Who would think that creative and passion-driven businesses can actually be at risk of cybersecurity attacks? Josh Weiss, founder of LA Creative Technologies, joins Paul Higgins on the show to tell us how this is very much the case and what creative entrepreneurs can do to protect their businesses. Cybersecurity is an increasingly complex and personal issue nowadays. Even individuals or businesses that do not seem to be of the size or in an industry that would attract hackers are at risk of having their accounts and systems attacked and their data stolen. At LA Creative Technologies, Josh and his team provide these creative entrepreneurs streamlined technical and security support. Starting out as a DJ, Josh always had this unique mixture of a passion for the arts and an almost childlike fascination with technology. Armed with these qualities, he helps the creative community continue with their endeavors and spread their message to the world – cyber-safely.
Building Creative Security Solutions For Creative Entrepreneurial Minds With Josh Weiss
Build Live Give. Mentoring with Paul Higgins
If you’re a first-time reader, welcome. If you enjoy it, please subscribe. If you’re a regular, thanks for your support. I’d love to get your feedback at [email protected]. It means the world to me when you do. Our guest is someone who worked at a local radio station in LA and looked at people around and thought, “Do I want to do this in ten years’ time?” Most of them are ten years older, of course. He realized it was not for him. His dad gave him some sage advice as dads always do. He left the US to learn Spanish in Guatemala. He came back for a couple of months in LA to sort stuff before he was going to travel again.
Lo and behold, he stayed. He now helps creatives and entrepreneurs to streamline and secure their back office. Why learn from Josh? First is why you should have two-factor authentication and why everybody should have it. Two is putting a filter in front of your email. I’ve never heard of this. He describes it well and I’ve already put it into action. Number three is how to educate your team on cyber in a fun way. You definitely have to read for that. I’ve given a benchmark at the end as well. Over to Josh Weiss from LA Creative Technologies.
Welcome, Josh Weiss from LA Creative Technologies. It’s great to have you here, Josh.
It’s great to be here. I’ve followed a lot of your shows. I respect what you’re doing and I look forward to sharing with your community.
I know we’ve had lots of great conversations, including the one leading up to this interview. On the same, who you do it for and exactly what you do, is critical at a time like now. Why don’t we kick off with something that your family or friends know about you that we might not?
That would probably be that for the many years leading up to COVID, I have been a DJ, musician, event producer and was touring and deejaying at music festivals, playing electronic remixes of Afro-Caribbean music.
What got you into that?
Somewhere around the same time that I got into technology, interestingly enough, my primary mentor that got me into technology was also a very eclectic DJ. Somehow my dual passions had a great opportunity to grow over the course of these last couple of decades. When I was in college, I worked in college radio and my first real professional job out of college was a consultant-like job for an independent radio station in the San Francisco Bay Area. Between the right mentors that I had in my life and the opportunity to work in radio stations, in addition to some record stores provided me with an early drive. For the past few years, I cofounded a music and arts collective in Los Angeles, which is called Subsuelo, which means underground in Spanish.
It’s always what kept me going in addition to my love for technology has been the ability to bring people together to dance. The part that I love most about it is to play music. There’s a beautiful symbiotic relationship that happens when you’re in front of a crowd playing music. When that crowd responds in turn, it’s one of those things that, as I’ve been reminded of many times since this whole pandemic began, is a special and hard to reproduce feeling.
Is there a group of peers that you all know each other that’s specialized in the same music or is it more diverse than that?
One of the things that has been special about this run since Subsuelo was started is precisely what you brought up. There’s a vibrant scene for this music all over. For about five years, we went every summer to New York for something called the Latin Alternative Music Conference. When I’ve gone to Germany, when I’ve gone to various places in South America, we played at a music festival in Cuba, which was one of the first things to be opened up as the sanctions were lifted slightly. This scene is such a special part of what has made being part of this music so special. Our place in Los Angeles has been to welcome others from all over the world to play. We’ve produced hundreds of events in Los Angeles and that community is precisely what has been one of the sweetest parts of the whole thing.
For us here at the moment reading, what’s the best way to go and find this style of music? Is it Spotify, YouTube or both?
