In this episode, we get to know Rob Teague, CMMC Registered Practioner at Redspin, and Information Security Consultant for CynergisTek. Listen as we get to know Rob’s perspective on the security industry, what inspires him, and how his military background ties into all aspects of his life.
Subscribe to CyberSpin:
LAUREN FRICKLE (HOST): Welcome to Cyberspin, the podcast that brings you expert insights to today’s hot topics in cybersecurity, privacy, and compliance for highly regulated industries. Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform and a transcript of each episode can be found at Redspin.com
Hi, welcome back to Cyberspin. This episode is all about Robert Teague, our CMMC Registered Practitioner at Redspin. Today, we will be chatting with Robert today and getting to know him. Hey Rob, how’s it going?
ROB TEAGUE: Good morning, how are you?
LAUREN FRICKLE: I’m doing excellent, so happy to be here with you.
ROB TEAGUE: Same thank you for having me.
LAUREN FRICKLE: Well, so first things first, and kind of a serious question. What do you prefer, Rob or Robert?
ROB TEAGUE: Haha, Rob, please.
LAUREN FRICKLE: OK, only Robert when you’re in trouble? So I want to get to know you a little bit, Rob, I think it’s helpful to dive into the mind of Rob Teague for our clients and colleagues because in the field that you’re in, the work is very team orientated. I mean when an organization partners with CynergisTek, or Redspin, it isn’t a digital relationship, it’s face to face. Tell us a little bit about that relationship and also go into a little detail about what you do at Redspin and CynergisTek
ROB TEAGUE: Sure, yes, you’re exactly right, Lauren Teamwork is one of the big things that we do both at CynergisTek and with Redspin. We’d like to think of ourselves as an extension of the teams that we work with. So, when we have clients, it’s important for them to know that we’re not there to point our fingers at them. We’re not there to laugh at him when we find a mistake or a gap. We think of ourselves as an extension of their team, a third eye that comes out and says, “hey you already know that you’re missing this, or this isn’t right”, but we can also find some things that they don’t normally see ’cause they just don’t think about it. The partnership that we do with them, if they have any issues during the assessment and afterward, they contact us. Even now I was just on yesterday with one of our clients. They contact us all the time to ask questions. Sometimes they’ll bring us in, and we will sit in their huddles with their actual engineer teams, and it’s almost like we’re a part of the team. The other great thing about it is that I’m just one of the many, so if I can’t answer the question, someone else on my team might, I’ve got other folks that I can turn to within the organization that is quick to respond so that we can get that information back to the client.
My role currently with Redspin is I’m one of the CMMC registered practitioners, one of seven. We work closely with Tony Bunger, our Provisional Certified Assessor. With CynergisTek, Redspin is our non-healthcare division, CynergisTek is mostly focused on the health care organizations, although not solely but that is the most form and I’m an information security consultant within both roles and both organizations at the same. We take working with our clients seriously because it is a serious business and we hold that to heart, which I think makes us different than a lot of organizations. Some [other organizations] just come in do an assessment and give you the paperwork. We actually come in and embed ourselves with your team. So even if it’s a virtual assessment we embed ourselves with the team. We try to get to know you and the team as much as possible, as well as the processes and procedures so that we can assist you.
LAUREN FRICKLE: Sounds like a really great philosophy, that is probably very effective. So stepping back a little bit, where are you from and tell us about your professional journey that led you to become a CMMC Registered Practitioner for Redspin.
ROB TEAGUE: Sure, so I actually took the long journey, so I’m originally from Long Beach, CA, and then when I was younger moved to San Diego, CA where I actually stayed all the way until joining the military, the US Army in 1988, so I did over 30 years with the US Army. But the job that I originally signed up for morphed as networks started growing, the Internet started growing. It morphed into information technology and so as I worked my way through the ranks into the leadership roles, it became more of leading Information technology teams, ensuring that we were in compliance with DoD regulations, sharing the users were practicing safe and secure methods of how they were interacting, and we had to do that with the different enclaves that you had, you know the non-secret, the secret, and the top-secret networks.
So, as I moved through, I finished my career with the US Army as a command major of a signal battalion that we had almost 700 soldiers, civilians, and contractors that we lead “downrange” that’s a term I’m sure most of you are familiar with but in the Middle East. While we were deployed and we were spread throughout nine different countries, so the entire time we were putting signal soldiers in austere environments to provide networks for the warfighter. That role and that leadership, kind of, you know, the teamwork that comes with the military kind of spills over, and when I retired from the army it was kind of interesting because I think I was two weeks into retirement when my wife said, “no for real you need to go get a job because you’re driving me nuts”, so I didn’t want to just go work for anybody. I knew that I wanted to work for an organization that had the same mindset, if you will of teamwork, of caring not just for each other and their employees, but for the clients that they work for.
