A career in dental cybersecurity? Drilling down into this unique role
Tom Terronez joins Cyber Work to discuss security in an industry that doesn’t always make the headlines for security news: dentistry. Terronez co-founded Medix Dental, an IT and security provider for the dental industry, 20 years ago, and has the lowdown on some of the specific security issues dentist offices and networks face. It is an uphill battle to get the industry to acknowledge its extreme insecurity, and I find out how a shared love of Hall & Oates got Terronez into this very specific area of the security sphere. And I promise that I tried to avoid overusing the phrase “drill down on this point.” Spoiler: I failed.
0:00 - Dental industry cybersecurity
2:00 - Terronez's interest in tech
3:55 - Dentistry cybersecurity 20 years ago
5:00 - Dentistry cybersecurity dangers and issues
15:55 - Why the dental industry is susceptible to cyberattacks
18:50 - Common attack vectors against dentists
23:37 - How to work in dental cybersecurity
25:20 - What working in dental cybersecurity is like
26:40 - Volunteer opportunities in dental cybersecurity
28:22 - 2024 dental cybersecurity trends
31:20 - Tom Terronez's best cybersecurity career advice
32:50 - Learn more about Medix Dental
34:03 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
Transcript
Chris Sienko:
Today on CyberWork, tom Teranes joins me to discuss security in an industry that doesn't always make headlines for security news. I'm talking in this case about dentistry. Tom co-founded MedicsDental, an IT and security provider for the dental industry, 20 years ago and has the lowdown on some of the specific security issues that dentist offices and networks face, as well as the uphill battle of getting the industry to acknowledge its extreme insecurity at all. And I find out how a shared love of Hall of Notes got Tom into this very specific area of the security sphere. And I promise, promise, promise that I tried to avoid overusing the phrase drill down on this point. Spoiler alert I failed. That's all today on CyberWork. Hey, welcome to this week's episode of the CyberWork with InfoSec podcast. Each week we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of InfoSec professionals, while offering tips for breaking in or moving up the ladder in the cybersecurity industry. My guest today, tom Teranes, is a hands-on leader in the dental technology industry, committed to helping practices reach their efficiency and IT security potential. Since founding two tech companies in the early 2000s, those being MedicsDental and Tarostar Interactive Media, he has become a nationally respected and increasingly sought after expert in his field. His mission to help practices mitigate risk, protect patients and maximize overall success has allowed dentists all over the country to embrace a new type of technology partner and that was specifically why I wanted to talk to Tom today is that we've certainly had a lot of healthcare security talk on here, but I was very curious to hear what some of the specific security issues around the dental industry are, so I'm looking forward to hearing about that. So, tom, thanks for joining me today and welcome to CyberWork.
Tom Terronez:
Yeah, Chris, thanks for having me. I'm excited to have a conversation today.
Chris Sienko:
That's great to hear. Yeah, me too, so, yeah. So to help our listeners get to know you a little bit, I want to start out where I start out every episode and get a sense of where you first got interested in cybersecurity and tech. Was this like a childhood thing? Did you find it in high school or college, and what was it that got you excited about it?
Tom Terronez:
It was kind of organic. I had an uncle that loaned me his Commodore 64 back when I was a young kid and then we started into technology. I kind of fell into dental. One of my good friends, mothers, who I shared a common love of hollow notes with. She was a two location period on practice. Okay, this manager and so we. They were switched from a Mac based software to PC based software. We came in the dental supply vendor was trying to sell them the computers. We saved doctor about $25,000 between the two locations. Realize there's a business opportunity there. And that was kind of our start into the dental space and what you know. As we've gotten more and more immersed in it we started seeing what they needed, not just what they wanted. And cybersecurity was the first thing we noticed. That was incredibly lacking and unfortunately still still is to a certain extent. But we're one of the first in the space to really make that a focus and start. You know, giving out CE on a national level or that continue to credits. But yeah, that was kind of how we got into it. And then you know it's just become a passion point. Part of the industry you know that nobody really wants to acknowledge is there until something happens and it's just one of those things that's always changing, so that's what keeps it interesting.
