In today’s rapidly evolving digital landscape, understanding the difference between cybersecurity and cyber risk is crucial for executives aiming to protect their organizations. Join host John Riley in this insightful episode as he dives deep into this critical distinction with special guest Ashwin Rangan, CEO of DoubleCheck. Ashwin, a published author and seasoned expert with decades of experience in internet technology and cloud infrastructure, shares his unique perspectives on prioritizing cyber threats in the age of AI, navigating the financial implications of security investments with CFOs, and emerging trends that will profoundly impact cybersecurity in the near future. This episode is packed with actionable advice, real-world examples, and even some humorous anecdotes, providing listeners with a comprehensive understanding of cyber risk management and how to stay ahead of evolving threats. Tune in for expert insights and practical tips to safeguard your business and personal data.
—
Watch the episode here
Listen to the Podcast here
Cyber Risk Exposed: Ashwin Rangan On Today’s Top Threats & Solutions
Welcome to another episode of the show, where we explore the challenges faced by executives as they grapple with cyber risk. We have an amazing guest who’s a published author of a number of articles. He’s previously been the head of engineering for ICANN. If you don’t know what ICANN is, take a look at it, because you’ll find that it’s a pretty cool organization. He’s also a reader, singer, and hiker in his spare time. It’s my pleasure to introduce you all to the CEO of DoubleCheck, Ash Rangan. Did I get that correct?
Absolutely. Thank you.
I am on it. Thanks for being on the show. Thanks for scheduling around the couple of times there that we had to move things. I appreciate your patience.
You’re welcome.
Decoding Cyber Risk Vs. Cybersecurity
Christmas only comes once a year, but I keep the beard all the time. Let’s just jump right in here. Ash, with your experience and everything, my question is, how would you explain the difference between cybersecurity and cyber risk to somebody?
That’s a great question to start off with. Cyber risk is a very comprehensive look at where all the sources of potential risk could lie when it comes to all things cyber. It’s not limited in that regard to just what we think of as cybersecurity. Cybersecurity, by contrast to me, is a focused set of activities to protect certain aspects of the risk because in the risk scenario, there may be risks that are completely comfortable in just being mitigated by other means, not through cybersecurity means.
For instance, take insurance on something and say that that’s a way in which we allay concerns about something. We could have a set of policies that say, “Here are behaviors that are expected.” That could allay certain fears that are concerned with cyber risks. Cyber risk is very much more comprehensive than cybersecurity. Cybersecurity, for me, is a set of activities that go after specific things that we’ve decided to do something about because we feel that merely policies are not good enough, or we don’t have the ability to transfer that risk somewhere else.
That’s absolutely the case. I like what you said about risk being unlimited. However, the day-to-day, the things that are known, I think that we try and put those into frameworks. Whether it’s an ISO framework or a NIST framework, or SIS, or whatever. I think we try and put those in there so that people don’t miss them. Even though they’re not necessarily a checkbox or some checkbox theater, the goal is to document that not only for the day-to-day tasks for the security people, but also for the executives, and how to run things. The treasure map would probably be my way of putting that.
That’s right. There’s treasure and then there’s treasure. If it’s gold and diamonds, you want that to be behind three locked doors, but if it’s just coal, you want to leave it out in the open because no one’s going to be able to take it away. It may be valuable, but it’s really difficult to take it away.
AI’s Double Edge & Leadership Dilemma: Navigating Cyber Threats
It’s very much so, unless you’re just doing truckloads. We’ll see. Along with that, what do you see as the most significant cybersecurity threats that are facing companies?
I think there are 2 or 3 things that I think about, particularly in the now, because the now is changing so fast with the advent of AI that avatars are becoming the new normal, where people are being duped into believing that there are certain things happening which may not even be occurring. You can grab a picture from a social media platform, for instance, and using AI, make it come alive with a story that is so believable that you could be duped into believing that indeed your CEO is calling and letting that they’ve been held hostage.
