Jeff Standridge: This is Jeff Standridge, and this is the Innovation Junkie’s Podcast. If you want to drastically improve your business, learn proven growth strategy, generate sustained results for your organization, you’ve come to the right place. Over the next half hour, we’re going to be sharing specific strategies, tactics tips that you can use to grow your business. No matter the size, no matter the industry and no matter the geography. Weekly, we’ll bring in a top mover and shaker someone who’s done something unbelievable with his or her business, and we’ll get deep. We’ll uncover specific strategies, tactics, and tools that they use to help you achieve your business goals. Welcome to the Innovation Junkie’s Podcast.
Hey guys, if you’re looking to put your business on the fast track to achieving sustained strategic growth, this episode is sponsored by the team at Innovation Junkie. To learn more about our GrowthDX, go to innovationjunkie.com backslash GrowthDX. Now let’s get on with the show.
Jeff Standridge: Hey guys, Jeff Standridge here, and welcome to another episode of the Innovation Junkie’s Podcast. Good to be with you, Jeff.
Jeff Amerine: I’m glad to be here as well.
Jeff Standridge: Hard to believe it’s another episode, right?
Jeff Amerine: Yeah. It’s always fantastic to get together to talk to great innovators.
Jeff Standridge: Yeah, we’ve got a couple of great innovators with us today. We’ll have a four-person episode today with two guests. They are from the Forge Institute. The Forge Institute empowers their partners with cutting-edge technologies and new capabilities that advance cyber operational objectives and enhance our national security. It’s led by Scott Anderson, who’s the executive director and facility security officer. Scott leads all of the development and execution of the organization’s numerous initiatives training in cyber and operations programs. In addition, he’s responsible for partnership development, stakeholder engagement, and he oversees compliance for our national security collaborations or those of the Forge Institute. Prior to joining forge, he was Major Scott Anderson retired as commander of the 223rd Cyberspace Operations Squadron of the 189th Airlift Wing, the Arkansas Air National Guard.
Taylor Cassat. Taylor, I apologize if I mispronounced that, but you can correct me when you come on here, VP of sales and business development, establishing sales strategies that drive growth for the Institute. Taylor worked as a senior intelligence analyst for the East Coast Navy Seal teams, responsible for enabling direct action, counter-terrorism operations, and strategic completion targeting through the U.S/ Department of Defense and Inter-agency capabilities and a member of the US Navy. Scott, Taylor, thank you for being with us today.
Jeff Amerine: Hey, guys. Welcome.
Scott Anderson: Thank you. Nice to meet you.
Jeff Standridge: Taylor, how did I pronounce that name? Did I get right? Or was it close?
Taylor Cassat: Yeah, I mean, it was really, really close. It’s Cassat. So it’s actually pronounced just like it’s spelled. Yeah.
Jeff Standridge: Cassat. I got ya. I got ya. Well, I’ll remember that from now on, so thank you for that.
Jeff Amerine: Well, we’ve got four. I was going to say old military guys, but two of you are not nearly as old as the other two that are on.
Jeff Standridge: Well thank you, Jeff. I appreciate you for saying that about me.
Scott Anderson: Not going to lie, getting up there.
Jeff Amerine: We probably have got 100 years of military experience here.
Taylor Cassat: Hm. I think Scott’s experience basically goes back to World War II, right?
Jeff Standridge: Oh dear. Yeah.
Jeff Amerine: Well on that note, since we got everybody in a good mood, we like to start off on a little bit of a lighter tone. So we’re going to go around here and find out what’s your most comical military story that’s unclassified that you can tell. Scott, if you want to lead us off. Go right ahead.
Scott Anderson: Yeah. Funny to me or other people.
Jeff Standridge: Either way.
Jeff Amerine: None of us are going to be accused of having a generalizable sense of humor, I suspect. So just give it your best shot.
Jeff Standridge: Yeah. Yeah. My jokes are always funny to me, but they’re not usually funny to anybody else.
Scott Anderson: That’s right. This has probably fallen more in that line. I would say working long missions, doing Intel operations. You kind of need things to liven you up. There’s a 10 hour YouTube loop of the theme song to Robin Hood, the old cartoon movie with the whistling. I put it on and locked up my computer, and we listened to it for 10 hours. It was pretty funny for me at least. Everybody else was mad, because I couldn’t get my speakers, and shut them off.
