps with protection, so we all always want to prevent, but the truth is, it's not a matter of if, but when. We think everybody with even the right protection could have an incident because of even social engineering like we talked about, which may not involve technology at all. So I think a CISO's real role, and you're kind of acting as a virtual CISO for your customers, is figuring out how to make a business survive, no matter what happens. It could be a cyber attack, it could be an earthquake, whatever. So, like you say, the business continuity, disaster recovery, and having the plan is so important. I'm curious, as an MSP, you're starting to sell, you know, partners and MSPs, maybe started as, like, you know, resale, you would sell products, maybe do break, fix, and point of installation, but now MSPs are moving to services, and it's like MDR monitoring, but how are the virtual CISO services like these kind of services you're talking about? You have to get to know your customer's business and actually do some thinking as a CISO. How are like kind of virtual CISO services doing with Schwartz, it
Speaker 1 17:02
well, that's as described. We started with a documentation, we take care about the backup, something it's not sexy, backup is not sexy, but
Corey Nachreiner 17:14
you provide the technology for it, but you're also helping them with the plan for
Speaker 1 17:19
it, so that's something. Meanwhile, they're growing or have a business change or something like that one that we need to be aware of, and then we change also the documentation, we change the disaster recovery stuff, the emergency plan that we have there, we support them, we also, as I told before, we make awareness trainings on site if they want to in person,
Corey Nachreiner 17:41
cool,
Speaker 1 17:42
old school, but still good. Yeah,
Corey Nachreiner 17:45
it hits, it hits harder than a video, I think.
Speaker 1 17:47
Yeah, I think so too, or a video, or something like a Teams chat, or
Marc Laliberte 17:52
something.
Speaker 1 17:52
See me in person with moving my hands all the time, just like here. Yeah, that makes it a little bit more better. Pay attention, yeah. And I take a look at them, and I see who will fall asleep. You have five minutes still left.
Corey Nachreiner 18:12
They're the first one that was going to get a phishing test email after this.
Speaker 1 18:15
Yeah, oh, that was a funny thing. I also do my own awareness training in my company, of course. Yeah, I fall into my own traffic.
Corey Nachreiner 18:24
I think everyone has done
Speaker 1 18:26
it. Yeah, that was a funny thing that I recognized for myself. Damn, anyone, it always could happen.
Corey Nachreiner 18:34
Yeah,
Speaker 1 18:34
so that was especially
Corey Nachreiner 18:35
spear fishing.
Speaker 1 18:36
Yeah, and that was a good one, because it was created by myself, but I didn't know when it would happen. It was completely random,
Marc Laliberte 18:46
a good test. Then got yourself dang,
Speaker 1 18:49
yeah, because it was a Docker sign, and I was waiting in that moment.
Corey Nachreiner 18:54
Yeah, yeah,
Speaker 1 18:55
it was blind because I waiting for it,
Corey Nachreiner 19:01
yeah.
Speaker 1 19:02
And then I fall into my own, so I'm still not safe for that one. I was happy that my environment around that will catch me up, so just things like in my EPDR, for the first second one, the fireball, yeah, the link wasn't accessible any longer, so that works for me,
Corey Nachreiner 19:27
good, good,
Speaker 1 19:28
but then I thought
Marc Laliberte 19:30
you
Corey Nachreiner 19:30
still want to not click on it, I've done it before, I think it's funny how context things like a basic shipping, fake shipping email, we all know them, they're so obvious, but if you happen to have a shipment that you've been, it's late, and you've been getting that from the right carrier at the right time, could convince you it's all about context and timing,
Speaker 1 19:50
and yeah, that's something that happens now with a new air that are written really, they are writing personally,
Marc Laliberte 19:56
perfect,
Speaker 1 19:57
absolutely perfect mails, and they resulted.
Marc Laliberte 20:00
You time
Corey Nachreiner 20:00
to the research
Speaker 1 20:01
problems, and sometimes that, and they are context directly to you. Yeah, awesome.
