#67: David Kennedy (Binary Defense and TrustedSec)

-- AI Generated --

David Kennedy (Binary Defense and TrustedSec) [00:00:00]:
The profitability of hacking is there. Right? And there's a lot of ways of approaching hacking. You know, you can find a flaw in the computer system, and you can hack them. But there's also the aspect of attacking what we call the human element or going after a person individually. And what's so complex with techno coupling technology and people is that, you know, let's just say you work in a company that has 5,000 employees. That's 5,000 potential vulnerabilities that you have. Right? Because one user could be the entire downfall of an organization, and that's the practice of what we call social engineering, which is trying to manipulate somebody in some way, shape, or form through some sort of persuasion to get them to do an action on behalf of you without them knowing that it's bad.

Jeffrey Stern [00:00:41]:
Let's discover the Cleveland entrepreneurial ecosystem. We are telling the stories of its entrepreneurs and those supporting them. Welcome to the Lay of the Land podcast where we are exploring what people are building in Cleveland. I am your host, Jeffrey Stern. And today, I had the absolute pleasure of speaking with Dave Kennedy. Dave is a cybersecurity authority whose mission is to drive the industry forward and make the world a more secure place. In addition to founding 2 large scale cybersecurity firms here in Cleveland, Trusted hundreds of national news and TV shows. Dave started his career serving in the United States Marine Corps, focusing on cyber warfare and forensic analytics, including 2 tours to Iraq.

Jeffrey Stern [00:01:39]:
All experience, he was able to leverage to become chief security officer for Diebold, a Fortune 1,000 company based here in Northeast Ohio. In 2012, Dave left Diebold to found TrustedSec, a information security consulting company and sister company, Binary Defense, which is a full service 247, 365 monitoring and detection company that focuses on the detection of attacks in their early stages. Simultaneously, Dave started DerbyCon, which became one of the highest regarded and attended security conferences in the industry. Dave is ultimately a true champion of cybersecurity. Online, he goes by his Hacking Dave handle where he has amassed over a 150,000 followers across social media. He served as an adviser to the hit TV show, mister Robot, and he is the co author of Metasploit, The Penetration Tester's Guide, co creator of the penetration testing execution standard, and creator of the Social Engineer Toolkit. Really quite special to hear Dave's stories here and learn about the incredible organizations he's founded and grown here in Cleveland. So please enjoy my conversation with Dave Kennedy.

Jeffrey Stern [00:03:00]:
You know, just before we we turn the mic on just now, we were talking about how you were actually just on the news discussing the cyber implications for the the war in Ukraine while I was reading about a hack app, a vendor that my company uses for user management and authentication purposes. So for better or for worse, cybersecurity is is one of those increasingly and ever topical topics. It tends to be just one of those things that I I think most thing most people don't think about, until something happens to them, explicitly, which is of the many reasons I I've been very much looking forward to this conversation with you as a as a true expert and an adviser on cybersecurity and as an entrepreneur in the space. So thank you very much for for coming on.

David Kennedy (Binary Defense and TrustedSec) [00:03:49]:
Yeah. My pleasure. And, I look forward to to the podcast and, getting everything. But, cybersecurity is definitely one of those things where, you know, I truly enjoyed. It's become a passion and hobby throughout my whole life and, dedicated my entire career to it. And, it just continues to get more and more exciting, it seems like, every year when she never would have thought computer security would have been exciting. But, in a way that it's evolved and and everything else, it's, such a crazy industry. Keeps you on your toes all the time.

Jeffrey Stern [00:04:12]:
Yeah. So for for those who may not have an understanding of who you are, your your online Hacking Dave persona, or or your background generally, I'd love if you could just give us a brief introduction and and maybe how cybersecurity became that thread that ties your your career together.

David Kennedy (Binary Defense and TrustedSec) [00:04:31]:
Yeah. So, my name is David Kennedy. I'm the CEO and founder of of 2 cybersecurity firms here, in Cleveland, Ohio. We have, an office in Strongsville, though our new headquarters is, opening up in May. So we're really close to that. It's a brand new state of our facility building, training facility for kids and colleges and stuff like that. That'll be in in Fairlawn, Ohio. And then I have another company, Binary Defense, which is in Stowe, Ohio.

David Kennedy (Binary Defense and TrustedSec) [00:04:55]:
A lot of times if we're driving out, you can see the Binary Defense front signs from the highway. They always get complimented on the the the backlit, you know, thing. It just stands out. There's nothing else there other than that. So but, you know, I've been in the security industry for for, gosh, almost 25 years. My career really started off as a kid. My my parents moved from place to place to place. And I really found my home with computers because I wasn't able to, you know, create friends because I was always, you know, going to a different school and having to, you know, meet new friends and and kinda socialize.

David Kennedy (Binary Defense and TrustedSec) [00:05:23]:
And so I found my my home really in in computers. And so I started getting into programming, started getting into, obviously, the things that kids do with video games and everything else. I, you know, played StarCraft and Warcraft and all those different things. There was these games that were called multi user dimensions, which were before video games and graphics, basically. And you actually had to, like, type, you know, go Norse and stuff like that and kill people and stuff. You know, all all typing out and and those types of things. And then, and then I realized, you know, I I really dislike school. Not that I didn't know school, but I didn't enjoy school.

David Kennedy (Binary Defense and TrustedSec) [00:05:55]:
I wasn't learning much. It wasn't in the the thing of computers, and I kinda obsessed on computers. And so I almost, actually failed out of high school. I basically I graduated from Bedford High School. I moved from, let's see, Willowick to Wickliffe to Perrysburg to Lyndhurst to Bedford. And then, Bedford is where I eventually graduated from. And I actually didn't get to walk, you know, and get my diploma or things like that. I went to summer school just to pass to graduate.

David Kennedy (Binary Defense and TrustedSec) [00:06:18]:
And then, from there, I'm like, well, hey. College probably isn't the best route for me since I really don't like school. So why not join the military? So I ended up, taking what's called the ASAP test, which is the aptitude test. And, I joined the United States Marine Corps and, joined the intelligence community side of house. So I scored really high on their aptitude test, especially around intelligence, cryptography, computers, things of that effect, things that I was really interested in. And, the marines honed me in right onto the intelligence side. So I had a top secret government clearance. I worked in some of the, you know, nation's most top secret facilities.

David Kennedy (Binary Defense and TrustedSec) [00:06:50]:
Got to do some really cool stuff. I deployed twice to Iraq for intelligence related missions. So I spent about 2 years in the Middle East. I was in Bahrain, Afghanistan and, spent a lot of time learning security and cybersecurity, which is its early form then. Cybersecurity really was a brand new industry that was being created. And, you know, I spent 5 years in the marines, and then I got out and joined a small consulting firm here that was in here in Cleveland. It's no longer around. And then end up becoming the chief security officer for Diebold, where I ran their global security program for a number of years.