First off, our website which Subsuelo.org is an interesting way to learn about us. A lot of the music that we love is a little bit under the radar, so it shows up more on SoundCloud. Spotify can sometimes make some great playlist but sometimes their algorithms are a little bit too commercial focused or a little bit too tunnel-visioned to be interesting. There’s such a wealth of music out there and I’d love to share some with the readers afterwards.
We’re going to dive further into your ideal client in a moment, but what got you started working for yourself?
After I worked at that radio station post-college, when I was 27 years old, I quit that job. I had a moment of looking around at all my coworkers who are all at least a decade older than me and thinking that no one here is what I want to be in ten years. That was a special moment for me, not in an insulting way but like, “This isn’t what I’m growing towards.” I had a moment. I know your show used to be called Corporate Escapees. I had a moment talking to my father and telling him I’m worried that if I leave this job, I don’t know what’s going to happen next.
He said to me, “Josh, think about the worst possible cases. You’ll quit this job and you do whatever you do next. If in six months or a year you want this job back, I bet you they’ll give you the same job. That would be your worst case is you would have to go back.” I had that moment, I quit that job and I decided to move to Guatemala for a year because you can have a full room, board and get 25 hours of one-on-one Spanish education. Back then, it was like $120 a week. My goal was to go to Guatemala for 1 or 2 months and then maybe put on a backpack and then travel around South America and Central America.
I ended up staying put. I liked where I went. It’s a town called Quetzaltenango in Guatemala. It’s in the Highlands, so it’s more of a cold San Francisco Bay weather than a tropical weather. I ended up volunteering and some computer labs teaching some computer classes, deejaying a lot. For the first time in my life, not having any direct responsibilities and living on less than $1,000 a month. I came back from that trip thinking I was going to stay in LA for two months.
I put up some clip art computer flyers around my mom’s neighborhood saying I could remove viruses from computers or help with your iTunes library or whatever it was. I had the little tear-offs on the bottom of the flyers saying “Call Me” and this weird thing happened, which was that I never left again. I ended up not leaving LA and starting a business. I ended up becoming interested in entrepreneurship and moving away from that light technical work that I was doing.
It’s funny how life takes its twists and turns. If we move now into the Build section, when someone says, “Josh, what do you do?” how do you best answer that?
We secure and streamline creative and passion-driven businesses. We’re an outsourced technical support team focused on cybersecurity and on this technical strategy and streamlining fit every organization’s needs, whether you have one employee or thousands. We focus specifically on creatives and passion-driven businesses. You can probably tell already because of what my story is and what my network is. One of the great things that happened during this pandemic is I have some clients where the decision-makers are friends that I used to throw events with.
As the world that I work in is a world that needs to get help, whether it’s getting help with the basic systems that they need to use in terms of like, “Am I going to use Google or Microsoft for my email? How is my team going to communicate now that we’re all in different places and the office since is closed?” A question that I hear a lot is, “Now that my team is working outside of the office, how do we secure their internet and secure their networks so that our data is safe?” We’re working on things that were traditionally ignored in the creative spaces and often in the startup spaces. We’re helping people to mature the backend of the way that their business is run from a technology perspective.
What do you know about securing that backend that many others miss?
First off is that it’s important to do and that might be a little bit facetious, but it’s incredible and that people don’t know what they don’t know, and a lot of people have a perspective about hacking. There’s a huge story that a security company that basically secures the entire US government had a hack. A lot of people look at that and they think, “The US government is getting hacked or Target and Home Depot are getting hacked. That doesn’t apply to me, to my business.” First off, it doesn’t matter if you’re running a music production nonprofit or if you’re part of a new startup that’s not dealing with medical records or not dealing exactly with people’s personal records.
The fact is that we still need to keep things secure. That’s because security is very personal these days. When I give workshops to educate staff of our clients about cybersecurity, I usually start those workshops by saying, “Obviously, I’m here because your boss, your company wants the data that you work on in your day-to-day life to be more secure.” I say, “This relates to you and to your girlfriend or your wife or your parents and your kids.” Cybersecurity is essentially the security of how we do everything, especially during the pandemic. One of the jokes I like to tell is that my girlfriend was in my office one day and she showed me her phone and said, “Why is your mom sending me a Facebook message with a weird video in it?”
