May 16, 2024

#174: Jack McCain & Tim Roemer - National Security from State to Local Governments

The player is loading ...
The Public Sector Show by TechTables

In this never-before-seen, closed-door only recording from the ​2024 TechTables Phoenix Live Podcast, Navy veteran Jack McCain, CEO of Blue Sky Vantage, and former Director of Homeland Security and State CISO Tim Roemer & Chief Security Officer at GMI, reveal the alarming reality of how hostile nations are targeting our local communities with cyber attacks. 

 

You'll learn practical steps your agency must take now to avoid devastating consequences when an attack inevitably strikes.

 

Don't miss this powerful episode on safeguarding your citizens from growing nation-state actors.

------

 

Before we get into this week’s podcast, I wanted to give a special shout-out to TechTables podcast sponsors: SentinelOne, Verizon, and SAP.


SentinelOne: Transforming state security with AI-powered solutions. Protecting 15,000+ endpoints across 25 agencies.

 

Learn how SentinelOne empowers this state to stay secure or click here: https://assets.sentinelone.com/ghe/sentinelone-empowers

Verizon Frontline: The advanced network that keeps first responders connected when it matters most.

Check out the solutions built for first responders or click here: https://www.verizon.com/business/solutions/public-sector/public-safety/


SAP: Driving digital transformation in cities like Copenhagen. See how they’re making digital strides.

Download the Case Study Now or click here: https://www.sap.com/documents/2021/02/10c410bc-cc7d-0010-87a3-c30de2ffd8ff.html

 

📬 Subscribe to the newsletter 


🔖 Timestamps


00:35 - Jack McCain's journey from Navy helicopter pilot to CEO of Blue Sky
01:20 - How Blue Sky connects allies with strategic US industries
01:50 - Tim Roemer’s background in cybersecurity and homeland security
05:52 - The motivations behind Jack and Tim's service
07:03 - Insights from Vicki Mayo on rescuing Afghan women during the U.S. withdrawal
08:30 - Jack and Tim discuss the biggest international threats to public safety
09:58 - The impact of nation-state actors on local cybersecurity defenses
12:14 - Proactive steps to mitigate cyber threats in local and state governments
16:06 - How Blue Sky and GMI are aiding governments with secure technology solutions
20:01 - The interplay between global threats and local cybersecurity measures
21:10 - Leadership principles from Jack McCain's expansive career
23:41 - Quick-fire questions: Final Four predictions, leadership book recommendations, and best local Mexican cuisine in Arizona

 

⭐️ Leave a Review

 

If you enjoy listening to the podcast, ⁠please leave a 5-star review on Apple Podcasts⁠ and let us know who you want to see next on the podcast in your review. Thanks!

 

You can also Tweet us on ⁠@thejoetoste⁠ and tell us what lessons you learned from the episode so we can thank you personally for tuning in 🙏🙏

 

🔗 Connect with TechTables

Transcript

Joe Toste [00:00:00]:
Today we're thrilled to have Jack McCain, the CEO of Blue sky, where he leads a team that connects governments and businesses to strategic american industries. Also, for my Navy fans, you'll love this episode, but I'm going to let Jack introduce himself in a minute. And today we have Tim Roemer, chief security officer at GMI, a secure technology solutions company based in Scottsdale and former director of homeland security in state CISO for the state of Arizona. And a multi time returning guests to tech tables. I love this welcome to the public sector show by tech tables. Jack, let's start with you. For those who don't know your background, give us a quick intro.


Jack McCain [00:00:35]:
Sure. So I'm a Navy helicopter pilot. By trade was a good time. I'm still a reservist. So one weekend a month, two weeks a year doing a recruiting commercial. But after doing some weird flying in Afghanistan, I decided it was time to go pursue some opportunities in the civilian sector. And I started working for American Airlines, doing their government affairs, different territories at different times, but I've touched everything from the state of Texas west to Hawaii at different times. And then this opportunity, blue sky came up.


Jack McCain [00:01:03]:
That's a very pro America. We want to make sure that we help connect allies with strategic business in the US and vice versa, try to solve world problems, as our friend Cimmer Mayo says. And I've been doing that about two months on the job, so probably the busiest I have ever been in my life. And it's great.