Marc Laliberte 20:06
Because it used to take manual effort, like research the target, go write it. I hope you got the grammar right, and now it's just thanks
Corey Nachreiner 20:14
to LinkedIn and social media is everything we do for a living. So,
Speaker 1 20:19
and so I'm really thankful about the partnership with Swatka, because you see that,
Corey Nachreiner 20:24
yes,
Speaker 1 20:24
and going forward with new ideas, new plans, new products, so
Corey Nachreiner 20:29
a couple of those,
Speaker 1 20:30
what happens next?
Corey Nachreiner 20:31
Yeah, we'll have a new product soon, you'll hear about it,
Marc Laliberte 20:35
so you may not
Speaker 1 20:36
later,
Corey Nachreiner 20:36
yeah,
Speaker 1 20:37
later today,
Corey Nachreiner 20:37
yeah, the podcast will probably hear about it later.
Speaker 1 20:40
Well, I'm excited. Give a sneak preview. No,
Corey Nachreiner 20:45
Joe would kill me. I
Marc Laliberte 20:48
like remaining employed. Got it,
Speaker 1 20:51
got it, got it.
Marc Laliberte 20:53
I want to keep pulling that thread, though. You mentioned your phishing emails for yourself, and you got yourself, and so focusing on like you and just the partner MSP ecosystem in general, what are some of the challenges you're seeing in securing yourself as an organization? Because ultimately you are responsible for security for your customers, but the buck stops with you and making sure that you are a good foundation for that. So I'm curious, like, what challenges you're seeing.
Speaker 1 21:20
Yeah, for us, we need to be always on time, stay have our ears on the market, and have our ears on that. What happens now on the secure part? So we need to train all the time. Just for myself, every morning I stay up. One of the first things is checking out the maze from the night. What happens? Second one is reading some news before, or mean by I have my first coffee, so I got the first news about cyber security before I started working.
Corey Nachreiner 21:54
Absolutely,
Speaker 1 21:55
and seeing things that there will be a vulnerability with Outlook, or something like that one, and to know it before my customer starts to work, make it easy for me when I'm starting
Marc Laliberte 22:07
at eight
Speaker 1 22:07
to say hey, or sending out an email before that one, take care that update need to be in place, or we're good thing if you have a patron, makes a
Corey Nachreiner 22:15
huge trust difference
Marc Laliberte 22:17
if
Corey Nachreiner 22:17
they're calling you to ask versus you are telling them before they even know to ask, so it's awesome that I think that makes a great MSP.
Speaker 1 22:25
Yeah, and so that's an easy one, because I still have time. Why shouldn't I read something? Meanwhile, I have my first coffee, of course.
Marc Laliberte 22:35
It's definitely important,
Speaker 1 22:36
so that's something I do for me personally, and my team also, that's cool. They're coming inside with new
Marc Laliberte 22:43
very much the
Corey Nachreiner 22:43
same mark, and some of my team, they probably use their sources, but I have a news aggregate or site that has a cyber security thing that first stop every morning is just seeing what the last stories were overnight.