David Kennedy (Binary Defense and TrustedSec) [00:07:19]:
Had a team of about 55 folks. And then eventually left Diebold and started my own companies, literally in the base of my house. I, it's interesting. I was one of the youngest VPs in Diebold history. I was thinking I was, like, 27 at the time. And, you know, I'd already kinda solidified myself as being a subject matter expert in the security industry, which has been a really awesome thing because it's such a new industry. You know, folks coming up were able to really kinda craft the industry and form it the way that they needed to. And so I became very much a a subject matter expert in the the arena of cybersecurity.

David Kennedy (Binary Defense and TrustedSec) [00:07:47]:
And so I started a a company in the basement house. I literally my wife had just had twins. And, I come home from a perfectly stable job. Everything's great. Have a golden parachute. Like, literally, don't have to worry about anything. You know? Like, everything's perfect. And I'm like, hey, honey.

David Kennedy (Binary Defense and TrustedSec) [00:08:00]:
I think I wanna quit this perfectly good job and start, you know, my own business in the basement of my house. You know? And that was in 2011. And flash forward, we have over 350 employees worldwide. You know, we're one of the largest cybersecurity companies focusing with all the you know, we we do work with the fortune 5 to fortune 100 to fortune 1,000. And we're growing just leaps and bounds, every single day. So we really solidified ourselves as being one of the best out there from a cybersecurity perspective. And all here in in Cleveland, Ohio, which has been an testament and, you know, coming back home and all that good stuff from the military, being able to create your own company and and put it in an image that you wanted to be at.

Jeffrey Stern [00:08:35]:
No. It's it's fantastic. When you came home that one day from Diebold, what what was that the impetus to to want to create something? What what were the what was the insight that you had? What what was the problem you were that was gnawing at you that you were looking to solve?

David Kennedy (Binary Defense and TrustedSec) [00:08:52]:
You know, for me, I I, I've never been a a corporate type of person. So I'm not, like, you know, I will get in a suit and tie. I hate being in a suit and tie. Like, when you see me on the news, I'm on the news all the time. I'm on CNN and Fox and CNBC and MSNBC. I I I'm literally wearing a suit top, and I'm wearing gym shorts on the bottom. I I hate, you know, suits and ties. I hate dressing up.

David Kennedy (Binary Defense and TrustedSec) [00:09:10]:
You know? But I I'm not that type of of culture. You know? You think hacker. You think computer nerd and that type of stuff. Right? You know, I always enjoy having fun. I mean, when I came to Diebold, it was, you know, kind of that stuffy corporate environment, but I changed that culture. You know? Think about it. I mean, I was 26 when I joined, 27 when I became a VP. And I changed the culture there to be more exciting and fun.

David Kennedy (Binary Defense and TrustedSec) [00:09:30]:
Like, we had Nerf guns in our office. We were known as, like, the fun crew. You know, we had, you know, redesigned and kinda rebuilt how we we worked. And I had such a great relationship with IT. I had such a great relationship with the board of directors, our CEO, our CFO, and, had really established security as being one of the top priorities for the organization and company through, you know, how I communicated and how I was able to take complex situations and and bubble it up to risk and understand what what their language was. And I think those communication skills really made me successful in being successful in that job position that I had. And so I looked at that, and and at the time, we had built a state of the art security program. In fact, we had won one of the largest contracts in DeepL history because of our enterprise security program that we had built.

David Kennedy (Binary Defense and TrustedSec) [00:10:13]:
And, you know, great you know, testament to the team that we had and everybody else there. But, you know, so security was kinda, like, top notch. You know, we were like the known as, like, being having one of the best the best type of security programs that was out there. And I was like, well, if I can do this here, I can help other people across the board, not just this this one company, but a lot of organizations to get better with security because it's something that everybody struggles with and not a lot of folks understand. There's a a big deficit in talented people in the cybersecurity industry. Now there's a lot of people coming in from school, so there's a lot of junior level positions because it's such a new industry. But there's, like, this big gap in the middle and this big gap at the end around seasoned and qualified individuals in cybersecurity. So, you know, I've been thinking about this for a while, and I'm just like, you know, I I have a great job here, but I could help others in different places.

David Kennedy (Binary Defense and TrustedSec) [00:10:59]:
And that's always been kind of my mentality of helping others and making the world a safer place in cybersecurity. And I knew it was kind of my calling, and I need to do it now, or else I would have never done it. I would have stayed there for the rest of my life. And so at that point in time, I was like, honey, let's do this. And she's like, listen. This sounds crazy. This sounds like a dumb idea, but I support you. I believe in you.

David Kennedy (Binary Defense and TrustedSec) [00:11:17]:
And, anything you put your mind to, you'd be successful at. So let's let's figure this out and do it. So, you know, we ended up doing it, and and lo and behold, it it worked out really well.

Jeffrey Stern [00:11:25]:
And that that first endeavor was the creation of TrustedSec.

David Kennedy (Binary Defense and TrustedSec) [00:11:29]:
That's right. TrustedSec was was founded in 2011 in the basement of my house. And it's funny because, when you start a business, I had no idea what I was doing. Like, I had no idea how to start an LLC. I hadn't gone to business school. I didn't know how to balance the budget or invoices or things like that. And, you know, what was great is is when you have a partner that's equally invested in this with you. You know, Erin took up finance.

David Kennedy (Binary Defense and TrustedSec) [00:11:48]:
You know, she was a sign language interpreter for the deaf and took up finance with the accounting classes to learn how to do invoices and billing, I started focusing on how do I sell the business and create statements of work and proposals and, you know, all of these legal things that I had to figure out. And so we started kinda, you know, doing the foundation kinda skunk works in the basement of my house. And it's funny because I was like, well, listen. It's you know, no one really even needs an office anymore. And then I remember I just heard you know, I was on the first call with my first customer, and it it sounded like my kids were murdering each other upstairs. And I was like, oh, man. This isn't gonna work. And so I'm like, I need to get a building.

David Kennedy (Binary Defense and TrustedSec) [00:12:21]:
You know, I gotta figure something out. I gotta get out of this house. You know? And so, we end up getting a small, like, tiny hole in the wall. It was like a one room, you know, part of a building that was, like, 300 square feet that ended up being our our kind of our where we started trusted sec, and then, you know, we grew from there. And now we have a we're, our new, facility is gonna be 40,000 square feet. You know, stay there at facility, like, really cool place. You know, it's big difference from where you started from to to where you grow to. But, you know, it was it was really a culmination of a lot of different things.

Jeffrey Stern [00:12:51]:
And in that evolution of TrustedSec in the early days, I love to get an understanding of where the the founding of Binary Defense came out of that experience and and maybe recognizing, you know, a productization of of cybersecurity that you are offering versus the services and consultation aspect of it?

David Kennedy (Binary Defense and TrustedSec) [00:13:13]:
Yeah. So when you when you start a business, you know, you gotta look at what is my monetary investment gonna be. And when you're starting it on yourself by yourself, you have a couple options. You know? You can go the PE route and getting and, you know, kinda crowd you know, do it that way where you're really pumping a bunch of cash in the company and hopes that you can grow it and and kind of expedite it. For me, I didn't like that route. I I felt like I would it wouldn't be my company. It wouldn't be my culture. It wouldn't be what I wanted to do.