Joe Toste [00:01:20]:
Tim, for those who don't know you, quick intro.


Tim Roemer [00:01:22]:
Thanks, Joe. Good to be here. I would just say like where Jack is, the talent who flies Blackhawk helicopters, I'm just pretty much the schlub that gets to ride in Black Hawk helicopters. So he's really good at doing the amazing, talented work and I'm pretty much just catching a free ride. Great to be here. Thanks for having us back and amazing to host. But by background previously, as you mentioned, served as the director of the Arizona department of Homeland security and state CISO. And prior to being appointed by Governor Ducey, I spent ten years in the CIA.


Tim Roemer [00:01:50]:
The last two years I was detailed as a nonpartisan detailee to the White House situation room. 2012 to 2014 is really when rising cyber attacks were growing and I thought I was going to spend the rest of my career working counterterrorism. And this is when I was exposed to really cyber security and what I would consider cyber terrorism. And so quickly learned a lot about cyber and went back to the state of Arizona to work on these issues that are in our own backyard in the great state of Arizona. And being in the private sector now is fantastic. We're going to talk a little bit about how we provide solutions to government challenges.


Joe Toste [00:02:19]:
Yeah. And we, we've had several conversations. We won't be able to dive into all of them just because this is going to be a short episode. So maybe we'll have Jack come back on, but also just want to say thank you for your service. My father serves and got a special place in my heart.


Jack McCain [00:02:31]:
Anytime somebody says thank you for your service, I have to retort with thank you for your tax dollars. They funded my adventures. I appreciate it.


Joe Toste [00:02:37]:
As an entrepreneur, those are the tax dollars I'm willing to pay. Jack, we'll kick off with you. We had Vicki Mayo on night one speak about the great work that she did in pulling women and girls out of Afghanistan during the US withdrawal. Tell us a little bit more. I was really curious about what motivated.


Jack McCain [00:02:52]:
You to surge specifically. I would say a lack of creativity. My family has been doing the navy thing. I'm fourth generation naval Academy, third generation Navy pilot. So lack of creativity. But I believe in the experiment that is the United States and have always wanted to fly, which was one of the motivating factors, is go seek. My father gave me two pieces of advice when I was young. Serve a cause greater than your self interest and seek an adventurous life.


Jack McCain [00:03:18]:
And I try to fulfill that which drove me to doing what I do. Specific to the Afghanistan withdrawal. Not only did Vicky Mayo help rescue a huge number of at risk women in Afghanistan, I was lucky enough to have a small part in helping because I flew alongside afghan pilots in Kandahar and Helmand. So I was very lucky through some of the connections and some other things that we had on the ground there to help evacuate them. So we have about 250 new Americans in Arizona. It makes me glad every day to see and know that.


Joe Toste [00:03:49]:
I believe Vicki mentioned that your mom was instrumental in helping move those pieces and get that organized. And, yeah, it was a fantastic story. I'm glad Vicki was sharing it. I'm actually somewhat regretting that I didn't get it recorded because it wasn't on camera.


Tim Roemer [00:04:00]:
Next time.


Joe Toste [00:04:01]:
So next time I will come back. Jack, based on your impressive experience working around the world and serving, what do you see today as the biggest threats for our public safety? And how are these international topics affecting Arizona and affecting us back here at states?


Jack McCain [00:04:14]:
Tim was lucky or unlucky enough to see me bloviate on a panel a few days ago, and I was asked a very similar question. And the term of art, which I don't necessarily love, but great power competition, great power conflict, those are the things that I worry about a lot. But when you think about what would you wake up tomorrow morning and if something changed, what would probably be the worst case scenario? And the thing that I think about. We'll talk a little bit about it later, I'm sure. But an attack on infrastructure, if you woke up the next day and your ability to do banking or have power evaporated. Humans are. We can be funny creatures, and we make bad decisions when we're put under stress like that. And infrastructure going away.


