Chip Harris: I void warranties and I’m a warning label.

Well, I mean, okay. I mean, I yell, scream, cuss, hoot, and hollers. 

So, get ready for it. Cause I don’t have a filter. I tell everybody, like I don’t, I don’t dumb this shit down for anybody. 

Joel: There’s your introduction to today’s guest, nerd. 

I’m just going to open the show with that. /

My name is Joel and I’m a recovering nerd. I’ve spent the last 25 years bouncing between creative jobs and technical teams. I worked at places like Nickelodeon to NASA and a few other places that started with different letters.

I was one of the first couple hundred people podcasting back in the early aughts until I accidentally became an IT analyst. Thankfully, someone in the government said, “Hey, you’re a nerd that talks good.” And that spun me off into the world of startups, branding, and marketing, for the same sort of researchers and startup founders that I used to hang out with. 

Today, I help technical people learn how to get noticed, get remembered, and get results.

On Nerds That Talk Good, I want to help you do the same. I talk with some of the greatest technical communicators, facilitators, and thinkers that I know who are behind the big brands and the tech talk that just works. 

/

Joel: As Chip opened us up with, this is an explicit show. We are going to be talking about some pretty hard subjects. 

Chip as a history, as a military contractor and currently works in the operational technology space. That can include power, water, defense. So whenever anything bad happens in those areas, Chip is behind it. That’s not what I mean, Chip is there to save the day. Unfortunately, when something bad happens, it can be pretty bad.

The subject matters are going to involve, terrorism, drugs, injuries and, that type of stuff. 

So if you’re cool with that,

Stick with us, if not I’ll see, on the next one. 

/ very excited to have Chip Harris joining today. Chip’s a Senior Cybersecurity Administrator, Ethical Hacker, Pen Tester, Investigator, Nerd, Teacher, Public Speaker, Cybersecurity Content Creator and Evangelist for Cybersecurity and Strategy. 

All of that and ain’t nobody ever seen this man’s face. Because of his past career, the critical industries he helps protect and the bad guys he exposes, Chip practices an extreme amount of OPSEC or Operational Security to protect his identity and he is truly operating from stealth.

 That hasn’t stopped him from being interviewed on camera, on several podcasts, being prolific on social media and even acting as a spokeshacker for some pretty cool community stuff that’s going on in the cyber community. I thought it would be really cool to have Chip on to talk about operating from stealth, how to be selective in what you share with the public, but also just how to make an impact with the information that you do share.

Chip, buddy, this is awesome, finally to get down and sit and talk with you. We’ve been going back and forth on LinkedIn quite a bit, but thanks for joining.

Chip Harris: No problem, sir. And with that intro, I’m guilty, hell of all of it. I mean, every bit. I ain’t. Can’t deny, lie, or deny any of that, so.

Joel: And that’s an abbreviated background for you, man. I’d love for you to just start us off, give us the nerd origin story, little baby Chip, what got you into tech in the first place and then where you got to today.

Chip Harris: Everybody’s got an origin story, right? Somebody had to get you into this, field, right? , as I tell, I’ve told this to students, I’ve told this on podcasts before and everything. I grew up dirt poor. I mean, just straight up po’. Hell, we couldn’t afford the R.

I mean, we were just po’, and I grew up in the Deep South and I’m still in the Deep South probably because people make fun of my accent all the time, but I don’t give a shit. But as I tell people, growing up in poverty, you look for a way out of poverty, and yeah, it was it was a hard road for me, but about 7th, 8th grade, I got to see an Apple IIe. In my first computer class, and I was like this, this screen, this green text, this, this is my out. I don’t know what this thing is, but it’s new and it’s exciting. And, I want to, I want to get into this. And, my parents actually scraped up enough money to get a gateway 2000, from, Fucking Walmart, and since I lived in a rural area, I didn’t have a neighborhood, my nearest neighbor was a mile and a half away.

I had the old, *dial-up noises* dial up US Robotics modem and. The internet or, and it was, it was very new cause I mean, … 

Joel: BBS’s. Usenet. 

Chip Harris: …yep, with BBSs and AOL and message boards.

And, as I tell us, like you kids today are so motherfucking spoiled , “Oh, it takes too long to load up dad, or it takes too load.”

I mean, like, do what we had to go through to get stuff to work? We had to break it, fix it and figure it out. There was no, like the closest thing that we had in my town was a Radio Shack, there was no computer repair stores, and it was, you had to get your hands in it.

You had to get, you had to learn what this stuff is. And that’s how I got started, and I went through my, high school years, graduated with honors, got a scholarship and went to college on scholarship, ’cause I busted my ass. ’cause I was like going, either I’m gonna be really, really smart or I’m gonna be really, really poor.

Because the place that I lived in was cursed, with high poverty. , very rampant drug use. And, it was one of those things that was happening in the South in the, the earliest of the nineties with the opioid boom, that was actually happening, and the cases of heroin were going through the roof as well.

And my dad, worked very closely with law enforcement. My dad was a former spook. He worked for the CIA, NSA, NTSB. And then he ended up working for the ATF for about four years and then retired out as a postmaster, general for the state that I live in now. And he was, his job was chasing drugs, through the mail. I got to hear a lot of that and , after we got out of a little bit of poverty to the beginning parts of middle class to where we were able to like, like I met cops all the time, I met all these agents all the time.

And, every one of them said, “keep your head in the books, keep you, keep your, Keep your life straight, don’t get involved with any of this mess” and stuff. And I had a very small peer group, through high school that got me into college. And when I got to college, I was like going, “all right, this is the time to shine.”

And, while my friends were going out and partying and everything, I was in a data center. , when they had the big IBMs, the big blues, and back at back in those days, you were the blue or red. So to give you a timeline kiddos, this is in the early nineties, when this was actually happening and, we started seeing for the first time, like, Roadrunner, which was Comcast, getting DSL lines, and we had we had, we went from what, I’ll never forget it, in 1996, it was like the trademark year.

We went from five and a quarter inch floppies to three and a quarter inch floppies to zip disc, to jazz drives. And then for the first portable, the first portable, I mean the size of a lunch lunchbox, 20 gig hard drives. , in one year, with the, with Toast, which most people don’t even remember that program.

So it was like, and we were burning the first, two and four CD-ROMs. And it was a very interesting time to break into that industry because there, I worked at a computer store, that was a big box retailer called CompUSA, which most people don’t even know what CompUSA even is now, that went away. 

Joel: The CompUSA near me that I shopped at in college is now a Big Lots. 

Chip Harris: Yeah. Yeah, 

Joel: Yeah, but I still remember walking in and seeing all those computers in the glass case up front. Oh man, you’re making me nostalgic. 

Chip Harris: Yeah. And it’s kind of a little bit of nostalgia now. Cause I mean, I started off as a bench tech, making 12 an hour, it was like the highest paid bench tech that they had in there. And that’s how I started getting like my first certifications, ? And , I got my, I said, okay, “you have to have your, A plus within six months.”

And I was going, what the hell is an A plus? I didn’t know what the fuck A plus was. I was like in college. They’re like, no, no, no, no, no. This certification that you got to get from CompTIA, it’s going to teach you what the insides and the guts of the computer are, I’m like, well, hell, I already know that.

And then, when I went to this, they called them Prometric Testing Centers. I don’t even know if they’re still around. But like I went in there and, they put, Take all the stuff out of your pockets. , we didn’t have cell phones, ? So it was like, just walk in there, give them your keys, sit down and then, take this test.

And it’s like, I blew through it in like 20 minutes. And they’re like, okay, you passed. Would you like to take the next one? I’m like, well, what’s the next one? And they’re like, well, this is like, your Linux plus your network plus. So I’m like, I started, that’s how I started, started out.

