What would happen to the entire world if the internet suddenly shuts down? In this captivating episode, Eric Jenkusky of T.J. Clark International delves into the realms of cyber risks and the best way to navigate them. He shares an insider’s look at the intersection of technology and defense, uncovering the hidden nuances that shape the military’s needs. Eric explains how they address connectivity issues and communication breakdowns, emphasizing the usefulness of traditional technology even in this digital age. He also talks about building forward sites for the military called expeditionary operations. Join us for an insightful and thought-provoking conversation that gives a glimpse of the intricate military infrastructure and operational resilience geared toward a futuristic world.
—
Watch the episode here
Listen to the podcast here
Unveiling Cyber Risks: Regulatory Challenges And Meeting Requirements With Eric Jenkusky
In this episode, we have an amazing guest who’s part of the TV scene helping on the series, Jack Ryan. He’s a leader of tactical fuel and water delivery on land and sea. He’s a developer of lab-grown chicken nuggets. On top of that, he’s the CEO and Owner of T.J. Clark International. Welcome, Eric Jenkusky.
Thanks for having me on.
I’m glad that we have you.
We got to ask our main question here, which is, if the cyber risk was a pizza and the frameworks are the crust, what’s the riskiest topping you’ve seen and what topping would you equate that to?
The riskiest topping, especially for a government contractor like myself, is not fully understanding CMMC, the Cybersecurity Maturity Model Certification and NIST 800-171. It probably sounds like I’m speaking a foreign language to some folks out there that don’t know what that is. That’s the ghost pepper of my pizza if I was going to equate it to a topping because not knowing it’s on your pizza before you bite into it, you’re in for a rude awakening.
I’ve never had ghost pepper on my pizza but that ghost pepper chip or reaper chip. Have you seen the One Chip Challenge?
I haven’t.
There’s a One Chip Challenge and it’s got a whole bunch of different things on it. You can look that up but I’ve seen people do it live and they start sweating. It is fun. That might be another good to see.
We have to be clear that we’re not recommending that you do this. You have to sign a waiver.
The table pepper is a little bit too hot for you sometimes and therefore, I don’t partake but I’ve seen people do it. It’s one of the riskiest things I’ve seen. Everybody gets their choice. You’re a CEO and Cofounder. You’ve done all these cool things. What keeps you up at night? What do you see in the industry that people are challenged with?
The constant changing of these rules and regulations and the perhaps unequal application of them, especially as a government contractor with different government agencies and the inconsistent application of them is something that concerns me. There are small businesses that are unaware. They’re going to wake up not too long from now and are going to have to bid on something.
Their bid is going to be rejected because the contracting officer says he is going to go into the PIEE system and see that, for instance, the company doesn’t have a NIST 800-171 evaluation conducted of their IT systems. They’ll be kicked out of the competition for that. It happened to us. Not that we got kicked out but we were afforded the opportunity to correct it. We had no idea that that was even happening. Other small businesses are going to be in for a rude awakening.
The regulatory requirements around that are increasing because everybody’s tired of losing data, including our government and individual privacy records. It’s becoming much more of a hot button for the world. Businesses that are still sticking their head in the sand and doing the ostrich thing are starting to find that that may not be the best solution.
Quite frankly, there is a national security element to this. If you look at our website stats and see where the IP addresses that are looking at our website daily, it’s from countries that are hostile to the United States. It’s important. A lot of folks don’t know that the CMMC and NIST 800-171 and 172 are being implemented to prevent our adversaries from securing the information they shouldn’t have. We have to take reasonable steps like two-factor authentication to prevent them from being able to obtain that information.
What are your biggest challenges in meeting those regulatory requirements?
Like many things, at least on the government side, a lot of times the regulations are reading Sanskrit. It’s necessary to have experts that can help you navigate those regs and what you need to do. A lot of the government websites are quite frankly, terribly developed and produced. They’re not intuitive. You need experts to be able to help you navigate that quickly so you can meet your obligation you don’t lose any revenue in both the short and long-term because of some minor issue that you weren’t compliant with.
You didn’t know it was a minor issue. You don’t even know the issue exists. The experts that are out there are able to help you navigate that. That’s the biggest thing as these different regulations and everything are promulgated across the entire government enterprise and the contracting systems. That’s what I stay up, worrying about whether we are able to meet all of our obligations to continue to win business.
