Heidi Otway: Hi, Danny. Welcome to the Fluent in Floridian podcast. We're so glad to have you as a guest on our show today.

Danny Jenkins: Thank you for inviting me today.

Heidi Otway: So you're originally from the UK and you're running this amazing cybersecurity company here based in Florida, but I want to start from how did you get from the UK to Florida?

Danny Jenkins: So it's a very long story actually. So first, I actually left the UK when I was 19.

Heidi Otway: Okay.

Danny Jenkins: I wasn't intending, but I was traveling and ended up staying in Ireland for 10 years of my life where I met my wife and the co-founder of ThreatLocker actually. And then I was kind of fed up with the island. I was fed up with the weather. I was fed up with the misery. So I went to Malta for about a year, and then I was in Florida on business one day and I went home and said to my wife, "Let's move to Florida." We had a six-week-old baby at the time and within six weeks, we were on a plane and we were in Florida.

Heidi Otway: Well, how many years ago was that?

Danny Jenkins: That was in 2010, so 15 years ago.

Heidi Otway: 2010. Okay. Did you go to Orlando? Because I know you're based in Central Florida. So did you go to Orlando and go to Disney or where did you come in Florida that made you say, "This is where I want to live"?

Danny Jenkins: We'd been to Disney a few times before that, but I was in Orlando. It just wasn't Disney. It was north of Orlando, so Mason area where ThreatLocker is based now. I was just like, "You know what? It's so nice here. It's sunny. Everyone's so friendly. And the income taxes are much lower than they were in Ireland, not as cheap as Malta. And it just seems like there are so many things to do here and I think it would be a great place to raise the kids."

Heidi Otway: Yeah.

Danny Jenkins: So our kids were, I think, three months old, two years old, and five years old or four years old when we did it, and we just dragged them over here and now they're fully American.

Heidi Otway: So it's safe for me to say that you're a Floridian now, right?

Danny Jenkins: Yeah, English-born Florida man.

Heidi Otway: Okay. I love it. I love it. So what sparked the creation of ThreatLocker. Was the company based in Malta/UK before you came here or did you establish it when you got into Florida?

Danny Jenkins: No, so we established it in Florida. We started ThreatLocker in 2017. And the idea was, at the time, I'd had an email security company which I'd sold to a UK company. And at the time, I was doing two things. One was a bit of ethical hacking and the other one mostly ended up being ransomware recoveries, where companies would call me and say, "Hey, I've been hit by ransomware, can you help with the recovery?"

Heidi Otway: Yeah.

Danny Jenkins: We'd already decided we wanted to do this, but I kind of didn't want to sell to IT. IT professionals are the worst buyers in the world, and I'm an IT person.

Heidi Otway: Right.

Danny Jenkins: I'm always running late, I'm always busy, and I don't show up on calls sometimes because I forget and I get caught up with coding something. So I don't want to build another business that relies on selling to IT people, but we've kind of done this over and over again. I saw these ransomware cases, there was one in Australia that was particularly difficult to recover from, and the answer was very simple to me. It was just block all untrusted software. Block things that aren't needed. And then it doesn't matter if it's good or bad. It won't be allowed. And everyone said it was a dumb idea. And in 2017 when WannaCry spread across the world ... I don't know if you remember the WannaCry malware.

Heidi Otway: Yeah.

Danny Jenkins: I just thought, "At this point, we have to do this and we have to go 100% fully in on changing the way that people think about security."

Heidi Otway: Yeah. How did you all come up with the name ThreatLocker? I think that is a phenomenal brand name. As a marketer, I think that's a phenomenal name.

Danny Jenkins: I would love to say it's some kind of magical story, but this is the reality. So I knew that we had to have a .com. We just kept coming up with names that were rubbish and we changed it. So I got a list of all security-related words in the world and put them in two lists, and then joined them together and checked all of the .coms that were available. And there were about five .coms available and ThreatLocker seemed like the best one. So it's not some kind of magical marketing genius. It was just kind of luck. And when I did it, I thought we'd made a mistake because when I searched ThreatLocker in Google a week after we registered it, it said, "Do you mean Thread-Locker?" which is a glue, and I was like ...

Heidi Otway: Oh my God.

Danny Jenkins: Google corrected itself pretty quickly once we became established.

Heidi Otway: Well, that's a great story. When you were talking, it sounded to me like one of those Facebook games where you take and put a first name and a last name together and then it comes up with your pseudo name or something like that, so it sounds like a fun exercise.

Danny Jenkins: I would like to say it was all intelligence, but not really.

