Speaker 1: 0:13

Welcome everyone to this week's episode of beers and bites with my co-host, chris Jordan, and our special guest, scott Moore. Today we're going to be talking about all kinds of interesting things with our interesting guests, so before we get into that, let's start by showing off what we brought to drink today.

Speaker 2: 0:34

Scott, since you're our guest, we'll let you go first. Okay, I'm probably going to be the lamest guest you've ever had on this show, because I'm not really a beer drinker and I'm not really an alcohol drinker. However, I did something special. I went and found what I think is supposed to be the best non-alcoholic beer, which is Guinness and Samuel Adams to try to make a non-alcoholic blackened tan. I don't know if I was able to do that, but there's a good story behind this, though, but go ahead and show yours off.

Speaker 1: 1:03

No, no, no, let's hear the story first. Okay, so when I was, I wonder how bad that tastes.

Speaker 2: 1:08

When I it's. Actually it's not bad, but before I was of age in the United States to drink this stuff, I was probably 18 or 19 years old. I was finding this stuff in the store called Kingsbury. You may have remembered that it was a non-alcoholic. It was terrible, and I got sent to a where I went to a Bible college during that time and I started getting the Kingsbury and bringing it to the dorm to make it look like I was drinking beer because I liked to poke the bear that way.

Speaker 2: 1:37

That was just me. I'm that guy and I got all the other guys in the dorm getting this stuff and they were buying it by the case-fulls. Nobody's getting buzzed at all at this college. It's exactly opposite of normal college years. However, we kept all the cans and they put all the cans in my room and we started stacking all these cans all the way around the dorm room and everything was fine until the vice president of the school had to do a routine check with the maintenance crew about some air conditioning problem and my room happened to be one of those ones he walks in and there's this string of all these cans that looked like beer cans in there, which was against the policy of the Bible colleges. You can imagine. The next day there was a memo that came out, and it was because of me. So that's my legendary change of policy story.

Speaker 1: 2:26

That's awesome.

Speaker 3: 2:28

All right, where's the black and tan? Did you have it in glass already?

Speaker 2: 2:30

Yeah, I mean, but I don't think it melded very well. Yeah, that's what I was worried about.

Speaker 3: 2:36

Black than tan. Yeah, I was worried that the density wouldn't, because the black and tan only works because of the density of the beers.

Speaker 2: 2:44

Actually it's not bad.

Speaker 1: 2:46

Interesting. Do you not drink any alcohol at all, or are you just no?

Speaker 2: 2:52

I just don't, no, and I'm also trying to. I've been trying to lose a lot of weight over the last year, so that doesn't help when you have alcohol.

Speaker 3: 3:01

And I was about to say did you ever notice that maybe it's because you're not drinking alcohol?

Speaker 2: 3:06

Have you tried just?

Speaker 3: 3:07

drinking a beer a day. It's getting loose weight.

Speaker 2: 3:09

No, no, I'm, I'm. I've actually lost about 54 pounds, Damn. So I was a lot bigger boy and you can actually go. If you go back on my podcast, you can go back and you'll see I shrink over time, so it's good.

Speaker 3: 3:24

Okay, we should get to the business part of this. But do I show so much? Norse is yet another massive beer. You know, I keep on going back to my, my little shack over here. To the guy sells it and he's like, yeah, the distributor has to stop doing it because the checks are bouncing.

Speaker 1: 3:40

So now I'm like, oh, my God, we're talking about what?

Speaker 3: 3:42

I'm going to do if we can't get the beers anymore. So well, I'll let you know how that one goes. We'll see if we'll see if the distributor starts paying the checks. All right, Jeremy.

Speaker 1: 3:52

Well, wait a minute. What is your beer, though?

Speaker 3: 3:54

What the bassin is a double IPA double IPA. Yeah, I'm drinking for two Nice, scott and I, yeah it's yeah it's, it's sweet, it's. You know, it's the, the bassin, the, the Festo one was the one that was the award winning one, but I like this one better. But they're, they're, they're both excellent. They make great beers overall. But it's, it's hard to find. So you have to go, you have to know what checks to go to find it All right, what'd you get. Jeremy.

Speaker 1: 4:23

Yeah well, today I'm drinking a Lagunitas Tiki fusion zombie, which is a cocktail inspired IPA. Let's see, there we go, ddd.

Speaker 3: 4:37

I thought zoom was trying to edit you out.

Speaker 1: 4:41

It's a. It's a nice 10 percenter, so we're going to get a slight little action going there, mixing well with the tequila I had for lunch and supposedly has notes of orange lime, grapefruit and allspice. So we'll see how it tastes like.

Speaker 3: 4:59

It's a concept of allspice in a beer is just pretty sick. It's weird.

Speaker 1: 5:03

Cheers, Cheers and welcome.

Speaker 3: 5:07

Scott.

Speaker 1: 5:08

Thank you, I was going to get that they get that grapefruit note right off the top. That's good. So, scott, why don't you tell us a little bit about yourself, sir?

Speaker 2: 5:16

Well, scott Moore, I've been in it about 30 years. Some years started out as just a Unix person and a support center, worked my way into somehow Nashville, tennessee, working for one of the big five Deloitte and Tush and then from there started picking up performance testing, load testing, and the only reason I did that was somebody told me that I couldn't do it. It pissed me off. I said I can and I made a career. So 25 years later I have a big mouth as well. So I'm always doing blogs and speaking and trying to share all my knowledge. So I became known as that guy, the guy, the load tester guy. So I had a site called load tester dot com. Years later started my own company called load tester.

Speaker 2: 6:04

So you can kind of guess there's, there's a theme here.

Speaker 2: 6:07

But also, you know, just play in a role in QA and testing whether that's functional performance and then actually seeing the security piece come into play later on and watching the security folks kind of go from Wild West the way QA used to be and software development used to be, kind of coming into their own.

Speaker 2: 6:29

Over the past, over years it's been exciting. So that's been my whole area of expertise and more recently, a couple of years ago, I decided that I wanted to start making content, and it started off with a around the United States tour of about 30 days where I drove from where I live in Florida to Las Vegas and back, two different ways. I stopped in almost every state because I know so many people now and I would just interview them. And about the time that I got back from all of this this interviewing and footage, I had about 17 episodes of a show. When I got home is when COVID locked down everything for us, and so I had all this material and I just released it through COVID and that show was called the performance tour, and during that time I somehow switched over from doing consulting you know, technical consulting to being a content creator and creating sometimes really funny and stupid videos, and that's that's where I'm at today.

Speaker 1: 7:29

That sounds fun. How many so? How many states did you hit on your way through?

Speaker 2: 7:34

I think it was like 15 different ones, and I actually stayed in Denver about two weeks and kind of did a little consulting in there. That that kind of made a little longer. But I mean, I talked to thought leaders, but I also talked to people who were doing this day to day, who were in Fortune 500 companies. They were telling me what worked and what didn't, and we kind of got a format going around that where it was an interview. But we also wanted to do something a little different, where we kind of made it not only just educational but interesting, entertaining. So then we started thinking of other things. How can we make it even more entertaining where we know that the geeks will watch this stuff? But will their bosses watch it, with the people who are in sales Watch it? Or will everybody watch this? Will my dad watch it?

Speaker 2: 8:23

And so I just started getting crazier and crazier with this stuff, and so eventually we started releasing separate videos from the episodes and we would do things like music, parodies, like think weird Al Yankovic, but in the tech world. So we would take these videos like this this shirt I've got on is it looks like an Iron Maiden shirt? It's actually Rock and Roll Ribs, which is a barbecue place owned by the drummer of Iron Maiden, and so we would. We did an episode where we went down to his place and interviewed, and I interviewed the person, then we got to talk to the drummer of Iron Maiden, and so then we did an Iron Maiden parody video and it just it kind of blossomed from there and the video quality is pretty good. I mean, we've got people that normally do like music videos and documentaries and stuff. So we try to bring the quality of the show up as much as we can, and that's all part of what I'm trying to do.