I said, “Please don’t click on that because someone had hacked my mom’s Facebook and then they were trying to send messages to everyone in her contacts group,” which would have then ended up with my girlfriend getting hacked. The two biggest things to start off is that this applies to everybody. Either if you’re not at a size where you feel particularly targeted or in an industry where you feel particularly targeted, this stuff is very relevant. You could end up losing a lot of money, having a lot of embarrassment, wasting a lot of time or having some personal embarrassing things leaked onto the internet.Cybersecurity is incredibly personal nowadays. It applies to everybody, even if you are not at a size where you feel particularly targeted. Click To Tweet
I’ve had a couple of cases. One that almost ended in financial ruin was somehow they hacked into my Gmail account. It was probably before the double authentication. They found out who my financial advisor was and they sent it to my team saying, “Paul has requested me for you to transfer $20,000 to the account.” It was copying me but they put in one slight change in Gmail that if you’d look at it, you wouldn’t see it. They set up a fake Gmail account. Long story short, fortunately, that person called me and said, “Is this you?” I said, “No, it’s not me. Stop.”
I would have maybe never seen that $20,000 again. I was running probably a 30-person business then. I didn’t think I’d be the person that would be hacked but I was. Let’s use me as a bit of an example for everyone reading. I come from a corporate background, so I’ve got two-step in everything I do, etc., but my world is Google. It effectively is where I put all my eggs in that basket. I also use Airtable for all my knowledge. I use Asana for all my project management and I use Copper for my sales CRM. Let’s say that they’re the key ones. I use LastPass to protect them. Am I low risk, medium risk, high risk with relying on those companies to keep my data, say through a password manager and authentication?
You’re in a good spot. You’re a solid medium risk. If you’re reading right now, if you take one single thing from this interview we’re doing, go turn on two-factor authentication for every single service that you use. I have a PDF we can link to that’ll tell you how to do that for all the big services. First off, you’ve got two-factor authentication. That’s great. One of the things that I recommend people to do is to have some filter in front of your email. When someone emails you, does that go directly into Gmail?
There are services like Proofpoint or Mimecast. These are essentially services. They use artificial intelligence to filter the email that goes into your inbox, specifically looking for the signs of phishing, of people trying to do what that hacker did to you. Generally, the first thing that we’ll do is get two-factor authentication turned on for every service that’s in use. We will set up an email filter in front of Gmail or Microsoft to essentially not be blocking spam, which Gmail does well by default, but specifically looking for the signs of dangerous messages. The next thing that we think is important that fits into the type of cloud environment that you’re talking about, and I know you have some team outside of yourself. How big is that team?
Six direct and I work with a lot of specialists and experts.
This is more relevant for the directs, but I would hope that you’re doing some cybersecurity education on an ongoing basis with that team. What we do with our clients is I like to do a relatable human personal training first with the team. I go through what I brought up earlier like, “We’re doing this for work but this is applicable to your personal life.” What we do is we like to send continuous phishing tests to that team. I work with a product that reads your email and it uses artificial intelligence to write to you in the same way that that hacker wrote to you, Paul. If you’re the CFO, you might get a fake email that looks like it comes from Paul asking for a wire transfer but it will also look at your personal context and it might write to you as your wife requesting some information.
The old way of doing that type of training was where you would get this fake message from Google asking you to reset your password or something like that. The new tests that we use are they’re looking at the way that social engineering works. How is it that a hacker is going to try to fool someone on your team and to doing something you don’t want them to do? It’s literally looking at the way that these specific people do and pretending to be them. To me, we protect the identity by two-factor authentication and password management. We protect the email with the filtering service and then we focus on employee education through live training and through sending these continuous messages to keep people on their toes. Once people are worried that they’re going to get caught, they’re a whole lot better.
That’s some of the ways that I would take someone like you who’s already in a good spot and help to improve that. It’s not up to a company your size to try to host all your own data. There’s no danger in using Google, Airtable and their services. Certainly, you’d have to be a gigantic international conglomerate to want to protect data in that way. For you, it’s about how do you keep people out of those services and how do you prevent your team from being tricked?
For me, it’s making sure that we have repetitive tasks where we go and check who’s got access to what is well. I know you can automate some access but making sure we’ve got a solid offboarding process and the offboarding has got a good checklist of these are all the systems you need to go and check. We also have a secondary process of going back and getting someone else to check that it happened. Is that considered the best practice?