Speaker 1 22:55
That's something in addition to trainings, of course, really necessary, so on getting the news from you, of course. In addition, the podcast give us sometimes news insights, but also the other stuff you have in your knowledge base, and your news all different sources for that one, because never trust one exactly, and also like if you are writing from each other,
Marc Laliberte 23:26
and if you see
Corey Nachreiner 23:27
like
Marc Laliberte 23:27
similar stories or trends across different sources, you know that that's going to be a big deal. Also,
Speaker 1 23:33
yeah, and it's going up a little bit more, and to be prepared for that one, that's an easy one for
Corey Nachreiner 23:38
us. Cool,
Speaker 1 23:39
yeah, and the way we are doing it now, see what happens in the future, but that way works now, and yeah, in addition we need to secure our own it, of course, yeah, we have to live what we sell or what we support, and that's something we do, so the newest one, as I state last three weeks in the states, I prepared my journey notebook, traveling notebook without any data on it, except of Fire Cloud. So I use for that one Fire Cloud till I passed the borderline. I had no access to my company,
Marc Laliberte 24:18
kind of,
Speaker 1 24:19
yeah, because that maybe will be a problem, you don't know if the Homeland Security put it
Corey Nachreiner 24:24
out, that's true,
Marc Laliberte 24:25
asked
Speaker 1 24:25
me to open
Corey Nachreiner 24:26
it, unfortunately we are turning into that state where you might want to wipe your phone before you go through,
Speaker 1 24:32
yeah, that will be something I take care of before that one, and fire clouds are possibly really perfect because all the rules were day activated,
Corey Nachreiner 24:41
yeah.
Speaker 1 24:42
And when I'm coming into first of Seattle, that was pretty cool. And then I turned on the private access directly, and it works perfect. And then I was in business, yeah, problem
Marc Laliberte 24:54
solved.
Marc Laliberte 24:55
Yeah,
Corey Nachreiner 24:55
we really prefer ZTNA, I think, in here at Watch Card, of course. We deploy Fire Cloud internally, and it really is a nice way to go compared to old school VPN, which still work, but I much prefer private access.
Speaker 1 25:10
Me too. Now, after that first experience to
Corey Nachreiner 25:17
perfect it,
Marc Laliberte 25:19
so I'm curious, like, just like every business is a little bit different, every country is a little bit different, and from your perspective, in Germany, like, what do you think is different about, like, cybersecurity and your neck of the woods versus even just the rest of Europe?
Speaker 1 25:35
Well, that's a problem in Europe, we have several countries, we have several laws, of course. You have several rules. Sometimes we have to take care about that one. Some are similarly GDPR is the European thing. This two now should be a European thing. It's still not every country, but it should be. But yeah,
Marc Laliberte 26:01
this too, each country is responsible for implementing it, implementing the directive, and so it's going to be a little bit different in each one too.
Speaker 1 26:09
And though something special, we have to take a look a little bit more in Germany. We are on the lucky side that we have still some money left to invest,
Corey Nachreiner 26:21
it's good. It's
Marc Laliberte 26:22
good being in a strong country with
Marc Laliberte 26:24
a good economy,
Speaker 1 26:24
that's something good in other countries too. Well, taking a look about Spain is growing up, as I heard tremendously. France also, Italy is strong partnership, I think, so with WatchGuard. I heard, and so I think they also invest because otherwise they won't cut up the eastern country are gutting more and more. Poland is unbelievable.
Marc Laliberte 26:51
Poland's going to be a pretty big tech hub too.
Speaker 1 26:54
Yeah, so that's something we take just a look now at the moment. Sometimes you have to double check what happens in a foreign country when you move there, or when your business is moving to
Corey Nachreiner 27:06
them,
Speaker 1 27:07
so you don't run into any problems, and you have to take care about your supply chain,
Corey Nachreiner 27:12
of course,
Speaker 1 27:13
which, who you are working to implement the same security level
Marc Laliberte 27:20
for
Speaker 1 27:21
everybody with inside everyone, so that's something you have to take care about, that one, that the there will be absolutely need to be security, just like multi factor authentication and stuff like that, that's necessary, and then depends on how you what are the weight of the data you're transferring? How hard will that one that you will take a look at for our customers before they're moving? They're asking us, did we need something special? Where is our entry to the internet when we are having an office there? Do we need ever for VPN branch office VPN, and the end as the out point will be in Germany, or could it be local or not? That's something we struggle a little bit. We take a look, but then
Corey Nachreiner 28:18
kind of like if you're in China, you know that you probably want a VPN through it, because you don't. Is that the country differences?