Jeff Amerine: What was that considered enhanced interrogation or actual torture?
Scott Anderson: Both probably.
Jeff Amerine: Taylor, what about you?
Taylor Cassat: Yeah, so my first deployment was to West Africa with one of the East Coast Navy seal teams and nothing particularly wild was going on at the time. So we let everybody that was having children go home to be with their wives as they were about to have their kids. But none of those good deeds went unpunished. So, they went home, they had their time away and while they had their time away, we were able to set up some very intricate traps for them once they entered their rooms when they got back. So, these are nothing fancy, right? These houses that we were living in were plywood boxes at the time. So, we took some bungee cord, some thousand mile an hour tape or duct tape for the masses.
We made slingshots with several water balloons. At the time we had real nice Canon cameras with night vision lenses on them. So we drilled holes into their rooms so that we could put the cameras on the outside and have all the room dark. As they would walk in, a seatbelt cutter would cut that nylon, and then the water balloons would fling into their face as soon as they got back, and that was their welcome home. I’ve never seen more hilarious faces than somebody who’s about to get hit right in the face with a water balloon.
Jeff Standridge: Very good. Very good. That’s awesome. I love that. Yeah.
Jeff Amerine: Jeff, what about you?
Jeff Standridge: There are several, but I think of one all the way back to basic training at Fort Lost In the Woods, Misery or Fort Leonard Wood, Missouri for the civilians out there. It was an infantry and a combat engineer basic training camp for the most part. We had a guy, and he’s probably still out there today. I haven’t seen him since then, but his name was Howard Snead and he was from Montezuma, Georgia. He talked like he was from Montezuma, Georgia. He was, “My name’s Howard Snead, and I’m from Montezuma, Georgia.” That’s the way he talked.
So to this day and he always messed up, and he was always doing push-ups. He spent his entire eight weeks pushing up the ground at Fort lost in the woods Misery and we would get so cracked up at hearing him, “One soldier, two soldier, three soldier, four soldier.” It may be pouring down rain, no matter where. “One soldier, two soldier, three soldier, four soldier.” Again, like Scott said, it was funny to me. It was funny to all my guys, but it’s probably one of those locations stories where you had to be there for it to be funny. So.
Jeff Amerine: Yeah, I tell you, I’m struggling with this one personally, because I’d have to really out some people that are still alive, that would probably come back to haunt me if I told some of the stories I want to tell. But I give you one and this was a pretty good guy, and I’m actually doing business with him now after almost 40 years, but it was plebe summer when I was at the Naval academy. We’re wearing these goofy white works outfits that are kind of sailor costumes inspired from probably the 1930s that were still wearing in the 1980s. We’ve got the Dixie cups on, and we’re running around. So somehow I figured out how to get myself in trouble, and I had to run down, and get the form that you had to fill out for demerit, which was called a form two.
It was a big old Oklahoma boy there, who was my classmate, who had the watch. He was called the C MOD. I can’t for the life of me remember what that stands for. Company mate of the deck or something stupid stuff like that. But I went running down and talked to this guy, who I’m now good friends with. His name was Blake Ratcliffe. He was from a ranch in Oklahoma. I said, “I need a form two.” He’s like, “Oh, form two?” About like that and at that moment, wouldn’t be for 40 years and I’m pretty sure I’ve reminded him of it. So if he watches this, and he’s embarrassed and appalled by what I said, I’ll have to apologize, but I’ll never will forget that it’s stuck in my head for 40 years. “A form two.” I mean, Forest Gump couldn’t have said it any better quite honestly. So it was funny to me anyhow.
Jeff Standridge: That’s awesome. There you go. I think all of our stories were probably more funny to us than they were to anybody else, right?
Jeff Amerine: You had to be there.
Jeff Standridge: That’s all right. That’s all right. Well guys, Scott, maybe tell us a little bit about the Forge Institute, maybe how it came to be and how you guys spent your time today.