Heidi Otway: Well, it's a great name and thanks for sharing that story. So your company is based in Central Florida and you serve more than 50,000 businesses worldwide. So tell us more about what you've seen as Florida becoming this tech hub because South Florida, a lot of tech companies, Tampa, a lot of tech companies, Orlando, where you're located, tech companies. So what is the role of cybersecurity in the state of Florida? What are you seeing? What have you heard? What have you seen? I mean, here in Tallahassee we've heard a number of phishing attempts in. People stealing, locking down people's computers for ransomware, things like that. So what are you seeing in Florida? And I also would like to get your perspective on Florida's growing tech sector.

Danny Jenkins: So I think from a malware point of view and a cyber attacks point of view, exploding every year we think we've hit a peak and every year it's worse. And I remember when we started ThreatLocker, the entire size of the endpoint security market was $10 billion, all endpoint security worldwide. Today, cyber crime is $25 billion. So it's exploding at a rate you can't imagine and every year it's going up and up. And the big areas where we've seen it ... So I saw a company that got hit by ransomware and they weren't a customer, and they essentially got into their headquarters, managed to transmit across the network, and pushed out ransomware to thousands of endpoints and locked down their entire company for nine months, making the business stop functioning. It was a manufacturing company. I've seen hospitals get shut down, government cities. I mean, remember in 2019, I think there were three cities in the month of July in 2019 in Florida that had to pay ransoms to get the water billing back working.

This is the kind of thing we see all the time, but it's increasing and increasing all the time. Spear phishing, AI has accelerated it because it meant that anyone with a computer now can create malware. So I think that's one of the big areas. The other thing we see quite a lot, what we're seeing a lot more of, is data theft. So it used to be about when they'd get on your network, they'd encrypt your files and if you want your files back, you have to pay a ransom. Now they steal your files and say, "We're going to release them to the internet if you don't pay a ransom."

Heidi Otway:  Yeah. Wow. So who are the companies that you're serving and what is the work that you do for them through your company?

Danny Jenkins: So essentially we have clients for every type of business you can think of. Small businesses, dental offices, right up to in Florida, the Orlando Magic is a customer.

Heidi Otway: Oh, cool.

Danny Jenkins: We've got companies like JetBlue Airways. We've got probably hundreds and hundreds of hospitals, banks, financial companies. Manufacturing companies are incredibly big.

Heidi Otway: Yeah.

Danny Jenkins: Some of the biggest airports in the world, parts of the US Navy.

Heidi Otway: Wow.

Danny Jenkins: It's really all over the shop.

Heidi Otway: Wow, that's fantastic. And then tell me a little bit about the services that you provide for them because we have a lot of listeners who run businesses and they may not think, "Oh, I'm too small," or, "I don't need this." So I'd just be curious to know the services that you provide and what they should be thinking about when it comes to protecting their data, their systems, their processes that all use technology.

Danny Jenkins: So the reality is nearly every cyber attack we see on the news is a big company. It's MGM. It's the Colonial Pipeline. It's the city. But for every one company you see on the news, there's 1,000 companies you don't see and 990 of those are small businesses. So this affects everybody, not just large organizations. And people often think, "Well, why would someone want my data?" Well, they don't, but you do. And if they can take that away from you, you're willing to pay to get it back.

So the two areas we really focus on, the first one which is the core mission of ThreatLocker, which is, "Hey. Instead of trying to block everything that's bad, which is impossible, what we're going to do is we're going to harden your system so it can only run what you need to run your business." And if you want to make changes, that's very easy. What that means is if someone emails you a piece of malware that's never been seen before, it will not be able to run unless it's approved by your IT department. If you are a small business, that normally gets managed by your managed IT company. And frankly, if your managed IT company at this point isn't turning on things like allowing listings to block untrusted software, they're probably not doing a good job. Or if you've got your own internal IT company, they'll manage it. So that's the first part.

And mostly that sounds like the boring part, but that stops 99.9% of the attacks. The 0.1% that we catch at the very end is what we call a managed detection response, so 24 hours a day, 365 days a year. Something suspicious happens on your system. Someone here in Orlando in our office gets an alert and says, "Hey. This customer system, something's happened that looks like it could be an attack." They review it, they see if it's real, and they kick them out if it is real. And that's the exciting stuff because you get to find the hackers in the game, but it's much more exciting to just make sure they don't get in in the first place.

Heidi Otway: Wow. Wow. Well, can I tell you that I keep getting text messages saying that I owe money for unpaid tolls?

Danny Jenkins: Yeah, I get those all the time.

Heidi Otway: So tell me about that. I mean, this scam is actually making news across the state of Florida. What's your take on that?

Danny Jenkins: There are so many different ways people scam, and this is obviously the latest one where they'll ask you to click on a link. It's not when they steal $100 from you or $50 from tolls that concerns me. It's when you put in your driving license number and then they're stealing your identity and filing tax returns on your behalf. So people should be really careful about that. It's one of the big challenges. Individuals. It tends to affect companies less, but more individuals where they put in their driving license number and the next thing, the IRS mailed somebody a $14,000 refund check in their name.