What I see is the following. We have those checklists as well, a thorough onboarding and offboarding checklist to know who has access to what. In addition to that, what we would build out for people who are slightly more security conscious is we need a security management process. Not just double checking that that person had their access removed, but you want to have a process either on a recurring more automated basis or at least as a monthly process of who has logged in as an administrator this month? Who has logged in from where? There’s something called a SIEM, Security Information and Event Management.
Essentially, what you’re looking for with a SIEM is how can we take all of the tens of thousands of disparate actions that happen day-to-day in a company and look for the suspicious ones. A SIEM might tell you, “Do you know that a new admin account was added to your Google?” That’s probably not that you’d be happy about, Paul. A SIEM might tell you, “Did you know that Paul Higgins logged in from Los Angeles, California during this show?” You’d say, “What is Josh up to right now?” A SIEM is looking at something not making sense or if I have already disabled a user, why is that user logging in again? You’re taking that important process that you talked about, the off-boarding, and then double-checking the offboarding work.
You’re turning that into an automated, ongoing process of always looking for suspicious activities and doing your best to filter out the ones that can be ignored. You don’t care if Paul Higgins logs in from Australia from your house. That’s not interesting data. If Paul Higgins logged in from China, you’d want to know about it. That’s moving up the stack. What we first talked about was the basic protection of a cloud environment, then we start looking into keeping the desktops safe so that nothing is downloaded onto any of the desktops. The other major risk that happens these days, aside from the social engineering accounting hack that you talked about is what’s called ransomware.
We’re seeing this happen a lot now to the largest video game manufacturers. It happened to Canon, the photo manufacturer. It’s happening to giant companies. It happened to Foxconn, the ones who manufacture iPhones, where people will go in and steal all the data for a company. They used to hold it ransom, so if you didn’t have a backup, you’d have to pay to get it back but now they hold it ransom and they threaten to leak all the data online unless you pay them.
The other thing that we need to look at is the laptops that our team is working on from various places in the world, how do we make sure that nothing is on those laptops that’s going to allow data to get stolen? How do we generate the security events? We have a little tool that we install on laptops that acts like the corporate firewall people used to have in their offices, which essentially allows us to say what is happening on this device. Is an admin account created when it shouldn’t be? Is the device communicating with networks which are suspicious? By using this tool, we can generate the events that a team can then sort through and see if anything relevant is coming out of there. That’s the other part of the equation. It’s protecting the devices that people work on and then sorting through the information that their devices and their cloud tools are generating.
I know on your LinkedIn profile, you say that you’d like to take all the jargon out and talk in a language everyone can understand. That’s been absolutely fantastic what you’ve given me and I’ve taken notes and we’ll definitely do some actions out of it. I want to pivot. I talked about my stack, which is a dispersed stack. It’s best of breed. What’s your view on that versus going into one integrated stack?
As I told you before, I’m in the process of integrating more and more of our internal work at LA Creative onto the Microsoft stack. To talk a little bit more about what I mean by that, I have a globally dispersed team, as I know you do, Paul, and I’m sure many of the readers do. I’ve got people in India, the Philippines and various parts of the United States. Before the pandemic and throughout the pandemic, we used Slack for our daily communication. We use Zoom for having meetings with prospects and also for our weekly team meetings. We use Microsoft Office 365 for email contacts, calendars and we were using Dropbox for file storage. There’s a whole part of that stack I’m going to leave out that only has to do with the IT industry. I’ll leave that out because it’s less interesting but even there, there’s one beast of a player like Microsoft that everything else we use has to talk back to that.
Those four tools that I brought up, we are in the process and are pretty much going to be done with the transition before the end of 2020. We’re moving everything onto Microsoft 365. I was always that guy who said, “I know everyone loves doing everything in Microsoft but Zoom is better.” I realized there are all these cool things you can do with Microsoft Teams, but Slack is better for chatting throughout the day with your team. I had this pivotal moment. There’s a new vendor in the IT space. As part of their launch, they were looking for 50 of the players that they know in the IT space who are innovative with their usage of tools. I was happy that they invited me to be part of that. I’m active in the space. I work with a lot of the vendors in the IT space to provide them advisory services.