Jack McCain [00:04:54]:
I'd also say, and something he heard me hit on as well, is I asked the audience, okay, who here has TikTok on your phone? And one or two people raised their hand and said, okay, who here has a family member, loved one, spouse, son, daughter, that has TikTok on their phone? Almost every hand went up. And I worked in military information operations for a little while, and I know what an info op looks like, what it means. And when you just take, you compare the narratives that are run on TikTok inside the United States, and then the ones that are run on Douyin, which is the chinese homeland one, inside their country, they're very different. Children are limited on the amount of time they can spend on Douyin. They're very positive nationalist messages, educational material. Whereas in the US, I don't think I need to go into what's on TikTok. I think almost everybody knows, but it's that kind of insidious might not be a fair word, but it does feel that way a little bit in that it has. It creates really negative narratives about the US and external to the US, I think that those are the things that I worry about the most.


Joe Toste [00:05:58]:
I've had the opportunity to travel across the world. Similar situation, I think, in Ecuador. I went on a missions trip, and there's a dictator there, and everything is very much different than the United States. And I've been to Manila, and that was very different. And I actually went to Korea also, which was a very interesting situation, actually, to the demilitarized zone, basically, where you hear the propaganda camp, and they're like, so if you go, we can take you over deeper. But sometimes bullets fly this way. And I was like, no, this is not what I want.


Tim Roemer [00:06:27]:
He's used to getting shot at, but you're not.


Joe Toste [00:06:30]:
So it was great to get back to America after that. But, yeah, I love the perspective. Perspective that you brought Tim given your national security experience in DC and your time working with the state of Arizona under Governor Doug Ducey. And we're going to link to the show notes because we had the governor on yesterday morning. It was absolutely fantastic interview. Tell us a little bit more about the global threats that are really affecting Arizonans today.


Tim Roemer [00:06:50]:
I think to build upon what Jack is saying, and Jack said I was either lucky or unlucky to hear him speak. It's definitely lucky when you're around Jack McCain. I actually got in trouble at that event for taking notes on my phone. He was just throwing out these great intelligent one liners that even for me, I'm like, I need that. And then the head of the committee is reaching over to me and saying, hey, get off your phone, type of thing. That's what a good, powerful public speaker he is.


Joe Toste [00:07:13]:
And you want to be taking Jack cameras right there. Jack. And recording.


Tim Roemer [00:07:18]:
Exactly. I think to build upon what Jack just said, who's behind the attacks? So Jack did a great job of talking about tick Tock as a very good example right now of what's relevant in our society. It's relevant because who's behind it? It's not a private company. It's the chinese government. This is an unfair fight. It is not a fair fight. When you put nation state actors behind cyber attacks against a us business or a us government organization, you're talking the abilities to have an entire group of warriors, an entire army of warriors, thousands of cybersecurity experts, architects, engineers, let's just call them what they are, hackers going after an organization that what might have one FTE, if you're lucky, at a local level, that's not a fair fight. So these threats that are global, the nation states, and even if it's a criminal that's behind ransomware, a criminal group, people keep saying, oh, it's a russian criminal group.


Tim Roemer [00:08:17]:
They're backed by the russian government because they're still in Russia being able to do this. So in the totality of the circumstance, my biggest concern is who's behind these attacks? Because when we hear in Arizona, for example, or all these great CIO's and CISos that are at this event of tech tables in Arizona, what they're going up against, they're going up against nation states and nation state backing, that is an extremely high concern for all of us.


Joe Toste [00:08:44]:
Okay, so that really dovetails well to the next question. We have nation state actors. We've got leaders all around the country that listen to this. On the technology side, if you're speaking to them right now, what keeps you up at night? What should they be aware of? Two to three steps that they should take to take some tangible action to protect their local governor or state?


Jack McCain [00:09:05]:
Go ahead. There's a kind of a common thread in a lot of these very high profile cyber attacks, and that's the human element, and that's the easiest way to infiltrate. Whether it's a spear phishing email or something that gets sent to somebody that looks legitimate. If you're not trained and prepared to deal with that kind of threat, then you're going to open up your entire organization to an attack. So I'd say that one of the best things you can do is to prepare your people through whatever training program thrive. DX is one that we're familiar with. But whatever program it is to help prep your people, to make sure that you can harden your devices, you can harden your infrastructure, but the one thing that's always going to be there is the human element. There's always going to have to be a human in the loop somewhere.