Scott Anderson: Yeah, I’d be happy to, I’d say about three years ago, our CEO was kind of looking at what’s next. He was heavily involved in and stood up the Venture Center here in Little Rock. I don’t know if you’re familiar with that, but that was a huge success doing financial technology innovation. I met him while I was still in the military. I started doing some outreach. I was standing up a cyber school house out at Little Rock Air Force Base. Some of the requirements were, “Hey, are we going to be able to recruit people, find talent for that military mission.” Come to find out, there’s a lot of people with a strong technology background, data science, cyber security that are in Arkansas or organizations are in Arkansas. So I met Lee Watson through, I think InfoGard, a program the FBI runs, and then they were holding a Hackathon.
We actually sent a team of some of our instructors and students through the Jolt Hackathon that the Venture Center was putting on. The first time we went through it was clean sweep. They won all the trophies, which was pretty awesome. Then I met some other folks in the academic institutions, met some other cyber technology companies and started building that unit from the ground up. There was three of us in that organization. Now it’s about 45 to 50 strong along with about 30 contractors. They’re trained in cyber operators from across the nation, a huge success. I felt like it was time for me to retire. Lee asked me to join, and Forge Institute was growing. Now we have kind of multiple buckets we function in. One of those is our training academy and we work primarily with professional development but also steering and getting involved in the pipeline.
So this ties into other initiatives in the state is building those relationships, figuring out who we can work together. The multiple pathways, my pathway, is different from other people’s pathways into technology or into cyber. So it’s figuring out some best practices replicating that. Then from a national security standpoint, we have an operation alarm. That’s part of our emerging threat center. You can think of this as kind of a next-generation fusion center, and it’s working with the public and private, building a partnership and trust because obviously there’s a lot of, historically, a lot of organizations that don’t trust the government and vice versa. So looking at critical infrastructure and how we can better secure it to be more secure as a nation. Then on the flip side is the innovation. We are working with some universities in the state looking at some ways you can bring all that together, the operational piece, the training, professional development and new tech that’s coming out, because that impacts all of it. That’s kind of the sweet spot that we like to function in, kind of where that Venn diagram intersects.
Jeff Amerine: Are you a bit of a convener for some of the emerging cyber security companies that are out there? Do you kind of keep a close handle on those, and how do you pull them together so that they can maybe get the exposure they need to large enterprises or to government customers?
Scott Anderson: From my experience, I think it’s about building relationships. It’s figuring out who in an organization is passionate. I’m a big, big believer in technology’s important. Hardware, software. But it’s more about the individuals. So I’m passionate about the training that we do and the concept of when you build those relationships, you’ve got to continually develop people. It’s not something you can just go through this training, and you’re done. As the technologies change, like you said, that the emerging tech or threats with those technologies that we need to make sure we have better awareness of. So it’s awareness at all levels. Then from a technical standpoint, there’s some hands-on experiences that professionals need.
Jeff Standridge: So Taylor, tell us a little bit about your role with the Forge Institute.
Taylor Cassat: Yeah, so we kind of touched on my experience as a senior intelligence analyst with East Coast Navy Seal teams. But what I got to do before that was essentially to help pioneer the Department of Defense’s cyber intelligence program. So I worked with a direct wing of the National Security Agency and got to kind of develop a training pipeline to become one of the first qualified cyber intelligence analysts. So what I’ve done here is, when I left, I had a lot of industry standard certifications and experience. One of the cool things about the cyber industry is that it’s completely education agnostic as long as you have some sort of industry standard experience or some sort of industry standard certification. So I started my job search with that. So I’ve been with Forge Institute for about three and a half months now.
Last week, I added another wing to my title of, that’s already very long, VP of sales, business development, and now cyber intelligence as well. So what I’ve gotten to do is reach out to the greater cyber community, talk to them about our training programs, why they’re competitive, why our programs work to help people gain a better understanding of the course material versus a training program that may be a more industry recognized certification. But it’s not necessarily getting people up to par for the actual course material. So I’ve gotten to reach out to the cyber community around here and develop relationships, focusing on my expertise in my experience with certifications and why we are better at providing those.
Then outside of that, I’m getting to stand up the cyber intelligence platform that we will be using within our public and private sector partnership. Because a lot of what I think people don’t realize is that, everybody talks about the capability of the public sector. The NSA does this, the NSA does that, the CIA can do this, right? But I would venture to say that the private sector probably has more capability and potentially a better understanding of the overall cyber threat than anyone else, because they really bear the brunt of the cyber attacks. So it’s really, really a necessity, both for the public and the private sector to have that collaborative relationship.