They need $20 million to be transmitted, or else their life is in danger. That is a level of threat that we have not seen in the past, with the level of sophistication that now seems to be available. With the click of three buttons, you’re able to create a video and feed it to somebody. If they’re not schooled enough or sophisticated enough to know that they need to do a double check, they are suddenly in danger.
That’s funny. I just received a call from a Yahoo security team. They called me by name and everything and said, “We’d like to go over some security on your account.” I said, “No.” “What do you mean?” I said, “I don’t trust who you are.” They hung up. That was it. What you do, we get emails all the time from, “Pay this invoice.”
Seven emails are going back and forth to what looks to me to the accountant or me to the vendor, and then they’re saying, “This was approved to pay, please pay it.” That’s just the email version of it. There’s also the voice and data versions of it that are coming. I think that it’s going to be trying to verify. Verification of all of those things, not just make sure you call the person back or actually get some second authentication before wiring or anything like that.
I totally agree. Email platforms, hopefully, everybody is doing things like two-factor authentication, but smishing is getting to a new level of sophistication with all these tools now, where you’re constantly busy on your cell phone. I don’t know whether the stat is true or not, but it said that every 94 seconds, somebody looks at their cell phone on average. That’s a ridiculous number of times that people are looking at their cell phones for something or other. God forbid you’ve turned notifications on, the damn thing is just going off all the time. It’s Christmas bells. In that hurry, you are likely to do something that you regret in a fraction of a second, because none of us is too far away from a really good fish or smish. We’re one click away from a great fish.
Honestly, there are times that you’re just not paying attention or phone in your pocket and you accidentally maybe open the text message and click on the link when it is in your pocket and you have no idea. There are all kinds of scenarios. I agree. Getting back to your point there that AI and some of the avatars and bots, and everything else are going to make a difference in how security is managed because of the sophistication and the attacks that are happening. Along those lines, how should a CEO prioritize those cyber risks? As far as what are the ones that are being a CEO, how do you prioritize the risks?
For us, it’s very important to have a security positive stance, as in have a clear understanding of the served audiences and where the likely threat vectors could intercept what we offer. Not only is it an internal concern, but it’s also an external concern insofar as how we manage our customer accounts. We have to be at a level that is sufficiently high that it doesn’t overwhelm us with the cost of providing cybersecurity, but at the same time, strike a balance with the fact that we need to provide that level of cybersecurity, both internally and externally.
That’s a fence that we straddle all the time. There are involved discussions, our head of engineering and I, every once in a while, we’ll get off on a sidebar, and he’s like, “We’ve got to do this.” “I understand, but there are like nineteen other things that we’ve got to do too. There’s room for like six. Which ones are we going to do?” It’s a priority problem all the time. When once something hits the radar where we see multiple occurrences of a particular threat vector, then we say, “Yeah, we’ve got to do something positive about this.”
You brought up my next question, which is, how does your CFO feel about that? I mean, because ultimately, even though there’s that list of twelve items that you must do and you’re picking six and you’re picking the top six, it still comes down to some budget that has to be in place.
It does. Our CFO, God bless him, he’s doing exactly what he needs to, which is to challenge what’s the ROI here. Are we going to make more money, or are we going to lose less money? What is the storyline here? It’s not a hygiene factor anymore. You’ve got to have a positive return on what you’re doing.
Still manage the risk because that risk is there are high-level risks and then there’s the lower-level ones. There’s never 100% secure. It’s a matter of when you get hacked. It’s a matter of practicing and understanding what it’s going to look like. How you’re going to deal with it, or how your head of engineering is going to deal with it? Nobody wants to be in that situation.
Sadly, we are all in that situation.
Cybersecurity’s Future: Boards, Frameworks, & AI’s Impact
In today’s world, absolutely. From your perspective, which emerging trends do you believe will have a profound impact on cybersecurity in the near future? We touched on one of them, which is AI.