It’s like, I didn’t know. Anything about certifications. I thought it was like, I’m going to school for computer science degree to get, my, my bachelor’s and then I’ll be able to get a job after that. No, no, no, no, no, no. I found out very quickly that certifications build into the knowledge base of what it is that you have.

And I took like the first windows XP, like, like XP had Just come out, and we were on Pentium fours and they were just kind of like, man, this is cooking with fire, dude, these things kick. 

Joel: It’ll never get faster 

Chip Harris: Yeah. We, and then the whole Y2K scare back in 99 happened, and everybody was, updating and, and this is where I was introduced to the first computer viruses.

And, I had, . Bumped into a friend. He’s like, “yeah, we’re going to this swap meet.” And I’m like, “what’s a swap meet?” He’s like, “we swap computer parts”. And I’m like, “fuck yeah, I’m going bro. Let’s figure all this out.” And that’s when I was introduced to the hacker community. And that’s where I learned the roots.

Cause I mean, coming from a rural agrarian state into a bigger city, like I didn’t know any of this stuff existed. It was how I was introduced to the hacker community and how I was introduced to the Linux community and what I call the dirty old wizards, of the industry, like, the guys that were there when COBOL, was still around and punch cards.

So it was very nostalgic and interesting to get, learn these things and learn how these systems work and like, how. We got to the internet, like how we got from ARPANET and this was stuff they were not teaching me at school. This was like all hands on stuff. So it kind of blew me away and I was kind of like, well, man, this is awesome.

So I graduated, Summa Cum Laude and was still working at CompUSA, after and then, you , Y2K happened and then the internet, most people don’t remember the internet recession happened, the Y2K bubble, blew and so did Dotcom fallout, blew up and everybody I knew got laid off, like everyone, and I was just paycheck to paycheck, hand to mouth, and yet living in a one bedroom, one bath apartment, and just trying to keep my car up and running. And I, I scattered the world. I covered the city with just resumes, and went to hiring companies and temp companies. And they’re like, dude, we got nothing.

I’m like, this is a fallout like you have never seen. And I went to my dad in desperation. I said, “dad, look. , I did what you wanted me to do and I did what I wanted to do to get out of poverty and I’m not going fucking back,” and I’m eating top end ramen noodle, with Gatorade, and green beans to survive, and I’m eating and when I get, a really good paycheck and I splurge, I get some, freeze chicken and put it in my, George Foreman grill and I put mayonnaise on it so I can, have substance, for protein and I’m like, “I want to go in the military.”

And he was like, “fuck no, you are not going in the military.” He goes, “I got enough business cards from military contracting companies that I can make some phone calls to, but you will not go in the military.” Cause I mean, that was, my dad had been poked and prodded by the Viet Cong and tortured and was POW MIA, and got released.

And he’s like, “look, I’ve gone through the federal finger up the butt, trust me, it’s not good. You don’t, . I know you’re young and you’re struggling, but there’s more money to be made out there than going to work for the military.” And I said, “okay.” So my dad made some phone calls and within right, it was a month before September 11th and then September 11th happened.

And then all of a sudden military contracting became the biggest thing. And I got my military contracting license and I had to go through all the background checks and everything. And went through, I’ll finally got my, my license and stuff for military contracting and, and whatnot.

And the first phone call I ever had was with really, a company now that’s changed, but they were called Blackwater at the time. In my beginning part of my twenties. it’s 21 22. And they said, “Oh, you’re young, you’re healthy. You got all these certifications in your license.

Come in, let’s talk.” So, 

Joel: You’re uncorrupted.” 

Chip Harris: That is correct, well, I had grown up around enough cops and DE agents and FBI agents. I like, I know the territory, and I know, and my dad had tons of Marine Corps friends and Air Force friends and Navy friends. like, I know the speak. And I know how the wheel gets greased and turned in the machine.

 Went in and I got my weapons training and they gave me a gun and pointed me towards Afghanistan with a laptop because I was the guy in the rear with the gear they said, once you get in, in country, we’re going to assign you to a military unit which they did, which they assigned me to the 501st Air Cav out of Fort Campbell, Kentucky, great guys that I worked with.

And I was attached to Special Forces Night Stalkers. So that’s how I got started in the industry. And they’re like, ” wow, you. You know,, Linux, I’m like, yeah. Like, you know,, Window systems. Yeah. You know, All this, stuff. I’m like, yeah. And he’s like, well, cool.

I did that for, the better part of 15 years, everything from training to teaching to seminars to counterintelligence, I worked in special operations, then they sent me to Fort Hood to work with the drone program.

And then after I worked with the drone program, they sent me to the Department of Defense, which I spent a year in that filing cabinet. And then, then my contract got switched to the NSA.

The contracting company I was working with, was getting some heat and some shit. So they sold my contract to Dell I’m, was stationed at the national security agency with joint cyber command, as well as satellite SATCOM intelligence which I worked on and created a counter surveillance, counter intelligence program, from scratch that started off as a sheet of paper with some crayon markings at Olive Garden, which turned into ship to shore satellite relay system and counter surveillance, counter intelligence, drone software. And I got the patent for that, which was pretty cool, which I’d never had to go through that process, which Dell was backer, for that worked in the DevOps I worked, down in the rock which is the lower bowels of the basement, the NSA,

Then they sent me back to Afghanistan and then I was shot twice, stabbed three times and hit with an IED. And I was like, what, it’s time to get back to the United States. So I came back on the end part of that contract to deal with narco terrorism, I was like going, what? They’re like, yeah, well, they need counterintelligence and counter surveillance for narco terrorism, but it’s in the States, ? And I was like looking down. I had my liver sticking out, I was like, “nurse, can we tuck that back in? Cause I’d like to get sewed up, and get these bullets out of me.” . I’m getting a little old, I was, in my late part of my thirties going into my forties was kind of going, what?

Getting shot at is not on my top 10 list, top 10 list to do anymore, ? So I want to go back to the United States and they said, okay, we got this contract, but you’re going to be investigating the Cialoa and the Juarez drug cartels for two years. 

And then I said, I am done. It was 2008. just, come through the horrible, great recession, that was out of that. And so it was 2009. I said, what, I can do all this from home. 

 I built my own data center and server room here in my house, which is the top level of my house on the second floor.

I took the spare bedroom and hollowed out the closet and put in a rack server and air conditioning and airflow system and bought a ton of laptops and computers with some of the money that I had saved up.

I’ve been working remote since 2015, so I was social distancing before it was a fucking thing. know yeah. And being handicapped, cause I’ve had seven major surgeries, before and after, the, the, the accidents that happened to me, you I still, suffer with a lot of neuropathy and physical damage that happened to my body.

I had my last surgery last year. They got some more metal out of me and they put some more metal in me to kind of straighten things out and make things better. But that is basically the journey that I’ve had. So I have been in my house working remote on remote contracts for everybody from gas, water, light, electrical, to nuclear, to working with the contract that I have now which is with the New York, New Jersey Port Authority.

Joel: That is a circuitous origin story and I would absolutely watch six seasons of that on netflix I have to tell you man. Who would we cast as you? 

Chip Harris: As I tell people, one of my favorite actors, I don’t give a fuck what movie he’s in. If it’s got Nicolas Cage, my ass is there. I’m watching it. He’s crazy, but you gotta, you’ve got to be nuts to go through some of this shit and go through some of the stuff that I’ve had to go through, I mean, it’s just been insane

Joel: yeah, I think Nick Cage could absolutely capture that crazy and he is at the point of his career right now where he can do whatever and you have already, burst the the parental warning that I might have had on this episode. He could do whatever the fuck he wants at this point. 