Chris Sienko:
Yeah, yeah, no, that's that's. I love that and I love that it started with a shared love of hollanoats. Nice, nice biographical detail. I didn't, I didn't know I wanted it until I got it so, so you gave it, gave us a sense of why the why you sort of stepped into an opportunity that was was there for you. Can you talk about where there other was there? I got to imagine there weren't that many other players in this space where there are other companies that were servicing specifically dental, it and security concerns.
Tom Terronez:
Not locally, not in our local market. When we got started, you know, we start with local and regional, the national, and we've encountered more companies out there and a lot of them don't just focus on dental. Some of them will do have a fair amount of dental, but we find that a majority in the dental space are, you know, 20 employee or less IT companies that are doing dental. So it's interesting because we're much bigger than that and there's only actually a few companies around our size in the industry that are filled in this niche.
Chris Sienko:
Yeah, I got to imagine, with being the size that you are, that there's. You know, especially with a larger dental practice, that they're gonna say, well, let's go with the ones who you know clearly have the you know the countrywide spread and so forth. So I want to talk a little bit about that and what you provide because you know we've going back to almost the beginning of the show. We discussed news stories about the possibilities of IoT pacemakers being hacked and healthcare security and the sort of like big scary. You know all red, you know 22 point type headlines and so forth. You know, but can you tell our listeners specifically about the types of security and tech issues that you help solve within the dental sector?
Tom Terronez:
One of the things that's interesting and slightly scary is that a majority of dental practices are still utilizing on-premise servers, and some of the software that's been around for a long time is so poorly built that it requires elevated security on the workstations for the software even to run. So thankfully, we've seen a trend in some of the practices and organizations finally move to cloud, but by doing that it's very challenging. You have a small area you're protecting on the dental, but it's extremely vulnerable. Whereas you put the tools in place, you still have the human interaction, which is my biggest fear, because you know we pull out of technical things in place, but the limitations of the software, as well as knowing that the humans are interacting. In some cases you have dental practices that are using their servers as an additional workstation, so you can imagine how much fun that is.
Chris Sienko:
Complete with its own Wi-Fi connection. I've left the door open for you. So yeah, I mean I'm going to resist the urge to continue saying drill down around an issue, but because you know no one needs that, but yeah, so I guess I wanted to, sort of I do want to drill down around about that, but like, so we're talking about like old systems here. Right, these are things where, like there's, you know, patch management is not even going to be a thing, Like you're probably working off of, like you know, 20-year-old plus technology. Is that because you said you sort of need the sort of standalone external security because you can't really secure the stations as such? Is that one of the big problems that you see?
Tom Terronez:
Sort of Like. I mean, the software has been updated but none of it has actually been rewritten significantly in 20 years, so you could imagine the baggage that comes with it. Some use kind of proprietary database or small use database. They're not mainstream products. So the software itself and honestly one of the things that was most scary was that there was a shared password for some of the software vendors. So, if you knew that password, you got a whole of anybody's data. You could read it. So, even though they encrypted it, it was a shared key that was available, you know, pretty easily online. So essentially, you're just trying to protect, put a frame around the practice and protect what's happening in there, because that's the vulnerability.
Chris Sienko:
So is this something that it's like a default password for this particular piece of software and you could realistically change the password and make it safer, but no one thinks to, or is it? Or is it deeper than that, where it's like you're just going to get into this sort of vendors space and sort of travel through to the various Well, without speaking specifically about software package, but there was one at one point where it was just a singular password across everyone.
Tom Terronez:
That was the encryption key. That was a password, so if you knew that, you could see it through the course of support, pick that up and realize that you had the keys to the castle if you were able to get your hands on any of the data. And there were torrents found with copies of these databases. So that was one. But they've since made some changes to allow you to, you know, change your encryption key, change a master password. But also, you know, in the past there's a lot of these instances that were set up that were just kind of set up one way and have never changed.