Speaker 1: 9:15

So so I'm like. I'm like our show, which has zero quality but it's mildly entertaining.

Speaker 2: 9:22

It's the content. It's all about the content.

Speaker 3: 9:25

So, scott, you're changing patterns right now, so you're about to start a brand new podcast. You want to talk about that?

Speaker 2: 9:31

Yeah, and this is. It gets into the security realm, which I hope that you'll be interested in. It's. You know this.

Speaker 2: 9:37

This past year I started talking to a company called Saltwork Security and the president, dennis Hearst. He liked what I was doing with the performance side of the house and he said have you ever thought about doing this in the security side? Because if you think about it in his realm, he does penetration testing you know scans, static testing, dynamic scans, things like that. So he's he's using those products and they have a product their own that takes all that penetration testing information and tries to make sense of it and visualize it, helps you prioritize your vulnerabilities and things like that. So if you think about that work, it's just a mirror image of somebody who's doing functional testing. But they're just doing exploratory testing, right, functional testing. You want to make sure that the software does what it's supposed to do and it doesn't do what it's not supposed to do. But on the security side it's like we're just going to feed it some stuff and just, you never thought about things you never thought about. We're going to find out if it'll do some stuff. It's just to me it's an extension of that, right. So the same process and so it rings a bell with me and some of the same technologies that are used to do a security scan with proxies and things like that, is the same thing that we use when we do a performance test. We create a script using a proxy to capture the traffic and then we replay it. We make sure that it looks like a real user. We're trying to fool the web server, for example, into thinking that it's a real user so we can get to the database to make a round trip there with different information, different data. It looks like it's 500 different people at a time, whereas we've got different goals for performance. But it's the same stuff.

Speaker 2: 11:19

So I thought about that. I said, well, I can do something with you. So he said fine, let's go to Def Con, let's go to Black Hat and let's talk to some people and let's do some interviews, like you did with your other show. That was a very interesting experience, which I can tell you all about it. But that's a different crowd. That's not the testing crowd, I'll put it that way. And Black Hat and Def Con are totally different crowds as well.

Speaker 2: 11:46

So after we did the interviews, dennis said I want my own show man. I want this to be a show. I don't want this to be a one-time thing. So we started putting our heads together. He came up with the name I want to call it the security champions and the show was born and we have been doing.

Speaker 2: 12:02

We've got two episodes out. Right now. We're about to release the third one in December. So it's once a month and this is just sort of a test bed, test market to see, and so far it's really taken off. We're seeing a lot of good results and a lot of people are talking about it on LinkedIn as well. So the show has its own intro, its own thing, its own website, branding, everything, and we're really excited about what's going to happen next year. We've already got companies that Saltworks works with. We've got about eight partners. That includes like Probley and Synopsys. We've talked to CrowdStrike. We've been talking to several different and it ranges from all areas of security and they're like you know. There's nothing like this where you're taking security and you're trying to make almost like an entertaining television show out of it. I don't know of anything out there either, so that's what I'm doing right now is the security champions.

Speaker 1: 12:57

Sweet. Yeah, it's fun. It sounds like you've kind of stolen the beers and bites concept but dropped the beers and added in actual Content. Editing Content yes, With a little more production effort into the show, that's great. I look forward to it.

Speaker 3: 13:15

You know everybody hits Def Con. I think one of the things that interest me around Def Con is years ago I was talking to DT Jeff Moss and I said DT like why the hell do you put in Vegas in the middle of the summer and Black Hat or sorry? Def Con used to be a BBS and when they were shutting it down they decided I have a party and so they were trying to decide where to meet the party and it was up to DT and DT loved war games and so the first city that gets nuked in war games is Las Vegas. So that's why they actually have Def Con in Las Vegas is because DT likes war games.

Speaker 1: 13:50

So it's kind of a weird.

Speaker 3: 13:52

Listen. There's so many weird facts about Def Con, mostly about the goons, but there are some weird facts about everything else around Def Con that it's a great get-together, kind of morphed. I don't remember that Cisco release issue and all the lawsuits and it changed everything. It changed it where Black Hat became really corporate and Def Con lost its zing because nobody wanted to release vulnerabilities, because people were paying for them. So why would I speak at Def Con if we release a vulnerability, if I can get paid a lot of money for it? Why would I teach people how to make vulnerabilities if I'm getting paid for them? So it kind of it was very rare to see exploits.

Speaker 3: 14:34

I was at a B-Sides last week, two weeks ago, when they actually did exploitation and I thought, wow, that is literally the first time I've seen it in maybe 20 years. Yeah, so, anyway, so long story. I know it's really the Scott, it's about you, but I just, when you bring up Def Con, I think Def Con is a very interesting cornerstone. You think about what's that television show with the aliens and the X-Files and X-Files. When they brought up the hackers, they brought up Def Con in Vegas. So, anyways, so to doing these things on security, scott, and here I am just remembering the old days. Obviously, the new days are a little bit different. So where did you? You started by looking at who they do business with, but what are you learning as you begin to engage the security industry, as opposed to hanging around those nice performance geeks? Yeah.

Speaker 2: 15:27

Well, I mean, I hung around with the security folks as well and I knew enough to protect myself and keep myself out of trouble, and I know enough that I could ruin some other people that don't know as much as I do. But I'm not at that. I still feel like I'm an outsider to the people that are really in the know, like the people that are just doing stuff in memory that you never see, and that kind of stuff. That's a little bit beyond me. But the thing that I'm learning is that security is so wide in scope.

Speaker 2: 16:00

So it's not it's social engineering, it's lock picking, it's the find, the flag stuff that people have to come up with, it's not just can I do sequel injection, and there's so many skill sets that are involved. You can pick one area, just database security, or you could pick just security observability, and that's the whole career now, and I don't think people realize how wide that realm is. So there's an endless supply of topics and an endless supply of thoughts around this, and some of these areas in security are just so new. When you're coming up with all these new attack vectors all the time, I don't know how one person can ever learn it all, and so I'm excited about it honestly. One thing I see yeah, I'm just laughing.

Speaker 3: 16:56

I'm thinking myself. They do have the CISPs. They seem to know it all. They get tested.

Speaker 2: 17:01

Well, but here's the other trend in the industry You've got this whole move in DevOps and DevSecOps about the whole site reliability engineer thing, and this is the soapbox I stand on all the time. We have gotten away from specialization where we say no, you're an SRE, you're supposed to know everything about how to automate everything. You're supposed to be a great tester. So you're a developer, you're a tester, you're supposed to be a performance expert and a security expert. And now that started here. What?

Speaker 2: 17:31

10 years ago, maybe eight years ago, it started, and now, just in the last year or two, we're starting to hear about cognitive overload for the SREs. They can't stand it because they're working 80 hours a week, their own call all the time. They're always in some kind of a war room, which shouldn't even be part of DevOps, and they're wondering why. It's because we're expecting so much. Do more with less, do more with less. Well, we've done so much less with less that we don't get anymore. And that's the problem that I see. And I think security is one of those things where you need specialization. You need specialization in the cloud, you need specialization for database, you need specialization for network and you just can't expect anybody to know it all.

Speaker 1: 18:15

It's interesting that you think the SRE role is part of DevOps as opposed to cloud ops. I wouldn't expect a site reliability engineer to have all those same skill sets and, as a person who formerly worked for AWS, the SRE role was very much a cloud break fix, kind of like your new sys admin role within the cloud. Are you seeing that trend changing?

Speaker 2: 18:49

Oh, absolutely Just like when we first heard what Agile was supposed to be and then what it actually. We saw in the wild. Right, we had these people get together and create a manifesto. It took that first company three years to become fully Agile and the whole company had to get behind it and there was all these areas out of. But no, we put this together. Oh, we're going to be Agile next week. And what we got was just fragile. We got not Agile, we got waterfall faster or worse than we had it before.