Chip Harris: He’s made his money, .

Joel: I think Denzel Washington for me and I think that’s just my, my insecurity.

But anyway I would love to, to dig back into a little bit of that that background because, eventually, ultimately what you’ve worked your way up to is sitting between the technology and the decision makers and the leaders. 

We chatted about this briefly before, before we started recording is really you’ve gotten into a position of using your great wealth of experience. to tell stories and make recommendations. And, I think that is really what’s of an interest because, given your background, you’ve got the technical chops a hundred percent, I don’t think anybody can doubt that. But it, then it’s challenging.

When you have those technical chops to be able to put it in front of, say, leadership…

Chip Harris: I try to see it this way. I put it in front of Joe Beer Can because when I’m sitting on the stand, having to explain to a jury what this pedophile did and how he did it, they don’t understand a shit about IPSec they don’t understand network translation. They don’t understand backtracking.

 So I try to with the C level people I have come, it doesn’t matter who or whom you’re talking to, they’re what I call a one pager. , they, they read one page with the bullet points. They want to hear the 30 minutes of good and the 10 minutes of bad, and then go on to the next thing.

Same thing when I make PowerPoint slides, I don’t make more than 10 PowerPoint slides because after that, they start thinking. Shit. Did I leave the damn mic my coffee in the microwave this morning? I mean, they, they start wandering and it really has turned into psychology. And it’s not that I’m a scary person.

Yes. I’m a very scary person. My wife will tell you the same thing. Cause well my husband is not nice. , he is somewhat civil, but , he is an asshole, but he’s my asshole so that’s my wife would explain it. So I was 

Joel: He’s not a tame lion, but he is good. 

Chip Harris: Yeah. , and, and, and, and truly in life, I have learned, especially when with, the the the business, as I tell you people, especially on my side of the fence, if you just learn to truly just not give a fuck anymore, you are truly free.

Because like I go in there and I tell them the truth and they don’t want, sometimes they don’t wanna hear the truth, but if I sugarcoat the truth, it’s a lie. And this industry, all of cybersecurity is built on one single thing. And I stress this every time I talk to students and whatnot is trust. It’s like, look, you got to trust me on this because, um I’m going to tell you how bad, bad is going to be when this goes awry.

And I want to tell you what a nation state would do to destroy your network and your systems and steal your money. I’m going to tell you, Mr. Banker, how bad it’s going to be when they steal your Bitcoins or they steal or break into your , Unregulated monies that’s being transferred through wire transfer, white plastic whatnot.

So, I mean, yeah, it’s like, I can lead you to the door and I’m going to open the door and show you the hellscape that is, you’re either going to walk through it and fix it, or you’re going to close the door and you’re going to forget about it and it’s going to get 10 times worse and then my rate’s going to go up because they’re going to charge you more so it’s like, you, know, you you pay me now.

You pay me later. Still got to fucking pay me.

Simple as that and, and that’s how I’ve approached the rest of my career since I turned 40, because it’s like, there’s life before 40, and then after 40 as I tell people, it’s like, so once you go over that Hill I just quit it’s like, look, I mean, I have burned lean tissue in the night, trying to bypass an ASA firewall and show them how bad, bad is within their network and their systems, but it’s like, is it going to get fixed?

Yes or no? 

, If it goes into a budget, when is that line item going to get pushed through and when are they going to get it looked at if it’s capital project, if it’s over 2 million, we’re looking at a year for them to be able to get funding to be able to do that. But are they going to fix it right now?

The answer is probably going to be no because uh, a lot of operational technology, first off is not cheap and then on top of that it’s 30 years old. And for all listeners that are out there, OT Technology stands for Operational Technology. Operational Technology is everything from hydroelectric power, dams, electricity, coal fire plants, nuclear power plants, um ship to shore satellite relay systems, telecom everything.

Your lights, you flip your lights, the lights come on, right? What happens if the lights don’t come on to your city? What do you do? You call the power company, right? So I deal with a lot of those things that are on that side of the fence that most people don’t think of. And I call it the “World Under the World”. , what do you, you see the surface of the world, but you don’t really see the in depth of how telecommunications, telecommunications power generation, steam, water, water filtration and stuff work. You just turn the faucet on and get a fucking drink of water and go on with your day.

You don’t think about the process of what it takes to get it there so, and be clean

Joel: There’s so many things that need to work. I think a lot of people coming into tech now um they’re like well, I’m just worried. I’m just worried about the network and I can, I can transfer my skills from a bank, OT, here and there, different industries. Um, But you have to come at it with a real understanding of the business and the pipes to understand that I may be recommending this solution or I may be waving a flag over here but like you just said You have to have that recognition of your audience and what their priorities are and say This might not be the thing that gets the attention Um, but if it is that hair on fire Uh, how do you get someone’s attention besides they should trust, trust Chip if Chip says something, but when you’re up against somebody who either isn’t hearing just because they don’t understand or you can see that, okay, maybe the tech is flying over their head a little bit.

What’s your approach to crafting that message for that one pager? I love that phrase, by the 

Chip Harris: yeah, I mean, they’re looking at bullet points. I mean, it, it, it boils down to simplicity. Okay. And, um, one of the things that I watch a lot of documentaries and I watch a lot of the 30 on 30 sports documentaries, like what players have to do to get into that zone and it’s never complicated.

We overcomplicate the shit out of this industry. I mean, we really do. I mean, and especially right now in the cyber world, the buzzword of the year is artificial intelligence. Shit, artificial intelligence has been around since the 1950s, 1960s. , this is nothing new. Artificial intelligence is not going to change everything and make everything better. It’s just a tool ? And then before that, it was what cloud ? And then before that I mean, we hear this in our, it’s, it’s a, the IT circular industry and vendor industry and, and the things that we have to deal with that’s coming from us. Um. They overcomplicate a lot of this stuff because guess what?

IP translations pretty much been the same forever since it was created. , Modbus same way, it’s 1970s technology and it’s improved a little bit, but , it is what it is and it’s not going to change anything. , It’s going to stay the same. You might ask them It’s like this, you got to have the cupcake before you put the icing and the sprinkles on it, right?

And most of the time people want the damn sugar on top with sprinkles, right? They’ll give a shit about the cupcake. It can be either vanilla, it can be chocolate, it can be strawberry. Who cares? Right. As long as it’s there, that’s the key thing is you’ve got to build the core part of that , the approach.

And that’s what I do. I, it’s not that I dumb it down. I’m not saying these people are stupid. I’m not saying they’re uneducated. Hell, they’re, they all make a lot more money than I do, but , my job is to come in there and want to say,” okay, here are the facts. And the simple part of those facts are, if this goes off, this happens.

If this goes sideways and you don’t have a DR plan or you don’t have redundancy, this happens. This is what you lose. This is your downtime. “And downtime in the industry costs money. Not just a little money, a lot of fucking money. And, uh, most people don’t realize that when an electrical plant that’s generating uh gigawatts for a city and gigawatts for infrastructure.

I mean, you’re talking 400, 000 an hour. That’s all, I mean, you’re talking half a million dollars an hour uh, for a power plant to be offline for an hour so if it’s down for like four or five hours, I mean and they’ve got to prorate their loss, that’s a lot of money that you lose and that’s also for, um operational downtime as well, and that’s Preventative maintenance, patching stuff, working with the vendor to get something solved. So it’s, it’s a nightmare. I mean cause you’re going to lose some money and most of these companies don’t want to lose money, 

Joel: Yeah. 