David Kennedy (Binary Defense and TrustedSec) [00:13:37]:
And so I was like, well, listen. You know, I don't need a lot of money to go and do consulting. So what I did is I, you know, called up, you know, all my friends and they they they were in security, you know, positions at different companies. I'm like, hey. You know, can you float me some work for some months? You know? So I can go I'll come out there and do security work. I'm like, heck yeah. People love the heavy. You're, like, one of the best security guys out there.

David Kennedy (Binary Defense and TrustedSec) [00:13:56]:
So, you know, I end up getting some contracts early on that, you know, had some cash coming in that I could, you know, continue to float and then eventually hire another person. But, you know, when you look at, securities, consulting services, that's really where a lot of my expertise was. You know, I'd got out of military. I'd done consulting for about 5 or 6 years. And then I went into the corporate side of the house. And, you know, I knew that there was a big deficiency and gap in companies that really struggle with security. Like, understanding what security was because security is a really complex subject. You know, you think you have, hey.

David Kennedy (Binary Defense and TrustedSec) [00:14:26]:
We have antivirus. We're good. Well, unfortunately, you know, the hackers have gotten smarter, and they've gotten figured out ways of getting around your antivirus products. They're hacking companies all the time when they're holding you ransom, and you see all the stuff on the news. You know, like, am I protected? And so my my whole goal with binary defense was to take a lot of that complexity out of there, but it required a lot of capital. And so what I did first was build up trusted sec to a point to where I could get it in a position to where, you know, I was getting enough capital coming in that I confront starting another company. And, you know, I I think I got to about 10 or 12 people when the binary defense front started to kinda go into motion. I had met an an individual named Mike Valentine who was, retired and focused more on the logistics software development side of the house, but could come in as a CEO to help run the company.

David Kennedy (Binary Defense and TrustedSec) [00:15:08]:
Because I didn't wanna run and take away from the growth of TrustedSec. But I also wanted to be more on just focus on the technology aspects and development pieces because I'm good at coding and writing code and figure out how hackers are breaking the systems. So I hired or I I brought aboard, our CEO of the company. I could run and manage the company day to day, build the sales organization, everything else. And then I came in as the CTO to help build the product and technology. And the whole purpose behind that was we created a a 247 security operation center. Think of it as, like, an ADT for computer security systems, where we're continuously monitoring for intrusions looking for hackers. And it's a piece of software that you basically install on your workstations and your servers and things like that.

David Kennedy (Binary Defense and TrustedSec) [00:15:48]:
And we continuously are updating it with new techniques that hackers are using so that it takes the complexity out of, you know, a company having to have a full detection engineering, you know, division that is focusing on what hackers are doing, which is a very big cost and things that affects the offload that to us, and we manage the security for your organization. And so that was really the the mindset and vision because I knew there was a major need for that, to help companies get better with cybersecurity. And then Binder Defense has has, you know, skyrocketed and and grown these amounts. In fact, from a pure employee perspective, Binder Defense is larger. I think we have a 150 7 people or something like that there, whereas we have a 130 something, I think, at trusted sex. So numbers change almost every day, it feels like. But, it's just they're they're growing, you know, every day, which is an awesome thing.

Jeffrey Stern [00:16:31]:
Yeah. When when you kind of set out on those 2, endeavors respectively, did you have a a vision and a sense for the scale that that they would achieve? Or how are you kind of thinking about the the vision and the trajectory of those businesses?

David Kennedy (Binary Defense and TrustedSec) [00:16:48]:
Yeah. I mean, I think Aaron and I had discussed, like, when TrustedSec hit 30 people, we'd be good. And, now we're at a 137 people, at TrustedSec. So, you know, I don't think we ever envisioned TrustedSec growing as large as it has and continues to grow, nor are we even close to any type of capacity. I mean, we're just, you know, adding on more and more folks, great folks, more customers. You know, we have a great, brand and and name and reputation. I think that's one thing that I didn't really foresee, which was how large our brand would get in the industry. You know, when people come to Trusted Tech, it's you're going with the cream of the crop, the best folks, you know, the best consultants.

David Kennedy (Binary Defense and TrustedSec) [00:17:24]:
We only have seen all the resources. You know, we're focusing on quality of work. And then the binary defense front side, you know, I I had an idea that I was gonna grow to be a larger organization and and continue to grow. So, you know, from a vision perspective, you know, from day 1, we really tried to structure it as a as a big company in many senses. Not not, you know, from a culture perspective, more so, like, you know, having a foundation of marketing and sales and HR and and all that good stuff, you know, early on because we we knew that it was gonna grow quickly and we need to be able to scale quickly. Yeah. I mean, I think, you know, you look back hindsight 2020, I would have never envisioned trusted that being as large as it was. And I would have thought binary defense would be probably half the size it is right now.

David Kennedy (Binary Defense and TrustedSec) [00:18:02]:
I wouldn't have expected so much growth so quick.

Jeffrey Stern [00:18:05]:
You you had mentioned that cybersecurity, generally, it's it's one of these risks that organizations face that that I found also. It tends to just be underestimated as a risk. Why do you feel that there is this, like, uninitiation, and familiarity with the with the risks and threats that organizations and companies face with regards to to cybersecurity? And and how do you go about explaining its importance and severity?

David Kennedy (Binary Defense and TrustedSec) [00:18:34]:
Yeah. That's a great question. I think most organizations think that there's IT security is handled because they have IT people, Or that they leverage Microsoft, you know, for their email and that they're secure that way. Right? And I think it's just a a a lack of understanding around what attackers are doing and how they're forming their attacks. They they recognize you have an IT staff. They recognize that you have antivirus. They recognize that you purchased a firewall. You know, they recognize that you use Microsoft 365.

David Kennedy (Binary Defense and TrustedSec) [00:18:59]:
They take advantage of that, and they use that against you. Statistically, only 22% of organizations use what's called multifactor authentication or a second form of authentication when you're going through, you know, email box and then it, you know, prompts a second, you know, prompt up. And that's, like, one of the most basic security features, but it shows you 80% of the world doesn't even know that that feature even exists or doesn't wanna burden their employees with it, let alone it's such a big step in protecting against, you know, just some commodity based attacks. So I think it's it's a lack of understanding around the risks associated with doing technology and business. And, you know, I think they assume that their IT folks are taking care of it and addressing it. And 9 times out of 10, we find that it's not happening. And and we often get called after the fact, after they've been breached, after they've had ransomware, after their entire company is crippled, all of their intellectual property stolen. They're getting hit by distributing our services, and all of their servers are encrypted, and their entire business is shut down.

David Kennedy (Binary Defense and TrustedSec) [00:19:50]:
And they want us to come in and fix it. I'm like, well, we can show you how the hackers came in, but at this point, it's too late. It's past that that thing. You either have to pay the ransom, you know, or you have to rebuild from scratch, unfortunately, because, you know, they're using the same types of techniques and encryption that we would use, on our side. It's not possible to recover from these situations. So we've seen companies completely destroyed. We've seen companies that, you know, have to pay the ransom. They have to rebuild.