I would argue that the challenges that maybe some businesses have are they think a website is a technical endeavor and it’s more like an artisanship. The hard part of that is that whether you’re a technical or more of an artisan, you’re going to end up with a different result on the site. Both seem to sometimes leave holes in their website presence, security gaps and holes. It seems to be the norm.
On the government side, some of the folks that are building those sites, their leaders are probably saying, “This is tech. This is going build a site.” I don’t think a lot of these IT folks have exactly gone to college to learn artisanship more so than taking computer classes and Calculus 1, 2 and 3. You have to wonder if is there such a thing as a secure internet presence. You’ve got technical people that probably know the cybersecurity side or cyber risk side at least to some degree but then you have the artisans, marketing folks and private sector.
Perhaps maybe some of the things that we’re seeing on these websites have a lot to do with essentially the talent that’s working on it. “Do we need a new approach? Must there be a new standard in the future,” is what I always wonder about. You would hope that the outcome of any CMMC certification would address web presence. As far as I know, there isn’t a very specific set of rules aside from the side supply chain management side of CMMC, if you’re familiar with it. With the supply chain management, you’re going to outsource a lot of that stuff.
As a contractor yourself or as a provider of services and products, I’m sure that you’ve run into those situations where you don’t have full control over the environment that you’re working in. The technical world is similar. I’m curious when it comes to those risks, do you see anything that stands out in particular with all these different hands on the cookie jar in the projects that you might be working on that concerns you?
There’s one of the reasons why the government is seeking to promulgate the CMMC. A lot of small businesses or businesses in general need to understand that they’re not necessarily the target. They’re an end to a means by bad actors seeking to gain information from the US government. We’re on a path to try to help them do that.
One of the things that I often think about, especially since I have to use these systems, is a lot of these legacy government application systems are in some cases twenty-plus years old. Some of them appear to be DOS based even. You’re looking at it going, “They don’t do their job to secure and update their computer systems so it’s becoming my job to protect their computer system. I have a potential backdoor into their system through my system.”
Some of this is crazy. I always think of when you go to the airport and you see some of the airlines still using dot matrix printers and if you’ve ever peeked behind the ticket counter and you see the screen, it’s like DOS. It’s not like a Windows application or higher. It’s unbelievable. I think of the same thing. They must singlehandedly by keeping the dot matrix printer paper business alive because I haven’t used the dot matrix printer in many years. The big issue is the sheer size of the government and the cost related to them upgrading their systems is massive that they have to do this patchwork protection of the whole system.
When you brought up the airline industry, I’m thinking, “How long has Sabre been around?” I don’t know anything about Sabre. I’m not in line industry but that might be an example. When we talk about the risks within the supply chain, you’ve hit the nail on the head. It’s not necessarily the contractor’s situation. It’s the contractor who may be working around technical debt. It may happen on the Federal side in this particular case but we’ve seen it in what we call sled market, state local and even in education, as well as the bedside so we get it. Sometimes there’s technical debt floating around and being asked to be secure.
How much does that matter for the contractor to prove that continues doing the right thing? That’s why we have this evolution that’s happening in what essentially is a buyer wanting to transfer risk over to the seller. It’s a seller-beware or buyer-beware situation as we get into the normal politics of supply chains, markets and those sorts of things. I can imagine that the challenges are not exactly what a technical person might see as a challenge, whereas the non-technical person may not see the technical side as well. It all does boil down to, as it seems, the supply chain management side of CMMC and other regulations that are similar in other industries. I get it and it’s a good point.
We’ve been talking about digital sites and everything else but my understanding is that you’re an expert when it comes to building forward sites for the military and other things like that. What’s the military need those for? What are those sites? How is that done?
We call it expeditionary operations. What that means is anytime you’ve forward project power beyond the borders of the United States, that then becomes an expeditionary operation that can occur in places where there is fixed infrastructure and places where there’s no fixed infrastructure. We focused on the places that are not fixed infrastructure to provide basic life support services like food and water. In particular, our company focuses on water and fuel.
I always tell people, “We don’t build any of the cool stuff but without our products, none of the cool stuff moves. We’re the picks and shovels.” I would like to think that Warren Buffett was going to invest in a company that meets his nuts and bolts requirement because we don’t build any of the cool stuff but without our systems, you can’t fuel a helicopter or truck. You can’t provide water to a soldier.