Chip Harris: And OT, when I tell students that want to get into this, they they want to get into IT, they want to be like a red team or they want to be a hacker. I’m going to tell you right here and now, you are looking at a very hard road to plow. I mean, kid I mean, that, that’s how I say it. You’re going to be poor for a while, but don’t think that you’re going to graduate from a college or have a bunch of certifications and think you’re going to get a six figure job.

You might, if you’re a top of your class, become a SOC analyst that’s pretty cause you got to pay your dues like everybody else did and just getting a sheet of paper that says that what you’re doesn’t mean that I’m going to unleash you on a keyboard and. And a mouse to regulate a nuclear power plant. What I’m saying? So You got to pay your dues behind the keyboard. You have to be able to click something. And I look at students and I said, okay, we’ll give you an example here. Cause I normally have somebody that’s pretty cocky and then and they raise their hand. I’m like, why are you getting into cybersecurity?

Oh, I’m getting in for the money. I’m like, what? There are a lot of other ways of making money than getting into cybersecurity. Not saying that we don’t need you, but we’ll give you an example. , and that cocky student normally says, okay, well, uh, give me an example. And I say, okay, here we go.

You walk into work after you’ve parked your car, you get on the elevator, you’ve badged through and everything, you sit down at your desk and everything, the CIO the CTO show up at your little cubicle and they say, “Hey, we’ve had a security breach within the next 30 minutes. I need you on the phone with all the different teams.

I need you to start pulling packet information and finding out what happened.”

What do you do? , When I, and I said like, okay, where do you go? What, what tools are you using? , How are you going to be able to do this? And I asked the student that, and then, I mean, then they start crumbling and I start seeing them list and I’m like, okay, what’s going to happen is within 30 minutes, you’re going to have no information and data based on what you’ve just told me on how you’re going to be able to handle this situation.

You’re doing better basically to shit your pants, suck your thumb onto your desk and the fetal position and hope and pray they don’t come and fire you the day you 

Joel: I guess it’s very much like the military. Once you have busted that student down what are some of the techniques and things that you use to, to, stories that you tell them to bring them back up or to give them the reality.

Cause , I, I was, I was that SOC guy. did the 12 hour, eight to eight shifts in a in a NOC and uh, it weren’t for me. don’t do that anymore. 

Chip Harris: Here’s the thing is I’ve been very blessed in some of the positions I am, because like right now I’ve got my team that’s working on an issue and I’m watching the stuff go through Teams as we’re talking here. And it’s just so funny to me, we try to explain to them what they want, even with snapshots and pictures with arrows pointing to it. And they still get confused. It tickles me to death and after I’ve torn somebody down and they’re, they’re doing this, like this is what you’re really going to have to look at.

Here are the certifications that you’re going to have to need. And this is what you’re going to have to do for the first five years. For my team. , you must have certain certifications. You must have I mean, keyboard time, like clicking time uh, and show progression in what you’ve learned and what you’ve done.

And then admit what you don’t know. Like I am not a network engineer and I am not a developer. I have a developer that’s on my team and he, he can speak Java and Python way better than I can. I admit I’m a script kiddie same thing. I am not a senior level network engineer, CCISP, or Cisco, or, Palo Alto or whatever super genius whiz I still have to use an IP calculator to figure some of those things out.

, I can’t do that shit in my head, but the guy that works for me and everything that is, um, in a Norwegian black death metal cover band that has long black hair and purple tips and tattoos on his chin and multiple piercings on his face. Um, And looks like Henry Rollins meets, Glenn Danzig meets Arnold Schwarzenegger that works on my team that you will never seen on a video call he’s really good at it. because he’s from Norway and he’s really good, at doing that stuff in his head. 

That’s his role and know your role, know what you’re good at and know what you like, to do.

I will not take on a greenhorn, somebody that’s just graduated from college that thinks they’re some whiz bang hacker.

I know you like, you have to have five years hardcore experience before I even let you get into this, what I do in the OT and the IT cybersecurity world, because guess what? You can get killed and you can kill people very quickly. and I was impressed when I met with HR last year and I was kind of scared and impressed at the same time.

I’m allowed 12 people to die on my watch before HR gets involved. 

Joel: Holy crap! 

Chip Harris: When I get to 11, I need to start really kind of getting scared that 12th person gets killed. It’s on me. Right. And then that’s when HR gets involved. I’m like, okay. But I mean, that is. The truth and the reality.

And when I started this job, we had three people get killed. And then last year I had a very good friend that got killed uh, because we deal with cybersecurity at the zero level, the device level, so like we’re physically touching the stuff so and when that stuff breaks or that stuff blows up or explodes, or, or there’s a pipe that rupture ruptures and everything.

There’s human casualty that goes with that. So when you’re dealing with OT cybersecurity, the first thing that should come out of your mouth is safety. Everything spawns out of safety and out. And we want to make sure that you are safe and secure and going on your life and that you’re not paying any attention to what it is we’re doing behind the curtain.

We want you to be able to get from day to day. , Point A to point B, we want you to be able to make your phone calls, turn on your water, flush your toilets take a shower. We want you to be able to turn on your power and not even think about it. Right. You just pay the bill.

For example, when I worked, um, with the RAND Corporation and I worked with, uh, um, Safe Harbor Industries, which is owned by uh, Richard Clark, Richard Dick Clark, uh, who I worked under who was like the grandfather of cybersecurity and the internet under multiple administrations. Um everything that he taught me uh, comes out of safety.

It spawns out of the safety and the security of people, out of the safety of the nation, because like, we wrote up these horrible reports that we gave to DARPA, like, if we took out the East Coast power grid, what the hell would happen? I mean, like, you’re talking the fucking purge within three days. , I’m serious when you’re looking at no gasoline, no water, no light, no electricity, no internet, no telecom people get feral really quick, really quick. Like what’s mine is mine is what’s yours is yours. And if not, I’m going to take it, ? So it is the nature because of how, how we are as alpha human beings.

Joel: Impressing that story upon people. I mean, I would imagine you do have a common understanding when you’re briefing somebody or you’re going in that they understand what’s on the line as well. Now that you’re doing a little bit more social media, public writings and things like that and you’re carrying a lot of that with you do you think that’s a story that needs to be told?

Chip Harris: Yeah, it does because let me give you an example. Look at California right now. That’s burning down to the ground. , they didn’t have water coming out of pumps that were there. , that’s scary shit. That is a failure of infrastructure at the maximum level. When a firefighter goes to, with a fire hose to a fire hydrant, where shit is burning all the time, All around you, there should be water.

 It’s like, I’m going to tell you now I’m, I can expect anytime that you have a natural disaster, even the same thing that happened in the Appalachian community, that’s around my area in the South, . It was, I mean, they’re still recovering.

It’s going to take years, years, if not a decade to get all that stuff fixed because you’ve got to replace power poles, lines, water lines, hydrants, maybe that are working or not working, sewer lines, all that stuff has got to be reconnected and checked. And people don’t think of that and, and oh, well, they’re going to be able to rebuild very quickly.

No, no, no, no, no, no, on the most expensive real estate on the world. No, it’s and although there’s price gouging and then you got to find out the people that are, how are you going to take that many people that’s in that area that have lost everything? I’m talking fucking everything and house them.

Joel: Yeah, my brother’s in Asheville, North Carolina. Thankfully, luckily, he uh, uh, he had just moved out of an area that got pretty damaged. But yeah, speaking with him and and I think, I think it gets back to the storytelling. It’s the narrative. I mean, You have the perspective of what actually is the impact.

And a lot of other people try to capture the narrative and point fingers and, and make things that there aren’t in uh, in, in what happened or cast blame. and it’s like, we, we just got to get to brass tacks and get things fixed.