Speaker 2: 19:21

And I think the same thing happened with an SRE. It started out being where the find it and fix it people and we want to reduce the toil that's in our company and we're going to try to make automation the solution for that. And because we're moving to cloud and because we're now on cloud, we should have the capabilities to do that and automate wherever you can. But now we've got the hybrids. We've got companies that are moving now back from the cloud. It's called repatriation. That's a big thing right now. They're saving lots of money by doing it. But those people that they fired because they went to the cloud, they're not there anymore and these people don't have those skill sets they had when they were on prim. So we've created this thing. Sre's got to do all that too. Now that's a problem.

Speaker 3: 20:08

Do you even think about that?

Speaker 1: 20:11

The talent gap and their skills shortage. It's interesting you hear that, that those statistics, right, whether it's on the news, the real, you know, like the cable news networks you see it in, like the various trade rags that we watch, you know blogs and things like that. Yet you have all these massive companies laying off tons and tons of IT workers. Where are the jobs? Right, right, you have 10,000 people applying for a job.

Speaker 2: 20:42

They're all working for OpenAI or they will be Microsoft, you mean. Yeah, yeah, right.

Speaker 1: 20:48

Looks like they put Altman back in as the CEO, so they unfired him.

Speaker 2: 20:53

That's an interesting I'm curious what his severance package was for Microsoft for the long weekend he spent oh, five days.

Speaker 1: 21:01

There's got to be a lot of zeros in that.

Speaker 2: 21:03

I like just a percentage of that, just a percent.

Speaker 3: 21:06

So, scott, you know I want to talk about multimedia with you for a bit, but not Not right now. I think one of the things that as you talk is you're talking about the testing and stuff, but one thing I always feel about security is that we're crappy about being on the edge. To tell you the truth, we have a lot of people who write scripts and really don't know what they're doing, because we have too many people who don't know what they're doing and get paid. But I feel like technology somehow gets better somewhere else, like you take like Snowflake gets into ours or the other companies wind up moving into our industry because their technology is just damn better. And so what are you seeing outside the security industry? Where, when you start talking to people in the industry, say, what the fuck? You guys don't know how to what Is there a technology that you're seeing outside of security that you think the security people just don't get?

Speaker 2: 22:05

Oh, that's a good question. I don't see it more as a technology, I see it more as process. Right, I see this. Still, there's this Wild Wild West mentality of how do I organize all this stuff that I'm trying to do when I'm trying to run penetration testing, or I'm trying to run these scans? How do I know what I found? Like you said, they've hired so many people who knew how to spell security. Okay, sit in here, you'll learn on the job, learn on somebody else's dime, because we just need all this work to be done. But how do you organize that and come up with something that's recreatable, so it can scale? You know, not talking about performance scaling, scaling people and apartment. That's been the significant issue, and I don't know that a technology solves that. And it's about knowing context and it's about getting it from the time you're in school to the time you're out in the job market. I mean, where do you go in college now to learn this skill?

Speaker 1: 23:07

Well, it's now. There's a whole masters and PhD program with most large or colleges that focus solely on cybersecurity.

Speaker 2: 23:17

Yeah, but you could go down the issue how new is that You're?

Speaker 1: 23:19

right.

Speaker 3: 23:20

It's been the last 10 years.

Speaker 1: 23:22

Yeah, as new as the industry is.

Speaker 3: 23:25

But you talked to the sky. You already talked about how wide our industry is and you're not going to be able to teach it in four years because we base ourselves on the basics of computer science. So I get your point. I'll tell you that the number one you kind of hit the nail on the head as far as my opinion goes, which is that the biggest issue we have in our industry is that people are tested in the lab.

Speaker 3: 23:51

First of all, they have very little knowledge, but what they don't comprehend is scale, and I mean by that until you waste $20,000 because you're stupid enough to run something overnight in AWS, you don't know what scale is right Because you haven't paid the price for doing something wrong from a scalability issue. And I do feel like I agree with you that there are processes missing, and a lot of it has to do with the fact that the person who spent so much time trying to learn confidentiality and availability, integrity that they never knew how to do scale testing, how to use scale or any testing whatsoever. You brought up some testing and, to tell you the truth, I don't know many people who really know proper processes that are in security. They spend so much time on learning how to pop a box that they never learned how to use Git God, I'm just in a bad mood today, jeremy.

Speaker 2: 24:47

I've got a good friend who is in this realm. He is that's what he does for a living what you're just talking about and he said something to me. You guys can verify this. He said think about the people at DEF CON, think about the people who would be wanting to be in security. Some of these have an anarchist mentality. They don't want to just pop the box, they want anarchy. And there's levels of that right. There's levels of extremism to that, and that happens. There's this rejection of process right out of the gate. Right, they have a process, but it's not necessarily documented or can be scaled, and I think that might have something to do with it. Does that ring true?

Speaker 3: 25:31

to you, jeremy. I mean, you listen to Elon Musk's book and there's this hey, throw away all requirements, challenge every requirement.

Speaker 3: 25:39

That's most of the people I know in our industry who are good at hacking right which is, by the way, just a small section of what security is. They're really good at reading between the lines of what the manual is saying and they're realizing that wait a second. It's trusting that you're going to take the next step, the obvious way, right. So the brains are wired to say, hey, the unobvious way. But those are rare people. I think there is an attitude. There's a lot of what do you call it? Jeremy? Piss matches a lot of times where people there's a lot of egos.

Speaker 3: 26:18

You should really be scared of the quiet guys more than anything else in security. Not the guy who's going to tell you how good they are, but the guy who just listens and says you know what, I'm just going to break it. I don't have the time to argue with an idiot, I'm just going to break it. But yeah, I think that's an interesting part. But if you go back to your part you said about processes and stuff like that, I do think that's a weakness of our industry. So I do have a multi-meanor question. So, Jeremy, do you want to go ask more security questions?

Speaker 1: 26:47

Well, I wanted to kind of echo your sentiment there, right, because the quiet guy in the room, he's the guy who's got the flipper zero, right, he's the guy who's already popped your iPhone. He's pulling down your contact list. He's not saying much in the meeting, but everybody kind of will defer to that person when it comes to something technical or something specific, right? So I agree, there are a lot of egos in this industry, and the most vocal and sometimes the most flamboyant, so to speak, people are kind of the least skilled. They're very good at talking and not necessarily very good at actually attacking or defending. Right? And before we pivot over just to bring in and SANS is not yet a sponsor for the Beers and Bytes podcast, but SANS, if I was going to tell myself, hey selfish You're talking.

Speaker 3: 27:52

The system administration and network security conference.

Speaker 1: 27:55

No.

Speaker 3: 27:56

SANS.

Speaker 1: 27:57

SANS. That's in SANS org, the SANS Technology Institute. Sans is a educational organization that has a number of certifications that are specific to the cybersecurity industry.

Speaker 3: 28:12

I think we're talking the same one. You're talking like the GAAC, training and everything right.

Speaker 1: 28:16

Yeah, g-i-a-c Okay, I mean you. Okay, so you can know what the definition of SANS is, see. But the point about education they offer full undergrad graduate degrees using their certifications as the classes. So if I was going to try to go from zero to hero high school student, to a security professional, I wouldn't necessarily go to a traditional college. Me personally I would. Maybe I would go down that SANS route. And because it's all hands-on technical training, it's not theoretical, it's not someone's opinion that's rooted in 1970s technology right. It's all up-to-date, hands-on labs and stuff.

Speaker 3: 29:03

I think that's a great point. I mean, I think that the difference is like SANS is to CSSP, is B-Sides, is to Black Hat. I think you're looking at a lot more grassroots, more hands-on. Even the original testing was mostly around knowing the current knowledge of what's going on in our industry. There wasn't necessarily a validation of structure or models and we can get a boring certification person on one time. We could really just have a whiskey run and talk certs. So SANS, that's an interesting part. By the way, Scott, you might want to take a look at that group. That's a different type of. It's a different pace. I think that Wild West Hack and Fests, which I know is a B-Sides, but Wild West Hack and Fests, there's a good number of really interesting conferences around the United States. I think SANS are fairly interesting considering what they're doing.