I had this moment where I get on a meeting with this guy and he says, “What we’ve done is we’ve pivoted our tool only to work inside of Microsoft Teams because we interviewed 50 IT providers who are the most innovative with their usage of tools and 48 of them run their business out of Teams.” That was like the nail in the coffin for me. We’re talking to people who run anywhere from $1 million businesses up into the $50 million probably and they had all made this decision to use Teams.
It’s an interesting thing because we used a reseller platform called Podio. Podio was your all-in-one tool. You still used email, you still use a calendar, but for everything else, you use Podio. Long story short, we ended up breaking it then into best of the breed rather than single. That went well. There were people that loved Podio but not everyone. People would say there’s this feature that it doesn’t have, etc. It’s interesting, I’m sure. For me, I try to convert people off Microsoft onto Google because I still see Microsoft as more corporate than a small business. It’s emotional. It’s not fact-based that I got fed up with Microsoft when I was in corporate and every time I went to load something, do something, it always brought up an error or an update or whatever. I threw PCs away and I threw Microsoft away and went Apple and Google as my two centerpieces. In many years, I’ve never had an issue. If you’re reading, this is no right or wrong but I do think that have a look at using Microsoft as that go-to place, as Josh is saying.
I want to say two things on that topic before we move somewhere else. One of them is I’m sure Microsoft has changed a lot since you were in corporate. The second is that I’m not doing it because of those other people doing it, but it caused me to go back and look at what I might be able to gain by making the transition. For me, I run a lean team and my primary interest is how can I help design people’s workflow to be as simple as possible in the company? If I’m going somewhere to communicate about a topic, I can also find the information that is relevant to that topic at the same time. For us personally, that’s where it is from a productivity standpoint. There’s the fact that from one admin panel, I can control the security of people’s identity login and that is going to control the safety of our data and our client’s data. For me, it was productivity in workflow and ease of security control.
I could spend so much time talking to you further on this topic but what I’ll say to everyone is that you can find out more about Josh at LACreativeTechnologies.com. In the end, he’s also got a transformation benchmark that we’ll mention as well. Before we go into the Live section, I’d like to talk about assessment for you to help out to work if you’re going to have a high or low seven-figure business in 2021. Go to PaulHigginsMentoring.com/assessment and answer the fifteen questions in three minutes.
Based on your results, you will either get a free 45-minute strategy call and you’ll walk away with a clear plan. It’s not a sales call. It’s a call to show you the gaps based on my many years of experience. Also, if you’ve got most things covered and I can’t help you where I cannot direct you, but more importantly, I’ll give you the opportunity like Josh has had to come on the show and share your success with others. The next section is the Live section. What are some habits that make you successful, Josh?
I would say the first habit that makes me successful is a drive towards authenticity. That’s not exactly a habit but it’s a way of communicating. That, for me, is something that has given me an incredible team to work with clients that love working with me and my team. It brings meaning into my work. I’ve been looking at 2020 like what are the most meaningful parts of this challenging year that we’ve gone through with COVID? For me, it’s the increased authenticity in all of the business relationships that I have with my clients and the fact that now that social life has canceled, I spend my life with my team.Drive towards authenticity. It will pay you back during the hard times. Click To Tweet
It’s a huge time-saver because you’re not trying to keep up with the things that you haven’t been authentic in. That saves you a huge amount of time. I do think it’s the same. We’ve had lots of clients that if you’ve done the right thing by people, they will pay you back in the hard times. I’ve seen a lot of businesses drop off the face of the earth that didn’t have that loyalty and authenticity. Well done for you and everyone else that’s reading that has done that because it does pay you back. These difficult times in 2020 have proven that. The next is the Give section. What charity or community are you passionate about and why?
I’ve helped my girlfriend heal from cancer in 2020. We were looking at some personal GoFundMe that we can assist for people who are going through it. For anyone who doesn’t live in the United States, they don’t have healthcare here. What I’ve been driven to the most, rather than a charity per se, is helping people who are going through difficult situations in their personal healing by donating. It’s become about looking to watching my social feed essentially and seeing who needs help. The other thing that’s important from living in Los Angeles, as we have an incredible problem with folks who have lost their homes, which is getting a lot worse in the pandemic.