I think one of the things that I used to struggle with ten years ago. Let’s go back so that we can go forward. Ten years ago, the level of understanding of cyber risk was low. It still was not at a level that it needed to be in spite of the fact that it was not new. It was almost like, “I wish this would go away,” was the feeling ten years ago. We now know that that wish is not going to come true anytime soon. It’s not going to go away.
If anything, it’s only going to get worse and worse. It’s always a case. I used to this pic, I would put up a picture every time I had a case to make for cybersecurity investments, where I would say, “Look, every time I build a 10-foot wall, they build a 12-foot ladder.” They’re always going to get over whatever it is that I’m trying to do. It’s a never-ending race here. We just had to have the intestinal fortitude to continue to invest in the right few things that actually will make a positive difference to us. It’s the right few things.
Therefore, that brings to the forefront, what are the right few things? I think what has changed is that the level of understanding is now set in most boardrooms. You are able to have an informed conversation about what we have to make investments in cybersecurity. How much is a different question? Should we is no longer a question. That’s one thing. The second thing that has changed in a positive direction is that most board members are now aware that there are these frameworks. It could be something as simple as let’s go with the 18 or 20 factor, simple.
Let’s go with NIST, very complicated. Let’s go with FedRAMP, extremely complicated. Whatever it is, they know that there is a framework and they ask the question of which framework are you going to go with? We are now in a position to say, “We don’t have to explain that there is a framework. Now we just have to explain which framework.” That’s a positive move in the right direction.
What’s new is that the frameworks lag the threat vectors because it takes standards bodies a certain amount of time before they can go back and look at what the threat vectors are and which ones to include, what to mitigate, all of that stuff. In the meantime, the threat vectors are progressing at an alarmingly fast rate. We have to be cognizant about what’s happening, not just with the frameworks, but also outside of the frameworks, which are important to be taken into consideration now, so that we’re making the right few investments.
One of the ways I would advocate, certainly something that I tell myself, is to keep my board updated about non-framework related threat vectors which are emerging that could potentially broadside impact on us and say, “Look, we’ll keep an eye on this. We may need to make a few investments here, but I assure you, if it’s not the right thing, we’ll pull back from it. If it is the right thing, we’ll double down on it.”
You made a great point there. A lot of board members are becoming aware of it and utilizing some of those frameworks. We’re still doing a lot of education as Omnistruct, two board members, and even executives, because I think that a lot of them are still sticking their hand in the sand, even though it’s been 30 years now or so that these have been issues, and it’s not going away. The other big thing is that we’re seeing a lot more contracts that are requiring some framework to continue to do business, especially for those customers that are sharing data. If I’m giving you my data, I want to make sure that it’s protected and that you’re doing everything that you can to make sure it doesn’t just slip through your fingers.
That’s exactly right. The threat vectors, when you think of it, used to be that you defined an enterprise, and you had four walls to define the perimeter of the enterprise. I think multiple things have changed. One is that social media has gotten so integrated that you actually want to pull in social media, the tone of voice in social media, to help you with your marketing. If you’re not doing that, you should be doing that.
That immediately says that you opened up a gate somewhere, and you opened up the perimeter. Cloud is an integral part of the infrastructure. That means that there is somebody who’s providing you with a service, you’re entrusting your data to that service provider, and therefore, there is a big gate that you opened up to your perimeter there.
You’re letting in software from the outside to help you manage your business, and therefore, you’re assuming that the supply chain up north of you has actually taken due diligence courses so that they have done what they need to, and they have just not transferred the risk over to you. Now the risk is living inside your enterprise. We now live in a very open-walled environment where the perimeter is porous. Where is the risk coming from? You just got to have a 360 view and keep your head on a swivel.
Even then, with some of the newer things like AI and people, why use AI at home? Why can’t I just take this database and shove it in there and then get some analytics out of it? There are definitely some new challenges that have even come within the last couple of years that are to be better challenges to understand where they’re coming from.