Jeff Standridge: Can you guys give us some examples of maybe how you’re working with private sector companies as the Institute and working with them from a cybersecurity perspective?
Scott Anderson: Yeah. I’ll take this one. I would say that from a professional development standpoint, you look at that pipeline of talent and that continuous learning. My background, obviously I built the cyber school house out of Little Rock Air Force Base, but we were taking people that have an IT background and turning them into the cyber operators. It’s kind of a mindset shift from the traditional IT role. Now that’s pivoting into cybersecurity. So if you think about a pilot for example, a pilot has to get on an airplane and fly. Every what, 12 months or 18 months, they get into evaluation. Someone kind of flies with them, makes sure that they’re landing okay, making sure that they still know how to fly an airplane. I’ll use that analogy. I’m an Air Force. But when you think about a cyber operator, whether that’s offensive or defensive, it’s changing their mind to not just being someone that’s fixing the computers, they have to understand how the computers work, but they need to function more from an operational standpoint.
I.e. it’s more of being constantly evaluated and assessed to ensure you are relevant and still being able to secure your systems, if that makes sense. That’s what we integrate into our training or our courses. We like to say we are adjusted on the fly. We have a seven-week program that is a pathway for a really on or underemployed with little to no tech background to turn them into kind of an entry-level IT person. Then we have another 14-week program that takes someone with an IT background and turns them into a cyber operator, similar to what I did with the military. The private sector organizations that we’re partnering with are realizing that they need people with that operational mindset so that they can better protect and defend their systems and ultimately reduce risk. Right?
Taylor Cassat: Jeff, I’ll add to that too real quick. We’re on the Innovation Junkie’s Podcast, so I’ll relate this to innovation. Innovation is the name of the game within cyber, right? Without innovation, your network, your infrastructure overall for the cyber environment dies, because new and emerging threats are happening every day. New exploits are being developed as we speak. There are always people that are wishing to gain access to your system, whether that’s for the purpose of exploiting or whether that’s for the purpose of money-making. But our coursework is designed to be updated every single iteration, and most cyber coursework right now is only updated every three years. It’s a travesty, because it doesn’t give you the newest and most up-to-date information that you need to protect the systems that you’re working with. So that’s really how we’re collaborating with the private sector right now. We talk about new and emerging threats, and then we bring them in for training so that they can understand what the current environment is.
Jeff Amerine: Hey folks, this is Jeff Amerine. We want to thank you for tuning in. We sincerely appreciate your time. If you’re enjoying the Innovation Junkie’s Podcast, please do us a huge favor, click the subscribe button right now, and please leave us a review. It would mean the world to both of us. Don’t forget to share us on social media.
Guys, about three years back or so, and maybe a little less, I’d heard that there was a significant gap between the demand for cybersecurity-trained employees and talent and the supply and that gap was only increasing. Talk a little bit about that. I mean, I think that speaks to some of the opportunity and also opportunity for what you guys are doing. But I’d be real interested in your thoughts and kind of the current state of supply versus demand talent.
Scott Anderson: Yeah. Taylor, you want to go first on this one?
Taylor Cassat: Yeah, sure. So, worldwide by 2024, they’re expecting a gap of three and a half million jobs in cyber. So, what we’ve done is partnered with the state to allow UN or underemployed individuals to start that training pipeline so that we can pull the talent from the state of Arkansas, which we know is vast and plentiful, to become those cyber operators and fill the gap within Arkansas. That gap within Arkansas is especially important to feel, whenever you think about the fact that we own, I think, it’s a third of the nation’s power grid. We own a majority of the nation’s overall supply chain between Walmart and JB Hunt. I mean, Arkansas is a massive cyber arena, and it’s just, most people don’t even realize how extensive it really is.
So what we’re trying to do is take those un or underemployed people, the folks that maybe have not finished their degrees, the folks that are just willing and able to learn and motivated to learn new and exciting concepts. We’re turning them into that entry-level IT specialist, or if they’re more qualified, like we have a non-technical cyber assessment that we’re putting people through that will tell us what kind of jobs specifically that they’ll be working within.