When CynergisTek first came to my mind, and I did my first interview, from that first interview I knew this was the right organization for me. Not all of our employees have a military background, it’s about half and half. For CynergisTek, I work the Southeast region of the United States. My team meets weekly, virtually because we’re spread across the United States. Humor is a big part of what we do and It’s just this camaraderie that I love. Honestly, I stepped right out of the military where most folks missed the camaraderie, and I walked right into an organization that has it.
What’s great about Redspin is that so far our Certified Provisional Assessor Tony. and the other Registered Practitioners all have some type of military background, so we fully understand the contracts in the arena. And that’s why this is so important, and we try to bring the perspective of the client. What does the client need to know from us about CMMC? The biggest thing is that Tony Buenger is on the inside of CMMC. He’s on one of the first Provisional Certified Assessors, so he gets a lot of information that’s not normally put out in the public arena, so in our weekly meetings we discuss some of those changes that are happening within CMMC, which gives us, I don’t want to say an edge, but more of an ability to start preparing for changes that may be coming. But most importantly, it’s the information that comes out and then as we have our weekly huddles It’s like OK, how can this information assist the organizations seeking certifications right? And then when we come out to do an assessment with them or when we come out to actually certify them, how can this information help them? And that’s what we’re really trying to do at Redspin. We’re not trying to really corner the market as some of the organizations are. We’re more about helping these organizations get the contracts that they’re looking for.
LAUREN FRICKLE: Yeah Rob, I can attest to a lot of what you’re talking about. As a CynergisTek employee it’s awesome to work for an organization that has an ethical purpose and an organization that performs meaningful services, like helping protect organizations from threats. Also, like you said, our team at both Redspin and CynergisTek is awesome. Both teams are packed with recognized industry experts. OK, so Rob, in your opinion, what are the top issues the cybersecurity industry is facing today?
ROB TEAGUE: Lauren, that is a great question. Honestly, the issues the industry is facing today have been around forever, they’re just more permanent now. One of the biggest obviously is ransomware, and I’m talking in the health industry right now. They were specifically targeted earlier this year and it’s very scary to know that an aggressive actor can come in, and take control of their pharmacy and completely shut it down to where patients can’t get any medication, and that’s kind of the real world, now that the health care organizations are sitting in. So, if you think about that and you transfer that to the DoD industry and a lot of these organizations that are seeking contracts, it’s just as scary because you’re holding CUI data or data that is very important for the security of our nation. And the last thing you want somebody to do is to come into your network, hold that for ransom, and get you to pay some kind of money to release it to you. Well, guess what? They’ve already got the information now.
LAUREN FRICKLE: OK, and on the Redspin side of things, you’re helping lead CMMC assessment services. From what you’ve seen so far, what are the biggest hurdles or challenges for contractors who need CMMC compliance?
ROB TEAGUE: So that is a great question also. So there are many challenges. The first thing to let organizations seeking contracts to know is that if you’re seeking a Level 1 certification, honestly, the practices or the criteria that you must meet, you’re already performing so don’t panic. OK, the Level 3 contracts that require the Level 3 certification is going to be a little more in-depth. As we discussed with Helve Longoria, the CISO from FIU, in our last podcast. You know there’s a lot of concerns about how you get there. Everything has to be documented and not just documented. The personnel must understand the policies they must practice and demonstrate that they are on a daily basis, practicing those procedures. The biggest I think the issue they’re going to have is trying to decide how they’re going to contain the Cui data. Most of these organizations, their sole purpose, is just this DoD contract, so it won’t be too hard for them. But for somebody like Helve or the other clients out there that may have more than one aspect of their organization, the biggest challenge is how do you contain that CUI within the network. Do you create a little secret hub inside there, or do you just create a total separate network? These are things that they’re struggling with trying to figure it out.
And that’s where you know we have Redspin. We went through the same issues because we ourselves have to be certified at these levels. We’ve been there, done that. We know what you gotta do and have some great recommendations for you. We’re not going to tell you what to do but will give you recommendations on what you can do and when we give you, those recommendations were thinking of your company as a whole, for example, and maybe a small company that doesn’t have a lot of revenue, so we’re going to think of some ways that are cost-saving for you to contain that CUI data. But the biggest challenge is how do you contain that? How do you document where it’s contained and everything about that data and make sure that all of your employees are practicing what you have documented?
LAUREN FRICKLE: In your responses, I’m hearing a lot of talk about your team, so describe the team you work with one word, one word only.