That’s right. The diffusion of these technologies on the one side and the risks that the technologies come with, the understanding of that risk, is slow in coming. Part of this is to continue to educate people about how fast it is diffusing and what the risks are that are also diffusing with the technologies?
Everything may be AI, including security at some point, right?
I hope so, in a good way.
Cyber Disaster Plan: People, Assets, Info, & Reputation
As far as, I’m not sure if you’ve been through a cybersecurity disaster, but what does that cyber disaster recovery and peace look like that journey? What does it look like for most executives when a hacker has succeeded in stealing their data? Take me through what you want that looks like from the first menu. We have a problem.
We’d come up with a framework, or we have been given a framework that we have used consistently. I started to use it while I was with ICANN, and it’s now become second nature to me to think about it that way. We used to call it PAIR. Is that an impact on people? Is there a kinetic element that is going hand in hand with the cyber element? Is it a multifaceted attack, in other words? Are people at risk? Are our assets at risk?
That includes both physical and digital assets. Is our information at risk? Most importantly, is our reputation at risk? We would look at all four of those continuously and do a quick assessment. You think about it, any time there has been a break-in, your reputation is at risk because suddenly it calls into question your competence. Are you even aware? Were you aware? Did you do the right thing? Did you mitigate it? Did you ignore it?
All of those questions, they may have been already transacted, but they’ll come back to the surface again, saying, “Remind me, what did we say? When did we say it? What did we do? When did you say you would do it? Was it done? How was it done?” All of those questions come back. I think the reputational aspect of it is very important. Therefore, when there is a cybersecurity incident, first of, there are many events.
Cybersecurity events are constant, but the incidents are fewer because those are the ones that go up in level and register on the radar. The highest levels of these is when there has been a positive breach, perhaps the bad actor has been lurking around for days, weeks, months, and a lot of valuable data has been ex-filled. The worst case scenario is when it shows up on the dark web and somebody says, “Now there is a price on it, and your data is not going to get exposed. Here’s ransomware.”
All of that. I mean, we know the script. What do you do? I think you have to have had muscles developed in a trained and trialed environment before. You cannot let your natural instinct and intellect guide you in the moment because both your instinct and your intellect will more than likely let you down in the pressure of the moment. You have to willfully step in ahead of time, build that muscle memory so that when the inevitable occurs.
You’re in a position to react with muscle memory rather than reacting with your intellect in the moment because more than likely, you’re losing it at that point in time, depending on how big this is. You think of some of the most ridiculously big problems that we’ve been made aware of in the last one year. Healthcare systems are being breached for hundreds of millions of records.
Those are the kinds of things where you cannot say, “I’ll trust my judgment at the moment.” No, not good enough. You have to have invested in developing that muscle memory way ahead of time. Compartmentalizing information, understanding which level of information has actually been ex-filled. Is it sensitive enough that you should be concerned? If it were the Panama Papers, for instance, you should be jumping all over it with everything you’ve got in like a heartbeat.
Also, a technical person may or might make a mistake or something in trying to get things back up and running. Format the drive and kill any evidence. For them, that was the right thing because they wanted to bring the service back up as quickly as possible, but if it’s not the right thing when you’re destroying evidence, that it was there. That first thought of, “I need to get it back, and we’ve got to go. It’s costing money.” That practice of understanding where that is and documenting it and knowing who to call, where to go, those are what’s going to save your bacon when it comes to be that time.
Simple things like you mentioned, a call tree. How frequently do you review the call tree to ensure that the people on the call tree are the right people still? People come and go into organizations. They get out of the organization, they retire, they leave, their job changes, their responsibilities no longer entail what they used to have, replied. All of that is happening. Reviewing the call table, testing out the call table, and making sure that the phone numbers that were given are still the right phone numbers. Maybe the people are traveling.
