Hi, I’m Greg Schaffer, and welcome to the Virtual CISO Moment. Keith Walker joins us today. He is System Administrator at NANI. Keith, thank you so much for joining us today.
Good morning. Thanks for having me on.
And I hope I pronounced it right, the acronym NANI. What does NANI stand for?
NANI is for Nephrology Associates of Northern Illinois and Indiana. That’s a mouthful. So thank you for joining me. We’d love to start out as we usually do.
Please tell me about your start. Why did you get into IT and all this technology stuff and what drew you to it?
And just talk about your career path to it. What led you to where you’re at at Nanny today?
Certainly. I’ll try and make it as short and sweet as possible because it’s kind of lengthy. About two thousand twelve, my stepfather passed away, and when he did, I inherited all of his. technology um he was a sysadmin and security admin for the company that he worked for so he had quite a bit of technology I think I probably got half a dozen computers um and had just started my bachelor’s program at about the time he passed. And my wife saw me tinkering and playing with all of the computers, trying to make everything work properly in my home network.
And she said, don’t go to school for business administration. You should probably do IT. And with that gentle nudge, spawned my current career, went through my bachelor’s program over the course of on and off, eleven years, multiple breaks with jobs and school and things like that. And then twenty twenty three, I ended up completing my master’s program.
So I’ve been doing professionally I.T. since about two thousand and fifteen, sixteen, something like that. Mm hmm. So, yeah, it’s quite a lengthy history in terms of the ins and outs. Well, that’s an interesting – I’m sorry, you said that it was your uncle who passed away?
My stepdad. Oh, your stepdad. I’m sorry, your stepfather. That’s an interesting way, though, to go into the field.
Did you have any interest in computers before that?
I did. I did have a little bit of interest. I have always liked taking things apart to see how things work. And I figured out how to not take apart a laptop without breaking it by trying to take it apart and destroying it so that it was no longer functional.
It was a Toshiba satellite, probably one of the first or second generation Toshiba satellites. Did it have like one of those like orange LCD type screens?
No, no. I remember the early Toshibas had that. Because when I was early in my career as a network tech, we used Toshiba laptops for troubleshooting. And yeah, it was like these plasma screens that seemed to break easily.
Yeah, this was… earlier an early model but it still had the lcd screen and the slot for the air card and ethernet port and firewire I think was even one of the the connections on there there were just it had everything on it got it for next to nothing and decided to tinker and from that point on I got my own static ip started up a server created my own home domain and just kind of started tinkering a little bit here and there and now I’ve probably got way more than I’d ever care to admit invested in my own personal home lab and home environment But you bring up something interesting there too. You talk about home labs, and I know that one of the pieces of advice for folks that are wanting to start out particularly in IT and in cybersecurity is build a lab. But you said something in there which I think is an interesting nugget, and it’s because I have the same thing too, and that’s having a static IP address. for your home network one or more my my business network at home actually I I ended up getting in a business network just so that I could have a block of static ip addresses um I know this is not what we what we briefed before we started the conversation but I’m just curious in your mind what’s the benefit of actually having a static and also what are some of the detriments that people might want to think about as far as security goes if they do have a static ip address First and foremost, in my position anyway, the benefit of the static IP is that inevitably we lose power and connections break and things like that. And having that static IP, whether it’s internal in the network or through the ISP, will, at least to my understanding, will help maintain a consistent connection once power comes back.
Don’t have to worry about DNS resolution necessarily because it’s got that foundation of where to go back to. So that’s the biggest reason I did the static IP for my home domain. Of course, everything internal is as much as I can, aside from mobile devices is going to be dedicated static IPs within the domain for that reason. But with my media server and whatnot that I run throughout my house and share with some of my family members and whatnot, it kind of makes it a little bit more stable in that regards with communication, connection, things like that.
And it gives you the opportunity, if you configure it correctly, to be able to access it from the outside easier, right?