Speaker 2: 30:00

The fact that you have that. You're already light years ahead of the performance community, and that's one thing. I will give credit where credit is due. The security community came together with the whole CISO role and the certs and OWASP and some of the things that have come together for the security movement. If the performance community had been that together and been right on point, we would have the same thing and maybe we wouldn't be seeing websites going down this Black Friday again in 2023, the way we do every single year because they still haven't figured the thing. Freaking out.

Speaker 1: 30:37

Make sure you enable your auto scaling groups people.

Speaker 2: 30:40

Yeah, auto scaling is going to solve everything.

Speaker 1: 30:46

What was your favorite performance tool? So when I started my career, oh, that's a loaded question.

Speaker 2: 30:52

I'm going to get in trouble.

Speaker 1: 30:54

When I started my career, I was a network engineer, so I was Ixia and SmartBits, so I was using those for performance analysis. When I went and got a little bit deeper, when I was over at Intel, for example, I used a product called the Flamethrower from a company called Antara. I'm not sure if they're around anymore or not. What was your tool to shore?

Speaker 2: 31:18

Well, I started remember doing this in 1999, 1998.

Speaker 2: 31:26

And back then Mercury Interactive was the king of the castle when it came to load testing, especially enterprise applications, and it's mainly because they had all of the protocols that everybody was using. It wasn't just web, it was everything. And of course, they became one of the top five companies out there at the time, until they became the poster child for stock options problems and Then had to rapidly sell to somebody. And then HP snagged them. There's a, there's a. I followed that so closely Because that was that was what I did. That was everything I did. So loadrunner was the tool. Now loader I mean loader are still around. Loader are still doing great and it's still for the enterprise. They got it performance or not performance in a loader enterprise now and They've been purchased like three times. It was HP and then it became micro focus. Open text purchased them for six billion, I think, this past year. Those guys and they've been a sponsor of my podcast before, so they're still doing great. The other product that I use a lot, my other sponsor, try, sent us they make a tool called neoload and Neoload started out being just another one of those. Just it's basically web and web protocols, but they've since branched out where they can do old SAP GUI and SAP implementations and SAP actually picked them up as part of what they actually resale. I think they're a great tool. They have Citrix, so they have a lot of legacy stuff, because that stuff isn't going away in the enterprise. So I like those two tools.

Speaker 2: 33:00

I'm not so much a fan of the open source stuff, and everybody knows that because on a weekly basis on LinkedIn you will see a meme of me making fun of Jmeter every week, and I do it just because there's no CEO that can get pissed at me and sue me, right. But I as a consultant I got so frustrated with I only have this certain amount of time when I'm at this company to Do this work and if I've got to put together a Rube Goldberg machine Made of all these little tiny things to make it all work, knowing that anything could go wrong, and I've got the support of what? A community forum maybe, or some people, and maybe some are more robust than others but I, I couldn't risk that Going over a date, sure, so I had to use a commercial product where I could get support and I could get it done, and that's that's why I'm a fan of that. So those are the.

Speaker 1: 33:50

Those are the main two but not every small company wants to use their entire funding Allotment just to get mercury licensing well, that used to be the case.

Speaker 2: 34:00

There are actually ways that you can get it for a reasonable price and you can start off with With a free version too. So there's ways to do it. You just have to be smart about it. Some people think, oh, we've got an application where we're we might have 10,000 people, 10,000 users total, so we need a load test of 10,000 user. You don't need a 10,000 user license. Concurrently, maybe only 100 people are going to be on that site. You need to test for that and you know what you? You don't even need that. You'll start finding patterns and I'm sure this is the same way with security. You'll start finding patterns way before you need that full license. So you can find it here, and then when you start working on all the kinks and you need to find out if it scales of that big bang, you can get it temporarily for then just the license. You can get it for a day, 30 days, whatever, and just most people don't understand how that works as much changed in that In the performance testing space in the last 30 years.

Speaker 2: 34:54

Immensely. Yes, I mean we, we have to deal with all the new stuff that comes out right, all if there's another, because it's all protocol based, right. And so if you've got gRPC, you got to have support for that or anything that it's new down the pike. There has to be some level of support and you have to make it look the same way in the tool, right? I don't want to have to learn a whole new scripting language or a whole new gooey just because you came out with a new protocol. Yeah, the thing that made it really difficult when web 2.0 and the rich Clients you've got, like it's not just HTTP calls anymore, it's we have to bring up this whole page and there's client-side JavaScript that has to load, and so if I just did an HTTP request, I get that first response back. Okay, that's, you know, half a second, but the whole page takes five seconds to load because of all that front-end stuff they did right.

Speaker 2: 35:44

So we had to switch over to Browser-based testing and we had to mix that so we use the HTTP calls to load the back end in the database and make the servers work hard, and then we would use a browser-based thing so it would load up the entire browser and Start, you know, finding out how long does it take this object before it's there, or how long does it actually take before my login is actually Fully rendered. So you can look at the difference between. So we've got it up into the amount of load we want. Now we know exactly how long it's really taken from a real user's perspective. Now those the browser-based testing is a lot more expensive in terms of like it. It takes more memory and more CPU per Virtual user to do that. So you're going to use more servers creating a load than you would just. You're running ten thousand or one machine. But it's worth it because you get more accurate results.

Speaker 3: 36:33

You know, scott, what I'm hearing is is that you would be an excellent denial of service service system, like kids around the United States Would pay you serious money to take out the school system on test days. Just let you know, you probably can make a lot more money. Performance work.

Speaker 2: 36:48

We've always said that a load test is nothing more than a denial of service. Tech that's just been ramped down and most of the time we create the same effect as a denial of service. We've kind of known that there was an incident in Miami-Dade County over COVID when people kids were working at home. This kid spent a hundred bucks on a credit card and took down to Miami-Dade School system for like two or three days.

Speaker 3: 37:13

It's all that. Yeah Texas, no Texas. It's paid to denial of service and these kids are paying Chinese Companies to take out the local. We were talking down in Texas one time in the school guys like you're gonna save you from the DDS. It's like every time there's a test, it used to be the fire alarm, now they just denial of service all the servers.

Speaker 2: 37:34

So this, this whole thing about bot traffic, right, that's a big deal right now. Wouldn't it be great if we could Look and know of all the IP addresses and the ranges from the AWS, the Google cloud, and we had that in some kind of a system that said, as soon as we start seeing Swarms from these IP addresses, we just knock them off right then or we never allow them in? I know that that is a problem that I Can't say the name of the company, but if I said them, everybody would know who they were. They have to shut their store down, their online store down, when they make a major announcement and then they reopen the store backup. They don't just launch it back up, because if they just open the store back up, the bot traffic would swarm them, purchase everything in the store and then resell everything on the black market sounds like a ticket master and Taylor Swift tickets.

Speaker 2: 38:26

That's. That's another one, yeah, and you know there's lawsuits coming out of that now.

Speaker 1: 38:30

Oh yeah.

Speaker 2: 38:31

And I called it. I called it and there there is this word on the street from some people that said that that was a planned Activity. I don't think that was a planned activity, I think it was just stupidity. Myself, they had, they've had ample opportunity and I know that myself, my colleague James Pooley, who I'm always riding around with and everybody knows us as the load testing guys We've personally contacted ticket master several times and said we can help you scale, we can help you solve this problem. We'll pull out all the stops, will bring the Avengers in of performance people. They won't talk to us. Um, and Because of that, james has a show which I got a plug.

Speaker 2: 39:11

He does it every year when Black Friday. It's called news of the damned and he highlights every story of every site that goes down during Black Friday and we have had some real do and concert tickets are at the top of the list of stuff going down. But it's it's denial of service is really what it is. So that's why I'm kind of familiar with the technology, because you get the same effect.

Speaker 1: 39:34

You know it's. It's interesting that you can take these performance man, performance testing tools. You can turn them into evil, right? You can turn them into a bot cloud that is going to register a thousand or ten thousand or a hundred thousand ticket, master, entity or identities, and then Q and they consume all the tickets.

