Today we talk with Managing Director Paul McIntyre from Secure ISS. Proudly Australian-based and dedicated to supporting small and medium businesses right across the country. At Secure ISS, they believe that world-class cyber protection shouldn't be reserved for big corporations – every business deserves to feel confident, secure, and future-ready. Each episode, we'll explore the latest threats, share practical advice, and learn how you can safeguard your business, your people, and your customers. Whether you're looking to strengthen your security posture or simply stay informed in an ever-changing digital world, you're in the right place. Welcome to Tech Talks with Taylor, the podcast where we explore how the right technology can create better business outcomes, every time. I'm Leanne Taylor, founder of Taylor Made Sales, and I'm passionate about helping Australian businesses connect with the tech solutions that drive success. For more details contact leanne@taylormadesales or visit www.taylormadesales.com.au Full Episode Transcript:  [(Intro music) Leanne Taylor: Welcome to Tech Talks with Taylor. I'm Leanne Taylor, your host of 10 Minute Tech Talks, where we cut straight to the heart of tech for Australian businesses. In each session, we'll spend only 10 minutes with an industry expert unpacking the latest products, services, and solutions to help your business achieve great technical outcomes. Let's get started. (Music fades) Leanne Taylor: Hi everyone, it's Leanne Taylor here from Taylor Made Sales, coming to you today from sunny Queensland. And I'm sitting in the office with Paul McIntyre from Secure ISS. Welcome Paul. Paul McIntyre: Hi Leanne, how are you? Leanne Taylor: Oh, much better in this warmer weather. Thank you very much, getting out of cold old Melbourne. I'm really excited to have this chat with you today, and what I ask all my visitors is who are you, what do you do, and why do my customers need to know you? Paul McIntyre: You're right, very good questions. To be honest, so Paul McIntyre, I run a company called Secure ISS. We're based out of southeast Queensland, Gold Coast in particular and uh we do run a a cybersecurity practice and a technical operations practice. So our core offering for what we're doing in this day and age is around sort of managed security operations centre as a service, and we run all of that infrastructure, all of our services out of out of Australia. Our team is Australian based. We're 24 by seven eyes on glass. Leanne Taylor: And that's what I love about you guys. So, you know, a lot of our customers will have had conversations with vendors out of the states or overseas, all offering different bells and whistles, I guess in the security space. What I love about you guys is you're Aussie, you're homegrown, you're based in Queensland, you're Australian made and you're offering your team as a service to customers. So can you explain to me what your security or manage security looks like with secure ISS? Paul McIntyre: Yeah, absolutely. So, so what we've done, our service overall, we've the marketing guys have got a hold of it and called it Lumara. But essentially it's a, it's a service that has a number of tiers across it, a number of technology modules we can plug into the offering and a number of sort of service or people modules that we can plug into the offering. And the way that we've built it out is to to make sure that customers that already have controls in place and and policy frameworks in place that we can sort of augment and uplift those various features across their sort of cybersecurity landscape. So we're not about ripping and replacing the environment as it stands at the moment, it's about augmenting and and taking customers on a journey with that. And that can be anything from that sort of traditional seam piece all the way through to security operations, orchestration and response tooling and then policy uplift and and framework uplift as well. So we're across that sort of gambit and looking to become a true trusted partner to those uh to those clients. To your point about sort of vendors and and potentially overseas companies and the like as well, we've, we've sort of built our SOC from the ground up, so we're not actually reselling another MDR service. We've taken off the shelf software, we've sort of built it out for our requirements and uh made sure that we've sort of got an open ecosystem there as well. So the analysts and and the sales people and the account manager that you're talking to, they've got a lot of accountability and a lot of direct responsibility across that sort of technology tooling and the operational framework that we work within. Leanne Taylor: And what I love is that you really focus on the mid market customers. So that's, you know, your small to medium businesses throughout Australia, and you are nationally covered, which I love. Can you explain how the team, what the service the customers can expect because you're really an extension of their team, right? Paul McIntyre: Yeah, absolutely. So, for a small company, people like to use the word boutique, but I think we we fit that bill quite well. We're small enough that we can customise what we're doing to meet customer outcomes and given our technology heritage as well. So the business itself has been around for about almost 20 odd years and we've had a number of pivots as you sort of do in in technology. And yeah, we've sort of got a significant heritage in the technology landscape as well. So I'm not sure that I've actually answered your question with with what I've just said. You did. The SME piece, right? Yes. So we've made a concerted push into that market space. So in cyber in Australia, you know, for us we come up against everyone. So everyone from the sort of big four Cyber CX to a lot of the small players inside the marketplace. But for us, we think we do a really good job by