Do you have a backup for the person? Who can make the decision? Which decisions will be made by whom? Your point of restoring service, the frontline is always concerned about we need to restore the service now, but it may be the absolute wrong thing to do unless you have a parallel set of infrastructure that’s spun up and ready to go because you may be destroying anything and all the evidence that you need. Attribution is difficult as it is in cyberspace. The last thing you want to do is overwrite whatever little attribution capabilities you have.
Internet Pioneer: Ashwin Rangan’s Tech Journey & Innovations
When you talk about the contact list, I also suggest like your external contacts. Make sure you’ve got your attorney’s cell phone number. Make sure you’ve got a PR firm’s cell phone number. Call it once a quarter. Make sure that they pick up because if they don’t pick up, then you haven’t put enough into a deposit down, or maybe you should. You want them to pick up when that emergency does happen and test that number. We’ve talked about ICANN, and we’ve talked a little bit about your journey. Tell us a little bit more about who you are and how did you get here, and then a bit about your company.
Certainly, that’s the part that I enjoy the most, the part about the company, not about me. I’m a trained engineer. I was born in India. I’m notionally Indian. I grew up in Africa. I went back to India and did my bachelor’s in mechanical engineering and a master’s in industrial engineering and management. I came here as a technology consultant and became part of a young startup company in PCs way back in the ‘80s that grew and grew like a weed. My career started to blossom alongside that company because I was one of the earliest employees in the company.
It eventually became a Fortune 500 company, went public, went splat against the wall, and got sold to Samsung. I became part of a very, what I thought was, a rock-solid company called Rockwell International. Only to find that the division that I became a part of wanted to get spun out and become an independent entity. I helped with that, took that public. I had the opportunity of a lifetime to serve as one of the first technology heads that led to the creation of what is today Walmart.com.
I was instrumental in helping to scale that to a billion dollars in profitability within a very short time. It’s a phenomenal brand. My challenge was to set up an infrastructure. This is back twenty years ago when technology was not what it is now. We created the equivalent of a private cloud, which was extraordinarily elastic to the point that twenty years later, that same cloud has grown, but it has proven to be phenomenally elastic in the process.
From a billion, it’ll probably do 150 to 200 billion in revenue this year. The same elastic framework. I’m very proud of the team that put that together. I did a startup with a couple of friends in analytics in the cloud for marketing purposes. That got sold out. I became part of ICANN for the last ten years and grew the internet from 2 1/2 billion users to 5 1/2 billion users over the last ten years.
That’s my career journey. It’s all been about the internet and the cloud, and what can we do to democratize all these tools and instruments so that everybody can benefit from them. The dark side of this is cybersecurity, as you well know. Nobody built any of these things with cybersecurity as a primary thought. This has been like the caboose is now trying to ride the train. What do you do?
I remember sending emails from Unix Systems as God or different other things. That was the easy way to spoof something, and we just did it for fun.
That’s right. The fun has now become a big business, sadly. After my ICANN stint, I was approached by a company to take on the leadership role as CEO. Our new company is called DoubleCheck. It’s a software-as-a-service company serving primarily credit unions and banks, and providing credit unions and banks and their customers with value-added services. Our service is, very simply put, a real-time interceptor.
Banks click on a once-a-day basis. Everything is batched in a banking environment. Your accounts are adjusted once a night, but life goes on all the time. Because life goes on all the time, as a business person, you’ll recognize what I’m saying here. Your invoices are coming in, and your accounts receivable may or may not be coming in at the same time as you expect. You’re constantly playing this game of float here, saying, “I hope my AR comes in before my AP so that the invoices get cleared, or else I’m going to go into the hole and I’ll be in an overdraft situation or a non-sufficient fund situation.”
We intercept those transactions and transparently make you aware of the fact that you have a problem potentially, because there may not be enough funds to clear whatever invoices are coming your way, giving you an opportunity to cure the situation so that you can either transfer money from elsewhere, do a spot loan, use your credit card, whatever it is. The transparency and control, that’s what we provide. That’s one aspect of what we do. We’re hijacking the same mechanism now to provide similar transparency and control over cybersecurity.