Speaker 2: 39:56

Yeah, and you can do it rather cheaply now than you used to. I'm always amazed at Cloudflare and how they're able to thwart huge botnets and things, and then they come out and detail exactly how they did it and what they had to do it. That that's an amazing story.

Speaker 1: 40:16

A couple of stories I've read from them yeah, they had amazing downtime last week for about two and a half days, though that was pretty significant.

Speaker 2: 40:24

That's the first time I've heard of that, though I don't know they've they went to. How many times have they gone down like that?

Speaker 3: 40:30

You can hear in there and I'm sure they get attacked every day.

Speaker 2: 40:33

You know in part of their infrastructure.

Speaker 3: 40:36

They're the first real major infrastructure change to IPv6. And that does help with certain types of issues, but obviously not enough. Anyways, we would talk hockey, but he doesn't like hockey either, jeremy.

Speaker 2: 40:50

Horrible I would say I would. I just don't know enough about it. Man, If you want to talk about 80s heavy metal, I've got to. That's OK. I'd give a trivia answer.

Speaker 3: 40:58

Listen, you're down on the floor. There's never been a good Florida team whatsoever. There you go.

Speaker 1: 41:03

I would disagree. I would say the Tampa Bay Lightning have won two cups in a row. They're on the way to win three.

Speaker 3: 41:11

Jeremy, that was sarcasm, jeremy, oh, ok, OK, I would say that.

Speaker 2: 41:15

I have been to about five predators when I lived in Nashville and I loved it because I always stayed in the area where they had the buffet, so I was always eating while.

Speaker 3: 41:25

I just remember that the thrashers when the thrashers are down there, oh my God, that was terrible. They would cheer when there was an icing thinking that was a good thing. Wasn't that Atlanta? Was it Atlanta? Yeah, maybe it was Atlanta. Yeah, I just remember the thrashers. They got sued because they took over the name of a skateboard company.

Speaker 1: 41:44

Yeah, it was a magazine actually.

Speaker 3: 41:46

Thrasher was a magazine, yeah From All right.

Speaker 3: 41:49

So so. So here's where we need help on this show is your knowledge of multimedia. So so one of the things when I was talking to you, you've done a really good job of getting an excellent following around your organization or your your podcast. You're starting a new one. You'll probably have more subscribers than we do within the next like two weeks, if not already. So what do you do? What was your mentality about? How do you establish a podcast, especially in an industry that you're just a fanboy of? You know what I'm saying. I mean, how does that? How do you go about that business? Wise, you get to still put food on the table, which what's your business plan of establishing a podcast? If there's any secret sauce, you can skip it, but I'm very curious.

Speaker 2: 42:36

Let me. Let me just clarify something Now. I do have a weekly podcast and I it's on. It's the audio version and the video version. So YouTube, I just have a video version of my podcast and then it goes out to Apple podcast, spotify, our heart radio, all those places. But I don't get near as many, near as much interest and traffic on that show as I do these other. I call them video series there. I don't call them a podcast because there's no audio version of them out there.

Speaker 2: 43:07

This is not something people would listen to. I want these to be television shows. I mean, I want to be Peter Jackson, I want to create Lord of the Rings of of tech shows, and that's my goal. And you just have to have a lot of money for good cameras and good you know you. I want to put together like television shows for tech people. But you remember, tech TV came out and you had Leo and all those people. I don't want to do that. I want to do something that was like the Seinfeld version of that Right, and I find that if you interject some kind of humor, parody or something like that, you usually can hook people, even if they don't care about the topic and that has is what has worked for me.

Speaker 2: 43:50

Now I don't get any. I don't get into anything past, you know, pg or PG 13. I'm not going to go there because it's still it's business right. But I've always said people do not want the stodgy IBM corporate color button tie stuff. They don't want that anymore. They want something that's authentic, realistic and sometimes, you know, funny. If we can get halfway between the stuffy corporate stuff and an Alice Cooper concert, I think if you find that halfway point or that balance, you win. And that's kind of what I'm looking for. Interesting.

Speaker 3: 44:25

So you still feel that. So here's the next question really is around business and engaging people. So a lot of people feel like, oh, you know, I'm just going to throw content out there and content is just good enough. But you, it seems that you believe that there has to be a level of engagement in that content that's keeps a person there, right, I mean so. So how do you go about figuring out what you're doing? How do you generate that content? Do you plan this out, or is it just like I was just being silly one morning and I just wrote it down?

Speaker 2: 44:55

Um, the ideas, the funny ideas, come from out of the blue and normally because I drive everywhere that I go, I'm not afraid to fly, I just love to drive. When I get windshield time, that's when I get my ideas. If you put me on a riding lawn more in a huge field I'll come out with four, five different really great ideas, Just because I want to do something that I don't have to think about anything else. Right, Just my notness thing, and that's what the driving does for me. And that's why all my shows are around travel and going somewhere and interviewing people when I go there, and at first when I did it, the interviews are just hey, I just know this guy and I know what he at his specialty is. So we'll talk about that and we'll take a rabbit trail if we need to, but now what we're doing is we.

Speaker 2: 45:39

That worked for a little bit, but I don't think it gives you the the the biggest audience. You have to sit down and say if I were wanting to watch this show, what would I want to get out of it? What would I take back with me? Would I take back something that I can almost feel like I held something in my hands or that I'm going to use, and if I'm not, I'm not going to spend much time watching it, Right? So that's what we want to do is think about how can we provide the most value out of this show where they're going to remember it, they're going to remember the educational piece of it, but they might get hooked because of something really stupid. I don't know what this guy's talking about here, about Kubernetes, but he's fixing to jump off a building. So I'm going to watch the rest of this you know program.

Speaker 2: 46:22

I think there's there's a lot to that. And I will say this I've had to change my mind about a lot of stuff, because what I think is the most stupid crap I've ever seen, that's who's getting all the the hits and all the plays and stuff on YouTube. There's a channel where this girl takes a a, a bread that's unbacked, right, it's like she just it's. It's the flower and the water and all that stuff, Right, and she takes it and puts it in a pan and puts her face in it. She makes a mold of her face and then she puts it in the oven and it comes out different every time she has a channel. She I think she bought a house off of that.

Speaker 1: 47:02

Well, yeah, people are monetizing, really, uh, what I'd say are are maybe our generation age of folks don't really understand or appreciate the way that my 20 and young, my teenagers and my 20 year old kids really appreciate more, right, I think there's that, uh, we as I guess we can say it we're creators, right, we need to get out of our heads and kind of align with what is um acceptable now, right, and whether or not we think it's stupid, it's kind of irrelevant, because it's not about us, it's about the person receiving the message that we're trying to spread. Right, that's right.

Speaker 2: 47:44

If you're going towards businesses, though and we're all in the business realm here um, you still have to. There's this level of professionalism that is expected, but we can come at it at a different angle. They still want to be entertained, but they don't want to be entertained differently than maybe, you know, a Mr Beast video, but it needs to still have some kind of a hook into it, and to me, humor is the best way to do that.

Speaker 1: 48:10

Sure, did you ever watch that?

Speaker 2: 48:11

uh, comedians and cars getting coffee thing with Seinfeld, that's, that's what inspired, uh, a lot of the stuff I did on the first season. Um, I drove, obviously, from Vegas, uh, from Florida to Vegas. When I hit Dallas my buddy, james Pooley, who I just mentioned he he flew in and he got in the truck with me and we put go pros and we there was like four episodes where we're just driving and talking about a different subject and it was based on that show. Um learned a lot about trying to get out wind, noise and time always out of your uh video from from those days and that wasn't always successful, but you learn.

Speaker 1: 48:47

Hackers and cars drinking Red Bull, that's what you show it was.

Speaker 2: 48:52

And for me, I'm well known for being the guy who loves barbecue. Like I am a barbecue fanatic nut, you know, and everybody knows that. So what we would do is, at the end of every episode, we would go eat at a barbecue place and we would rate the barbecue and we would take pictures of it and all that stuff. So if you watch any of my episodes, there's going to be some barbecue in there and we'll recommend a place where. So we kind of turned it into this, what you said, the, the Seinfeld driving, with diners, drivings and dives and a little bit of education, and then all of a sudden, scott's going to be singing an Iron Maiden song at the end. Now how the Google and YouTube algorithm figures out where to place that, I have no clue.