David Kennedy (Binary Defense and TrustedSec) [00:20:13]:
Cyber liability insurance is a whole another area where it's getting more and more difficult to even get cyber liability insurance because there's so many breaches occurring from that side. So I think it's just a lack of fundamental understanding around what cybersecurity constitutes and where your risks are at. And that's really why, you know, at TrustedSec, you know, we have a lot of exploratory services that we do to, like, try to identify what where your security program's at. Like, is it super mature where you have no security, and here's the areas that you need to focus. Here's the top ten things that you need to do to stop the basic level of attackers. And here's the things you need to focus on over the next few years. But, like, no one does that if they don't, you know, experience data breach or they don't have somebody that's somewhat tech savvy or you have a board member that, you know, kinda knows a little bit of technology or security. And it's like, hey, what are we doing for cybersecurity? You know, cybersecurity is definitely still an afterthought in many cases, and I think most people think that they're just naturally protected.

David Kennedy (Binary Defense and TrustedSec) [00:21:00]:
And honestly, it's just a matter of time before they're hit and their entire company is brought down.

Jeffrey Stern [00:21:05]:
On that kind of reactive nature to the business, how do you get people to think proactively about it? And and how do you also, on that front, measure your own success? And and how do you, like, hold yourself accountable in kind of a preventative manner?

David Kennedy (Binary Defense and TrustedSec) [00:21:20]:
Yeah. It's a good question. So, you know, for for us, it's it's all about bringing education awareness out there. Right? I'm out there speaking all time. We have folks out there speaking all time. We're on the news all time. I mean, even, I don't know if you know the TV show Mr. Robot, but I helped out the TV show Mr.

David Kennedy (Binary Defense and TrustedSec) [00:21:34]:
Robot with Rami Malek and, so I got to work with them quite a bit in the skits and stunts. In fact, they mentioned my name on the TV show, which is pretty cool. Rami Malek impersonated me and said, oh, I'm Dave Kennedy, you know, on the actual TV show, which is kinda cool. But, you know, like, education awareness, I think, is is really important. So bringing awareness to organizations. You know, most companies that are in the Fortune 5, Fortune 5 100, Fortune 1000 space, they understand that they have to do something with security. Right? I'm not saying every one of them is great at security, but they're focusing on cybersecurity as part of their overall technology footprint. It's where you start getting into the small to medium sized businesses where, you know, you really have that lack of understanding around it.

David Kennedy (Binary Defense and TrustedSec) [00:22:10]:
And and I think you start to get more on the medium sized business side, but it's still a a largely unregulated space. Unless you're taking credit cards, and there's this thing called the payment card industry data security standard, you really in in in some, I guess, in health care, you have HIPAA, but that's not really big. You have HITRUST, which is another one. But, ultimately, at the end of the day, there's really nothing mandating that you do cybersecurity. So, you know, it's it's kind of tread at your own risk on the Internet, you know, the wild, wild west type of thing. And I think it's it's going out there and doing more education awareness. Now for us, our our entire company is built on excellence. And I and I know that sounds cheesy, but, like, everything we do is checks and balances to make sure that, you know, we're doing the quality of work that we need to and that it's peer reviewed in QA.

David Kennedy (Binary Defense and TrustedSec) [00:22:52]:
We have an entire QA department that make sure that they went through everything they needed to. It's it's a very stringent process of how we do our assessments and methodology. Now it's not so stringent that that they can't be hackers and be creative and things like that because we obviously employ hackers. We we are a group we're a company of hackers that literally hack into computer systems for companies to show them where their weaknesses and vulnerabilities are. Now we're white hats, which means, you know, hey. We're good people, you know, helping companies and organizations that's stealing your stuff. We do steal. We gotta put it back, unfortunately.

David Kennedy (Binary Defense and TrustedSec) [00:23:20]:
But, you know, we're we're we're really helping that. On on the same thing on the binary defense front side, you know, we have what we call tier 1, tier 2 SOC analysts or security operations center analysts that are continuously monitoring for intrusions and making sure that, you know, specific attacks aren't happening. And then we have teams that are sit sitting there researching, going through all the data to make sure that everything is okay. So there's a lot of checks and balances in place to ensure that, you know, we're giving the best we possibly can to ensure these customers are safe and secure and prohibiting a breach. And I think what most people think about when they think about a a hacker breaking through their firewall is that once they got through their firewall, the game is over. Well, the truth of the matter is is that the more time that a hacker has in your organization, the more damage you have. So if you can identify a threat in its earlier stages, like, let let's just say Bob in sales gets compromised. Bob's computer, it sucks that they got hacked, but it's better than all of your servers being hacked and encrypted.

David Kennedy (Binary Defense and TrustedSec) [00:24:11]:
Right? So can you shut them down earlier and earlier and earlier so that it doesn't impact the rest of the company? And that's really where the cybersecurity industry is at saying, you know, we might might not be able to protect you 100% because you might have a new piece of technology implemented you you forgot about a password for, or, you know, you forgot to patch this specific system. But if they're successful, what do you do at that point in time, and how do you shut them out, in the future? So it's a continual moving environment, but, you know, for us, you know, we have people dedicated just to r and d and research, making sure that we're staying ahead of the curve. You know, we focus a lot on on a quality of our products, and that's been super, super important for us. I mean, I never wanna see anybody complain that the quality of service that they had from a specific engagement wasn't the best that they've ever experienced, and that's that's really important to us. We do net promoter scores. We do, you know, constant evaluations of our customers. How can we get better? You know, it's if the customer has a negative experience, he comes directly to me. Like, literally, there's no if, ands, or buts.

David Kennedy (Binary Defense and TrustedSec) [00:25:03]:
Like, I get notice of it, and I I'll tell you, I haven't had one in 6 months, so that's a great thing. So, you know, we continuously try to improve ourselves.

Jeffrey Stern [00:25:10]:
I would be remiss, I think, if I didn't take us down a slight mister Robot detour here. Because I think one one of the things and I really would like to get your perspective on this now. It was I think lauded is a show that was celebrated for realistic representations of what hacking actually looks like. But my takeaway, as someone who just viewed it actually, was how much of it is actually done not through maybe technical hacking, but more like the social engineering hacking. And I know, actually, you've you've spent a good amount of time and work kind of putting and thinking about social engineering and and maybe just from a a terms and and denotation perspective, like, how how you differentiate between hacking and social engineering and your interest in in that side of it and how that's kinda manifested?

David Kennedy (Binary Defense and TrustedSec) [00:25:58]:
Yeah. You know, when you look at at traditional hacks, you think of, like, you know, some kid in the basement, you know, yeah, 2 o'clock in the morning with, you know, some Mountain Dew hacking away at computer systems. And the truth of the matter is, you know, hacking has become such a profitable state for organized crime groups, for nation states. You look at what China's doing from an intellectual property theft perspective. You look at what Russia is doing from military preparedness perspective. There's a lot of threats out there. And organized crime, you know, one of these groups that, we're tracking called Conti has yielded over a $190,000,000 in ransomware alone. That's a lot of money that they've gotten just specifically for ransomware.