Chip Harris: Yeah, and that’s where government comes into know, this is your taxpayer dollars at work. That’s what I tell people, right. You know, and it’s hard for people to comprehend that, but you need government. Most people are like, Oh, I don’t want government involved in all this. Disaster relief, like FEMA which, I work very closely with on a lot of things to get some of their systems back up like for example, telecommunications, people didn’t think about in the California fires, like, wow, what all the data centers burn up that are out there?

And all the telecommunications lines I mean, that’s, that affects the, the, the ability for people to fight the fires, for people to be evacuated, for people to get notifications, there’s a fire in your area so you people don’t think about a lot of those things and, and I tell people, this is where you need government.

This is where I kind of forged the narrative because I am not a very political person. I, I always say the prior administration and this administration because I’m kind of. You know, pseudo anarchist in a way you know, how I, look at government, but you know, I I am “Be-political”. They’re like, what do you mean “Be-political”?

I blame fucking all of them. They’ve had 30 years to fix this shit. And guess what’s happened until it blows up and explodes or burns down to the ground and there’s death and dismemberment that’s involved. People don’t pay attention to that until it happens. 

And that’s the problem with a lot of the stuff that we deal with in cybersecurity, some of the things we do in healthcare, a lot of the things that we deal with in the bank industry, we’re very knee jerk reaction society in the United States and we’re not very preventative a lot of times when it comes down to major infrastructure projects because I mean, first off it takes time, money, and a lot of people to do it, it does spawn jobs but how does cybersecurity spawn out of that sometimes it does, sometimes it doesn’t, depending on what it is, there’s not a lot of cybersecurity that’s on bridges.

But we need bridges, right? But we do need bridges that when they have barges and stuff that goes through there for monitoring systems, camera systems, all that, those are OT technologies that are added to it. You know, um because we don’t want those things to fail and we don’t want something to happen like where you have a huge gigantic cargo container slam into a bridge.

And now people for the next five years have got to drive halfway around the town to get to work. 

And I was up there when dealing with all that and and people got killed you had five people that were just doing their damn job, repairing the bridge, dead, dead, straight dead.

I mean, I was like, holy crap, dude, but you know, we just got the funding passed and now we’re waiting on Congress to release the funds before they build a new bridge and then they got to fight about architecture and zone coding and then reconstruction and the list goes on and on.

So, I mean, this takes time. Time and it takes effort and it takes energy and it’s not a quick fix and it’s costly and you know, time is money, don’t get me wrong. It is. And a lot of people don’t want to pay attention to that, but it’s true. It’s very true and nobody, nobody is doing this for free.

I’m not, you’re not and in my world, no one gets into this industry with a little bit of villainy in their past

Joel: Yeah. 

Chip Harris: As I tell these stories, I’m like, there’s no good guys in these stories including me. You know, I am not the good guy. And most of these stories that I tell people, you, know, or I tell stakeholders or shareholders is because A lot of the stuff that I’m telling you, it’s you know, if I’m doing it, it’s pretty bad if it’s really bad if I get, uh successful hits on some of those things. And a lot of companies now, they just want somebody to check the check box on the list and say they did it for their annual cybersecurity training or their testing is that those days are long since gone. You know, we can’t do that anymore and we have to get better and improve on our industry. And how we do that is we mix it up I am all about hiring minorities, women anybody, it’s like, if you are, you got a human pulse and you want to get into this industry and you really, you really are dedicated and want to do it I’m here, I am your biggest fucking cheerleader 

I mean, I managed five guys that’s on, on the SOC, that’s on my side and I work with high level shareholders in the C level every day and I’m really good at it because I explained to them and know, . Frilly terms, this is what you’re going to be doing. This is what you’re gonna be dealing with. Here’s the hellscape that can happen And so forth. 

And I and people say, well, you’re a very scary person, Chip. , Just what . It’s like, no, I’m a very scared person. I reversed that on them because it’s like, if I can do it from my house, imagine what China could do or the Russians or the Iranians or a hacktivist team I mean, this is, we are now, or a, an AI that targets that system I mean, that’s made specifically for hacking, cracking a system and tearing it down and taking it down. , um, we’re dealing with 30 year old technology. It’s not that hard. , uh, and a lot of it’s vendor owned and operated. So if , the, the problems that are with Schneider Electrical or Bosch or any of the other manufacturers out there, and , they’re, they’re security holes and you do your research and you find a water treatment facility.

Yeah, I guarantee you can probably get in there if you put the time and effort and and the team on it, the right team. , The people that are looking for problems in the export of the code, the people that are looking for the wireless network, people who are looking for tethered devices in the system or like some places down in Florida, they’ve got TeamViewer open to the world to where you can just, Oh, that’s fine.

I just remote on in, ? So it’s, it’s, it’s very scary and and I can scare people with some of the stuff that I do and they get very defensive, but I tell them like, if we do fix this. Here’s the fun part that happens. It’s the it’s, it’s the, “Ahhhhhhhhhh”, moment.

Joel: Yeah. Yeah, it’s very important to, to put, put certain people, especially when you’re, I don’t want to talk about like high pressure sales, but when you want to put someone in a, in a position to pay attention to what you’re saying, to give them a sense of pressure and then release that pressure. Um, I mean, 

I’ll tell you, man, it’s, it sure sounds to me like, like you are still in the thick of it.

Um, I’m curious about what you personally do to to, to decompress or to uh, step away from some of this stuff. I get I work with a lot of founders. I work with a lot of devs who are the technology is my life and I’m like, that’s cool, but , you’re not a machine. Um, So what, what does Chip Harris do to keep things fresh to uh, um, to re energize and, and, and juice yourself up maybe at the 

Chip Harris: uh, well, yeah, I, I am a father, so I have a 12 year old half angel, half terrorist that I have to, that I have to take care of because every day in my house is a Fucking hostage negotiation. I mean, it’s, it’s, it’s it’s like 24 sometimes I feel like, it’s, it’s literally I have to, I have to deal with her. And then I have a wife who loves me very much. , We’re going, we’re about to have our 18th wedding anniversary. So she knew what she was getting into when she’d married me. I was like, honey, this is the reality of what I do. And she goes, I love you anyway. I’m like, I love you.

Okay, so yeah, I’m like, I’ve heard it all right. , this is I mean, I’m on call 24 hours a day, seven days a week, and I’m not going to be able to go to sometimes some of the events that happen in my life I mean, it happens. I mean, it happens, um and I understand and I get , They get what it is that I do and they kind of, I’m not saying they walk on eggshells around me for what it is I do, but they know what I do and they know, and I see some really evil, bad things that most people wouldn’t even dream about.

I mean, it’s like a demon’s resume. Most people would never ever think of these people could do these certain things. But if you’re dealing with what I deal with, you have to kind of, when you’re talking about decompressing and dealing with a lot of the things cause I mentally see a lot of evil stuff everything from crimes to murder to drug trafficking, human trafficking child pornography, I mean, the list goes on and on and on. Also I deal with smuggling rings um, and distribution of high levels of narcotics, opioids uh, through everything from our shipping at rail trains, automobiles, I mean, I deal with all of it, um, So what I do to decompress is I play Warhammer 40K.

I’m a huge, gigantic tabletop gamer. I’ve been playing Warhammer 40K since 1994. , um, uh, I love tabletop miniature battle games. , I’ve been doing that to, because I like the hobby aspect of it. cause I like to paint and airbrush and I’ve done airbrushing on Harleys ever since I was a kid since I ever picked up an art or airbrush and I’ve done West coast fine lining on stuff back on vehicles, helmets, cars, fenders, you name it. , and, uh, I really enjoyed the hobby aspect from what I learned doing from static models. Cause I mean, it’s like you can always back in the day, go back to Walmart and buy like a Sherman tank and I loved gluing them, together and painting them and, and putting them on my shelf and everything.