Correct. Yeah, I remember at one point in time I was doinking with having my own mail server and That’s just something that’s not even worth doing anymore. But back in the day, it was kind of cool to host your own mail server. But a lot of organizations won’t take email from a hosted mail server like that anymore, just because, again, security and spammy and all that.
But so you’re- The DMARC, the DKIM, and all of those wonderful SPF and whatnot. Yep. But you have to, particularly as being a sysadmin, you have to make sure that you need to not only keep the machines running to ensure that they’re doing whatever they’re supposed to be doing for the business, but they also need to be kept secure. And that’s sort of like a balance.
How do you balance between both the operational efficiency and the security requirements in your position?
That can be kind of a tough ask sometimes, depending on the environment. Making sure… If there are going to be any ports open, only appropriate required ports are open in terms of people being able to access from outside the network or even if they get inside the network and try and do cross network talking. That kind of a security is is a big thing.
Cross domain walking is probably one of the biggest internal weak points in most organizations, you know, being able to elevate permissions for a user, especially if it’s a fraudulent user, bad actor, however you want to call it, things like that. You got to make sure that there’s that layer of security and between the network and talking from one machine to another, specifically domain controllers and anything like that that has access to the entire domain. So your current position, let me see if I pronounce it correctly because I know it’s long. It’s Nephrology Associates Northern Illinois and Indiana and your system administrator.
I have to admit, I don’t know what nephrology means. Okay. What does the organization do and what do you do to support the organization?
So Nephrology Associates is a kidney care specialist. So there’s a lot of dealings with dialysis. There’s a lot of dealings with transplant scheduling, proper treatment, the technology improvements that have made it so that maybe dialysis isn’t the only answer, or maybe there are some other treatments that we can do to prevent the need for dialysis, things like that. And I would say that while it says Northern Illinois and Indiana, it’s almost exclusive to Illinois.
There’s probably ten or so roughly locations in Indiana. And I think there’s one in Ohio and one in New Jersey even. So they’re kind of expanding little bits by little bits. But the story of how that company got going with the current and I believe he’s chairman of the board as well.
How he got that started was pretty amazing. Started from not exactly these situations, but kind of the GarageBand life. You know, you get started in a little room, a little office in your basement and grow to be a decent size company. Well, I mean, that’s how Apple started.
That’s how Dell started. Both started from garages. Yeah. Yep.
So is this your first healthcare organization that you’re working in?
In the IT space, yes. I have worked for other healthcare organizations in different different career paths in my past. So but yeah, for the IT space, this is my first go around. You asked what I do to support them.
Right now we’re going through a massive upgrade organization wide because as you all know, Windows ten is going away. without the paid support continuing after middle of October, end of October, I think it is. Windows Eleven is kind of now the industry standard and almost requirement. So we’re working on upgrading all end users to a Windows Eleven device that need to use that. So that’s my biggest Biggest task right now, me and my partner in the system administration position.
So we have two at the company. We’ve been pounding the pavement pretty hard, getting devices set up and going to onsite. So we do a bit of travel right now. It’s pretty much local-ish to the office, you know, within a half hour’s drive from headquarters.
And next up is going to be Indiana. Well, I know a lot of organizations are going through the exact same thing. Personally, I’m working with a credit union that’s in that sort of area of the country that’s going through the same thing. And it’s a heavy lift to sometimes, and particularly when you’re forced to make the change with operating systems.
Have you encountered any serious problems or challenges thus far, whether it be technical or from a user education standpoint? um I think with any any change like this there’s going to be a required handhold depending on the user that you’re dealing with at the time but for the most part I think that a majority of the users that we’re dealing with are um educated enough to know the minimum requirements of being able to utilize their computer and switch over and know you still get the the confusion for a lot of end users of well I have a laptop but then I also have these two desktops which they’re referring to their monitors because we typically set up a laptop connected to a dock which then displays two external monitors well they get confused thinking that those two external monitors is another computer not realizing that it’s displaying so you know there’s a little bit of uh re-education or education depending on the user But for the most part, they’re pretty competent when it comes to that kind of thing. A lot of them know that I have to turn it on and I can do these things. But then there are some that are a little bit more tech savvy that kind of understand when you explain little bits here and there. It must be a little bit frustrating sometimes to deal with end users that consider like two monitors on a desktop as two desktops, really.