David Kennedy (Binary Defense and TrustedSec) [00:26:30]:
That's just one group. So the profitability of hacking is there. Right? And there's a lot of ways of approaching hacking. You know, you can find a flaw in the computer system, and you can hack them. But there's also the aspect of attacking what we call the human element or going after a person individually. And what's so complex with techno coupling technology and people is that, you know, let's just say you work in a company that has 5,000 employees. That's 5,000 potential vulnerabilities that you have. Right? Because one user could be the entire downfall of an organization, and that's the practice of what we call social engineering, which is trying to manipulate somebody in some way, shape, or form through some sort of persuasion to get them to do an action on behalf of you without them knowing that it's bad.

David Kennedy (Binary Defense and TrustedSec) [00:27:12]:
And so a lot of times you'll see, you know, hey. You're gonna lose your HR benefits tomorrow unless you open up this document and sign this and send it back. Well, that sounds stupid, but, you know, you make it look somewhat believable and you get an employee that doesn't know a lot about computers, and all of a sudden, now they're opening up this document, which contains malicious code that's now executing on the computer itself. And now guess what? That firewall that you purchased, they're sitting behind that. You know? So if you think yourself as a castle, you know, they're behind those castle walls now. They're inside that castle, and now they have access to all the systems that this person has access to, including, you know, servers and workstations. And now that one person becomes the catalyst for hacking into all of your other systems. And that's why social engineering is such a devastating blow to most organizations.

David Kennedy (Binary Defense and TrustedSec) [00:27:50]:
And that's why we see most security breaches actually originate from what we call phishing or social engineering aspects. Phishing is, you know, sending an email out to an individual, again, coaxing them into something that has a component of that, which is social engineering. Now we don't typically see, you know, a hacker in Russia trying to impersonate somebody over the phone. You know, accents, believability, things like that become a kind of an issue. There is a group out there right now. It's actually allegedly, it's it's it's not confirmed yet, but allegedly a 16 year old. So you'd mentioned the the breaches before. So, just recently, Microsoft, obviously, a major huge company.

David Kennedy (Binary Defense and TrustedSec) [00:28:24]:
Okta, a major security single sign on company. And LG, the manufacturer of TVs and everybody else, just experienced some major data breaches from this group called Lapsys. They they just came out of nowhere. Like, I mean, like, literally, like, 4 days ago. Like, hey. We hacked into here, and here's all their data. Hey. We hacked into here, and here's all their data.

David Kennedy (Binary Defense and TrustedSec) [00:28:41]:
Hey. We hacked into here. I was like, woah. These are huge monumental companies, and you're talking, you know, the backbone of single sign on and how people authenticate. It's a system massive breach. You know, you talk to, you know, Microsoft, the creator of obviously Windows and a lot of other things. And so you're like, this is huge. This is big.

David Kennedy (Binary Defense and TrustedSec) [00:28:58]:
Turns out it might actually be a 16 year old kid, out of the UK, which is really mind blowing. But, you know, it shows you, I mean, that this kid was apparently calling people up on the phone via social engineering and and and coaxing them into doing things, because he was crafty with the phone and crafty with technology. And it just shows you how easy it could potentially be when you take the human element in consideration. Because if I'm targeting 1 individual and I fail at that, well, I call up a second individual. Then I call up a third individual. Then I call up a 4th one. And the 5th one finally gets through. And and that's that's the the the issue that we run into in cybersecurity today, is that the human variability that we have here is is not a technological problem.

David Kennedy (Binary Defense and TrustedSec) [00:29:35]:
It's a human problem. It's an education awareness problem. It's putting appropriate controls on those humans to ensure that they can't mess up. And in the event that they do, identify it and shut it down before it becomes a major problem in the rest of the organization.

Jeffrey Stern [00:29:48]:
As the human fallibility, that's hard to solve for, ultimately.

David Kennedy (Binary Defense and TrustedSec) [00:29:52]:
Yeah. I mean, you get you get people that are just different, you know, cuts. You know? You have people that that focus on sales, and and their whole life has been sales. It's not technology. They're not technology savvy. They might have an iPhone. Or you have folks that have been working there for 60 years that, you know, barely know how to turn their computer on. You I mean, you have people that work on shop floors that are sitting there spray painting cars.

David Kennedy (Binary Defense and TrustedSec) [00:30:10]:
You know, they're not technology savvy. So, you know, you have all these different variabilities that that really bring in all of this complexity. And unless you educate your users and unless you start to put in some proactive measures on security, those are all entry points into your network that could be cataclysmic to your entire organization. That's where these ransomware groups have really taken advantage of.

Jeffrey Stern [00:30:28]:
You mentioned the organizations in some sense are are made up of of hackers, if you will, on the on the right side of it. But it's a little bit of kind of understanding your adversary, eating your own dog food, maybe even empathy for how the, you know, who you're trying to defend against things. How do you build proactively in this space though where threats proliferate so quickly? Like, how do you stay ahead of where these things are going and come from?

David Kennedy (Binary Defense and TrustedSec) [00:30:57]:
Yeah. It's it's a it's a continuously evolving industry. Right? You know, you look at we have a a group that this specifically dedicates what we call threat intelligence. And think of this as, after actions. Like, after a company has been breached, let's evaluate what happened there and understand how they broke in and understand the techniques that they use so that we can refine and understand how hackers break in. So that's more after the fact. And we also have a research and development team that specifically focuses on understanding how new attacks can happen and how you can innovate in that area to get better from a research perspective and having your own techniques and tooling and things like that. And that's also very beneficial for us because we have a number of customers that I would consider top class high security programs, you know, that are really good at security, that have done just an amazing job within the top 1% of security.

David Kennedy (Binary Defense and TrustedSec) [00:31:46]:
Couple of those are in the financial institutions, some of them are in the DOD contracting, you know, know, areas, you know, medical research, some of those in there. So some some really high end areas that have spent a lot of time protecting their intellectual property as well as their company and organization. So for us, we have to there's a difference we call simulation emulation. So we have to simulate, in many cases, what we call nation state attacks, which is having the same level of sophistication as China, for example, or as Russia that would wanna have access to that type of data. So we have to research, you know, cyber weapons and develop our own exploits and attacks, you know, things that don't get detected. And so we do very much the same thing as an adversary would and have the same types of weaponization and tooling, as an adversary would or as an NSA would. I don't know if you, recall a couple years ago, the NSA had a major data breach of their hacking tools that they used to conduct intelligence operations across the world. And it literally caused havoc across the entire world because these were, like, literally skeleton keys for any Windows machine that was out there.