Our primary customer is the US Army’s Petroleum and Water System office. When you walk into their foyer and lobby, they have a cool mural that says it across the top. The United States Army’s most important weapon system runs on water and there’s a photo of a US soldier. Water is critical. I’ve been in 44 countries around the world helping the US government establish a presence in those places. It’s going to be able to operate with our allies in different places. That’s why we need it. The operations in Iraq, Afghanistan, Syria, East Africa, Central South America and the Philippines, are the places where the US needs to have its capability in-house to be able to support our troops in those particular areas.
For those of you that are familiar with Maslow’s hierarchy of needs, food and water are important. Water is the most important but the fuel to get you from point A to point B is also critical. Perhaps the third critical part is internet connectivity. What happened if the whole internet went down? It seems impractical but it’s plausible.
You are doing in terms of your outcomes in the delivery of what essentially is fuel and water. That could still happen arguably. In the field, there would be some changes but ultimately, you have to go back to the old Maslow’s hierarchy of needs. Warren Buffett would be like, “I’d invest in that.” There’s no question but what would happen if the internet went down in your case as an operative organization? Would you still be able to deliver?
The internet went down but the phone was still available. We’d be able to do that. There’s a huge size movement within the DOD community, as an example, to where they’re looking at that very issue. If you’re sitting over in East Africa someplace and the internet goes down, I also say from our standpoint, there’s no Home Depot to run down the corner to get a replacement part. You have to be creative.
Our military ran for years before the internet. There’s probably nobody around left that knows that is still in that and operated pre-internet maybe. One of the things that they’re looking at is, for instance, GPS. Not having that GPS capability on your devices and being able to transmit video. What do you do in a contested denied environment? How do you continue to operate and navigate? A big issue the Navy’s looking at is being able to navigate. If the satellites are taken down, how do you continue to navigate?
There are a lot of technologies that are being developed utilizing other means with which to be able to, for example, circumnavigate or communicate. Some of it is the line of sight communications with radio waves. Going back to old school, transmitting encrypted radio waves off the internet grid is an example. There are a lot of things like that that you have to look for and those contingencies are placed in a lot of parts of the world.
I got back from a conference regarding communications for primarily US first responders and those sorts of things for those kinds of situations, whether it’s a flood, fire or some man-made disaster that happens. That’s top of mind for me at the moment but ultimately, that has to be a factor in these in these operational situations, especially in the different continents that are out there. Africa is the one that’s moving fast in terms of being connected to an internet-delivered world. That’s the next frontier.
As far as your experience, I’m sure you’ve had to deal with that situation as a risk scenario of losing communications regardless of what the situation is. Generally, at least in Africa, that seems to be the place where the likelihood of instability or connectivity may be an issue and has to be considered a risk. Have you been in that situation before where you have had no connectivity and had to resort to a traditional radio kind of approach?
It’s interesting you’re bringing up Africa because one of the things that I don’t think a lot of people realize, and this is both a strength and a weakness, is that here in the US, if our internet goes down and we’re used to using VoIP, if we still have a landline right in the office, you can pick up that landline and talk over a legacy telephone wired system. In Africa, on the other hand, the super majority of the continent jumped over that whole phase of development where they put up telephone poles across the whole continent and jumped right to cell towers.
Without that legacy system to utilize as a background, an interesting thing is shortwave radio, believe it or not. A lot of folks utilize shortwave radio as their backup to the internet because all you have to do is have power on a radio and then you can talk to other folks. We were fortunate enough that we never experienced it and had satellite. I’ve carried satellite backup coms. If local infrastructure, like a cell tower, went down, we could switch to the Iridium system and talk of the satellite. It also is contested at some point in the future.
The term that was coined early on was they call them HNS or Hastily Formed Networks. You still need communications capabilities, whether it be satellite or otherwise. That’s interesting to know your actual experiences and how you deal with the risk of availability. What may be happening in the simplest term is that security issues could result in internet downtime in its simplest form. There’s the other side of the coin, which is that ghost pepper hopping of what essentially is CMMC in your case.