And that just, and then when I got into tabletop miniature battle games, I was like, oh, cool, I get to paint up the toys that I put on the shelf. Now I get to play with them, ? So, I mean and it’s, and it’s fun so Henry Cavil and I are rolling dice cause , he’s a big 40 K nerd. So, and, uh he’s got the 40 K universe that’s coming to Amazon, just like the Lord of the Rings stuff. So I’m looking forward to that. And, uh I, I played in tournaments. I played on the tournament circuit for a while, because at, uh, as I tell people at the end of day, four o’clock when it comes the end of the day, it’s my time, my time.

So I stop, I mean, I try to stop mentally and I try to stop physically only unless there’s something major going on and stop and say, okay, now it’s time to go, now it’s time to go be dad some dad time. Cause my kid is the coolest fucking toy on the planet. I fucking love hanging out with my daughter.

She’s great. It’s awesome. I brag on her all the time. I like seeing, hanging out with my wife and we’re doing home improvements to the house so I got that to do but if my phone rings that flip, that switch it’s, it happens just like that, now I have to stop what I’m doing and go upstairs and figure out what the problem is. When I travel, I have to take my work laptop with me and I’ve got two phones, I’ve got a regular phone, and a burner phone. So it’s like it’s, it’s kind of like a double life in a way. But when I explain that, it’s like, look I get paid for 40 hours, but sometimes I work 90 sometimes I work 180 hours in a week and they’re like going, how the hell can you do that?

It’s like, because I’ve been doing it for over forever. I mean, I’ve been doing it since 1994. , But now that I’m getting older, now I have a team of people that can help me do that. So it instead of being this thinking that you’re this one man army hacker, that’s going to go out there and do all this whiz bang, cool stuff, no, you’re going to be part of a team and you need to know what your role is in that team. And , I hate using this business speak, like what’s your swim lane? ,

I hate that crap, but , it’s like, you’ve got to find out what your specialty is and what you’re really good at and what you’d like to do in this industry and hone in on that and don’t stop. I mean, and the money will come. , as I tell people don’t be greedy I, I deal with greed all the time. People try to steal stuff and greed will get you in the end, but , there, it’s a progression of steps that you’re going to have to take through your career to get to the point that I am. 

Joel: What’s some of your favorite personal projects that you’ve worked on? 

Chip Harris: Um, one of the first things I did was with Idaho National Labs, it’s been declassified. I’ve worked on Project Aurora. And, uh, so we took a diesel electric engine and they unleashed us on it to see if we could blow it up. And we use pneumatic pressure to blow up a, uh, diesel electric engine in a diesel electric engine is what you see in a train.

So imagine a choo choo train that you see on the train tracks, take the engine out of it and hook it onto the internet. And yours truly and about six others, we blew that motherfucker straight up to to prove like to prove the point, it’s like, look, some of this stuff doesn’t need to be on the internet period.

And all we did was turn it from off to on, off, on, off, on. That’s all we did. And there’s videos there’s, I mean, you can go to YouTube and look at the experiment and it took us and a diesel electric engine, it’s not like you could go to the hardware store and order one of those.

Because the lead time is about six to eight months for the parts and the engine. So imagine all of those that are hooked into a hydroelectric dam. Which most of them are plugged into that you shut down the water supply for a given area during the summer. So that’s kind of like the hellscape and that’s watered down.

I mean, that’s really watered down a conversation that I have because people are like, can you do that? I’m like, yeah, it’s relatively easy. If you know how the SCADA systems work and how the vendors work and you know, their vulnerabilities and just fucking go for it. 

Joel: I was actually working at Constellation energy in baltimore when y’all did that. And boy, I’ll tell you, the guys in our SOC were puckering when that news dropped.

Chip Harris: Oh yeah. I mean, it was, it was a cool project. Cause first off they came to us, we didn’t come to them, you know? And, uh, they were scared like going, “okay, how bad can bad be?” And we’re like, “dude, we can unleash pure nightmare fuel if you want.” And they’re like, “yeah, let’s, let’s do that.”

Let’s just, just do it like a black hat, do it like a nation state and let’s just see how far you get, you know? And they put their software on there and, air quote, I use air quotes when I say this “cybersecurity resilience program on it.” And then they put it on the open internet.

They just gave us the IP. And after that, it was let’s start using our evil tools. Most of them that are open sourced and our knowledge between six people. And it took us about 30, 35 minutes and we were in and it’s like on, off, on, off, off, on, and. then boom it’s gone. 

 And if you’re an OT like I am, like this shit could kill someone I mean, this, this could be really bad and that’s what sticks with me because this, this, well, say on the ending of how bad, bad can be, um, One of my best friends, this was last year, uh, cause you know, I’m allowed 11 people to die under my watch.

It’s kind of weird saying that, but you know, uh, one of my best friends, worked with him for years. uh, he was down in a building that was, uh, they had done some change outs of the steam boiler and they were working on some PLCs that were on the steam and trying to get the calibrations right.

Because the device was saying one thing, but you know, guess what? The steam that comes into the building and the, the pressure was saying another. And, uh, he plugged into the PLC he plugged in his laptop, got into terminal, which I hope you kids know what command line is out there or PowerShell, um and use Telnet.

If you know what that is, kids that comes out of your laptop with a cat five cable into the machine and got into the GUI and everything and saw that the pressure was going up way too high and he, it was actually being misread. And he pulled it down and when he pulled it down, it pushed it back up and caused pneumatic pressure and caused the pipe to burst.

And this is a four and a half inch steam pipe. And if you’ve ever seen a hot dog that has been burned on the charcoal grill a little too long, that’s what happened to him because he was in a closed room and he boiled to death. Now that is You know, there’s good and not good in my world. And that is not good. And um, when you have someone that gets killed on your watch, it sits with you, it’s, it sat with me for a while. And I was like going, man Steve was a really good friend of mine. And I and I knew his wife I knew his kids I’ve known him from you know, Years from hacker conventions and stuff and and stuff that we had done in the OT world and stuff we had done in the oil industry on oil rigs and everything and he was a very safety conscious person but that was something that was, uh, due to the manufacturer.

You know, and it, was their settings that were wrong and they had to take the blame for it they had to pay for ADD. It was accidental death and dismemberment, but I would much rather have him around than the money, you know what I’m saying? I’d much rather have my friend that has been a friend of mine for years, and years and years, I know he would love to be with his wife and everything than them getting a certain amount of money every single month, because, you Her dad boiled like a hot dog for 10 minutes in a room that he couldn’t get out of. That’s agony. That’s pain. That’s death and dismemberment. And just knowing that that sits on, on the backside of Hey, this could hurt, this possibly could hurt and kill people. that really changes people when they really look at OT systems, you know? Cause when I tell that story, it’s like that’s the truth of what you’re dealing with in my world, you know? And it’s like, if you really want to do this, trust me, we need you. We are, we need, we need 250, 000 people in OT right now, 250, 000. And I don’t see the educational and the industry pumping out that many people right now uh, and in take on top of it, that you’re having to train these people for three to five years.

Joel: I mean, it’s a it’s a tough story to tell, but it’s one that’s got to be told. And uh you know, I think we should all appreciate just in what you’ve been able to tell us and share with us how important this stuff is. 

What advice do you have for maybe that technical person that is maybe on the cusp of realizing they’ve got maybe a couple other I’ll call them soft certs that they need to pick up. Where do you think people should start? Hmm.