Heidi Otway: Okay. For those who aren't watching this, my jaw just dropped when you said that. That is crazy.

Danny Jenkins: So you should be super careful about those things.

Heidi Otway: All right, so what can consumers do to protect themselves? What are the top three things that someone should know that says, "This is probably not legitimate," or, "This is what I need to do before I click that link"?

Danny Jenkins: So generally, don't click the link because you're probably not going to get a text message saying you owe tolls. But I think first of all, you shouldn't be uploading your ID anywhere. The IRS is not going to ask you for your ID. The State of Florida toll system is not going to ask your ID. So be really careful about putting Social Security numbers in, driving licenses into any website you go to. Full stop. I think the other thing as an individual is to lock your credit report. You have to download three apps, which is a pain, but it means no one can apply for credit in your name. So if someone does steal your identity, their life just got a lot harder because they can't apply for credit in your name. So download the Experian, the Equifax, and the TransUnion app and just put it on lock. If you want to go and buy a car, go into the app, unlock it, then lock it again when you're finished. That's a really good tip for consumers.

If you're working for a company, I feel like every employee is responsible for the company's security. So ask them, "Well, what are you doing to stop me running bad software by default?" Ask them, "Why do I not have to put in a second dual-factor when I log into my email?" Because if you don't, your company's not doing enough and that could affect you because you might lose your job. The company might be affected. Their customers might be. Also, your data is in the company. They've got your social security number, everything. So you should demand your employer has good security practices too.

Heidi Otway: Yeah. So Danny, you've been in Florida for a number of years and from our looking at your background, you do a lot within the community. So tell me about some of the things that you do to support the community where you live, work, and play.

Danny Jenkins: So I would like to say I do a lot. Sami, who's our CRO and my wife as well. She does a lot more than me because I'm too busy. I mean, I think any company can help the community in a few different ways. One is I think the way we help the community most is our hiring practices. Hiring people that wouldn't have opportunities. We have a no degree policy. So we don't refuse degrees, but nobody is required to have a degree to work at ThreatLocker. We do purely on your merit and ability to do the job and that has created opportunity for ... I've seen people come in as juniors at $20,000 a year earning well into six-figure salaries now because they're just doing a good job and it's the merit of their work. So from my point of view, I think that's probably the most important thing is it's changed people's lives. I've seen people who couldn't make rent who are suddenly driving nice cars, have bought their first house, and I think that's more important.

We also do a lot with Orlando Magic. We do a lot with Ronald McDonald. We have a swag store here where people can come in and buy. And every year, we sell about $50,000 of ThreatLocker merchandise, whether it be a T-shirt like this.

Heidi Otway: I know. I love that shirt. I was looking at that. I said, "That looks nice."

Danny Jenkins: I think we sold about $50,000 last year and then we matched it. So we always do donations to Ronald McDonald and we're helping with various other projects as well. But I think the most important thing, things I'm more proud of are the security breaches we stop and the staff and the team we've managed to train and have grown with the company because that helps everyone when people have good jobs. And don't get me wrong, it's a hard job. Working at ThreatLocker is probably one of the hardest jobs you'll ever have, but there's nothing more satisfying than when we shut down a breach. I remember an attacker gave up. They got into the hospital and they gave up because they couldn't do anything because ThreatLocker was on the machines, and that's a really good feeling.

Heidi Otway: Yeah. Congratulations. So tell us about the industry in general. You talked about careers in this. You talk about AI taking away jobs, but it sounds like it's not taking away cybersecurity jobs at all. So talk about your industry and what the opportunities are for those who may be listening and interested in either working in the industry or supporting the industry.

Danny Jenkins: Here's the thing about working in cybersecurity. You have to really care about what you're doing. It's much better paid, but it's on par with being in the healthcare industry in that if you don't care about it ... It's a hard job, so you've got to care about the customer. I always say to our staff, "We are not supporting a product. We are supporting airports, airlines, hospitals, [inaudible 00:15:27] cities. And when we fail, they fail." So if you don't care about it, you shouldn't be in the industry. But for those who have a really good engineering mind, for those who think logically and rationally, it can create opportunities that you could never imagine. Even myself, I didn't graduate high school. I left school at 15.

Today, we're in a billion-and-a-half-dollar-value company, but that's one, of course, rare example. But you don't have to be a college graduate. You don't have to have four years of education to do really well in this industry. You do have to care. You have to be interested in it. And it does become a way of your life. The best engineers we hire build labs at home. They have computer setups in the house because they're trying to break stuff and fix stuff and figure out how things work. And I think it's great because it's the people that you wouldn't expect to do well, the people that do fantastic.