David Kennedy (Binary Defense and TrustedSec) [00:32:44]:
You know, there's a ton of of hacking code out there. It was, like, literally magic sauce that would open up a computer and give you all the access, you know, and data on it. And, you know, wreaks havoc on the world because those types of tools aren't designed for general public use. And, you know, it takes 1,000,000 and 1,000,000 and 1,000,000 of dollars of research to develop those types of weapons, essentially, in the cyber front that you have to develop, you know, in the private sector to be able to emulate that. So we we spend a lot of time protecting that, because, obviously, those are things that we don't want released out to the public in any way that cause harm or damage. But at the same time, we have to have the same types of capabilities as nation state intelligence agencies do, to be able to really conduct, you know, full fledged operations against the company that may have a sophisticated security program, and we need to target that data.

Jeffrey Stern [00:33:25]:
So your, I mean, your your passion for the space is is is more than evident. And I I know in kind of parallel to the the companies that you've built, you also had started a cybersecurity conference, DerbyCon a few years back. I'd love to just, you know, hear a little bit of the story of how that came to be and the evolution of of Derby Con.

David Kennedy (Binary Defense and TrustedSec) [00:33:45]:
You know, this was, I think we started Derby Con. What was it? Probably would have been 2,010, I think, is when we started DerbyCon. We ran 8 years. You know, one of those things again where, you know, I go to Aaron and I'm like, hey. I wanna start a conference in Kentucky. And if it fails, we're gonna have to take a second mortgage out of our house. You know? And she's like again, you know, she's like, hey. Listen.

David Kennedy (Binary Defense and TrustedSec) [00:34:05]:
I don't think this is a great idea, but, you know, figure this out. You know, what I was trying to do is, you know, cybersecurity is is when when when I was getting into cybersecurity, there wasn't college courses to learn how to hack. You know? There wasn't YouTube videos on how to hack. There wasn't, you know, this this industry that we see today. You know? It was creativity. It was figuring things out that nobody had before. It was reverse engineering and understanding how a developer wrote something and finding flaws at it. It was a lot of hours of nerding out on the computer, you know, sitting there trying to understand how things work.

David Kennedy (Binary Defense and TrustedSec) [00:34:37]:
It was a big puzzle gathering thing. And as the industry grew, we needed more mechanisms to train people that are qualified to come into the industry to help support the need for cybersecurity. I mean, you look at cybersecurity, there's a such a massive gap in how many jobs we need. But the problem is is that these kids that are coming out of college, all these college programs are so bad for teaching cybersecurity that they're literally at a a foundational base level that you would have to spend another, you know, 2 to 5 years to train them up to get to a basic level of understanding of cybersecurity. And so, you know, we've partnered with a lot of colleges. Dakota State University is probably my favorite from a cybersecurity program perspective. You know, Kent State University does a does a decent job, locally here in Cleveland. Stark State, we've got hired a number of folks from Stark State.

David Kennedy (Binary Defense and TrustedSec) [00:35:27]:
So they're they're coming around and developing better programs. But the the biggest thing was, you know, from a a a conference perspective, we wanted to create a conference that was kinda had that Midwestern feel, family friendly. You can come in and learn whether you were just starting off. Because what would happen in a lot of these conferences is that it was they were so big that you had to be, like, an elite hacker to, you know, learn from another elite hacker. And it wasn't this knowledge sharing, type of thing. And so it was more of a secluded tribal type of thing that was happening in in the security industry. And so I I decided to create DerbyCon to be really for new people coming into the industry to help them out and to get this industry moving forward and to get a kick start and everything else. And the 1st year, we needed 500 people, to break even.

David Kennedy (Binary Defense and TrustedSec) [00:36:13]:
And if we didn't get 500 people, that was the 2nd mortgage in my house. 1st year, we got 14 1400 people. And, then after that, we started selling out year after year after year. We couldn't even keep capacity. We still out sold out 7,000 tickets in less than 20 seconds for our conference. And, you know, the conference has got bigger. We we set big bet band names. We had we had, like, Wu Tangcom.

David Kennedy (Binary Defense and TrustedSec) [00:36:32]:
We had Vanilla Ice. We had Sublime. We had the Offspring. Spring. We had Infected Mushroom, which is a heavy techno band that's really liked in the security industry. We had these big bands come and play huge shows, and it became this massive event. And we we did 9 years of DerbyCon, and it just took it, you know it started off as being, like, this small project where we wanted to help people, and then it started becoming, like, our entire lives. Because we'd, like, literally finished DerbyCon in September.

David Kennedy (Binary Defense and TrustedSec) [00:36:55]:
And then we'd take a month off, and then we start planning for the for the next year. And it's, you know, 9 months of planning, you know, of trying to get this big show to run and just taking away from our jobs and our businesses and growing. So eventually, we decided, hey, it's time to kinda cut the core in this one. It was a great experience. And, you know, we didn't do it for any type of monetary value. It was to give back to the community. In fact, from a conference perspective, we raise more money for charities than any other conference in the cybersecurity industry. Like, I mean, we're talking 100 of 1,000 of dollars to various charities each year, you know, and and just made a massive impact and difference to people and helping people out.

David Kennedy (Binary Defense and TrustedSec) [00:37:30]:
And every every year, we would either donate to charity or invest it in the next year to make a conference even better. So it wasn't a a business money thing for us in any way. It It was really trying to help the industry. Now were there things that helped, you know, the business sound? Well, obviously, people knew that I was running DerbyCon, and I'm trusted at SAC and binary defense. And so, yes, you know, through attrition and brand recognition and things like that, I'm sure we got you know, definitely got benefits from that. But that was never the goal. It was really to create an awesome conference that people come to and have a ton of fun. You know, it wasn't this boring, stuffy stuffy conference where, you know, you're sitting through massive amounts of presentations, you're learning something, Everybody's accepted.

David Kennedy (Binary Defense and TrustedSec) [00:38:04]:
Everybody felt welcome, and you just have some major, major awesome fun. And, that ended up becoming the conference itself. And it it was just, an awesome experience and and one that I look back and I'm like, man, you know, we, like, set a band. We had no idea what we're doing. Like, we set up band shows for Wu Tang, and I was partying with Wu Tang at the end of it. You know? It was just, like, it was crazy. You know, Paul Oakenfold and, you know, just like it was was something you never would have thought, you know, as a kid growing up. You're gonna be, like, setting up a massive, you know, conference with all of these people and, you know, being the head figure of it and everything.

David Kennedy (Binary Defense and TrustedSec) [00:38:31]:
It was just something I I never would have ever anticipated, especially being that computer nerd that graduated

Jeffrey Stern [00:38:37]:
from Bedford High School. Well, as the, as the conference kind of grew in in popularity, it seems evident that your your public persona kinda grew in in parallel with it. And I and I'm curious just, you know, with a few 100000 followers across social media under hacking Dave, right, as the handle. How do you manage that your public persona? How do you how did you even, like, think about that as you as you started to gain a a real following?

David Kennedy (Binary Defense and TrustedSec) [00:39:06]:
Yeah. You know, it's, I never would have thought I would have been I don't know. I put in quotes a figurehead or somebody that, you know, is is considered one of the leaders in in cybersecurity. You know? It it was always just a a passion and art for me. I really enjoyed it. It's what I found my home in. It's you know, I lot of people when they come home, you know, they they have their own hobbies, whether it's woodsmithing or whatever. You know, for me, it was programming and figuring out how things worked and reverse engineering, and this is how my brain worked.