Every organization regardless of industry is going to face that, at least Gartner or Forbes’ predicting that which is by 2026, cyber risk will be the primary concern, which is the business risk of being online. CMMC is one of those examples of that happening. It’s about the contract, procurement and things that you have to do to prove that you’re doing the right thing, especially when nobody’s watching.
It extends well beyond your website and physical location. Now, we’re such a mobile working remotely. Previously, we had to worry about a single computer for each person. Now, everybody has a desktop, laptop, tablet and phone. All of them are connected to the organization’s network. It takes a single person out to dinner letting their kid watch a TV show and clicking on a pop-up ad that’s malicious to bring the whole organization down.
It could be that simple, especially with the proliferation of all these bogus text messages. Let’s say your six-year-old kid is watching something and they see this nice blue-colored link pops up. They’re watching their cartoon. It pops up on your phone from a text message that’s malicious and they click it on. Your phone is compromised because there’s something running in the background. You don’t even know it happened because the text message goes away.
You get the phone back from your six-year-old and the next thing you know, all of a sudden, everybody in the company is getting email messages from you asking you to send them $500 because you’re stuck in London. It’s that crazy that you can be compromised. I also worry about the ability to buy stuff online through Instagram or wherever where you have all these ads popping up. You don’t know where those companies are domiciled. If they’re domiciled in China but they make it look like they’re in California or New York and the next thing you know, you downloaded an app and everything on your phone is theirs. People in general become far too complacent in sharing their information.
In terms of sharing information, where do you go events-wise to learn more about how to do a better job at what you’re doing or learn more about cyber risk or CMMC? Take them in whatever direction you like there.
We’re members of the National Defense Industrial Association, NDIA. There’s a whole committee on CMMC. We get regular emails and updates from them. We also follow the government’s CIO website, in particular the CMMC section because they’re working on 2.0 and 3.0 as they meld the NIST 800-171 and 172 into the CMMC. There are all these updates going on. We pay attention to all the things.
We’re lucky in that being a small business, we don’t have a server. We don’t use Google Drive because Google Drive, believe it or not, most people don’t know is not CMMC compliant. You have to pay for a much higher and you’re a standard Google corporate company. Google Drive will not get you past the certification. A lot of people use stuff like that but you have to have a secure capability of transferring controlled unclassified information. A lot of folks don’t even know that.
I always found that surprising because Google’s entire work-based scenarios are Federal authorized. When it comes to the CMMC side, it’s GCC high in the Microsoft environment but that’s a whole other episode. Thanks for sharing the events as well as the sites that you go to. I do wonder about what are the right events to go to but it seems like the answer is always tied to the industry. Your connections, being members of NDIA and those sorts of situations and business seems like it’s mandatory.
There are some trade shows or an event for about everything. While I was in Las Vegas, there was The International Pizza Expo. Out of all the foods that are out there, what an appropriate place for me to have been with this show. I think about those associations. Aside from events, one of the things that I learned is there’s a professional writer on pizza. There’s a blogger and any industry. I think about that. I was like, “It’s the same way in our industry. You’re going to find certain writers that you look for.” I’m curious about what you do. Are there writers or books that you follow or recommend when it comes to what it is that you do?
In terms of cybersecurity, I follow all of the leading defense reporters from different organizations and defense news. Bloomberg has a government section. There’s a company called Tactical Media. They are out of the greater DC area that has a number of different publications that follow our particular part of the Department of Defense Enterprise. That’s who I follow. There’s not a particular writer or author that writes but you gave me an idea that maybe I need to become that guy.
You’ve got something on that one. I enjoyed reading a book called Turn the Ship Around! by David Marquet. It’s a simple summarized bullet point version. He was an officer that was going to take charge of a submarine and captaincy so to speak. He was supposed to be assigned because he had been trained for a year on a specific vessel. A month before his assignment, they changed and put him in charge of a vessel. He had no training. He knew nothing about it, which doesn’t happen.
It’s a story about how he was able to become a great leader and turn the ship around. Apparently, this particular submarine had the worst reenlistment rate, which is how they measure whether or not that vessel and its captain is successful. There are some great leadership suggestions and what he did. That’s the only book I can think of off the top of my head that you might get some value out of but I don’t think there’s enough of them, either that or I’m looking in the wrong spot.
You don’t happen to remember what sub that was by chance?
I wish I did but I don’t remember.