You, as a customer of the bank, have one of the most valuable assets you have is your money, and you get fished all the time. We’re able to spot those, and we’re able to warn you that you may actually be being gamed before you actually get gamed, so that you can take whatever action you need to. We are targeting this particularly towards the older-skewed audience because they are the ones who are being disproportionately targeted for what’s going on.
The Vulnerability Of Older Generations In Digital Scams
Is it because of the gray beard? I definitely understand that. I’ve seen that with the elderly sometimes too, where that they’re they’re a little more trusting, especially with the technology and voice and everything else.
I’ll tell you what happened with one of the cases that we are actually actively addressing. State of Florida, an elderly lady, a grandmother, gets a video call. It says, “We have your granddaughter in custody.” Sadly, she had been drinking too much. It’s an appropriate time of day when that occurred. She was told, “Look, she needs to be bailed out. It’s going to be $40,000.” Grandmother says, “I don’t believe you. I want to see my granddaughter.” They had swiped her Facebook picture and animated it, and made it look like she was behind bars.
She started to talk as though she were actually behind bars with a tearful voice saying, “Grandma, I need your help. You need to come and get me out of here. Please do whatever they’re asking you to.” Grandma proceeded to drain her account of $40,000. She was asked to deposit it in a Walgreens into a Bitcoin machine. Walgreens said, “Look, this is just a machine. As far as we know, we have no risk here. It’s not ours.” Grandma’s out of money. Granddaughter was safe. There was no problem. Just now lost most of her life savings.
I’ve heard so many similar stories. Even a friend of mine who’s a doctor was helping his son buy a house. Money was being transferred. Large sums of money were being transferred. Somebody had called the bank, and they actually had used their phone number as dual factor authentication and duplicated their number. When the text message came in, they called the bank, and actually, they passed the verification of the bank, and they were able to move a couple of hundred thousand dollars. Be the man in the middle, so to speak.
That’s it. That’s exactly right. By the way, for banks and financial institutions, my company offers a bank-to-bank protection measure so that this problem does not occur. It’s a $25 billion a year problem where there’s a man in the middle.
It’s not going down, especially with those AI tools and the ability to duplicate a voice. When I pick up the phone, half the time, I just wait for somebody to say something because I don’t want to give them my voice.
Exactly because your voice can be cloned now.
Cyber Risk: Threat vectors are advancing rapidly. We must be aware of developments within and beyond established frameworks.
That’s right.
Your phone can be cloned. Your voice can be cloned. We live in a dangerous world. We just don’t seem to. We got to understand that the smartest crooks are no longer on the street with a knife or a gun in their hands. They’re behind a keyboard somewhere, trying to figure out how to get to be you.
If all the media is to be believed, they all have hoodies. We usually call the people with hoodies.
That’s the qualification.
That’s right. If you’re not wearing a hoodie, you’re not really a hacker. That’s always the joke that we say, “That I see is that every marketing piece has some hoodie guy or a laptop.”
Seriously, if that were truly the case, ZZ Top would never have become a band.
AI’s Power Shift: From Threat To Innovation In Software & Security
Tell me, what are you currently working on, and what excites you about what’s happening out there?
I think there are things like Cursor.ai, which are so new and a new way of approaching software development. You can literally talk to this machine and tell it to develop code with an idea that you may have in your mind, which tells me that the day is not too far before we’re able to converge with a machine and have it render what we want, at least as a minimal viable product, as a prototype that you can just show people. Software engineering was an artisanal skill. You needed real smarts to figure out how to make software behave. I think that is changing so rapidly with democratization through AI. I’m excited about that.
I’m excited about the prospect of AI being put to good use at the same time as I’m concerned about how the bad actors can use the same capabilities. I think the good use of AI could result in some really remarkable things. I’m excited about that. I’m excited about how AI will meet robotics, will it solve some problems? It could be very interesting to see how it could solve some lower-level labor problems that we already have, where supply is not equal to demand, and demand is far outstripping supply. I’m excited about all of those possibilities. The engineer in me is very excited. The parent in me is absolutely horrified about what the prospect is. The level of conversation with my kids is very different than the conversation with you.