ROB TEAGUE: Haha, hoo boy. Dedicated. I was hanging and passionate, but I think dedication is the biggest thing. They understand how important this CMMC is. We all have that military background. We all understand how important that information is, and the detriments that could happen if it’s leaked out too aggressive actors. So we understand how important that is, and we’re dedicated to whoever brings us onboard to assist you. We’re going to use our experience or certifications, our training, everything to help you get that contract. But more importantly, to protect that data.
LAUREN FRICKLE: And hey, let’s not leave out passion. I mean, working with your team. You guys are passionate, I think that’s pretty clear. It comes across in our podcasts and just working with you guys directly I can tell you love what you do. Rob tell us what you do for fun. What do you do on the weekends and outside of work?
ROB TEAGUE: Actually, you know during assessments and visitations with clients, they ask that a lot. Because just like we want to get to know them, and they want to get to know us. So there’s three big things that I do in my off time. So one is I’m a drummer, I picked up the drums when I returned from my last deployment. I don’t want to say I’m famous, but around the house I am for making a lot of noise. The other thing that I do is a little more interesting. I work at the Atlanta Motor Speedway with NASCAR. I do on track cleanup and crew services so I am in turn three in the cleanup 3 trucks so whenever the vehicles you know the race cars crash or whatever, the case may be, we go out, pick up the parts. If there’s fluid on the track, we drive the track, but you have to be very thorough and you have to keep your head on a swivel. We will be on the track Ccleaning up and these cars will come by at about 100 to 140 miles an hour and literally you know, they’re like 3 feet from you, so if you’re not prepared for that, it will definitely scare you. I liken all of that to what I do with security because it’s the same. Your head has to be on a swivel, and you gotta constantly be prepared for the worst. The other thing that I do is you know I spent so many years in the military fighting for those that couldn’t fight for themselves and over that time, you know I’ve gained a passion for enjoying life and when I say enjoying life I don’t mean jumping from an airplane or bungee jumping ’cause that’s testing life, right? I’ve already tested life. I don’t need to do that. I’m more about relaxing so you know my wife and I will go kayaking and swim with the manatees. So enjoying life and family time is very important to me.
LAUREN FRICKLE: So last but not least Rob, I’m really excited about this question. What do you think is important about the cybersecurity, privacy, and compliance industry?
ROB TEAGUE: We’re not the favorite industries. But we understand the relative newness of it and how important it is. Most folks, or your average user does not think about that. And I’ll give you an example and we’ll use social media. You know, the average user will use the health industry. They’ll take photos and they mean well, it’s not like it’s anything unintentional. They mean well, they’re taking photos of their teams that they work with, say, an emergency room during the Covid crisis, and saying you know, talking about how they are persevering. The problem is their badges are exposed so who thinks about that? Those of us who are in the cybersecurity, privacy and compliance industry do. Because that badge can be fabricated and used in a social engineering tech back against the hospital where people can get into areas they’re not supposed to be. So without these three areas of cybersecurity, privacy and compliance. These types of things would happen often, and the average user would not be aware of that. So, it’s vital that these teams continuously trained the user in these things. The problem is, is that for us in these arenas we’re not the favorite because we come around as Dad or mom, the “don’t do that/ you can’t do that”, and after a while that kind of tolled on people. But it’s very important that we continue to do that. If somebody has got to be the bad guy in order to save data, the safety of users, employees, etc…, call on me. I’ll be your bad guy Eevery day.
LAUREN FRICKLE: Yeah, unfortunately, cybersecurity, privacy, and compliance teams are not always the favorites in the modern-day business world. However, it is necessary and it’s kind of our job to change that thought, and I think just by kind of getting to know you this might help change that dialogue a bit.
ROB TEAGUE: I hope so. The biggest challenge, I think also that the cybersecurity industry is having and mostly the Information Security Department says funding and resources. So in a hospital environment, you know you’re trying to get that Network Access control solution that costs, I don’t know just throw number 3-4 hundred thousand dollars and the hospital is telling you know we need a new X Ray machine. That’s going to cost us $1.8 million so our funding needs to go there. Why is your network access control solution so important? I’ve been there, done that everybody on our team has been there with that, so that’s where we share our experiences of how you can get that information, the data involved with it, right across to the executives so that they understand why that next solution is important.
LAUREN FRICKLE: Yeah, well Rob, it’s been such a pleasure to have you in this spotlight for this session. Thank you so much. Folks there you have it. Rob’s cybersecurity, privacy, and compliance ethos. Thank you so much, Rob.
ROB TEAGUE: Thanks Lauren for having me.