I’m going to look it up because one of the things that I don’t know if you all know is I sit on the US Navy’s Anchor Scholarship Foundation board. What that foundation does is provide scholarships to the dependents and spouses of our sailors. The sailors get the GI bill but their dependents and spouses don’t unless the sailor assigns that to them. If you’re getting your education, then you can’t do that.
One of the operational doctrines of the Navy is that operational readiness starts at home and you can’t have a sailor being on a ship for nine months or in a sub worrying about whether or not how they’re going to pay for their kids’ college tuition. That’s one of the reasons why we exist. I was curious because I do serve on the board with a number of retired officers and admirals. I was like, “Who knows? Maybe.”
It’s a very popular series. There’s the workbook for it. Mark goes around and speaks to CEOs all over the country. He’s well known for authoring that book. Maybe I’ll be talking about Eric Jenkusky and this amazing book that he wrote on whatever topic it is that you decided. I’m excited about that for you. If it comes around, I’ll be the first one to pick.
I have two different books in mind that I’m been toying with. I’ve spoken to a ghost author with me. I’m doing that in the not-too-distant future.
What does excite you about the future since we’re talking about the future?
I was raised to be an optimist. I’m a glass-half-full person, always have been. I also believe that if you don’t predict the future, you go and create it. With that mindset, there are things going on in the world that give me pause. I’m an optimist. I believe in the capability and the power of humans to overcome the challenges that we have in this world. Every day I am a techie and I’m talking about tech across the board. As you can see from my resume, I haven’t pigeonholed myself into a single thing, although expeditionary ops are something that I’m very passionate about. I love looking at new technologies.
I have a VC firm that I work with from time to time. We share our ideas of research that’s coming out of the different universities and how you could license that research to be able to create products that solve problems we have on the planet. What I am most optimistic about is would be the fact that there are many people on this planet working hard to solve some of these challenges. They’re coming at them from different directions. Everything from climate change to food security, all those challenges will be met in a not-too-distant future. We always seem to rise through the occasion.
How did somebody become Eric? What journey did you go through to get there? Did you school and work? How’d you get this education and knowledge?
There was no grand plan. It just happened. I had a buddy way back when I was still in college who was a couple of years older and he said to me, “You’re only on this train ride once. You can’t miss your stops.” Most people want to have structure and certainty. A lot of people have this mantra and they talk about it on all these different podcasts, Instagram and Twitter posts but I do believe that if you are willing to slow down and enjoy the journey, you get to see the opportunities that are before you.
If you like to create this, “I have to be here at this age and do that at that age,” then you create your noise and you miss out on the opportunities that life and the world present to you. I’ve always had the mindset that if somebody invites me to go do something in a place that I’ve never been to before, I accept it without hesitation, even if it’s something that I know nothing about and don’t care about because that’s how you grow and expand.
A lot of times in my life, I have been able to solve problems based upon some of the unique experiences that I had that if I was like, “No, I got to work my 9:00 to 5:00 job. I got to do this because I have to have a house at this age. I need to be married with this many kids by this age,” people do that and that’s fine. I’m not slamming it. I’m not right. They’re not wrong. We’re just different. I saw a study about entrepreneurs who have all these mental health conditions. To be able to navigate what entrepreneurs and business owners need to navigate, you need to have a pretty open mind and be willing to do new things and try new things.
That’s both in business and personal. What is your interest in outside work?
I like to hike. I’m an outdoorsman. I like to go camping. I tent camp. I don’t like trailer camp. It’s going to be 32 degrees at night. It’ll be in good sleeping weather. I love traveling and food like bourbon. That’s pretty much what I do a lot. I do an enormous amount of reading. I remember when I was in college I took this career development class ahead of me. One of the things that the instructor said during that class was, “The average college graduate after college doesn’t even read one book a year.”
That stuck with me. I got a stack of books here. I’m constantly reading. I still like to do the old-school thing. I like to read an actual physical book, not read it on a tablet although sometimes on our traveling, I will download it on the tablet for not having to carry 50 pounds of books around with me. Reading is important. I have a morning routine. I read our local Axios news here in Columbus. I read the BBC and Bloomberg every morning.
They’re newsletters and are all quick reads. I take 15 to 20 minutes in the morning to understand what’s going on locally and in the US because the US news does a terrible job of reporting on the whole rest of the world. I’m as pro-American as they come but I also think that we are so America-centric that we ignore important things going on in the rest of the world that the US news picks up on a week later that can affect what we need to be able to do as business leaders here in the US.