I can definitely understand that. The addition of AI and the ideas that people are going to come out with, being able to utilize AI and, as you said, bring up an MVP. It’s always been known that the idea is not valuable. It’s the execution of it and how it can be done. If you can actually get to market with something that has been created, we may see some very new, creative ideas about how to get some problems solved.
Seriously, when you create a product, I remember this conversation with one of our product leaders. He said, “Your first rendering, you throw the ball and you ask the customer, did I hit the mark?” He says, “You’re not even in the same ballpark.” You throw it again. He says, “You’re not in the house that I wanted you to hit.” You throw it a third time. He says, “You’re in the house, but it’s the wrong room.” You throw it a fourth time.
He says, “It’s the right room, but it’s the wrong wall.” You throw it a fifth time. He says, “Right wall, but the wrong place.” You throw it a sixth time. He says, “Yeah, roughly right. How about you try again?” The seventh time is when you actually get close to the target. With these tools, if I’m able to co-create with my customer in the room with me, and he or she telling me alongside of me what I should be telling the machine to do, and we both agree that this is what they’re looking for as a customer and willing to pay money for, that’s like Nirvana state, man.
Maybe it’s only three times that you got to throw it, then.
There you go. They still don’t know until they see it for the first time. Say, “Let me think about it. That’s fine.”
If you’re something new, there isn’t necessarily a roadmap to it. You’ve got to go through it to see if it resonates.
That’s right. At the end of the day, the voice of the customer is the most important one in the room. If I can get the voice of the customer to guide my development effort every day, I’ll take it all day long.
Here’s a question for you. If you could go back and give your younger self some advice, or maybe even your children now, what advice would that be?
My younger self should have been significantly more humble and should have said, “I don’t know half the things I do.” At eighteen, I knew everything. I think at eighteen, everybody knows everything. Sadly, it’s taken many years for me to understand that that was not true. That would be the advice that I’d give my younger self, which is to be significantly more humble and accepting of the fact that I really don’t know, no matter what my brain’s telling me otherwise.
When I was eighteen, I would say that I had other mentors in my life. Those other mentors, I looked up to them and everything, and it was really wonderful. I had actually thought that I had surpassed my father at that point. This was a long time ago, to be fair. For many years, I kept interacting with these mentors. What I ended up coming up to is this mentor I worked with for ten years or so.
What I realized is that he was very stuck. He was an extremely smart man, an MBA all these things he was teaching me. What I ended up coming back to was that when I when I sat down with my father again, like 25 or 27 years old that he had changed and changed his views, even though he was much older than I was and much older than my mentor, but he was still in that changing life. If he wasn’t changing, if he wasn’t adapting and just stuck, I realized that I hadn’t outgrown him.
I just had outgrown that previous version of him. I had outgrown my mentor because he had stopped growing. He was not interested in not moving forward. I learned wonderful things from him, but it was just very interesting to find that. Understanding that an eighteen-year-old definitely knows more than a parent, but they come back.
They do. It’s like Mark Twain, I don’t know exactly the quote, but roughly it goes like, “When I was eighteen, I was convinced that my old man had lost his marbles, but when I turned 25, I realized that somehow he was completely sane again.”
For sure, and he was. Ash, what do you do outside of work? What do you like to do for fun? I alluded to some of those.
I actually indulge a lot in all of those. Right behind me, you can see I’m a voracious reader. I read on average a book every 3 to 4 days. I consume books at a fairly significant rate. 50 to 70 books a year is common for me. The genre is everywhere. Anything and everything in between. It’s like trashy mystery novels to autobiographies. I’ll take them all. No problem. Economics this morning, and it could be philosophy this evening. I’ll take it.