way of service delivery, we do a great job on on the budget front to really assist that mid market to get a level of maturity that they may not be able to achieve budget wise or uh engagement wise with some of those bigger players. So that's what we bring to that sort of mid market. Leanne Taylor: And that's fantastic because a lot of businesses don't have the depth in their IT teams to be able to, well firstly hire a security manager or or a so, but still have the same issues as large enterprise does when it comes to vulnerabilities, patch management, managed detection, and and of course all the BAU stuff that goes with that. So security is quite a large conversation that we have with a lot of our customers. We spoke recently with a customer around your dark web monitoring. Can you explain what that looks like for you guys? Paul McIntyre: Yeah, absolutely. So dark web's an interesting space, right? Especially all the sort of moving parts in cyber as it stands at the moment, but the key part of sort of monitoring activities in the dark web is is sort of being forewarned about information that might be out there. So for those that aren't aware sort of listening to the the podcast, the dark web or the deep and dark web are the information and sites and and components to the web that aren't available to you through a sort of Google browser or they might be sitting behind a paywall. There's a lot of information out there about a lot of organisations and people personally that's just not accessible via Google and it's often moved around and sort of sold on the what's called the dark web. So through things such as sort of Telegram channels, TOR sites, so components that are sort of off the internet and in private networks if you like. So what we are seeing a lot of out there is is sort of compromised credentials, information that's that's been packaged and repackaged and sold across across those components. So we are finding that a lot of customers do not have that information available to them and obviously being, you know, forewarned is forearmed. So if a customer is aware of of that information floating around in the in the deep or dark web, they can actually action that before it might become a a point of compromise for the business or a or a point of exfiltration for for data going forward. Leanne Taylor: And I think I mean everyone, you'd have to be living under a rock to, you know, not hear that Qantas and Telstra and Optus and a lot of big players have been compromised and they have had some data theft go out of their organisation for whatever reason. So it's really important to be able to see and check your own data if it's on the dark web and being sold to potential hackers. So it's something that I think a lot of IT teams focus on security within their network and within their organisation, but you're right, they don't have a lot of visibility as to what their staff data might be doing floating around and being able to be leveraged to compromise their networks, you know, on that bigger scale. So I think that's a really interesting conversation that we've been having with you and it's not an expensive service. Do you want to touch on on how that works? Paul McIntyre: There's a number of layers, right? So and it really depends on a business's sort of focus as to to what that engagement sort of looks like. But uh, you're not sure whether you're you're familiar with info stealers and the and the like that are out and about to to capture some of this information. But that's sort of where our baseline service uh looks at. So info stealers, as the name sort of suggests is malware delivered in a number of sort of fashions that can capture information from essentially your browser, you know, via a piece of malware, phishing attacks, etc. So that's where our sort of service starts and and you'd be quite surprised at the information that sits in those info stealers. A lot of it's identity based, but there are sort of personal markers inside that information as well. So if you think about your activities that you might do on a on a web browser or your family or your friends might do on a web browser, info stealers can take that information very, very quickly if you were to to walk through a compromised site and the like. And for some of the information that we've seen that's available through that info stealer information is quite eye opening at times. And given how quickly those sort of info stealers can sort of spread and mutate, that information has quite a bit of velocity in that information that's sort of out there and sold and repackaged as well. So we're keeping eyes on on pretty much a sort of hourly basis on various forums and and and the like. Leanne Taylor: Now you touched on patching because I know that's a a big struggle for a lot of customers and again it's just resourcing and manpower. How can you guys help with the patch management? Paul McIntyre: Yeah, so we've we've actually got some some great tooling on the continuous vulnerability assessment and attack surface management and and patching side of things. So a lot of the conversations that we do being being Australian based are around sort of the Essential Eight framework. A lot of the organisations that uh that we do talk to, they're looking at a sort of maturity level one or two across the Essential Eight, but particularly across sort of patch operating systems and and patching applications. So the tooling that we've got available to our customers, we can provide that just as sort of a a co-managed service, so providing licencing and a little bit of advice around your vulnerability assessment frameworks to sort of meet those essential eight outcomes, but also to assist customers on the patching side of things as well. So just setting up patch time frames, potential pilot groups for patching. So those that are that have got more resources will tend to