Jack McCain [00:09:48]:
The other thing, and I was introduced to this one kind of more recently, and it seems like a little bit of a crazy idea, but now it makes perfect sense once I've been able to dig into it, frankly, cyber insurance, that's another thing where if you limit and mitigate the impact on your organization through something like cyber insurance, then the ability for somebody else to do damage is reduced. And all you can do, you can never prevent every single attack, but you can reduce the damage that's capable of being done.


Joe Toste [00:10:14]:
That's great. Tim, your thoughts?


Tim Roemer [00:10:16]:
I love, of course, this human firewall conversation. Jack just talked about it. Governor Ducey did an amazing job of talking about it yesterday. It's critically important. An ounce of prevention is worth a pound of cure. And I'm sure people are, like, getting sick of me saying that, but I feel like we have to say it. And you asked, what do technology leaders and government need to hear today who are listening to this, is that you have to put some investment in on the front end. Otherwise that worst day is a 100% happening.


Tim Roemer [00:10:44]:
So we always talk about, it's not a matter of if, it's a matter of when. Okay, when that bad day comes, do you have cyber risk liability insurance in place? Do you have a company that's a managed security service provider, as an MSSP that can help you respond quickly? And my last job being the director of homeland security, the director of emergency and military affairs at Dima had this great saying, and he, at the time had said, you can't be passing out a business card in an emergency. You can't be going and looking for that business card in your cyber emergency. You can't be like, who's that guy? He was hosting tech tables, and he was with Joe a lot. That guy could help me because I just got hit. No, it's too late. But you have to be able to invest on the front end if you need help doing that. What we're really hearing from CIO's and CISos is they'll say my governor's office, or my state legislature, city council, whatever it is, they're not giving me the money for it.


Tim Roemer [00:11:37]:
Okay, then hire a company like this or even reach out to us. You don't even have to pay us to help you tell your story, because if we can tell the story and metrics, like Governor Ducey said, if we can show a use case, we can invest something to prevent that horrible day from happening. That's what we really need to start doing more of. A lot of talk is so cheap when you start putting a little money at the problem.


Joe Toste [00:11:58]:
You've probably heard this term being left of boom and being proactive. And so I love to hear just you talk about that in the sense of cybersecurity.


Jack McCain [00:12:05]:
I do defer mostly to Tim's expertise on this, but some of the things that I saw in sometimes the information space and other places is just having the knowledge and wherewithal to understand what the threat looks like. And that takes training, obviously, and then understanding where in your infrastructure is the most likely point of entry. It varies with whatever industry you're in, but they're always going to find a way. It's what can you do to mitigate the damage as quickly as possible? Because UnitedHealth, I think, is one of the biggest examples we've seen recently where their system was entirely paralyzed. Thousands of people unable to get prescriptions because of this attack. Left of bang, human element, secure your systems, physical security, cybersecurity, and then just make sure you're ready for it to get there when it comes.


Joe Toste [00:12:53]:
That's great. And tell us a little bit more about blue sky. How does blue sky help?


Jack McCain [00:12:57]:
The way we help is we partner with businesses, depending on what they are, and we connect them with allied nations by pooling our expertise in both the business world, in the cyber world, in the defense space, in education. We're in the process of bringing american education to other countries as well. Pooling resources, pooling knowledge, making sure that we're all ready to face the threat, and less specifically to the cyber domain. When you think about it, America is a great experiment. We have the liberal ideals or an imperfect nation by all stretches of the imagination. But at the end of the day, we are the partner that you want to be with. People are starting to figure out that chinese money, chinese education, comes with a lot of strings and a lot of demands for things like censorship. That doesn't happen with the US.


Jack McCain [00:13:42]:
Are we the most altruistic nation on earth? No. We obviously have self interest, but we are a much better partner than China, Russia, Iran, the counterbalance that they're trying to create lately. My job is to try to make those allies stronger, and then at the same time, that makes the US a stronger and better place.


Joe Toste [00:14:01]:
Tim, tell a bit more about how GMI, you've touched a little bit, but a little bit more about how GMI can help local governments and state governments.