Heidi Otway: Oh, man. That is just so inspirational to hear. So Danny, looking ahead, what excites you about the future of cybersecurity and what role do you hope ThreatLocker will play in shaping that worldwide and, of course, here in Florida?

Danny Jenkins: So here's the downside of cybersecurity. As an industry, we are losing. Full stop. I mean, cyber crime is up. You think about 9/11 and the TSA going out there and saying, "We're going to fight the bad guys. We're going to stop terrorists on planes." Imagine every year there were twice as many attacks. So when I think about excitement, in first respect, I have to acknowledge and we all have to acknowledge that we're losing. We're losing. As an industry, we're losing the battle. Individual wins.

Now, the other part of this is we can change this. Securing businesses isn't hard and we have one mission. And it's not about making money, it's not about growing big as a company, but that one mission is to make sure the entire world operates on what we call a zero trust basis. And if we operate on that basis, cyber crime disappears. So what excites me is essentially ending the industry or limiting the size of the industry because we stopped cyber crime. And we can do it. It is possible, but the industry right now is losing and I think that's a sad point to be in. But I think the future has options. People can make changes. They can change the way they secure their environments. And suddenly, it turns on its head and the bad guys start losing and the number of cyber crime starts going down.

Heidi Otway: Yeah. We're a small business and I tell you, I trust no one. I trust no email. I trust no text. I trust nothing. But to the average consumer, it's a different story. So I really want to hear a little bit more about what are the steps of a zero trust basis. I thought that was very intriguing.

Danny Jenkins: So essentially, the idea of zero trust is that you only give access where access is required. It could be that you're an employer and you've got 100 employees, and you say, "Bob here is in charge of our maintenance room, so what does he need access to? He needs the maintenance keys. He needs access to anywhere in the building to do maintenance. He doesn't have logins and access to all of the payroll information. Julie has access to the payroll and she needs access to the payroll, but she doesn't need access to all of our customer's data." So the principle is that you only have access to what you need.

Now we are not focusing at the user permissions. We're focusing at the software that can run. You think about malware and viruses being some magical software. They're not. They're literally just software. And so we say, "No software can run in the environment unless it needs to run for the business purpose." And that means if you have a user that gets tricked and someone calls them and says, "Hey, I'm calling from Microsoft. You've got a virus on your computer," they try and download the piece of malware that this very nice man on the phone tells them. It gets blocked because it's not needed, therefore it's blocked.

Every application you run in your environment. So if you download a game on your computer, that game can see all of your files. In a zero trust world or in a ThreatLocker world, the game can only see the files it needs to see. So if it's got a back door, if it's compromised, it can't be breached. That's really what it means and it sounds complicated, but it's not. It's really about learning what you need. Most of this can be automated and just locking it down to that state.

Heidi Otway: Wow, that is fascinating. And I know that you're called on as a subject matter expert and a speaker at different conferences in different groups. So for those who are listening and watching, please. If you got questions. I'm sure Danny would be very happy to answer them and to tell you more on how to protect your company. So Danny, when you're not protecting your clients and the world from cyber attacks, what do you do for fun?

Danny Jenkins: I don't get much time. I mean, we go on vacations, but vacations are kind of like less work. So I love to go scuba diving in the Maldives. Me and my wife ice skate sometimes together over at [inaudible 00:20:43], or Genesis as it is now. Sometimes we'll go out on the lake, but most of the time we're working.

Heidi Otway: Yeah. Well, I want to thank you so much for being a guest on this Fluent in Floridian podcast. I've learned so much and I know that our listeners and viewers have learned a lot as well. And before we wrap, any closing thoughts that you'd like to share with everyone about cybersecurity and ThreatLocker?

Danny Jenkins: Yeah. So I think if you're in Florida and you want a career in cybersecurity, we have career days so that's always good to watch out for. Ask questions in cybersecurity. If you've got an external IT company, ask them, "What do we do to stop untrusted software? Do I have dual factor authentication?" And if you're a bit more technical, if you want to send your technical people, we have a series of webinars every Tuesday at 11:00 AM. We call it 100 Days to Improve Your Cybersecurity. We're three weeks in now, but you can watch them on YouTube and it tells you what to do over 100 days to make sure that your business can't be hacked. Now it is targeted towards a little bit technical, but as a business owner, watch it and at least come out and ask your IT guy, "Did we do this? Did we do this? Did we do this?"

Heidi Otway: Okay. Well, I'm going to go ahead and go to my YouTube channel and I'm going to click on that so I can start watching to protect our company even more. Danny, again, thank you so much for being on the Fluent in Floridian podcast. I learned a lot and am really thrilled that you were here to share your knowledge and expertise.

Danny Jenkins: Thank you.