Speaker 1 28:25
No, not at all. Sometimes also some customers for us asking, okay, we have to block all the different countries.
Corey Nachreiner 28:32
Oh, I see
Speaker 1 28:33
that was happening there.
Corey Nachreiner 28:37
Yeah, you mentioned, obviously, GDPR and NIST affect Germany and wider Europe? Have you seen much of EU CRA yet?
Marc Laliberte 28:46
Cyber Resilience Act.
Speaker 1 28:48
Yes, it comes up. It starts now. It definitely don't think
Marc Laliberte 28:53
they take care.
Corey Nachreiner 28:54
We're paying attention for sure.
Marc Laliberte 28:56
We are thankfully well ahead of the game, because what the vulnerability reporting and security incident reporting is three months away, four months away, and then all of the actual requirements for software vendors like us come into effect 2027 which is not that far away. It's going to be a game changer.
Speaker 1 29:15
Yeah, and you have to do some homework.
Corey Nachreiner 29:17
Luckily, we've done homework. We have folks like Mark, yeah,
Marc Laliberte 29:24
so just a couple more questions to round us out. We've talked a lot about trends that you're seeing impacting customers and other partners. Is there any trend within Europe itself that you think isn't getting enough attention, anything you think maybe Europe is leading the way in, or something impacting businesses in there uniquely versus the rest of the world.
Speaker 1 29:47
Well, at the moment we have a new, new challenge, new movement to get out of the US cloud. Sorry, guys, but yeah, that's something that I understand, so. And that's something now the people are getting more and more aware, what happens, because first time, well, everything works with Microsoft, perfect, of course, they do a great job, they do a great job, yes, sometimes not, but now they're getting aware more and more that they need an escape plan.
Corey Nachreiner 30:21
Yes,
Speaker 1 30:22
something like that one, and to get also data from the stuff that comes by government. Yeah, that something
Marc Laliberte 30:31
is too
Marc Laliberte 30:32
like the German government probably doesn't want their data, and Microsoft's data centers.
Speaker 1 30:36
I don't understand why that happens. Maybe there will be some accessibility or something like that. We didn't know, and that's something that's coming up a little bit more to take awareness about that one, where your data lies. So, so the interesting thing is, for the most companies, the cloud first strategy is now changing a little bit,
Marc Laliberte 31:02
I
Speaker 1 31:02
could be coming back with your data a little bit more local with something you think, or to come into private cloud that you take by your own with some partner hosting partners in Europe and not in the US, you're not on the AWS or in the Azure, that's something that now coming up more, and I think that they should take more aware.
Corey Nachreiner 31:31
Absolutely,
Speaker 1 31:32
that's my opinion, my personal opinion. Yeah, the data
Corey Nachreiner 31:34
sovereignty thing we're talking about at the beginning.
Marc Laliberte 31:37
Yeah,
Speaker 1 31:37
that's something
Marc Laliberte 31:38
that definitely makes sense, and especially like with your most critical data, like having that data sovereignty and having it local and somewhere you control, or at least close, more closely managed versus Amazon's cloud, it totally makes sense.
Corey Nachreiner 31:53
To be honest, I think a lot of people will use cloud for a while, but old IT folks like us, this centralized versus decentralized circle has been happening forever in it. Yeah, be sure to start with mainframes, which is like cloud for computing with dumb hosts. Go to personal workstation, like we've been going back and forth as a technology, from, you know, sharing peer resources to pulling it back in. So, honestly, it's just the circle of it in my opinion,
Speaker 1 32:24
yeah, it is, and that's the reason why we need a 360 control and 360 security, also still on local, so we need both,
Corey Nachreiner 32:35
it's why we have a hybrid strategy, by the way, and we still have on prem stuff, because yes, everything's to the in the cloud. We do need to secure that too, and I don't think any business will ever be purely on prem or purely in the cloud long run. So, being able to handle both situations and knowing when to do one versus the other seems pretty important,
Speaker 1 32:55
and that's something I see now that happens for me. That's they take more and more away, and I think they need to. That was something I missed before, because, like, you little bit longer in the IT stuff, still has that old experience, and I'm happy to live both worlds.
