On The Air With Earl Foote


CISO Hotline’s Todd Neilson recently interviewed Earl Foote, CEO of Nexus IT in one of their recent podcasts. They asked some pretty tough questions (both business and personal), and we wanted to share some of the questions Earl was asked, and his answers. This will help you get a better idea about who Earl is and what he believes. Here goes…

If a business could only afford one IT security project, what should it be?

Earl: This is a tough question but important because some small businesses have such limited budgets. I’ll give you two recommendations here, only because the second one isn’t very expensive and worth considering.

1. A Next-Generation Edge Defense

This is your endpoint protection (for your computer devices), your firewall, anti-malware, and anti-virus. It uses behavior analysis and artificial intelligence to analyze traffic patterns and behavior.

2. Employee Cybersecurity Education Program

About 95% of today’s data breaches and infections are caused by human error. This shows how important it is to educate employees to avoid becoming a victim.

This doesn’t have to be expensive. There are programs that are $30 a year per user. Even an occasional “Lunch and Learn” inhouse would be helpful.

If you had $10 million in the bank, what would you do with it?

Earl: First of all, I’m a bit of a minimalist. But I’ve had a dream to take 18 to 24 months off and backpack the world; to go see every nook and cranny of the world that my heart desires to see. Maybe go without a plan and figure it out from there.

There’s nothing like exploring other places and cultures in the world to expand your thinking and get you outside of your box.

I’d also pay off any debt that I had. I’d probably buy a few investment properties. Then I’d find a way to make a meaningful impact and give the rest to our community.

If you only had 5 hours a week to work on something, what would it be?

Earl: On a personal level, I’m working on a project called “Elevate International.” It’s a humanitarian project that takes leaders and entrepreneurs to exotic locations (along with teammates and families if they choose) for the primary purpose of teaching at-risk kids winning mindsets. The goal is to help them get out of patterns and help them become who they want to be, to realize their dreams. It’s an awesome and amazing experience that I really enjoy being involved with. This is where I’d spend my 5 hours a week.

If you could only solve a cybersecurity problem by subtracting things, how would you do this?

Earl: This is really counter-intuitive because the cyber-threat landscape just continues to evolve with more potential risk and attack vectors. So, we need to add more and more solutions to try and keep organizations safe.

For me, looking at a really robust cloud strategy would take a lot of the technology and risk off your plate and simplify things. And oftentimes, we can provide cost savings by doing this. This would be a solution to this question.

Most aren’t in the business of IT. Find a few IT vendors who can take over the majority of it for you and de-risk your organization in the process so you can put the responsibility of security on their plate.

What was the last book you read, and what’s the next one you’re planning to read?

Earl: The most recent one I read, which I really enjoyed and I’d recommend to others is Winners Dream by Bill McDermott. The one that I recently started is Traction by Gino Wickman. I primarily only read leadership, personal and professional development books. I only have so many hours in the day, and I’m consistently trying to innovate and create new ideas and improve as both a leader and an entrepreneur. To do this, I invest my free time reading or listening to books that will help me do this.

If you were going to create a security program for a small or mid-sized business, and you need to make it easy for them and for you, what would this look like?

Earl: This is another question that seems counter-intuitive because IT security is getting more and more complicated. I don’t know that I have a good answer for this, and I don’t want to be redundant, but it’s got to include making sure that everybody in an organization is aware of the vulnerabilities and risks, how to avoid them and that they’re implementing at least the basic technologies that are going to help keep you safe. You need a strategic IT plan that you continually reassess and adjust as needed.

How do you quantify that a cybersecurity program is successful?

Earl: For me, there are two things that show this:

1. The ultimate measure of success in a security program is that you’re not getting infections and you’re not getting breached.

2. Measuring success means that you also measure the current awareness of your employees. As mentioned previously, 95% of all data breaches are due to human error. Everyone must be on board to keep your organization secure.

If you wanted to have a very successful person (a mentor) give you a break, who would that be, and for what reason?

Earl: For me, just because I recently read Bill McDermott’s book, and I really liked his personality, philosophies, and leadership style, I would love for him to come in and take over my position. Then I’d have those 18 to 24 months to go travel the world!

You’ve been at this for such a long time, (21 years) have you ever thought about bringing in a CEO so you could go do what you wanted to do?

Earl: As a leader I probably fit the CIO, CTO model better than a CEO. As an entrepreneur starting a business without major infusions of capital, you end up taking on all the roles and wearing all the hats. Many times I’ve thought about bringing in someone who’s more experienced as a CEO to run the organization. To this point, the budget would be difficult to allocate for this purpose. Therefore, I’m working on developing myself for this role; and I think I’ve done a pretty good job to date. Yes, I’ve been in this role for a long time, and I will continue moving forward with it. But, in the coming years, I may entertain this more seriously.

To wrap up, can you give some advice to the younger folks out there who want to start their own IT business? What would you tell them to focus on?

Earl: Good question. And my response may be unorthodox because it’s not technology related. As a budding entrepreneur 21 years ago, when I started my technology company, I had no idea how to run a business. I didn’t study business. So my first recommendation is to develop yourself personally and professionally. Attend mastermind groups, conferences and read books; and if you want, get a degree in business. Similarly, learn marketing and sales. Attend courses to learn how to market your organization and sell it. As a young entrepreneur, starting a business, you have to sell. You may also have to sell venture capitalists to provide the money to start your business. Then you have to sell the product or service. So, for me, I’d say, learn marketing and sales, and develop yourself as a leader. Then you can start worrying about the technical aspects.