Chris Sienko:
Yeah, left to sit there because it works fine on our end and there's no real need to change it. And you know, like everything else, people are overworked and don't need to be having to learn a new thing every 10 minutes or whatever. So well, I guess I think I know the answer to this. But what is the sort of target? What is the bounty that criminals are looking for in dental field? I'm assuming it's PII, but are they looking for specific aspects of it, Like what are some of the usual attack vectors? Is it ransomware? Is it data? A lot of that, okay.
Tom Terronez:
Ransomware and data exfiltration have been the two. But the thing that I find most uncomfortable about it is there's a lot of practices and IT providers that have had these experiences but have not documented, have not actually followed the legal channels of disclosing it to the federal and in some cases the state needs to be reported to as well. So there's a lot of information out there and it's just because you know you look at if you're with practices or being supported by small IT group, they're first informed with jobs to support you. They're not able to invest in the back end, the centralized services, the security services, the song things like that that you know larger companies can do so, just having the data being gone and are ransomed. They pay the ransom but they don't know if it's been exfiltrated because they don't have the tools in place to even know if it's been pulled out of there. So that's, I mean that's just talking about the systems they have. Another common thing is passwords. You know the same passwords being used and probably one of the more scary things is that even the cloud-based versions of these demo softwares that hold a ton of PII, some of them don't even support MFA or 2FA yet. Wow.
Chris Sienko:
Is that. I mean that's, those are softwares that are specific to sort of dentistry or wow, wow, okay. So I've been wondering, because I know that you do security but you also sort of cover IT and you sort of take care of the tech around this. Is there a lot of? Do you make a lot of recommendations of like you really have to get rid of this old thing and we need to sort of update it to something that's a little more, or are you really having to just keep building sort of external security setups because that one thing just can't go away? I mean, I don't have a sense of whether or not, like even you know, uprooting like however many decades of records from this old piece of software into like a new one, if that's even feasible or not it is, you know if you look at the history of how we've operated, we've tried to educate for a long time and even with that, the uptake on the education and actually participating in really low.
Tom Terronez:
And we've made security suggestions several times over the years to practice, and most of the time it was a compromised efficiency, so they didn't want to take the steps. So what we've realized is that we can't really change how the practices operate. We just can't seem to change that. But we still are in charge of protecting their data to a certain extent. So what we've done is we've kind of aligned with some of what I call the leading cloud software providers that take security seriously, and so with those we tried to move them to those products because it's, you know, it's we can't get the practices to lock down to the point that I feel that there are 100% failsafe.
Chris Sienko:
So sleep a little easier yeah right, yeah, so you know.
Tom Terronez:
and plus, if you look at, you know majority of the industries. Dentistry is way behind on leveraging cloud technologies. So that's been our strategy. In addition to putting, if there's still going to use on-premise or posted, we'll just put as many tools as we can in place, layers, to try to mitigate the user mistakes. You know.
Chris Sienko:
Yeah, now, without you know drawing, you know painting with a broad brush or whatever. Like, when companies are contacting I mean, I'm assuming a lot of them contact you I don't know how much outreach you do as well, but like, what specific problems are they often coming looking for? Are they frequently saying I have been breached, I need to deal with security, or is it more like I heard about you know x, y, z. I should probably do this before something bad happens. Like, is there a sense of like? I guess I'm trying to figure out whether the dental sector is even sort of aware of its big problems or not, or whether it's sort of like finding out the hard way.
Tom Terronez:
You know what I mean yeah, it's hard to say Honestly a lot of people don't come to us with the security as their first need, something else. A lot of times it's like, hey, we use this IT company for 10 years and we continue to grow. We feel like we've kind of outgrown them. I see. In some cases, though, when we do our first discovery phase with them, we find very serious security concerns, and unfortunately that's been more of the trend than Okay. And another part that's tough is because I consider dental fairly unsophisticated, like even the dental organizations unsophisticated with cybersecurity. There is a company in the dental space that talks cybersecurity but really is not offering what I consider true cybersecurity, so it creates a false sense of competence. You engage with this company and you're safer, which, from my perspective, you're not If you're working with a good IT provider, that's, and a cybersecurity partner or one that's kind of segments the two, because the roles in my mind are different. So that's the better strategy, but it is a pretty big concern, and we did a data study here before the pandemic, and I mean we sampled a few hundred dental practices and a lot of them were missing fire homes they're using just the internet modems access points, with no password changes in years, with people that have been high risk terminations. I mean, there's just so many things that we've uncovered and all we can do is we can do the best we can with our clients, but we've been trying to push the message and make it a priority. It just depends on where it sits, but moving people to the cloud has been something we can get people to do and it has an impact on reducing their surface.