The best way to describe something like that, for me at least, is that there’s a reason for the adage, “Put your ear down to the rail to hear the train coming.” Globally, you have to do that now. The best way to do that is to find other resources on news and reporting. I read BBC and Bloomberg every morning. I do look at other kinds of news. I keep track of what’s going on in certain sports and outdoor activities as well. I would argue that John and I grew up in a campground. We grew up in the Sierra Nevada. People used to come to our town to camp, which was a little odd. This is my house and there are people camping on my property. I’m a tent camper as well. If you bring an RV, we make fun of you.
I grew up in the Catskill in Upstate New York. I graduated high school with 30 people from a public high school where some of the folks were on the bus for well over an hour every morning coming from up in the hollows. The county I grew up in is the Northern Muslim people. Most people don’t equate New York with what I’m about to say but it’s the Northernmost county and the Appalachian Regional Commission. It’s not the Sierra Nevada. I wish. I’m jealous. I’m not going to lie but it was still mountainous. We had a bear. We had the East branch of the Delaware River running right through the middle of town. Same as you, everybody from New York City came to where we lived to Camp.
Camping is an interesting proposition in our neck of the woods because most people go camping and the bear issue, I’ll put it in the bear box. The bear box is 55 feet under snow. If you don’t know how to hang the food or your supplies up in a tree, then you’re going to have some issues. I appreciate you opening up with a little bit more information about what you love to do. If there’s ever an opportunity to go camping, that’s one area that is for you, if you ever come out to the West Coast for any reason, I give you some pointers. Where can people find you?
I’m on Twitter, Instagram and LinkedIn. You can find me and see some of my exploits on those different social media venues. That’s where I lurk about. I’ve been heads down on a couple of DOD projects that haven’t been posting as much as I would like but hope to get through a couple of things that we’re working on so I can start being more proactive.
For our readers, go to Eric’s company website, TJClarkIntl.com and check it out. You also have a phone number posted on your website. I assume that number is still a good way to get ahold of you. That’s at (614) 388-8869. Folks, feel free to reach out to Eric, especially if you are a subcontractor related to his space. We appreciate you taking the time you spent with us, Eric.
It’s my pleasure.
I’m sure that there’s a LinkedIn profile here that I see as well. Do you need to have your specific information and connect with you on LinkedIn that our readers need to be aware of?
If they have the InMail, they can send me a connect and mention, “I read your interview with Pineapple On Pizzas Podcast,” Normally, I connect with most people.
Eric, thank you very much for your time. We appreciate it. You are very informative. We’re looking forward. I’m glad you’re there and creating those bases out on a forward basis for us with water and fuel. There are probably some places in the desert that we could use here around me. In our audience, thank you for reading. I hope you’ve learned something or laughed. If you have, please tell somebody about this and pass this on. This has been another great episode. We’ll see you next time. Thanks for reading.
Importnant Links
- T.J. Clark International
- Turn the Ship Around!
- Twitter – Eric Jenkusky
- Instagram – Eric Jenkusky
- LinkedIn – Eric Jenkusky
About Eric Jenkusky
Impactful Disruptive Innovator with extensive Program Management and Global Business Development Experience who has demonstrated the ability to lead diverse teams of professionals to new levels of success in a variety of highly competitive industries.
Strong technical and business qualifications with an impressive track record of 30 years of hands-on experience in strategic planning, key stakeholder relationship management, business unit development, project and product management, and system engineering/integration strategies.
Specialties: Business Development, Relationship Management, Project Management, Operations Management, Key US and Foreign Government Accounts Management, Product Development, Training and Team Building.
Received Corporate Citizen Award Issued by TVI Corporation · Jan 2006
Received Outstanding Service Award Issued by Delaware County (NY) Chamber of Commerce · Jan 1998
Received 1995 “Growth Entreprenuer of the Year” Issued by NYS Small Business Development Center · Jan 1995
had the opportunity to speak with Steve Savage from Forbes about the cultivated meat industry and how Matrix Food Technologies, Inc. market leading plant base and animal component free scaffolds and micro-carriers provide an important enabling technology for the cultivated meat industry.