David Kennedy (Binary Defense and TrustedSec) [00:39:33]:
And so, you know, for me, it was also sharing and collaborating with other people. So I would always share my work. I'd give my stuff away for free. And then people are probably like, that's crazy. It's stupid. But the open source community was a huge help for me growing up in this industry and learning. And so me contributing back to the open source community was such an important piece of it. So, you know, it really started you know, I I released new tool sets that would help hacking.

David Kennedy (Binary Defense and TrustedSec) [00:39:56]:
I know that sounds horrible, but we you know, good people need hacking tools to simulate what bad people do as well. So, you know, I was creating, you know, tools for people to help hack to help companies get better with cybersecurity postures. And so it started, you know, resonating with them. A lot of the tools became really popular. And then I started going to news quite a bit, and that just started, you know, growing. And one thing with me is, you know, I I I I'm always big on, you know, helping other people. So if somebody asked me a question or, you know, as, like, a career advice or how to program something, I would just stop what I'm doing and go and help them out. So that type of of relationship that I had with the community, you know, being so small at that time and then eventually growing, I think, helped that persona.

David Kennedy (Binary Defense and TrustedSec) [00:40:36]:
And I've always been pretty transparent about my life and who I am and what I do and share my experiences. A lot of people are very secluded and and, you know, you know, most of the cybersecurity, I'm gonna be super paranoid. I'm not. Like, you know, like, I post my stuff out there as as as is as of who I am. I own a lot of guns in my house, so I forgot to get self defense, if I need it. But, you know, but, you know, it's one of those things where, you know, my my persona has been big, and I've always been been helping giving back. In fact, one of the things that I started doing was helping high schools develop their computers computer programming classes and, cybersecurity class. And so I took a position on the Bedford, technology board.

David Kennedy (Binary Defense and TrustedSec) [00:41:14]:
And I also, ended up building a state of the art e games facility for them, and they call it the David Kennedy Center of Leaders, Gaming and Leadership Excellence at Bedford High School, which is giving you know, if you look at Bedford High School, net median income is $30,000 or less, which is way under the, you know, national average. So very poverty stricken, location. We've had a lot of issues there with gang related members and crime and and everything else. And that's my that's where I grew up at. So I helped build this new esports gaming facility, and I donated and funded the whole thing and and and built it. And, and we give, because of that specific game esports gaming facility, and parents are probably like, why are you giving, you know, video games to kids in school? It it's a whole different area, and it actually affords 11 new scholarships every year for kids that would have never had the opportunity to have scholarships going to college. And, they have to have maintain good grades. In fact, sorry about that.

David Kennedy (Binary Defense and TrustedSec) [00:42:07]:
1 of the kids was, like, a DC student, and he really wanted to be on the esports team. And, no. He's like, listen. He he busted his ass, got his grades up to a b's and a's, made the team, got a scholarship afterwards. So, you know, life changing event, you know, stuff for for kids like that. So, you know, it's not just about, you know, what my my persona is from a hacking perspective and always kinda contributing to the hacking community. It's also about helping others out and trying to do more. We're we're part of doing the work.

David Kennedy (Binary Defense and TrustedSec) [00:42:33]:
We partner with the Cavaliers for the Harvest for Hunger. You know, we give time off every year for for charity events for all of our people, including funding and things like that. We really try to keep with the sense of helping others while we grow as well. And that persona, I think, has really helped out both on the company side too.

Jeffrey Stern [00:42:49]:
Do you find that you're able to still exercise your passion to actually get in and do some of the hacking? Or do you find yourself more at the kind of organizational level as a CEO, as a leader, a little removed from it? How do you how do you balance that? And I guess with that, like, what what are you excited about looking forward over the next few years?

David Kennedy (Binary Defense and TrustedSec) [00:43:10]:
There was a period of time where I started to lose my ability to to do the hacking stuff because I was so much focused on the company. And when I recognized that, I put things in place to ensure that I can still continue to do the fun hacking stuff that I do. So, you know, I have a great leadership structure. I have a COO, chief operating officer that, you know, hired about 2 years ago. That was just a godsend for our company. I mean, guys, it's just absolutely brilliant. His name's Eric and helps run our entire operations. I mean, literally, he's acting essentially lack of a better term as our CEO.

David Kennedy (Binary Defense and TrustedSec) [00:43:41]:
You know, running the day to day operations, I have a great leadership team on sales and marketing, on our consulting division. So, really, I don't need to run the day to day activities. Now I'm still brought in for big decisions or visionary stuff that a CEO does. I put put those in air quotes. But at the end of the day, I still get to hop on engagements. I still get to hack. I still get to do the coding. I still get to do this the fun stuff that I enjoy doing while being kind of like a part time CEO in the same place.

David Kennedy (Binary Defense and TrustedSec) [00:44:03]:
Same thing on the the binary defense front side. I've always been the CTO. So I'm heavily involved in the technology development or road map. I don't do hands on coding as much anymore, but I'm actively involved in the vision and road map and strategy of that, which is my my my fun stuff. I love getting in and figuring out issues and, you know, like, oh, hey. We should do this and figure this out because I know the code base. I'm like, let's just do it this way. And they're like, oh, that makes sense.

David Kennedy (Binary Defense and TrustedSec) [00:44:22]:
Cool. You know? And so it's just, you know, coming in and being able to to do the things that I actually like doing and having fun with, and I don't have to worry about all of the other things that I really don't like doing. But it took a while to get there. You know? It wasn't like, yeah, I remember when I first started TrustedSec, I was doing sales, marketing, you know, HR, and, you know, reporting and hacking and coding and, you know, putting in, like, you know, a 100 hours a week, just making sure that the company is successful so I don't, you know, crush myself. But, you know, over time, I've been able to definitely bring in people that remove those components and do it 10 times better than me to run the company better more. And and so it really has allowed me to be more successful at what I like to do and hone in on what I like to do. Because I feel like if you don't like what you're doing at work and you don't like, you know, what you do day to day, there's no reason to do it. You know, change, do something different.

David Kennedy (Binary Defense and TrustedSec) [00:45:11]:
You know, I noticed, you know, when I was really just focusing on just the company aspects of things, I'm like, well, hey. But I have all this hacking going on over here with these cool guys that I really like a lot, these guys and gals. You know? Like, I I don't get to

Jeffrey Stern [00:45:21]:
do that anymore. How do

David Kennedy (Binary Defense and TrustedSec) [00:45:22]:
I do that again? And so I'm like, well, I'm gonna hire a COO that'll I'll come and do this stuff that I don't like to do, and it's way better at at than and he likes doing it. So then I'll go do it. So and then it all just worked out, and it's been been awesome, to see that growth. And, honestly, with him in place, the company is doing 10 times better. You know? And I'm not saying I wasn't doing bad, but, you know, like, from an organizational perspective and how we look at profit and loss and how we look at projections and, you know, metrics and forecasting, I didn't do any of that. I'm like, hey. I'm sure we're doing fine. Let's go.