Tim Roemer [00:14:08]:
I'd be happy to quickly. So blue Sky Vantage and GMI both have the same ownership and we're in the same facility, and it's great for partnership and collaboration. So Vicky Mayo and Simmer Mayo own the companies. And what really the huge value is, like tech tables. We're going to use this as an example. You're not just filming a podcast virtually, you're doing it in person, because the power of bringing everyone together is incredibly impactful. And we're all going to take more out of this because we're here in person. Jack and I getting to work hand in hand on a daily basis, in person, or the same umbrella company is really powerful because he talked about the international component, and this is important for tech tables listeners and everybody here today, because amazing episodes on tech tables, but it's really focused on the locals.


Tim Roemer [00:14:52]:
What's great about this episode, so Jack's perspective is there's an international global cyber threat out there, affecting all of us that needs all of our attention. And the United States can't even do this alone. So when Jack talks about we're going to have american education overseas, that's a country like Ukraine can defend themselves against rising russian aggression and russian cyber attacks. Where GMI comes in is we have the capabilities from a secure technology solution company to actually monitor your organizations twenty four seven, to be your eyes and ears, to alert you when your staff and team can't handle it, and to put innovative solutions that the private sector is developing every day in front of you to relieve your headache. So international component is incredible, and we have an international component to what we do as well. But from a tech tables perspective. It's thinking outside the box, really providing unique solutions and being vendor agnostic, not just saying, hey, it's this one company that can do this, but finding the right tool and the right fit for every single organization is really imperative. And I've got to compliment you and tech tables, because you bring the right people to the table, you're the only one that could have made even this happen in person today and start bringing in that global connection.


Tim Roemer [00:16:06]:
And you had Governor Ducey here yesterday, hearing directly from a true CEO and executive leader about, here's the metrics that matter. Here's the story that matters. Here's why we're investing in it. Compliments to you. And that's why, like, people like us love being in this environment where we can help, because it's really about the why. And helping people defend those rising cyber attacks.


Joe Toste [00:16:28]:
This is gonna be a short podcast, so maybe at a future event, if Jack wants to go longer, we can. We're gonna close this out with rapid fire. I'm gonna go Jack first, and then I'm gonna do because I wanna know also. So, Jack, the final four is in Glendale. Who wins it all?


Jack McCain [00:16:41]:
I am contractually obligated to say Navy by a thousand. So that's what I have.


Tim Roemer [00:16:47]:
This is the most unique answer ever. I love it.


Joe Toste [00:16:50]:
Okay. Best leadership book that you would gift to a friend.


Jack McCain [00:16:54]:
It's actually very interesting. It's less about leadership and more about dynamic change in challenging circumstances. That caused me to think a whole lot about this was around the Afghanistan time. Forced me to think a lot about who I was working with, why culture behind it, and why culture matters, and how leveraging culture helps create success. I know there's a lightning round in here. I'm, like, popping off. But there's a book called games without rules, the oft interrupted history of Afghanistan. And it describes the country through its poetry and its national game called Bus khaji.


Jack McCain [00:17:28]:
Sounds completely off the wall. But in how it teaches you to think about culture, I have found it applicable in absolutely every corner of everything I have done.


Joe Toste [00:17:38]:
That's fantastic. What's the best mexican restaurant in Arizona?


Jack McCain [00:17:43]:
Frankly, I have just discovered it as of two weeks ago. It's a place called Taco Boys. They have five of them. They're sonoran specific taco joint. I think they're featured on Netflix, weirdly enough. Tuesday, four tacos and a fountain drink for $10.


Tim Roemer [00:17:57]:
I know what we're doing next Tuesday.


Joe Toste [00:17:59]:
$10. So I live in Santa Barbara, California. That's a $50 meal right there. And if you ever do come to Santa Barbara, the Ronald Reagan building at the bottom of State street, it's a killer. Like, if you want a margarita on top of a roof, looking out on the beach, it's incredible.


Jack McCain [00:18:14]:
Santa Barbara's not hard to look at.


Tim Roemer [00:18:16]:
These are stressful jobs. I would love a margarita on top of the roof.


Joe Toste [00:18:19]:
If there's one lesson you want to pass down to your children, what would it be?


Jack McCain [00:18:23]:
I taught leadership for a while at the naval academy, and it forced me to think really hard about things just like this. And so coming out of that experience, I basically learned that there's three things that you want to do in life, and they're simple. But the difference. Sometimes something that's simple is not easy. Be a good person. Character, moral fiber, the idea of self development. Do your job in the military, tactical and technical excellence in everything you do in the civilian world. It's a lifetime commitment to continuous learning in all that you do.