go down that sort of co-managed path and and do a lot of the the heavy lifting themselves, but also the tooling and and the SecOps and tech ops teams that we've got on board in the organisation can provide a sort of turnkey solution for customers as well. So to your point before, right, the technology teams seem to do a great job with the BAU activities and various customers in the SME market are resourced. Yeah, we we see some that are that are quite well resourced from a technical perspective and others that are not not resourced accordingly. So we can we can help with a turnkey solution which basically enables customers to get up to a sort of maturity level two target pretty quickly with a combination of the tooling which makes it quite easy, our process overlay because we've been doing this for so long, but also with the manpower that we've got available to us as well. So as a 24 by seven sort of operation, we can help customers quickly alleviate patching concerns uh across their fleet and and it's not just for Microsoft sort of patching as well, it's across sort of Apple and Linux systems. Leanne Taylor: That's awesome. Now I want to circle back to your managed SOC offering because it is a a brilliant service for customers and I know you do a lot across multiple industries, but namely education. I think when we were chatting, you noted you're up to about 120 education schools or private schools around Australia, which is very impressive. And also the work that you're doing with state government and the councils, can you elaborate on some of the work you're doing in those spaces? Paul McIntyre: Yeah, so we do quite a bit in the independent education space. The foundations of our sort of SOC are that traditional sort of same piece, right? So in education and I suppose in the larger mid market, to be able to stand up a seam, to be able to do the correlation and detection ruling, the deployment is is quite difficult for that sort of market. From an outsourcing perspective or a or a co-management perspective, there are a lot of players in there that sort of price themselves out outside of that sort of market. So we've built that seam SOC offering to to make sure that it's sort of budget friendly and we're sort of leveraging the best of of both organisations in that sort of engagement. So it's sort of a co-managed shared responsibility model where we'll we'll bring the I suppose the cyber threat landscape piece, we'll bring the the security tooling, we'll bring the massive amount of detection use cases that we've got and the heritage that we've got across the education space to overlay that. So the customers are sort of getting quicker time to value for that monitoring and detection service then then they would definitely if they sort of stood it up themselves, but if they just went to a player that wasn't so large in in in those particular markets as well. So yeah, we've sort of built that with a number of factors in mind, but the open interoperability across the technology stack and and sort of that just aware of some of the budget constraints in in those markets that we're playing in. Leanne Taylor: And every business is different, right? So you do some work in government. So the council space is of interest to you as well as well as healthcare. Can you talk about what you're doing with the local government? Paul McIntyre: We run across a number of government spaces. We're sort of doing a lot of managed detection and response services, so typical sort of seam SOC as we've we've touched on, also sort of endpoint extended detection and response sort of technology as well with agent-based technology on assets. So both from an automated response, but also from a threat hunting standpoint as well, and also network detection and response activities in and amongst that as well. So that full sort of Gartner SOC triad, we tend to deliver that into the councils and the like. And we haven't touched on it today, but we also deliver privileged access management solutions as well. So as a sort of project based service or a managed service, we can deliver those in and and help, you know, particularly regulated industries and and councils and state governments with that journey with that privileged access management journey. So everything from starting with just vaulting passwords to moving across to managed managed accounts and then fully securing that access and addressing internal risks and also addressing supply chain risks as well by sort of providing just in time management of accounts and and access into sort of council or state government environments through those privileged access tools. Leanne Taylor: And one of the great things is everything is housed in Australia. All that data, all the all the work that you do, nothing goes offshore, which I know is a big tick in the box for for government. So and I think for education as well, it's refreshing that they're working with an Australian company and all the data stays in Australia. So that's wonderful. So Paul, thank you so much for your time today and I've really enjoyed this chat with you and I welcome all of our customers that would like to continue the conversation around security to reach out and I'm sure Paul would be happy to jump on a call with us and talk about how we can help you. So thanks so much for your time, Paul. Paul McIntyre: Fantastic Leanne, thank you and uh yeah, appreciate the opportunity. (Outro music) Leanne Taylor: Thank you for listening to Tech Talks with Taylor. I'm Leanne Taylor and here at Taylor Made Sales, our mission is to keep you, our valued customers, up to date, informed about the latest technology innovations that can support and elevate your business. Stay curious, stay connected, and we'll see you next time. (Music fades) your business. Stay curious, stay connected, and we'll see you next time. (Music fades)  

Ver todos los episodios