Rob Cheng's Blog
We are not them

I am proud that PC Matic was one of the eighteen companies selected for the NIST Zero Trust Center of Excellence. This shows how PC Matic stacks up with the eighteen.

Technology is robbing my children of their childhood

I am a work at home dad, and I love my kids. Sometimes, like now, my heart is broken because my kids are addicted to technology and video games.

Relative to the other kids, Teddy and Jesse are great, but relative to their potential, technology is robbing them of the best times of their life. Both of them have their talents (Teddy golf and Jesse piano), but they are unable to explore these talents because rather than practicing, challenging themselves, and growing, their free time is wasted mindlessly watching videos or video games. They lose hours. Sure, as a parent, I try to be vigilant and stern, but it is exhausting and a losing battle.

My children now 15 and 13 years old lack many social skills of children of prior generations. Rather than interact with other kids, and learning to “get along”, they run home and myopically staring at a seven inch screen.

Perhaps the most worrisome is the skill of observation. They believe that the world is to be experienced through a 2 dimensional screen that tickles two senses (see and hear) and ignores the other three senses (touch, taste and smell). Real world is a beautifully complex ecosystem, and yet their experience is limited to what their devices can deliver.

At times, it is overwhelming, but then I realize it is not the children that are lost in this artficial fake technology bubble, it is the adults. God help us.

The Ten Biggest Lies in Cybersecurity

Biggest Lies in Cybersecurity

Prevention is futile
About 10 years ago, long before the ransomware pandemic began, the powers that be decided that cyber prevention was futile, and cyber security should exclusively focus on reaction. Development and improvements to legacy preventative solutions were halted in favor of reactive architectures such as next generation antivirus, Enhanced Detect and Respond (EDR), Extended Detect and Respond (XDR), and Endpoint Protection Platform (EPP). A more prudent and effective strategy is a hybrid between prevention and reaction, however abandoning prevention, maximized revenue for the cybersecurity industry.
Multifactor authentication is the answer
Although MFA is prevention, MFA is expensive with recurring maintenance costs. Not all ransomware enters through an authentication breach. Lately, the ransomware makers are offering insiders of a bounty of $100,000, to release ransomware onto a network. MFA is good but insufficient in itself to thwart ransomware.
Backing up data stops ransomware
When ransomware was in its infancy, good backups enabled quick restoration of operations and no ransomware payments. Today’s ransomware exfiltrates data, disables backup services, and encrypts the original data set and the backup too. Airgapping backups is useless, since the ransomware waits until the backup is not airgapped, and encrypts at that time. Restoring from backup is good for disaster recovery except for ransomware.
Reacting quickly is the key to stopping ransomware
While it is possible to monitor, detect and respond to malicious human activity, ransomware traverses a network at 100 to 1000 times the speed of humans. Ransomware infects a network in seconds or perhaps a few minutes. People cannot respond fast enough.
Ransomware is here to stay
Repeating this lie is job security for the sycophants of the cybersecurity industry. Ransomware is a business with revenues (ransom payments) and expenses. Proactively preventing the ransomware from entering the network simultaneously drives down revenue and increases the costs of the ransomware business model. Ransomware is a metastasizing cancer, but there is still time to suffocate its lifeblood, money.
The problem is Russia
Ransomware is the monetization of security holes. The purveyors of ransomware only need a fast internet connection, obfuscation tools, and a country outside of American law enforcement. Even if ransomware’s origin were Russia, ransomware could be made almost anywhere whose citizens are looking to make a quick million and get away with it.
The higher the budget, the better the cybersecurity
This one is up there with “lather, rinse, repeat” and “drinking alcohol daily improves life expectancy”, although you got to love the moxie. Cybersecurity giant, Accenture, was hit with a garden variety ransomware that stole terabytes of proprietary data, and a $40M ransom. Accenture had almost unlimited budget for cyber. The Accenture infection is analogous to the neighborhood fire department, fire trucks, and firemen burning to the ground.
Layered security is the right approach
This lie is the cybersecurity industry saying that they have no idea whether this widget works, and neither do you, so you might was well give it a try. This Frankenstein approach to cybersecurity makes it impossible to understand what works and what is useless. Paying for useless security maximizes revenue for the cybersecurity industry.
There are no silver bullets
Application whitelisting is the silver bullet. NIST advises organizations to use modern whitelisting programs, also known as application control programs, to stop cyber threats. The Australian Signals Directorate’s Essential Eight Maturity Model has four levels (0-3) and levels 1, 2, and 3 require application whitelisting.
Cybersecurity is complicated
The cybersecurity industry’s ineffective, reactive, throw spaghetti at the wall, prevention be damned architecture is complicated and intellectually out of reach for businesses, lawmakers, and laypeople. There are many prevention paradigms in our society and none are complicated. Health care, fire prevention, tooth paste, home security and so on. Making cybersecurity unduly obtuse and complicated is part of the industry’s sales playbook but it doesn’t have to be this way.
What you can do
Stop repeating the lies. Use common sense. Keep an eye on Australia. When buying cyber products, ask your well dressed, attractive, articulate sales person whether any of their customers have been infected with ransomware lately.
My Last Conversation with Mike Hammond

About two weeks before Hammer passed away, Ted asked me to give him a ring, I gladly accepted. Over the years, Hammer and I have kept in touch, but it had been about a year since we last spoke.

We talked for 99 minutes, which I would describe as a normal conversation between him and I. During that time, we laughed, cried and reminisced.


Hammer had an incredible sense of humor, with a unique talent to make a large group of people pay attention and laugh. His sense of humor was gruff, intelligent and usually insightful. I would put Hammer’s wit similar to Larry the Cable Guy. I love this Robin Hood photo of me, Hammer and Tommy because I have a huge grin on my face. I am sure Hammer had just pulled off another one liner.


Hammer shared with me the details of his wife’s passing. It had happened very suddenly. They learned of her illness in March and she was gone in June. Hammer was hurting and he let it all out. I had known Hammer for over 25 years, but I had never seen him like this. I knew that my friend was hurting, and so we cried together.


Hammer’s accomplishments at Gateway were numerous and profound. The sum of them all is a testament to his hard work and insane intelligence. His one accomplishment that he was the most proud was driving the company’s cash balance over one billion dollars. I asked him how he did it, and he slowly and humbly told me what he did. To be honest, I did not understand a lot of it, but I do know it took a special person to make it happen.

Shortly after we both became Senior Vice Presidents, he made it his personal goal to drive the company’s cash over ten figures. No one told Hammer to do this, he just took it upon himself. Think about how much understanding of the company’s financial status and operations to make such an ambitious target. Over the next four months, Hammer worked tirelessly on this goal. He traveled the globe to realign our supply chain to make the company as efficient as possible. The buzz word at the time was “just in time inventory”, and Hammer made it all happen single-handedly. To be clear, there were no drawn out meetings, no Powerpoint presentations, just one guy “hammering” his vision home. I remember the cold January day in South Dakota, when Dave McKittrick shared with the management team the Q4 97 financial results. Hammer and I shared a long hard hug.


At the end of our conversation, Hammer said, “I love you, Robby.” He frequently ended our conversations this way, and to be honest, I did not always reciprocate. I am so glad that this last time, I did. And I really meant it.

More importantly, he said, “Robby, we accomplished great things together.” I am very proud of this last comment. The most important word in that comment is “together”. Hammer made me a better business man and person and I like to think I did the same for him.

I love you Hammer.