Speaker 1: 49:34

So back to your you've mentioned this slightly a few, a few minutes ago. I would have to say Anthrax, Sabbath, ACDC, those were my, my 80s heavy metal.

Speaker 2: 49:48

ACDC is heavy metal.

Speaker 1: 49:51

No, it's not heavy metal. Metallica is heavy metal. They should be on the list. Maiden, of course should be on the list. Slayer. The answer is always Slayer?

Speaker 2: 50:01

The answer is always Slayer.

Speaker 1: 50:02

The answer is always Slayer. So where would poison?

Speaker 3: 50:05

fit.

Speaker 1: 50:06

In a jar on the shelf.

Speaker 3: 50:09

You would beat up that as Slayer concert if you can poison.

Speaker 1: 50:15

There's a difference between 80s hair metal and 80s actual metal.

Speaker 3: 50:19

Okay, so so steel panther, I think it's steel panther, is that the?

Speaker 2: 50:24

steel panther is a parody of 80s metal and glam metal. There are parody of that. However, the guitar player for that band is amazing.

Speaker 3: 50:33

I was just going to say they're for real, they're for real, we're not talking like bronies. I mean, they're for real, they're. They're pretty damn good they can actually play.

Speaker 2: 50:40

They're just they've got it. They've got the niche that they have, which is not safe for work.

Speaker 1: 50:46

So I was in, I was in LA. I was in LA I don't think that's a secret and Metallica came to town and we saw the concert at SoFi and as I was excited because this was my first Metallica concert ever and I've been a Metallica fan since they came about right and never had the opportunity to go to one went to it I was completely disappointed in the sound. Oh, so it was the worst sound ever.

Speaker 3: 51:14

They just covered Metallica during the Virginia Tech halftime, because of course we do enter the sandman for every show or for every game, but they actually they did like the greatest hits of Metallica for the band, for the band, for all the songs, so that was very impressive. It didn't have the same sound as Metallica for some reason, but there is a.

Speaker 1: 51:34

There's a phenomena going on. I don't know if it's something that Metallica is like doing themselves or if it's just the band leaders across all these different colleges have done, but they're doing a Metallica band off right now.

Speaker 3: 51:48

Oh really, yeah, should win that. I mean, you know it's funny is I can't remember a Virginia Tech game without the end of the sandman. I mean I cannot. I mean I don't know how many years we've been doing since the 90s, so it's anyway sweet, we digress.

Speaker 1: 52:05

Where's the worst 80s metal band warrant?

Speaker 2: 52:09

OK, I can give you that.

Speaker 1: 52:11

The only thing about warrant that I liked was the video, for obvious reasons.

Speaker 2: 52:15

Yeah, I know what's when you're talking about.

Speaker 1: 52:18

Jerry Pie yeah.

Speaker 2: 52:19

Yeah, there was a lot of bad, bad metal during those years, I will admit.

Speaker 1: 52:24

Are you a ghost fan?

Speaker 3: 52:25

Not so much a ghost fan, that's an interesting one you bring up because, see, I would have considered Ghost on the punk realm.

Speaker 1: 52:30

Ghost, no Punk is fast right. A lot of driving, repetitious kind of music where Ghost is more melodic metal.

Speaker 3: 52:43

Okay.

Speaker 1: 52:44

We went to. So we went to Metallica Friday, sunday night and then a week later we went to Ghost and the sound, the production. Obviously the venue was different. It was a little bit smaller. We weren't at SoFi, we were at the forum, still a good size venue, and the sound there was amazing. I think the mix at the SoFi arena is hard to do because it was sheer size.

Speaker 2: 53:09

Yeah, the acoustics have a lot to do with that and some rooms just weren't made for that kind of stuff. You know, being that I was in Nashville for a long time and I'm in the audio, I mean you can tell me I play and I was doing a lot of things.

Speaker 3: 53:22

God, where's your going to have to work on an intro for us?

Speaker 2: 53:26

Yeah, I can help you with that and I got a lot of friends in Nashville that were in that industry and I can tell you there's a whole science to the whole music thing and I've hung out. I actually have good friends with the guy who mixed Master of Puppets, michael Wagner. He also did Skid Row. He did a lot of the 80s metal that you listen to and I can tell you the talent in his ears to be able to hear what he hears and does what he does, it's phenomenal. He's retired now but I have watched him do some things that I did not know was even possible with audio and it's an interesting deal.

Speaker 3: 54:07

So you know to kind of wrap it up for me, because you bring up this audio and having an ear for it how did you remove tire noise from like? What are you? Are you a Final Cut Pro kind of guy? What are you using to get ready to clean up your sound?

Speaker 2: 54:22

Well, originally there are plugins. I will take the audio and I'll move it into a product called Cubase, and there's Logic, there's Pro Tools, there's whatever, and then there are all these different EQs and effects that you can use to basically take out just the frequencies that cause that rumble noise at a certain level. And there's I mean, you can take out a single frequency. If that's what's causing the problem, you can do that. You can also use things called Gates, where if the noise level when you're talking is this level and then just the hiss is this, you can cut it off when it hits that level. So and so you can get very surgical around it.

Speaker 2: 54:59

I'm actually working now with a product called. It's a video tool called DaVinci Resolve, and a lot of the guys who have been using the Adobe products are now switching over to this, because A you can get a free version of this and it gives you 90% of everything for free, and if you buy the thing, it's only 300 bucks one time and you never have to buy it again. So I went ahead and bought the full version. They have an audio section in this, with the same type of plugins that you would get in a professional audio workstation and they have a button that just says Vocal Isolation. You press it, it isolates your vocal and I did a video with this just two weeks ago. I was standing next to a street, a busy street, where you could hear the trucks and everything going past me. Vocal isolation no noise can hear me crystal clear.

Speaker 3: 55:47

And which one was that again?

Speaker 2: 55:48

DaVinci or DaVinci Resolve. It's getting very popular and they have used DaVinci Resolve on especially for color correction thing in major motion pictures. The later Star Wars movies and a lot of the new stuff is all done with DaVinci Resolve it's a great product. So this is a video too, then, obviously, oh, it's made for video and they have an editing section, a color correction section, an audio section, and then you can render it out however you want.

Speaker 3: 56:16

And so when we met, we met at Peppling, and one of the things you showed me was the Pocket 3. So that was the video. So what is your video using? Using the Pocket 3, obviously you like that.

Speaker 2: 56:24

That's the newest one, and I got that seven minutes after it was offered on the DJI site because I had the Pocket 2. The Pocket 3 is, I think, a game changer because I think it's going to challenge a lot of the bigger Sony cameras that people are using for V-Logging. It definitely is not going to do what a $6,000 camera would do, but the person that's on the street that doesn't want a large gimbal and they don't want to make these big cages and stuff around their cameras, this literally will fit in your pocket, and I actually have one sitting here right next to me. Let me bring it and you can get this thing called the Creators Pack. It's $600 and you get this remote wireless mic with it. You get all these other features with it, but this is the size of it. So this is my hand and this is the size of the camera, and you just turn on that screen and the camera is here. This is the same camera that they put on the drones at DJI, and this particular camera is a one inch sensor and if you know anything about the size of the sensor, the bigger it is the better, especially for dark places, like if you don't have a lot of light and you're only dealing with natural light. This will pick up a lot better in those darker spaces and it will pick up 4K video up to 120 frames, which means you could slow do slow motion, but it's, and to have that in this type of a footprint is amazing.

Speaker 2: 57:50

Number one the sound quality is amazing. I can't brag on enough. So I've got two of these and I do interviews where one's focused on one person, one or another, and then I'll have a camera in the back. That's getting all three. So I have a three camera solution and I can fit both of these guys One in one pocket, one on the other. I can go anywhere when we do the really high end music videos and things like that. I actually go to Nashville and the guy who I use to edit my videos he has access to those really expensive Sony cameras that they make cinema stuff with, and that's why it looks so good.