Chip Harris: So I’m two generations of poor white trailer trash tornado bait. I tell people if I can do it, you can do it. Okay. It doesn’t matter if you are Black, white, Asian, hot pink, purple, plaid. It doesn’t color does not matter to me. Whether you’re male, female, trans, or you know, Whatever. I don’t care.

As long as you’re not violating a child or a goat, I don’t give a damn. I really don’t is you can do this you and I work with law enforcement and I work with agencies, a lot of them three letter and I work with the state of New York and New Jersey, which I love them.

So, I mean, they have some really good people, really smart people, but sometimes you have to cut through bureaucracy and red tape, right? 

And you need to know how to talk to people, know your audience, right? Know whom it is that you’re talking to in those soft skills. you know, so if you do have the ability of taking public speaking, if you do have the ability of writing uh, writing speeches and writing something down, because a lot of the stuff that I deal with has to be documented.

So spelling matters, words matter, grammar matters and if you can’t functionally write stuff down for people to read and I’m not a vocabulary Nazi or by any means whatsoever, because I speak good English and bad English and mostly a lot of bad English and cuss words that’s involved with it, but I don’t write that down, even though I’m saying that to myself in my head, but you just it’s like how do you explain to somebody they’re stupid without saying they’re stupid? you know, So how do you say you need to do this without telling them that you really need to do this? So that it’s not what you say it is. It’s how you say it in those terms, in those words. And the thing though, too, is uh, is know their problems because they wouldn’t be coming to you if they didn’t have a problem. During the interview process, I’m going, “so what’s your biggest problem? Why am I here?” And this throws them off guard a lot ’cause They don’t want to admit that. ” What is it you’re trying to do here?” They don’t really, really don’t want to admit that. “What is your plans for me if you bring me on for what you want me to help you do and fix.” Right. So you need to get get you when you’re interviewing them. They’re also interviewing you, Does that make sense? I reverse it on them and it’s like going, okay, “I see that you, you want, and you know, uh, OSINT um, and you want all these other certifications, are y’all going to pay for those, or do I have to get those within a certain timeframe?

What’s do y’all have a budget for my training that I have to do, because I have to keep certain CVEs as a professional a year, are you going to pay for me going to BSides? Are you going to pay me for going to DEF CON? Are you going to pay?”

Like we, I have. Like my guys have written in their fucking contract during DEF CON and Black Hat, they’re off like that whole week. they’re gone. Like they’re in Vegas they’re in the thing though, too, is what was great about my job when they made me kind of the head of OT and cybersecurity. I heard all my friends. From DEF CON and Hacker Cons from years people I’ve known in the industry, I was like, “Hey man, you want to make an extra side money some moonlighting money versus your normal job.

That’s about 35 hours a week. You don’t get any benefits or anything like that. Cause I know that you’re working a job that already has that.” And I hired my friends. So these are people I’ve known for 10 to 15 years. You know, in the hacker community.

Um, some of them that I’ve never met, some of them I have met, but you know, I got them hired on to to work under me and it’s like, I let them do what they do best because they know their role.

I’ve got one guy that’s you know, that’s a developer. I got one guy that’s a network engineer. I’ve got one guy that deals with phones and cell. I mean, he’s great at hacking cell phones and OT equipment radios, frequency warfare. I mean, he’s really good. Really good at that. You know, I’ve got, uh, another friend that deals with just nothing, but dealing with vendors and vendor, uh, patching mitigation and, and holes and stuff that he can find within those, because I’m trains, planes, automobiles including World Trade Center and the statue of Liberty that’s my, that’s my role to protect and, uh, my last guy who’s in Rockland, New York, he is great.

That motherfucker has a 99.999 percent social engineering score. He can get in, he can con his way into anything. I mean, he is that good and he deals with a lot of my counter, counter intelligence and counter surveillance warfare and mine. The kind of de facto leader that leads these guys into a campaign.

And it’s not that we’re doing red teaming because we do have a red team. I’m not in charge of that red team, but do we use red teaming, blue teaming and purple teaming skills for everything that we do? Yeah, because we are not stuck in one thing because we deal with all of it. Not just some of it, all of it from different parts of the business.

And that’s including networking, that’s including documentation, that’s including meeting with legal, that’s including meeting with law enforcement. I mean, we deal with a lot of different shareholders and stakeholders in my team. So you’ve got to be able to communicate. You’ve got to be able to talk, You’ve got to be, able to um, Document the process.

You’ve got to be able to do PowerPoints. So those are some of the soft skills that I tell people because I get paid a lot of times to go to these meetings and listen . And I pick it apart. I’m really good at figuring out what it is that they’re saying, but what they’re showing me is not what they’re wanting to do.

We need all this stuff. 

We need all the software and vendors and we, I’m like, no, you don’t. You just need one thing. You need one or two things and it’s simple, it’s easy, it’s affordable. And guess what? Most of it’s already within the network or within the system anyway. And we’ve already got the approved vendors and whatnot you’re basically picking up while you’re sitting on the toilet, a copy of Redmond and reading this and thinking, “Oh my God, Jesus Christ, we need to have all this stuff because the invaders are attacking us and the meteor is about to hit and we’re about to become extinct. And we’re not being progressive in the environment.” 

No, you’re just, Getting scared to death because that’s kind of what we do. We either focus or fold and I try to keep them from folding. I’m like, you need to focus on this part of the business, what you’re trying to do, what you’re trying to say is this, but the real meaning behind it is this as well.

They get confused because we, we’re. We have in this industry, I call it the glittery kitty syndrome. Okay. And the glittery kitty syndrome is this. They are hyper focused on trying to get this one thing done, one thing done. And then they see the glittery kitty over, uh when they take their blinders off for the day and like, Ooh, look at that glittery thing over there that I want to be brought into my environment and they don’t think about that, like what’s the implementations to networking, right? What’s the implications to OT or IT? If I take this glittery new whiz, bang sugar on top kind of thing and put it in my environment, am I opening it up to more attack? You know, am I making the attack surface bigger than what it should be? Right. And we’re now seeing this a lot when we were.

You know, talking about artificial intelligence when I started this conversation because a lot of the stuff that I talk about is about AI and what AI can and can’t do. 

So as a student, you need to know how that works, right? Cause that is going to be a technology. It ain’t going away. That fucking bullet train has left the station and and we’re, we’re all on the ride. IT and OT everybody, guess what? We didn’t want this, but we got it cause vendors shoved it up the ass of a lot of companies.

So we’re, we’re dealing with AI now at a level that we didn’t really think about 10 years ago. You know What I’m saying? It’s changed dramatically, even five years ago, as I tell people, if you don’t know what Moore’s law is, that’s right out the window, I mean it’s gone when I saw the Nvidia conference when it was streaming and I, they showed a $3,000 machine that’s coming out. That’s a Blackwell processor. That’s basically AI in a box. I was like, I fucking want it. I don’t know what it is, but I just want it. For some reason, I’m compelled to spend 3, 000 for that. I was like, I want that box that’s got the most high rated processor on the planet with a terabyte of memory I could dump into it with a built in AI engine.

I don’t know what I would do with it, but I just want it like like that. 

Joel: Once it exists, then, uh you’ve got to get your hands on it because other people

Chip Harris: Yeah. Do you think the evil doers are not going to buy the shit as well? I mean, come on. I mean, think about it. Yeah. So as I tell that, and that’s part of the, that’s part of the thing is that that’s part of my job is to do the evil stuff, but then I have to go, okay, what do I do to prevent the evil stuff as well?