Jack McCain [00:18:53]:
I'm trying to learn Hindi right now just to try to do that. And then lastly, either foster or tolerate heresy, which sounds very strange, but the scariest rooms I've ever been in were the ones where everybody was on the same page.


Joe Toste [00:19:04]:
Those are definitely all the scariest rooms, let me tell you.


Tim Roemer [00:19:07]:
Now. You know, I was taking notes when he was talking.


Joe Toste [00:19:09]:
Tim, you cannot say Navy final four is in town.


Tim Roemer [00:19:13]:
Who wins a uConn not just because they're defending national champions, but high school mascot was husky and Yukon Huskies. I'm going huskies.


Joe Toste [00:19:21]:
Best leadership book that you would gift to a friend.


Tim Roemer [00:19:24]:
I don't know the name of it, so I apologize, but Admiral Stavridis had a book on leadership where he pulls stories. What I love about it is he pulls stories from other leaders and compiles them into one book. So you have, like, so many great stories on leadership. That was an amazing read.


Joe Toste [00:19:39]:
That's literally, at some point, maybe when I get to 1000 episodes, I've curated so much content, I'm almost at 200. But when we get to 1000, I might write a book and consolidate all of the best stories. What's the best mexican restaurant in Arizona?


Tim Roemer [00:19:52]:
I'm going with ajo owls. And it's interesting because it's not necessarily the best mexican restaurant, but it's so sentimental. So Jack grew up here. He knows sometimes your favorite mexican restaurant that you'll just say that's the best cause of where I was going when I was a kid, and I've always gone there and I take my kids there.


Jack McCain [00:20:07]:
Jordan's is that for me?


Tim Roemer [00:20:08]:
Oh, there you go. Okay. Yeah, I'm going. Aha. Alice, I love it.


Joe Toste [00:20:10]:
If there's one lesson, Tim, that you want to pass down to your children, what would it be?


Tim Roemer [00:20:14]:
I'm gonna keep it pretty simple. You can't get what you don't ask for. And that's just based upon my career. I walked into a job fair at ASU, and I asked for a job at the CIA booth, and I ended up getting it. And then while I was working at CIA. I know it sounds crazy.


Joe Toste [00:20:27]:
And you're here. Look at this. I'm here on tech day.


Tim Roemer [00:20:30]:
Exactly. But then throughout the course of that career, I would ask for jobs like the White House situation room. And they would say, oh, no, you're not senior enough, or you're not at the right point in your career, but you can't get what you don't ask for. So dream really big. It sounds so cliche, but it's very true. And I think for a lot of the people that are on tech tables as well that are here, these people got to senior level government positions somewhere along the way. It wasn't, you know, just completely luck. Like, they had to step forward, ask for that job, get appointed.


Tim Roemer [00:21:00]:
So can't get what you don't ask for.


Joe Toste [00:21:02]:
Gotta be the man in the arena.


Jack McCain [00:21:03]:
Shame in.


Joe Toste [00:21:04]:
Thank you for coming on the public sector show by tech tables.


Jack McCain [00:21:07]:
Thank you. We appreciate you having us on.

Tim Roemer Profile Photo

Tim Roemer

Chief Security Officer for GMI. Former Arizona Director of Homeland Security & State CISO

After 18 years of government service, I joined the private sector to focus on providing solutions to the government to better protect our society from physical and cyber threats.

I’m currently the Chief Security Officer at GMI in Scottsdale, AZ. I’m also an advisor to NightDragon, and a member of Dataminr’s advisory board.

Previously in my career I served ten years at CIA, including two years assigned to the White House Situation Room where I provided national security updates to the President, Vice President, and National Security Council.

After ten years at CIA, I returned to my home state of Arizona to work for Governor Ducey. I was appointed by Governor Ducey and unanimously approved by the Arizona Senate to be the Director of Homeland Security and was the only person in the country to run a Department of Homeland Security and at the same time be the Chief Information Security Officer. My responsibilities included cybersecurity, border security, and counterterrorism. I co-chaired the Arizona-Mexico Commission’s Security Committee, as well as being on the Arizona Human Trafficking Council.