Chris Sienko:
Okay, yeah, I wonder if you have a sense of maybe that's because we hear so much about healthcare security and IOT hacking and hospitals being ransomware, Like there's that ambient sense that like this isn't safe, we need to do something about this, Whereas I don't. This is literally the first I've heard about, I've even given a thought to, like dental security, Is it? Do you think that some of the laxness on the part of the industry as a quote unquote whole is sort of stemming from the fact that you don't really, like you said, they don't report on it, self report and whatever is that? It's assumed that maybe they're not coming for us.
Tom Terronez:
Well, yeah, so my thing is the bad guys go for big targets or low hanging fruit, and dental definitely falls under low hanging fruit. I do feel that the tone has changed based on some recent incidents. A large dental organization I won't mention my here, but you can Google and figure this out they had a very significant incident, affected multiple systems. They're a national company, and then a big dental supplier also had a severe incident, and both of them is, for what I understand, still not a hundred percent. In some cases, one of them had been re-encrypted and shut down, and actually the bad guys or the hackers, if you have whatever you wanna call them provided copies of the emails of their cybersecurity port from the vendor who they've hired to mitigate the attack, so it's like.
Chris Sienko:
But practice have got to see some impact from that because they couldn't make their traditional orders, they could do the things.
Tom Terronez:
So I think my hope is that it's taken more seriously, moving forward and people really understand. And some people think okay, if I have the security and stand up for dental practice, people are upset. Do what I'm supposed to do. It's still very expensive, supposedly they have insurance for. But the other part of that is the local reputation. If your patients are uncomfortable and they don't trust you I mean they trust you with their oral care, but they're also interested in personal information.
Chris Sienko:
Yeah, they'll test a lot of different local places with their oral care, but if one of them has this big, big red mark on their record, then maybe they call you second or third.
Tom Terronez:
Yeah, but then that kind of leads to another challenge in the industry with cybersecurity insurance, because it's kind of the Wild West. Nobody really knows differences. A lot of them don't understand what they need or what they don't. The flip side is a lot of them don't know how to answer those applications. So unless they get their IT and per iderm ball, we've had some cases where somebody gave us a copy of their application to review and I was like if you would have turned that in and had an incident, they would have found ways to just not pay the claim because it's not honest, and so that's another fear I have. That's just beyond it, because I think that happens a lot. People wanna check these boxes, but if the insurance companies find that the source of the breach is through something that they were not honest about, you have no coverage. Yes, exactly, that's serious.
Chris Sienko:
Well, speaking of where Breaks has come through, I wanted to get a sense of some of the common attack vectors. With dental practices, I'm assuming that fishing and social engineering is a common attack vector. Are there any other common? Because, like you said, there's these practices that are flying about as unprotected as you can, with no firewalls, just running off a modem or using their data backup as their primary workstation or whatever. What are some of the common attack vectors? And also yeah, I guess that's about it, but yeah, so let's start with that.
Tom Terronez:
Well, I think you hit the two most common ones on that social engineering and fishing. They're extremely vulnerable to that.
Chris Sienko:
Right.
Tom Terronez:
By default, they're trusting the make. All needs to do something.
Chris Sienko:
I guess that was what I was going to ask was I forgot it for a second there? But are there particular fishing? What are some things that they seem to fall through? Are attackers using dental specific things? Here's an invoice from your superior, or so-and-so needs to reschedule. Click this thing, or are they really still just being hit the same? Click here for a free pizza. Click here to unsubscribe from your Hulu or whatever.