So for those more qualified people, we can thrust them right into our cyber training bootcamp, which takes them not just to that IT standard of work. But it also takes them to the next level of maybe a security operation center analyst to actually monitor potential intrusions or threats that are emerging at the time.
Jeff Amerine: One of the things that typically is associated with cyber, the cryptography world and whatnot, and it’s kind of reinforced in a lot of what we see, is that these have got to be the deconstructive thinkers, the people that have the ability to recognize patterns, the people that are maybe good at math and whatnot or maybe some musical background. There’s all these sort of stereotypical traits that are assigned. Is there any truth to any of that? Or can anybody come into this program that’s got an open mind and be a good student?
Taylor Cassat: I’ll tell you what guys I am terrible at math. I am abysmal, abhorrent.
Jeff Standridge: How bad are you?
Taylor Cassat: You tell me that you tell me to pick up a guitar, and I might be able to play a couple of chords, but I’m not musically talented either. I do love data. I do love logical ways of thinking and reasoning, and pattern analysis was obviously something very important when I was thinking about counter-terrorism or looking at a greater network. But I really think that anybody that is motivated and excited to learn can jump in, and be successful within this industry. It’s about having that willingness and that motivation, and that’s really about it.
Scott Anderson: Yeah. Taylor talked about that non-technical assessment that we’ve integrated into our programs. There are different spectrums within cyber security. Some of them are more doing that analysis, kind of like Taylor’s talking about. Then there’s folks that need to have that on keyboard capability. There’s a broad spectrum around that. I would say that from my experience, some of the best cyber operators now. I started off in avionics. I used to fix radios, navigation systems on airplanes. Doing that, I had to troubleshoot. So you had to kind of chase wires down that were broken, and you had to figure out what was wrong with systems. I’ve also heard kind of similar like HVAC folks that fix air conditioning or electricians. They’re looking at the wiring. They’re looking at ways systems communicate. Those skills definitely transfer over, along with other unique skills.
But this day and age, when it comes to cybersecurity and technology, we’ve had some discussions with some of our partners i.e in the medical industry. We talked about that seven-week program that took kind of like zero to no tech and to technology. There’s a couple of nurses that went through that program, because they’ve always been interested in tech IT, information technology. They were very successful. One of those two has actually got an entry-level IT position already, but the knowledge of the career field that they were in is beneficial as well. Because obviously hospitals to this day and age, no matter what industry you’re in, you have technology, and you have to be able to use software and applications, and you have to troubleshoot sometimes when that stuff’s not working.
I think there’s some foundational knowledge that everybody needs to probably be brushed up on. Younger kids today are born with it. My 10 year old, I don’t think, has ever not got a piece of technology in his hand. So it’s just kind of understanding what people are good at and then figuring out how to leverage that wisdom or mindset or thought process into how to do things better.
Taylor Cassat: Yeah. I’ll add one more example to what Scott just said. You know, we partnered with Arvest recently to send some of their people through our cyber training bootcamp. One of the people that we sent through was someone, who’s a bank teller, that they wanted to pull somebody from internal of their organization to make them into a security operation center analyst. Bank teller, straight from bank teller to cyber. Obviously you don’t think bank tellers are going to be a cyber analyst at the end of the day, but this person was just motivated, excited, and willing to learn. Now they’re employed as a SOC analyst at Arvest.
Jeff Standridge: So where does the funding come for the Forge Institute? How do you, I know if you’re working with private sector companies, I suspect that they bring you in and hire you to do work with them. But what about open enrollment folks that may be going through your seven week or your 14-week programs? How is the Forge Institute funded?
Scott Anderson: So we have the 14-week program, most of the individuals that have gone through that, organizations have sent them. The state workforce services office has agreed to potentially reimburse up to 75% of the tuition, which has made it more attractive to Arkansas companies, obviously. Then in regards to the seven week, kind of no tag or un or underemployed, we partnered with Charisse Childers and Phil Harris at Arkansas Workforce Services. I think there were people that applied and were selected to go through that program, and the state covered tuition costs for that.
Jeff Standridge: Got it. So where do you say the Forge Institute, say over the next three, four or five years? What’s the ultimate kind of objective in terms of strategic vision?