Not a problem. That’s one. I sing just because I enjoy singing. I love to sing, so I do that. I love gardening, especially at this time of the year, just as spring is starting to bloom out there. I like to take care of my garden so that I have 6 to 7 months of pure enjoyment where I spend a lot of time sitting out in the garden and enjoying the sunshine and all of that. I like hiking once in a while. My most recent thing, I’m starting to get back into motorcycling. There you go.
I’m in the process of building some garden boxes in my area. We had a hurricane come through and knocked down a few trees. I’m redecorating the outside, but also making it more functional so that I can have some food and pretty and water fountains, and things like that to sit next to. I’ve been a motorcycle rider in the past. I currently don’t have my motorcycle here. I sold it. I understand that enjoyment and reading. We share a lot coming from that perspective.
You got any tips about motorbikes? I’m weighing between a Harley Hog and the Goldwing.
Did you see my beard? I’ll give you three guesses, and the first two don’t count. I also have a jeep, but that’s besides the point. Ash, how can people find you? What’s a good way for somebody to get in touch with you?
My handle is very simple. It’s The CIO. I’ve been a CIO for three decades, so I got that handle way out before anyone thought of it. It’s [email protected]. That’s the easiest one for the public to get hold of me.
Perfect. I did the same thing. I’ve got like [email protected] and [email protected]. On LinkedIn, however, I am the John Riley. Just in case anybody’s looking, there are so many of us out there. There are so many John Riley’s. That’s ridiculous. If somebody is trying to spoof me, they’ve got a lot to choose from.
I tried to look for John Wick, but it was taken.
Boost Your Security Now: Ashwin Rangan’s #1 Cyber Tip (2FA)
I can see that. We’ve got one more question here, that is, we want to give our readers something to grasp onto, some action item. What one piece of advice or tip would you give them for reducing the cyber risk?
This may sound very infantile, very basic, but I would ask every one of your readers to set up two factor authentication with a separated device for as many of their accounts as they can possibly think of, particularly where their private information is concerned, whether it’s money related or health related, especially those two. That is your information, and you don’t want it in somebody else’s hands. Use two different devices to get the second factor authenticated to and make sure that you use two-factor authentication. Ideally, with an authenticator app, if you can. It is so basic, so simple, but 80% to 90% of your problems will go away. It’s not a for sure guaranteed cure, but 80% to 90% of crap will go away if you were to just do that one thing.
Those financial institutions would include your Amazon account for everybody. There is financial, don’t just think of it as being your bank or your credit union or whatever. Any place that you’re storing it, the PayPal, the Venmo’s, the whatever’s, put those on there because that will save you a bunch of heartache in the future. Ash, I appreciate your time. It was awesome to have you on here.
I think we’re kindred spirits here. Even before this, we were chatting and laughing. That’s the way it’s supposed to be. For our readers, we hope that you’ve enjoyed this. Thank you for reading. If you’ve learned something or laughed, share our show. If you’d like to be a guest, let me know or let our team know. We’re always looking for wonderful people like Ash to be on here. Again, Ash, I appreciate your time and effort in being here.
Thank you so much. I appreciate you. Take care of yourself.
There it is. It’s been another great episode of the show. We’ll see you next time. Have a great day.
Important Links
- Ashwin Rangal on LinkedIn
- [email protected]
- ICANN
- DoubleCheck
- Cursor.ai
- [email protected]
- [email protected]
- [email protected]
- John Riley on LinkedIn
About Ashwin Rangan
A
shwin discussed his experience as the head of engineering for ICANN, where he dealt with various cyber risks for 10 years. He now serves as the CEO of a Fintech company that safeguards the wealth of bank and credit union users.
Ashwin highlighted the vulnerability of super young and super senior populations to cyber attacks, with the latter often losing their life’s earnings quickly. He mentioned that his company is working on educating the super senior population on staying safe in cyberspace, with the aim of conveying this information through banks and credit unions.