But yet, I mean, part of our mission of serving the customer, which our end users are our customers, is we have to find a level of patience. I know I’ve been in that position where it’s like, I kind of feel like I have to bite my tongue I’m like I’m like I mean really kid can you be this clueless but then I’m like well well they might be working on something with regards to to health care with with with dialysis or kidneys or what have you that that would totally floor me for me um you do anything special to keep yourself grounded with regards to that I I I mean you might naturally not bother you with me I tend to be a little bit more of an impulsive hothead I’ll admit it so Well, that’s actually funny you bring that up. That’s something that my wife and kids and I have recently talked about and hashed up a little bit because I used to be the hottest head in the room. It would take very little to kind of set me off a little bit, especially if there was any pushback or potential arguing with whatever the conversation might be.
I’ve been in customer service in general for almost my entire career. So, of course, there’s a learning basis there on how to control, either direct the conversation, control the conversation, de-escalate situations, things like that. I think IT has been a fantastic remedy to my hot-headedness, if you will. It’s enforced the need for patience and…
Kind of made me readjust perspective. You know, I mean, life in general is too short to get mad at everything. So that’s one step. But a lot of it, too, is I look at some of these people that are my parents age or my mother in law’s age that. might have an inkling of what technology does or can do, but typically don’t understand more than turn it on and point and click.
So that I have to be patient with my folks. I kind of relate that to some of my end users now. Of course, there’s a breaking point if they continue to want to push and push and push. Oh, okay, fine.
You do what you need to do. And I’ll be here to talk to you when you call back because there’s still issues or whatever the case may be. But yeah, it definitely has made me grow in that respect, I think. Just breeding patience.
And I get compliments from specifically people uh the older demographic of end users and most of them in this situation being female um thank you for being so patient with me thank you for being so kind not beating me up about not knowing what’s going on things like that and so yeah it’s a it’s a practiced art if you will So we often talk about on this podcast the necessity as technology practitioners that we don’t practice in a vacuum, that we need to exercise our soft skills. It sounds like you would be in agreement that soft skills are a major necessity for anybody in this field?
Anybody that is going to be… customer facing or end user facing?
Absolutely. One hundred percent. I agree that soft skills are a need. You’re always going to have the the net admins or the the engineers that are behind the curtain, behind the scenes that if ever very rarely deal with an end user, they’re just staring at screens all day and whatnot.
That I wouldn’t necessarily say would require some soft skills. I don’t know. I’ve known a few net engineers that definitely needed some soft skills. Trust me.
Well, yeah, I suppose if you’re dealing with your colleagues, it’s definitely going to be a requirement. But just for the end user facing, I definitely think soft skills is a huge benefit. It goes a long way in keeping calls from escalating out of control. So have you…
Have you seen anything specifically different to the healthcare aspect of the network that you have to consider?
Is there a special version of Windows or a different configuration that you need to load to make sure that you’re in compliance with HIPAA or HITRUST or those sorts of things?
No special windows installations specifically there are different configurations within windows specifically bit locker or other forms of encryption data security is huge, of course, because of HIPAA and any of the other. what is a GDPR and HIPAA and other compliances that we have to deal with in terms of data retention, data protection and security. So there are different configurations in place that we use within our our organization specifically, the biggest one being BitLocker encryption, something that runs through our deployment setup and whatnot and is maintained through Microsoft, the O-three-six-five or M-three-six-five, whichever you want to call it anymore. Yeah, I finally have gotten used to calling it M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M-M And yeah, and sometimes for like no particular reason whatsoever, I do a little bit of three sixty five admin myself. And just when I figure out where something is, it’s like they change it.
Is that me or do you see?
No, that is very, very common. Why do they do it?
Right. Exactly. That is the eternal question. Azure is one of the. more recent culprits, I think.