Speaker 3: 58:24

Excellent, excellent, so hopefully we'll get up to your standard, yep.

Speaker 1: 58:28

So I think what he's saying is we have subpar tech.

Speaker 3: 58:32

So I've jumped up to the Brio and I've done the Mivo's three camera solution, but this is like levels way above us.

Speaker 2: 58:40

Yeah, the camera that I'm using for what you're seeing now is actually a Sony camera and it's just. It's a Sony camera lens and I think it was like a $600 camera, but it's got really good image quality and I use I don't use it as a like a recording video camera, I just use it for this streaming and that's all it's used for. It never goes, it stays in the same spot everywhere and I don't travel with it.

Speaker 1: 59:03

You are very clear.

Speaker 3: 59:05

Yeah, you got great color. You're obviously working out there we go.

Speaker 2: 59:09

Another thing has to do with the lighting, right. So that's something that I am terrible at is lighting. So I had to get the guys who do the work for me to understand lighting. I do a FaceTime and I'm like here's my room, here's where I put the lights, how do I get them, and they kind of talk me through that stuff and I'm still learning about that, but that's extremely important. You can have a subpar camera, really good lighting. You can get really good results, not so much the other way around.

Speaker 3: 59:35

Yeah, yeah. We've got a lot to do, scott, so you're going to have to supervise us and help us out a little bit.

Speaker 2: 59:41

Yeah, I'll only charge you twice as much as I charge everybody else.

Speaker 1: 59:46

That's completely fair. Maybe three X that.

Speaker 3: 59:53

I feel the same way, scott. As long as you pick up the tab for Thanksgiving, we're good, okay.

Speaker 2: 1:00:00

There you go. Do you want me to give you the model of this camera that I'm using right now?

Speaker 3: 1:00:05

The model is yeah, sure, Sure, I mean it's a Sony ZV-E10.

Speaker 2: 1:00:12

And I think they might have a newer model now, because I bought it two years ago, but I'm pretty sure that was $700 when I bought it.

Speaker 3: 1:00:19

Well, we appreciate it, scott. I mean we will ask you a bunch of questions. I'm sorry we meandered all over the place, but you're a fascinating person. You're a different you really are.

Speaker 2: 1:00:30

I've got to tell you, I've been looking at your product at Fluent Security and I want to get a demo really soon because I'm excited about what I'm seeing and I've got some ideas. I want to run past you because I think you got something here.

Speaker 3: 1:00:41

Well, thank you. You know, actually, jeremy's a user of that product and he's actually got the beta I shouldn't call it beta-nounced GA available on the platform. It's kicking ass. But the issues we have is that you know we don't want to we'll have to talk about this some other time. There's focus of product and it's a great product. It's a question of meeting the right people and being true to the product. As far as being true to all the things it can do, it's a our industry is changing a lot.

Speaker 3: 1:01:15

You know, I asked you early on about where you see tech. I think the security industry has a lot of people know how to do things, but they're not disciplined in creating new innovations. They really don't have the same scientific approach to testing. I mean you're seeing it when you talk about what performance people do. Security would never have done anything if we waited for that much perfection before we released things. I mean we're very aggressive.

Speaker 3: 1:01:46

This is a very aggressive industry of script kiddies, to tell you the truth. And when you're producing hardcore product and it's a truth that's where I think the changing industry is about to occur Is that we're seeing better coders and better techniques than we've ever had before in this industry it's becoming significantly competitive in a commodity way. But they look at what happened to elastic it's been crushed because it just didn't have the capability that's, you know, like snowflake has or some of these other high end databases. And even then I think the database is not as important and I think as more and more engineers come out they realize man, why am I even talking to a database? So, anyways, I'm just off.

Speaker 2: 1:02:31

No, I think you've got points there.

Speaker 3: 1:02:34

I'm going to have to reload on my think juice.

Speaker 2: 1:02:38

But it's exciting at the same time.

Speaker 3: 1:02:40

It is. This is a great industry. I love my industry. It's the reason why I'm not retired and I welcome you to it. If you don't think you're, if you're not in it yet, I welcome you with it. I'm really excited. I mean, this is our third year doing this podcast and I think you know we meet so many interesting people and I don't think we've had one guest that's anything like a previous guest, Right? I mean, everybody we talked to is pretty different.

Speaker 1: 1:03:07

Very much so, yeah, which I like the variety. We're supposed to be a security podcast and most of the time we don't really talk about security the way we should. Right.

Speaker 3: 1:03:18

We do.

Speaker 1: 1:03:18

We talk about whatever tech is interesting with our guests that they, that they focus on.

Speaker 3: 1:03:23

Hence the cameras and video I really wanted to talk about early on, to tell you the truth, because I think the quality I watch a lot of your videos got the quality you have, the diversity you have, I'm like man, this guy really knows what he's doing.

Speaker 1: 1:03:38

And let's circle back to the 80s metal, because you know, okay, I thought we were finished yet, but we go back to 80s metal. I just threw out some, some numbers or some some band names. Here's to hear your top five.

Speaker 2: 1:03:52

Oh, why are you going to do this? Because I got all these friends in Nashville and they're going to be mad if I don't say the name of their Obviously number one, because I'm looking in the background.

Speaker 3: 1:04:00

is Divo? No, is number one.

Speaker 2: 1:04:04

That was another one of our skits.

Speaker 3: 1:04:05

They just released a vodka I shouldn't say I think they released it last year called trust me and you can buy for $350 online. But OK, if it's not Divo, I mean you got me stumped.

Speaker 2: 1:04:18

Well, some of the bands wouldn't be necessarily metal. I mean, if you're going to talk metal, you got to be in the Metallica range, right. So, yeah, metallica was a big when they first came out, right, I heard them right out of after Kilimanjaro, right. So I was there from the beginning. By the time the black album hit, we were like, oh only posers like Metallica, that's old news, right. So I was there from the beginning, but they were really really good. If you're talking about borderline, you know the whole ACDC, van Halen I don't know that we'll ever see that, ever again, and that that level of I don't know whatever that they had. Acdc Really, if you think about it, they only have one song and they just repeat it with every song that they have, but it's a really good song.

Speaker 3: 1:05:03

That's harsh, that's harsh, it's a great song.

Speaker 2: 1:05:06

What was that?

Speaker 3: 1:05:07

What was it? Thunderclap or something? Everybody says that's the one Thunderclap, thunderclap.

Speaker 1: 1:05:12

Every asset.

Speaker 3: 1:05:13

To me it's dirty beats.

Speaker 2: 1:05:16

Yeah, I love. Well, I have to say, you know, the black back in black is one of the top albums that will ever be.

Speaker 3: 1:05:26

Yeah, great.

Speaker 2: 1:05:27

The quality of the production on that still stands today. You can listen to it, it still sounds fresh and I have really good monitors and sound system in here. I mean, I have the pro level studio stuff and I can hear stuff in there that most people will never hear and it is amazing what they did with that. So I have to give them credit for that. Obviously, ozzy and Black Sabbath are in there, iron Maiden I'm all about all those bands A new wave of heavy metal, like anything that's got really, really fast guitar. I don't know if people remember this. There was a band called Racer X and they had Paul Gilbert and the Shredder guys. I was all. I know that Chris hates the Shredder, but I'm going to get to the player?

Speaker 3: 1:06:11

I do, but did you bring up Racer X and again punk Like they're, they're.

Speaker 2: 1:06:16

No, they're, they're 80s, like hair metal, but on steroids Speed metal ish, you know.

Speaker 3: 1:06:21

I know, I know.

Speaker 2: 1:06:23

There was a band called. I got to give them a plug. There's a band called Impelitari Okay, it's a long name, but it had a guy in it named Rob Rock and Rob Rock is one of the most well known power metal singers in the world and the Chris Impelitari one of the fastest guitar players in the world. So they're along that same line. I released a song back in 2012 in this is another interesting story, if you want to hear it.