Taylor Cassat: I’ll tell you what I would love to see us become competitive within the training academy realm. I think that our coursework is very clearly better than a lot of what’s out there. The market is just so saturated with people who say they do things but don’t actually provide what they’re marketing. I would love to be that training provider that legitimately updates their curriculum as new and emerging threats come out. While we’re doing that now, it hasn’t been on a massive scale. I want it to be that major training provider. Past that, our emerging threat center has multiple already. I would love to see become that next generation fusion center that everybody nationwide is able to use and come to you for collaboration and innovation within the cyber arena. I think it’s really important to have that intelligence sharing capability. It’s really exciting to see it finally happen.
Jeff Standridge: You say competitive within the training academies. So who’s your biggest competitor or competitors today?
Taylor Cassat: I would say that the industry standard guys are SANS, ISI Council, and CompTia. It’s mostly because there is a compliance piece to most major companies that each one of their employees within the cyber industry has to be certified at a certain level. So their certifications are nationally recognized as the standard regardless of how they’re taught. Most of the time, the way they’re taught right now is through a three to five-day bootcamp, quote unquote, where the testing standard is taught and the knowledge standard is not. So people walk out of there with a certification but less of an understanding of what they actually should know.
Jeff Standridge: Gotcha. Jeff, any up questions?
Jeff Amerine: Yeah. I mean the final one is, I mean, you focused a lot on, on the training and education around sort of the operational and the analytical side of this. There’s the work ahead of that in terms of policy and some of the things that people think about relative to privacy and security, there’s a whole field that’s growing up there. Then there’s the work on the other side of it, around the remediation response to breach and all that kind of stuff. Do you see your role expanding into some of the policy and some of the after action remediation stuff in terms of the curricular offerings?
Taylor Cassat: Yeah. So it’s funny you say that, we are actually putting on a governance risk and compliance auditing course in November. So it’ll be our first time that we’re putting it on. We noticed that we really needed to expand into that realm and be able to provide that start to finish. We’re talking about the risk and compliance auditing, the red team and operations for penetration testing to determine the vulnerabilities of the network, the blue team side of the incident response and remediation. So we do the full suite of coursework for all of cyber.
Jeff Amerine: That’s great stuff.
Jeff Standridge: Very good.
Scott Anderson: In addition to those boot camps we mentioned earlier, we have shorter courses like Taylor mentioned with the governance compliance and risk course that’s coming up in November. We have a red team course going on right now, a penetration testing course. Then we have custom courses that we designed for specific organizations and no public or private organization is kind of outside the realm of needing to be developed. I would say that we’ve had great conversations with state public sector folks, and they’re starting to take cyber more seriously, and they’re developing a lot of their IT people into more cyber security, incident handling responses. That there’s a piece to that. When you think about, even what you’re mentioned with the privacy and the data. You look at schools and how much information they have. They need to be developed. So the technicians that manage all the IT in the schools need to have more of an operational mindset and be more cyber secure so that they can not just protect the students, but obviously that infrastructure that the state owns.
Jeff Standridge: So for any of our listeners who are looking to get in touch with you guys, how can they find the Forge Institute, and how can they find each of you?
Taylor Cassat: Yeah. So our web address is Forge, F-O-R-G-E Institute. That’s a strange domain, but that’s what it is. My LinkedIn’s always open. It’s easy to find. It’s Taylor Cassat, T-A-Y-L-O-R-C-A-S-S-A-T. Please get in contact with me however you can, and I would love to talk through Forge Institute’s overall coursework offerings.
Scott Anderson: Yeah. The website for me is probably same.
Jeff Standridge: You got it. Forge Institute.
Taylor Cassat: Yes, sir.
Jeff Standridge: Well, gentlemen, it’s been a pleasure. Been a pleasure having you with us today. We appreciate the work that you do. With that, we will sign off. This has been another episode of the Innovation Junkie’s Podcast.
Jeff Amerine: Hey folks, this is Jeff Amerine. We want to thank you for tuning in. We sincerely appreciate your time. If you’re enjoying the Innovation Junkie’s Podcast, please do us a huge favor. Click the subscribe button right now. Please leave us a review. It would mean the world to both of us. Don’t forget to share us on social media.