Tom Terronez:
Yeah, it's pretty much the general stuff, because there's been some cases where we've been made aware of some spear fishing in the dental organizations, in the local groups. But a lot of the methodologies that we've witnessed thankfully our clients have been pretty well protected and not experienced that. But what we've witnessed and what they've shared is that just kind of the general fishing stuff UPS, fedex, banks, those kind of things, but the easy ones.
Chris Sienko:
Yeah, is there any particular taste for security awareness, sort of educate. When these things happen, do you see people rolling in afterwards and being sort of educating the receptionists and the people on duty about, hey, don't click this thing, don't click that thing, or does it go straight to the hardware?
Tom Terronez:
Honestly, we haven't seen a lot of upticks after things have happened as far as inquiries. So if a practice witness is something, we first try to understand whether they collected or not. If we don't trust that they are being honest and they didn't collect it, then we do a deep dive to try to make sure nothing happened. But it's one of those things that I still feel a lot of people think it won't happen to them, even if it happened to another group. They just don't think it could happen to them. And back a handful of years ago there was two incidents with two dental service IT providers that through non-MFA protected remote access software they were able to hit I don't remember the exact number, but several hundred dental practices and encrypt them. And then I actually spoke to Brian Krebs about that because he did an art upon it and interviewed me and we're talking about just some of the things and I was like I hope seeing this changes the behaviors, changes the priority of it and honestly it was like made some noise for a little bit and it didn't. So I tried to be optimistic when I'm done so.
Chris Sienko:
You mentioned coming in and talking to about what happened and whether they documented. Does your company provide incident response work as well, then, or are you just asking them in sense of what's happened in the past? Here's what we have for you, yeah.
Tom Terronez:
So we do some consulting, too, with groups that are acquiring practices and things. So that's one of the things that I made sure is part of diligence. You ask these questions and if they are false, if we discover something afterwards, then you have some recourse if they weren't honest. But it's one of those things that we've just heard about through other insiders in the industry Not with our clients, of course, but where we've heard of a scenario where they had ransomware and they were told that they were going to pull the data. They didn't pay the ransom. They said they pulled the data, they didn't really know if it was distributed, but it never got disclosed, and I've heard at least 25, 30 stories like that. So if you know, if you're hearing those stories, you can always check the HIPAA wall of shame, because that's where it will show up at.
Chris Sienko:
Yeah, and if I don't see them?
Tom Terronez:
eventually popping up there, then I know that they didn't disclose it, and so there's probably several more out there that have had these incidents and didn't really work and guided the right way to handle them.
Chris Sienko:
Yeah, ok. So yeah, we could go down that rabbit hole and try to sort of pull things back or not for another hour. But I want to pivot this into people who are joining the industry now, trying to get into cybersecurity, changing to cyber from other roles, and specifically, people who maybe are in the dental sector now who maybe want to work in something like this. I think knowing the industry up front is probably a really good spring board. If you wanted to sort of do this type of work, do you have any suggestions of certain must-do activities, must-have certs, must-have skill sets that would put you on the radar of potential employers or, if you're being like a freelancer like this, that would make you desirable to a dental practice that would want you to help them?
Tom Terronez:
Yeah, I mean. The certifications obviously are extremely beneficial. It means you've done the work. The hard thing is that with the techniques changing so often, when we're looking for people, it's more of the acumen and the interest, because if they have a good enough understanding and have an interest, they will invest in deepening your skill set for it. I think a lot of people that come into dental from even health care or other industries and look at cybersecurity. They are appalled and caught off guard and in some cases they realize that the companies that they're working for don't have the budgets to take a lot of action, which is kind of like why have a CISO if you without a budget?
Chris Sienko:
to do anything.
Tom Terronez:
So it's hard. It's like you pretty much assume when you're coming into dental. A lot needs to be done.
Chris Sienko:
Yes, yes, ok. Well, that was going to be my next question. You're sort of answering it right now, but are there specific aspects of the dental industry that would be cyber pros who want to go into this area should be aware of when researching jobs? Like you said, I want to see if there's sort of like a profile or something that we can sort of fit together. You said that budgets obviously going to be a problem, but where do you see new pros being able to enter the industry and make an impact, even when there's compromised budgets like that?