Speaker 2: 1:06:50

I released a song in 2012 and my good friend, michael Wagner, who I just mentioned before about the Metallica stuff he helped me get that done and he did most of the work. In fact, I did the guitars and did the bass and it was a song called obsession. And he asked me because I just said, michael, I want to create something that sounds like what you would have done in the 80s, like that metal stuff. I want something that sounds that good. He says, well, we can do it. He liked the song that I'd written and then he said, who do you want to sing it? And I said, well, when I wrote it, I was in high school.

Speaker 2: 1:07:18

When I wrote the song, I said I was thinking about Rob Rock and the band he was in with Tommy Aldridge and the Mars project and all that. He said, well, let's, let's call him. I know him, he produced one of their albums, I didn't know it, and he hands me the phone. He's like talk to Rob. I'm like so. So we asked Rob right On the phone would he be willing to sing this song? He's like well, michael Wagner is going to do it, I'm in. So literally a few weeks later he flies up to Nashville on a Friday night we're eating at Longhorn talking about the song, wakes up the next morning by noon the next day he's flying back home. He's done, I mean it was like three takes. It was over and I released that song and it's one of the best songs I've, I mean I've ever done and it sounds like that, that 80s metal that you'll, that Chris hates.

Speaker 3: 1:08:04

Well, because I mean you're touching so you're not talking angry. Some Owens or Black Flag, or Black Flag, you're not hitting the big, big bands of the 80s yet.

Speaker 1: 1:08:15

Dio anything? Ronnie James Dio.

Speaker 2: 1:08:19

That's right.

Speaker 1: 1:08:20

Yeah, well, next exodus bonded by blood was one of my favorite records come when I was growing up. It's crazy thrash metal. Oh yeah, I think that's where Kirk Hammett came from. Right, I think so. Yeah, he was a before then.

Speaker 2: 1:08:35

Yeah, and of course anthrax among the living was a really good album at the time. So I'm all. I like the, the headbanging stuff. I kind of graduated out of that a little bit now, but I like any honestly. I like any kind of music. If it's well played and well produced, if it sounds good, if it's got good quality, I love it.

Speaker 1: 1:08:55

About. What are your thoughts on King Diamond?

Speaker 2: 1:09:00

Uh, I can't do that. I just can't get in the vocals. Yeah To to. What's this to? Dramatic, melodramatic or something for me. Well, you know, there there's some stuff that I I've heard, that probably nobody else has heard, because I was in Nashville. I got to hear a lot of stuff that never got released by record labels, and there's some stuff that's really good there. Nobody knows about.

Speaker 3: 1:09:25

Oh, yeah, yeah, Definitely so. Anyway. So Frogweb Studios they're, I think he's in Norway or Sweden and they'll take like regular average Joe Top 40 music and they cover it as heavy metal. And the speed guitar that these guys do is so silly in the fact that they enjoy doing it like this, so anyways. So I'll send you that, you guys will, you'll, you'll readjust and you'll say you know what? That Taylor Swift song isn't so bad when played as heavy metal.

Speaker 1: 1:09:59

That's 120 beats.

Speaker 2: 1:10:00

Yeah, that's about the only way I would say that. Anyway, so that's the question for you. Kings X you ever heard of Kings X? Oh yeah, I love them. Galactic Cowboys that's another band that was on the same label as them. Um, you think, if there's any more that I might want to mention, no, dream theater. Dream theater A fan of dream theater when they first came out, for sure.

Speaker 2: 1:10:28

But it's all it's like the technical stuff you know their drummer is pretty amazing, like from dream symphony X is another one along that lines, and I remember when that first symphony X thing came out I was just like I can't believe these guys are doing that. That's that's. I just love the technical stuff.

Speaker 1: 1:10:46

You know it's funny that none of us actually mentioned G and R.

Speaker 3: 1:10:50

Look at me, I'm not that little guy. I mean, I might have to think about Primus right now.

Speaker 1: 1:10:54

Primus- one of the best concerts I've ever been to.

Speaker 3: 1:10:57

Yeah, yeah, oh God, that double bass, that double bass drumming is incredible. I mean, I have to say that for three pieces they're amazing, yeah.

Speaker 1: 1:11:07

They're a lot like Rush, right? Actually, I think if you've talked to Claypool, Rush, you know, was one of his. There you go. There you go Three piece bands.

Speaker 3: 1:11:15

Yeah, I saw Primus at the Greek.

Speaker 1: 1:11:17

Yeah, he had a setup where he had a giant bass setup on this weird like stand he was playing it like an upright bass and it sounded amazing. And he's, he's I remember what song maybe it was too many puppies or something like that. He's using this, not a true upright bass, but playing it like a bass guitar, like that. He had a three neck bass guitar, so we should do a whole series on three piece bands because that like violent fems another three piece band.

Speaker 3: 1:11:50

He was playing the the barbecue kettle. It's great band.

Speaker 1: 1:11:56

I mean, just anyways, we can have some fun with a three piece band thing.

Speaker 3: 1:12:01

That was fun, so let me, let me, let me talk about the three piece band thing.

Speaker 2: 1:12:06

So let me, let me get my Lincoln there before we get the end of the show. If anybody wants to check out something about security, the website is called the security championscom. One thing, the security championscom, and you can check it out there and see if you like that Maybe like like a Justin Timberlake character in in social network.

Speaker 1: 1:12:30

drop the the right now. Now it's a billion dollar idea.

Speaker 2: 1:12:36

I tried to do security championscom.

Speaker 1: 1:12:38

Obviously it was taken just as just an update on my beer, because you know my son there is beer in this in the name of the show. If you're not a fruit forward person, I wouldn't recommend the Tiki fusion from Logonetus. It's it's. If you want that hoppy IPA beer flavor, you're not going to get it from this. But if you're looking for something a little bit fruity, very citrus forward, that's going to kick you in the head because it's 10 percent. Definitely try the logonetus.

Speaker 3: 1:13:11

It's definitely you didn't really sell that one. You didn't really sell that one.

Speaker 1: 1:13:17

You know, I'm.

Speaker 3: 1:13:17

I. You know it's interesting about this one here because you know it's citrus and mosaic or both hops that I'm very much used to. But they have this one called a merilio. I've never used it it's it's pretty solid combo. So I really have to say that the more I become an alcoholic, the more I appreciate the hops combos that the beers are using. Very disappointed lately on fruits, I think, mango cart, you might as well just drink some Kool-Aid and have a beer. There's some some really just too fruity beers out there to be called a beer. Well, scott, I appreciate it.

Speaker 2: 1:13:51

You guys have been great. Thank you so much for having me.

Speaker 3: 1:13:54

Thank you for coming on board. I'm really excited to see your podcast and to hopefully see some movie videos or music videos on security. Yeah, yeah.

Speaker 1: 1:14:06

I would like to you know at some point if you're going to write songs about cybersecurity. I think we should collaborate. I think that I would love to.

Speaker 2: 1:14:14

I have some ideas a little room past you. The closest thing we did this past year was the song Wonderwall that everybody knows Oasis. We did Firewall Instead and it's out there. We redid that whole video and it's out there on the parodies list on my YouTube channel. So I'd like to, I'd like you to do a cover of Fat Bottoms girl about bottom girls.

Speaker 3: 1:14:36

If you could make it a security song, I have no clue what it would be, but I just I think that it just has the right rhythm for security. Anyways, I lose it. I only had one freaking beer, and it's not was just one beer, it's not, it's not good. That's right With you, man. I only had a set?

Speaker 1: 1:14:55

I only had a salad.

Speaker 3: 1:14:56

Today, I find that giving blood and only eating a salad really makes drinking beer that much more effective, much more efficient.

Speaker 1: 1:15:05

Got it. Oh my goodness, you guys are a trip. Well, with that, folks we'd like to thank you for tuning into episode to season three, episode two with our special guest Scott Moore. Remember save money, Donate blood, eat a salad, then drink your beer. Amen.

Speaker 3: 1:15:26

Hey Mac Nice.