Marc Laliberte 33:17
So, last question, then thinking of your peers in this space, is there any advice you'd give other leaders in Europe to try and stay ahead of cybersecurity risks within your region?
Speaker 1 33:30
Well, try to find a good partner, which, who you can trust, and double check his knowledge. Sometimes, yeah, because people are chatting a ton of like me, but trust him, try to trust him, and try to double check him,
Corey Nachreiner 33:49
validate, and then trust,
Speaker 1 33:50
yeah, that's something good advice, don't think that he just wants your money, spend some money in the safe cyber security stuff, that's absolutely necessary, and of course it costs a little bit, but be sure it's always much more expensive if you're getting victim of an attack.
Marc Laliberte 34:15
Yeah,
Speaker 1 34:16
so that's something I would give as an advice.
Marc Laliberte 34:19
Awesome,
Corey Nachreiner 34:20
I think the supply chain going all the way from the vendor to a MSP or service partner to the customer, it really has to be a win-win relationship, like the end user ultimately is finding who they can trust to take care of their IT and security, and that's why organizations like you exist, you have to do the same with your vendor, but like you say, it's not all about money, like if they're not providing service to you and to your end users, you know everyone in that chain has to see value, and that value comes from having open conversations, knowing what their problems are, and trying to solve it, not saying look at all this cool stuff you can buy from us. What are your problems? How can we help you solve them? So that is ultimately what we want to do in cyber, like cyber security is really about we want you to be able to handle your business, just you want your end users to do their bike making, their widget shop, whatever they do, and not think about it and security because you have their back, and exactly
Speaker 1 35:22
because they don't have on cyber security in their business, so that's the reason why they asked me.
Corey Nachreiner 35:27
Exactly,
Marc Laliberte 35:28
lucky to have you.
Corey Nachreiner 35:28
Absolutely,
Speaker 1 35:29
I hope so. I hope so. The path it works out
Marc Laliberte 35:33
well, Peter. This has been really insightful. I really appreciate you taking time to come chat with us, and hope you enjoy the rest of your time for being a long-term
Corey Nachreiner 35:41
partner over 20 years.
Marc Laliberte 35:42
Really
Corey Nachreiner 35:43
appreciate it.
Marc Laliberte 35:43
Thank you.
Speaker 1 35:44
I have to say thank you. And partnership works in both ways, so I have to say thank you for hosting me today.
Marc Laliberte 35:49
Of
Speaker 1 35:50
course, that was pretty cool. It was pretty awesome to stay here with you on that stage. Yeah,
Marc Laliberte 35:56
hopefully again sometime in the future.
Peter Johnson 35:58
Yeah, we'll see why not. Maybe not in person, but that will be the best. It's
Corey Nachreiner 36:02
kind of funny. Peter recently actually got to visit our office in Seattle, and when he walked in, I was actually recording the podcast in the fishbowl, so he got to see if I had recorded, and now, now we're together.
Unknown Speaker 36:17
Now, we are together. That's awesome. Thank you for having me.
Marc Laliberte 36:20
Life is a flat circle,
Peter Johnson 36:24
Not a ball?
Marc Laliberte 36:24
Well,
Marc Laliberte 36:28
hey everyone. Thanks again for listening, as always. If you enjoyed today's episode, don't forget to rate, review, and subscribe. If you have any questions on today's topics or suggestions for future episode topics, you can reach out to us on Blue Sky, I'm at it's mark.me cores at second up. Both of us are on Instagram at Watchguard underscore technologies. And thanks again for listening, and you will hear from us next week.
Corey Nachreiner 36:51
Ciao,
Peter Johnson 36:51
Ciao,
Marc Laliberte 36:52
ciao.