David Kennedy (Binary Defense and TrustedSec) [00:45:50]:
You know? And, so we have a lot more informed decisions with data and things like that. So it's been it's been a good a good ride.

Jeffrey Stern [00:45:56]:
As you look forward, over the next few years with with both organizations, anything else that you're you're thinking about? What what what has you most excited about the future?

David Kennedy (Binary Defense and TrustedSec) [00:46:07]:
We are definitely always researching new services. We're building a brand new service right now that I think has the potential of being our, actually, our largest service that we have, period. And so we're doing a lot of the plumbing work for that to make all of that work, the development and coding. So we're far from, you know, this is what the company looks like. Right? The company is always gonna change with the times, and it's always gonna innovate and be ahead of the curve. And and so, you know, we see certain trends happening in the market. It's really important for us that we just, you know, created about a year and a half ago, cloud centric service offering for for consulting where, you know, like because a lot of companies are going into cloud infrastructure, and cloud security is an important piece there. So, yeah, that that team has exploded and grown.

David Kennedy (Binary Defense and TrustedSec) [00:46:44]:
So, you know, we're always adding on what is important in the industry and what we see is kind of happening from a visionary perspective. And so we're always building those types of things. I also, you know, look at other things too, like outside of security. Like, I happen to invest in a basketball technology company, you know, that has nothing to do with cybersecurity whatsoever. And now I'm, like, running literally I'm fixing, you know, basketball tech machines and things like that, which, you know, you think, well, why why are you doing that? But it's fun. You know, my kids play basketball. I like basketball. I coach my kids' AU teams.

David Kennedy (Binary Defense and TrustedSec) [00:47:14]:
So, you know, so I I I'm I'm now, you know, working on a whole another business that is basketball technology integration and making kids better with their shots and performance tracking and stats and things like that. We just came out with an app that I, you know, spearheaded. So, you know, it's not gonna be just cybersecurity. I'd like to you know, whatever my interest is in my hobby, I I would love to do. Like, right now, I'm I, because of COVID and, I I got really heavy into power lifting and bodybuilding. And, so I lift 6 days a week. You know, I I run, do HIIT training 3 days a week. I eat really healthy.

David Kennedy (Binary Defense and TrustedSec) [00:47:44]:
I completely transform my body type. You know, I used to be kind of like a I used to be obese. I used to be £15, but, you know, then I shed all that weight, and I was kinda like the skinny fat. Now I'm, you know, pretty pretty strong. I do a 545 pound deadlift. Right now is my my current max. But, you know, it's but, you know, like, whatever like, I might do something on the on the the fitness side. You know? Who knows? But, you know, it's just a matter of continuing to to have fun with what you do and and invest in what you like to do.

David Kennedy (Binary Defense and TrustedSec) [00:48:09]:
And I think that's an important piece for entrepreneurs is when you start to have a successful business, you can branch off into other areas that is your passion. Because if it's your passion, you're gonna dedicate the time to make that successful. And it's that belief in yourself, I think, that's in a major important role.

Jeffrey Stern [00:48:25]:
Yeah. That that that's incredible. We'll we'll use that as a a bookend here, tie it back to to Cleveland specifically. But one of the the questions, that we ask everyone who who comes on the show actually is not specifically their favorite things, but for things that other people may not know about here in So hidden gems. So with that, I'll ask you for your your hidden gems here in Cleveland.

David Kennedy (Binary Defense and TrustedSec) [00:48:49]:
If you go down to downtown Cleveland, there's the, the house of blues. I don't know if you know, but above there, there's an awesome, bar area that you can have a membership for that's like a super secluded, really swanky, really nice bar that's absolutely beautiful. So that's my hidden gem up there. That's my kinda hangout spot. You know, I don't I don't drink much anymore, but, you know, if I'm bringing customers or things like that, that's kinda like my go to spot that I'll go to because it's never packed. I mean, it's amazing rooms. They have, a a completely separate high end or high end more type of meal up there you can get for a from a dinner perspective. So different different, kitchen.

David Kennedy (Binary Defense and TrustedSec) [00:49:21]:
So that's one of my main ones there. Hinkley Lake is, like, my sanctuary. So if you're familiar with, the Hinkley area in Medina, Hinkley Lake is just this beautiful lake that has this trail that goes around there, and I do a lot of rucking there. So I have a rucksack that I put, you know, £45 on and I just go do that, you know, do like 6 miles. Yeah. I think it's 3 miles around, so I do it twice. So it's 6 miles to kinda get my steps in and fun. Those are probably the 2 main ones I can think of of the hand.

Jeffrey Stern [00:49:45]:
Those are great. The beauty of it is that, those those are 2 completely new ones.

David Kennedy (Binary Defense and TrustedSec) [00:49:50]:
That's great. That's awesome.

Jeffrey Stern [00:49:51]:
Well, thank you so much for for coming on and sharing your story and and about the the work that you're doing. I really appreciate it. And it's for for, again, for better or worse, it's it's as topical as it's ever been. And so thank you.

David Kennedy (Binary Defense and TrustedSec) [00:50:04]:
Absolutely. Thanks so much for having me on. And, can't wait to go through all the previous podcasts and catch up to to all this. It's awesome what you're doing here. And, you're hearing other people's perspectives from a from a entrepreneur perspective and what they've done in Cleveland. My hometown is Cleveland, so a huge basketball fan. I have season tickets to the Cavs. So you'll actually see the trusted tech Cavs logo up on the top of the backboard when they're slamming, doing a slam dunk.

David Kennedy (Binary Defense and TrustedSec) [00:50:25]:
But, you know, go Cavs, go Guardians, go Browns, all that good stuff. So If,

Jeffrey Stern [00:50:31]:
if folks have anything they would like to follow-up with you about, what is the the best way for them to do so?

David Kennedy (Binary Defense and TrustedSec) [00:50:37]:
Yeah. You can always hit me up on social media, which is, you know, at hacking Dave. It's just literally how it sounds. Also, our TrustSec website, if you just go to the form, that also goes to me as well. So, I mean, it goes to our entire team, but it'll go to me too. So feel free to hit us up anytime there, and I'd be happy to respond to you anytime. And if you have any questions or questions about business or cybersecurity or anything else, always happy to go through that and and, you know, share my experiences or anything I could help with that that, from that front.

Jeffrey Stern [00:51:02]:
Awesome. Well, thank you again, Dave. Really appreciate it.

David Kennedy (Binary Defense and TrustedSec) [00:51:05]:
Take care, everybody. Have a good one. Thanks again, Jeff.

Jeffrey Stern [00:51:08]:
That's all for this week. Thank you for listening. We'd love to hear your thoughts on today's show, so if you have any feedback, please send over an email to jeffrey@layoftheland.fm or find us on Twitter at podlayoftheland the land or at @sternjefe, j e f e. If you or someone you know would make a good guest for our show, please reach out as well and let us know. And if you enjoy the podcast, please subscribe and leave a review on iTunes or on your preferred podcast player. Your support goes a long way to help us spread the word and continue to bring the Cleveland founders and builders we love having on the show.