That’s the other place that I see it as important to be providing assistance. It’s with people who are unhoused living in a society with a lot of wealth all around. I go through this weird thing. I live in a beautiful house in a beautiful tree-filled neighborhood. I drive six minutes to work and I go through multiple homeless encampments. You go through this, it’s like a science fiction movie. These are like two completely different disparate worlds in less than ten minutes. That’s the other place where I’ve seen it as important to contribute.
I’ve got lots of clients in California, LA in particular, that say a similar thing. I spoke to a potential new client who said that as well. Well done for you, not just driving by and doing nothing, but helping. I wish your girlfriend every success in healing. The charity that I put my book proceeds to and a portion of my revenue is The Purple House. You can go to PurpleHouse.org.au and they help indigenous Australians get access to dialysis. Having been on dialysis, having a transplant myself, I know how difficult it is to be on dialysis. It’s great because that does that. The last section is the rapid-fire section where I’ll ask you some questions and get some rapid-fire responses. The first one is, what are your top three personal effectiveness tips?
Get a lot of sleep, delegate as much as possible and automate everything.
You’ve given many great tools as we’ve talked about technology. What’s one other central part of tech that you use that we haven’t discussed?
I am going to go with using ProcessStreet to build checklists and being able to have a tool that I can throw a checklist into that people are going to be able to reliably follow to get stuff done.
I bought that in AppSumo deal and I still haven’t used it. You’ve given me some encouragement to do it.
I bought it on AppSumo and I’ve been using it for years.
What’s your best source of new ideas?
I guess it would be Feedly. I have a blog reader. Ever since Google killed Google Reader forever ago, I switched to a tool called Feedly. I use it to aggregate blogs. I use Feedly in a couple of different ways. For my own IT industry, I have lots of news sources about IT and about cybersecurity that fall into Feedly, but also for all of the industries that we support. We work for architects and nonprofits. We work in the cannabis industry. For those industries, I follow a lot of blogs in those industries, so that I have at least a good context in speaking to people in the industries that we support.
I’ve used that as well. I’d love a Feedly for a podcast but anyway, that’s another discussion for another time. The last question is the big question. I always leave it to the end for that reason. What impact do you want to leave on the world?
I want to leave a sense of authentic kindness and generosity to those that I touch in the world. I think that’s at the base of all of it.
That’s definitely shown through in this interview and all my discussions with you. Josh, speaking of kindness, authenticity and being authentic, he’s giving you a great resource. If you go to DigitalMaturityGroup.com/digitaltransformation/benchmark. What you’ll get there is a transformation benchmark and it’s free. You already know what person Josh is so you’re going to get plenty of value for that. Josh, it’s great to have you on the show. Thanks for all the work you’re doing both on the stage and off the stage. It was great to get to know you.
It’s been a pleasure. You have great questions asked.
Thanks, Josh. You have great responses. Take care.
There were some great actionable tips from Josh. I have already implemented them or got my team to help implement them. What is your biggest takeaway from Josh? Please share on your socials, mentioning Josh and LA Creative Technologies. To find out more about Josh, go to his website at LACreativeTechnologies.com. If you believe someone would benefit from the show, please share. They would love you for it. Fill out the assessment to know if you’re going to have a high or low seven-figure business in 2021. Go to PaulHigginsMentoring.com/assessment. Please take action to build, live and give.
- [email protected]
- LA Creative Technologies
- Latin Alternative Music Conference
- LA Creative Technologies LinkedIn
- LA Creative Technologies Facebook Page
- LA Creative Technologies Instagram
About Josh Weiss
Josh Weiss is an IT visionary with more than a decade of experience in the technology and entrepreneurial/startup worlds. His love of technology itself is exceeded only by his passion for delivering IT solutions to empower artists, creators and entrepreneurs.
The best part of his job is studying clients’ businesses, discovering their unique needs and then developing tailored solutions that enable them to grow.
Preferring to eschew buzzy, jargon-y consultant speak, Josh provides technology and project management expertise through a human-centered approach that includes meaningful, productive conversations and collaboration.
Connect With Paul and Build Live Give
Thank You for Tuning In!
If you want to break through all the noise on LinkedIn and reach your ideal client without creating loads of content or breaking the bank on ads – go to blgclick.com to learn our three secrets.