Tom Terronez:
Well. I mean, I think, just helping people helping the organization, even if they don't have the ability to do a ton of mitigation right away. But having that skill set to be able to give them a holistic picture and then translate it to non-technical English for leadership so that they truly understand, I think there's a huge value in that. I mean me being a vendor is and even though I've done it so long and I've had a lot of involvement and people trust it still like they're kind of like oh, you just put more money. Like I will talk about this and guide my competitors too Like I. Just I want the industry to tighten things down. I want to protect the practices on protect the patients. That's my ultimate goal. But anyway, that comes over. You know it's an uphill time because it's not given the priority it needs to be.
Chris Sienko:
Yeah, yeah, no, I know as a whole, yeah, I totally agree. So, yeah, so, I guess sort of going further down into like a very personal thing like that, if you're, if you're really just getting started and you want to kind of make your name in this area, are there sort of security volunteer opportunities you could do with, like your local local dental? You know, I'm always talking to ICS practitioners about volunteering with your state and local municipalities to help secure, you know, in local infrastructure and things like that. Do you see sort of an in if you have like a two person dental office in your, you know, in your, your town and you can say, look, I have this, this skill set and background, I'll do this for free to get experience? Is that, is that something that you think is viable, or or do you think most of them are are going to resist something like that?
Tom Terronez:
I think, that might be tough because one you have to compliance standpoint. So you okay, they touch on the systems.
Chris Sienko:
I have to understand that they have to sign a business associate agreement.
Tom Terronez:
Yes, take on the responsibility. The other side is when you're working with a lot of, like, a lot of the dental practice that uses small IT companies a lot of them and I'm not saying there's always exceptions, just like there's exceptions to dental groups and practices that are really focused on cybersecurity but the smaller IT groups are very territorial and very like because they know they're probably not doing a great job. They don't want anybody to look under the hood. So we've encountered that more times than not. So somebody comes in and a volunteer after you, like, hey, we want to value it, even if it's somebody that the doctor knows well they're going to probably hit resistance with yeah that makes sense so but it would be a good experience and, honestly, you could probably take Cali Linux into any dental practice that's, you know, with a for IT partner and really scare the bejeebers.
Chris Sienko:
Right, yeah, yeah, that's, yeah, it's the hands on thing is going to get you the, get you the client there. Yeah so, as we were starting the new year here, tom, do you see any particular security trends for the industry in 2024 in terms of differing attack vector, cybercrime trends, or if it's just going to be kind of business as usual, do you see anything rising up?
Tom Terronez:
or I don't see anything new. You know it's the same. You know the individual practices are vulnerable in a lot of cases. The bigger organizations that are not leveraging a cloud based platform a good cloud based platform. As far as, like, the attack methodologies, I haven't seen anything new. Ish, you know, the trends are just different and I think, like some of the bigger incidents in the dental industry have all been related to unsupported operating systems, systems that were based on it. Like that large dental vendor had a lot of that, and I'm sure the other one did as well. So they're extremely vulnerable. Yeah, a lot of tools in there, but there's just open holes. So, yeah, yeah, I there's. You know, my whole thing is educating the staff, educating them from online, making sure they are aware, and so that's kind of what our thing is. You know, we try to make a very, very tailored educational component to what they do. You know okay yeah, so you know we know what area, what types of things are doing there. They're popping between email websites and the software, and so we try to make them one understand which email, what things to look out for on the email, what not to click. My whole thing is if, if you have any doubt, don't click yes, you know. And then if you do and something weird's happening, shut it down.
Chris Sienko:
We have like if it's one of our clients.
Tom Terronez:
we have a tool that you place that, if they sent, we have like one of bunch of honeypots on the machine, so if a file changes on the honeypots it just shuts the machine down. But so that's kind of the starting point, because email tends to be the biggest vulnerability. And then we talk about websites, password hygiene, which you would think that, hygiene being a thing in dental, they would understand the terminology. Yeah, exactly, but we still we'll still get passwords and we'll be like, why are all those dentist one, two, three, yeah, or workforce Big smiles or teeth?