You know, What are the, good practices? You know, what are The OSHA? What are the the laws that are, that are affiliated with this? You know, the 852, the 853 series we use the bow tie model. Yeah. you know for everything, you know that we do. So it’s like you need to know what that is you know, and then you need to know budgetary concerns, like how much is this shit going to cost?

You know? And then, uh, so yeah, it’s like, you, you, you really got to know and have those lines of communication as I tell people and extend those olive branches into other parts of the business so that you know what’s going on, because if you don’t, you’re going to get left behind and. That, and I’m not saying you’re being nosy or anything like that.

It’s like everything that I do daily runs on information and the, the truistic form of information and data that I get. Now, sometimes it’s wrong. Sometimes it’s right. Sometimes it’s kind of lukewarm. They they’re, they’re, they’re saying one thing, but doing another, but you know, that’s part of the business is that my job is to figure that out.

Joel: So I guess if I would summarize that single piece of advice, it would be learn to talk good, make friends, pay the fuck attention.

Chip Harris: And sometimes shut up, shut up and listen, shut up and listen. 

Joel: What exciting projects are you working on now? Where what, what’s Chip got, what’s Chip got in the uh, in the closet that you’re working on that’s real fun? Maybe, maybe, maybe keep the, uh, the, death and dismemberment to a minimum. 

Chip Harris: Well, hell, I tried to, um, well, one, I’m working with two friends of mine and an AI to write a book. Uh, So we, that’s one, that’s one thing that we’ve got cooking this year that we’re, thinking about, we’re working on, like, we’ve got some, uh, OT stuff that we want to talk about.

90 percent of what I deal with is classified and there’s NDAs and SLAs, so a lot of the that I tell people like, yeah, I’m going to do a tell all book, but, uh, we’re, we’re, we’re approaching it a different way, you know? And we’re going to use artificial intelligence in a good way.

We’re in the process of making it, and programming the data logic and the pool and the transformers and the transistors, to, to be able to talk about stuff that that civilians will understand. And people, people that are in our industry that will understand, that we’ll be able to pick up a book and read about it and go, “wow, that’s some crazy situations and some crazy cool stuff,” but it also has a happy um, what What did we do? What did we learn? What did we see, and and how how did we do it? And how we’re kind of approaching the book, into the chapters that are the book, um, cause a lot of the stuff, all my stuff has to go through the department of justice and the DOD before I can even talk about it, um, uh, yeah. And, uh, one of the cool projects that we’re working on right now is, um, Dealing with AI and OT systems. Um, And the, the, the, the peak, the sneak peak that you get behind the curtain that I can actually talk about is, um, we’ve, there’s always people that are out there that are gonna make fake personas. And there are people that are out there that can do, uh, voice hacking or, voice translation or translation hacking that can take my voice and make it sound like me to talk to somebody else for fishing campaigns, um, and a lot of what we call whaling. As when you go after CEOs, VPs, stuff like that.

So, um, we’re working, uh, we took what was happening on the IT side that we saw with those things and translated it into OT.

Joel: Yeah. I love the little glimpses that you’re able to share with us on this.

Where can people follow you, get engaged? I mean, Obviously, you keep a pretty tight OPSEC, but um I know you’re on LinkedIn. I can put that link in the, In the show notes, but if people want to keep an eye on you and the projects and stuff that’s happening, 

Chip Harris: Well, that’s the fun part. I’m only, I can only post on because of the. Because of the situation I’ve been in the past, you know, um, And for your audience to know, I’ve been, uh, hunted by the Chinese and the Russians. I’ve tried, they put a red notice, an Interpol red notice on me to try to have me deported at one time.

Uh, they’ve tried to they’ve doxed me twice. I’ve had to move twice because, they were afraid of a, um, Something physically happening to me. And when I got doxed by the Chinese, I mean, they really went deep. I mean, they stuck that knife in and turned it really hard. They went after my mom, my dad, my wife, my kid, me, my aunt, my uncle. They went after everything, they possibly could to dox me. Um, and, uh, they swatted me even twice. Um, and it came straight from China. Cause I was, I tracked the, IP back to a Kiana Lumpur right to the the, what we call The Great Firewall of China. and I was like, yep, PLO did that.

You know, the People’s Liberation Army, that’s who, who swatted us and who did this and and whatnot. And I showed that to the government, like, “okay, pick a place to move because we’re moving, we’re moving you in three days.” I mean, like literally I had to pick up my entire livelihood and move within three days.

So. Um, I’m allowed, uh, Facebook and, LinkedIn, that’s about it, you know? So and, uh, uh, where I live, you can see a terrorist a mile away. So, I can at least have, some, some time to fire off some long range shots, here at the house, cause we are armed to the teeth in this house with guns and lots of ammo and, country boy here can survive.

So, it is what it is, but that’s the, really the only two platforms I can communicate on. Um, I try to do a lot of podcasts, so people know that, what I’m doing, I’m a reoccurring guest on a lot of different podcasts. Uh, just so that people can kind of keep in touch on what’s going on, on my side of the world, and, and, uh, it’s kind of evil, but it’s, it’s there, uh, I’m, with the evildoers and I kind of explained a little of those things that are going on, um, and also this year, uh, I made it a point to do a lot more conferences, and speaking engagements, like, people fly me in, which is kind of a little expensive and put me on the stage and everything with the mask and all, the, to talk to people, it’s like this is. this is for the reason why I’m around, this is the reason why you have people like me, you don’t, you don’t like it. You aren’t going to like what you see. And a lot of people don’t like what to hear, but somebody’s got to say it, somebody’s got to be the adult in the room, so, and somebody’s got to be the fucking bad guy, so, I have no problem playing any of those roles.

Joel: We are glad to have you uh, on our side thinking about all the bad shit. Um, It’s been a blast, man. Uh since we, Since we last did a really quick chit chat. Um, I, I wish you the best of luck and uh I, I think everybody can benefit from, uh, from hearing from, from the trenches about what it really is to do this but then what it is to, to, uh, have to talk about it because it needs to be talked about. 

Chip Harris: It does. and uh, and that’s why I have people like you, you know, people I’ve contacted, you know, in the industry, people that have followed me on LinkedIn, you know, and, they’ve been in my network. And, uh, it’s scary stuff, you know, it’s not, uh, not for the faint of heart, uh, but if you, you know, anybody in your audience that is listening to me, trust me, it can be done.

You know, you can make a great career out of this. You really can. You’re going to have to make some sacrifices. Actually, a lot of sacrifices, you know, and, um, you have to give up a little bit of your humanity. Sometimes your sanity from what you’re going to see and what you’re going to get.

But, um, it is very, it’s very, very beneficial to me to know that, um, the world that I’m making for my daughter, you know, and for the populace and for the United States that I love so much is more safe and secure. But the problem is you pay me now, you pay me later. Still got to pay me. 

Joel: And with that, we will sign off. Chip, thank you for joining, man. 

Chip Harris: And you have a wonderful day, sir.

Joel: Thanks for sticking with us. I know this was a little bit of an extra long episode, but Chip is just a fascinating guy with a lot of interesting information. Uh, I just wanted to say thank you to everybody who’s listening. This is episode 10. And as of episode nine, we passed, 1700 listens. So I know y’all are out there. 

If you could do me a favor and jump into my socials or drop me a message at [email protected]. I’d love to know what you think. And if you have any great ideas for guests, topics, please let me know. I want to make this useful to you. 

 Have. A great week.

If you want links to the resources mentioned on the show, head on over to the episode page. And for information on booking a message therapy workshop, getting your hands on the MessageDeck, to check out my upcoming book, or just buy me a coffee, go to nerdthattalksgood.com/podcast. 

 Remember, you don’t have to speak well, you only gotta learn how to talk good.