Chris Sienko:
32.
Tom Terronez:
I mean you can almost predict and you know, and so the kind of funny thing is some birth competitors use the same passwords, so taking over a client, we can go in and have admin access, just because we know the passwords or we know how they generate their passwords. But yeah, but starting with the staff, that's whatever we can do to provide that, and it's not the traditional like no before stuff. It's just helping them understand in their job what are the things that need to be paying attention to and then refreshing that on a regular basis.
Chris Sienko:
Yeah, I mean, if you never have been told this before, like how would you know? You know that's not part of the training you know as a standard default, especially if you've been there for 30 years. So as we wrap up today, tom, could you tell our listeners the best piece of career advice you ever received?
Tom Terronez:
Oh boy, that's a tough one. One of the things that I had a mentor who's passed away a credible person, incredibly successful. What he always said is the things about business that are most difficult are the things you can't control. Don't focus on everything else. That's how I developed my leadership style, and also when I'm looking at opportunities, we're selective. We fire clients not because we want to, but if we don't feel we can deliver what we want to for them.
Chris Sienko:
Yeah.
Tom Terronez:
I think if you want to pull out something, be comfortable saying no to an opportunity. If you don't feel it's ideal, whether you're looking at a new job or a new client, get comfortable with that. I think a lot of people are like, well, we're just trying to grow and try to get, but there's a cost to the wrong fit and that can be very, very difficult.
Chris Sienko:
Yeah, I think that's excellent advice. As you said, it's extremely difficult to take to heart when you're scrabbling for every single client you can possibly get and then you have to say, oh, this one is just going to make things worse.
Tom Terronez:
Well, that's the one thing. If you asked me what I would have told myself 15 years ago, say no when you see red flags, right?
Chris Sienko:
We've been discussing MedExtental a bit at the top of the show and throughout here, but if you'd like to tell us more about the services you offer, please feel free to do so here.
Tom Terronez:
Sure, our stack is the traditional managed services national field service projects, support anything related to IT and industry. We have the security advisory on top of that. But then we also do a fair amount of like strategy. Whereas if a group's growing or making acquisitions, we assist with due diligence, fractional rules, placement, we found that just through some of these we've created more offerings and we'll be having some more offerings from that. We just flow into where we need to be and then create offerings based on that. If you're familiar with dental, you think there's a lot of consolidation happening that's accelerated through the pandemic. There's just new challenges out there. That's about as concise as I can get.
Chris Sienko:
All right. Well then, I got one last question for you. If our listeners want to learn more about you, tom Terenes or Medex Dental, where should they look online?
Tom Terronez:
MedexDentalcom, or that's with an X. Medixcom.
Chris Sienko:
Great Well, thank you so much for joining me, Tom. I really enjoyed speaking with you today.
Tom Terronez:
Yeah, thanks, chris, it was a lot of fun.
Chris Sienko:
My pleasure. Thank you to our 80,000 plus cyber work viewers and subscribers. You're inputting enthusiasm. Make this a joy to do each week. If you have any topics you would like us to cover or guests you'd like to see on the show, always feel free to drop them in the comments below. We've started using our community function on YouTube, so feel free to jump in there and tell us what you think Before I let you go. I hope you'll remember to visit infosecinstitutecom Free to get a whole bunch of free and exclusive stuff for cyber work listeners, including our new security awareness video training series, workbytes, which is just awesome and hilarious. I hope you watch the trailer for that. It is also the place to go for your free cyber security talent development ebook, where you'll find in-depth training plans for the 12 most common security roles, including SOC analysts, pentester, cloud security engineer, information risk analyst, privacy manager, secure coder and more. One more time infosecinstitutecom slash free and, yes, the link is in the description. Thank you once again to Tom Terenes and MidExdental and thank you all so much for watching and listening. So until next week, have a great week and happy learning.
Subscribe to podcast
How does your salary stack up?
Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.
Weekly career advice
Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.
Q&As with industry pros
Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.
Level up your skills
Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.