You’ve got Azure AD, which I don’t think is Azure AD anymore. I think now it’s Entra ID or vice versa. No, no, it’s Entra. It changed names with functionality.
I think it’s exactly the same. Right, and I think there was Intune changes, and the Microsoft Online Exchange admin changed, the names changed in there, Defender, and yeah. Yeah, I mean, a lot of the security stuff, like Purview, Purview wasn’t a word that, like, a few years ago, and now it’s like, you know, someone talks about Purview, it’s like, I’m thinking about something completely new, it’s like, well, they just kind of like the DLP stuff is in there, the same DLP stuff, although now they changed the menu structures a little bit. One of the more annoying things with regards to that is generative AI is great as a tool.
I love using ChatGPT and to a smaller, lesser extent, I should say, Copilot. But they are notorious in telling you bad things, wrong things. Like, I can’t tell you how many times when I’ve asked ChatGPT about a piece of advice on how to do something within Microsoft, whether it be three sixty five or even on a Windows machine. And they’ll they’ll say, OK, you have to go here and then choose this menu and this menu.
And I’m like, I don’t see that option. And they say, you’re right. It’s like they changed that recently, like recently being like in the last two years. It’s like, well, I mean, Then why didn’t you provide that?
Why don’t you lead with the most current information, Mr. Chat, and not like stuff, you know, from a couple of years ago?
So it’s not perfect, but it is. I do find that interesting in that it’s a real-time conversation that shows the amount of changes with regards to the Microsoft environment. But how do you… Just in general, what changes to not only Microsoft, but just in general changes to technology?
How do you keep up?
Do you leverage playing with your home network?
I shouldn’t say playing, but you know what I mean. I do. Investigating with your home network?
I am constantly doing… people will call it doom scrolling but I’m constantly going through articles and what’s new kind of news type things actually just before our call I was scrolling through and looking at some uh new updated technology for the uh breed of hypervisor that I use within my network so um but uh with my work account I’m doing the same thing you know what’s coming in microsoft and what’s new in microsoft what updates have brought what bugs and things like that so I’m constantly looking into that and oh there’s this new technology that is coming a new tool for this that or the other and as you know you brought it up ai is huge um everybody is developing or rebranding a specific part of technology they may have already had within their portfolio to now be an ai based or ai supported or ai aided technology and you definitely have to be careful with it for not only security purposes but like you were saying um appropriate, accurate, up-to-date information. They call that AI delusion. Yes, it is. It is actually a, I believe that’s a correct word.
It’s actually like a feature. It’s like, it becomes delusional. It’s like, I guess we, exactly. Nope.
We’re actually in the process of vetting and getting ready to implement a, an AI aided tool within the organization that will make it easier for doctors and PAs and NPs and things like that when they’re in the room with the patient for note taking. But of course, we have to worry about security. You know, how is the recording secured and where and where is it stored and things like that?
And does it meet all of the HIPAA secure requirements?
HIPAA guidelines, NIST guidelines, any of the information guidelines when it comes to protection, who has access, things like that. What kind of access does it have to the patient information while it’s getting started?
You know, when it gets that snapshot, where does it store?
Things like that. It’s very interesting and a little daunting if you’re not ready for it. So that’s a project that we’re getting ready for. Well, the whole field can be daunting.
I mean, you touched on a few things about learning soft skills and – and keeping up to date on technology and all those trends and all that. And certainly with AI and not only it can be daunting, it could be stressful and you definitely need to decompress and to get away from some of the stress and to try to do it in like a healthy, productive way. What’s one of the things you do to decompress from the stresses of everything IT related?
Uh, family time is one big thing. Um, we have a family of four plus two dogs, so we deal with that. And, um, we, each of our groups has shows that we like to watch either as a whole unit or paired off, you know, mother and son watch this show, father and daughter watch this show, et cetera. Um, so we kind of veg out in front of TV and stuff like that, but also, uh, I very much enjoy riding a motorcycle and looking to get a trike so that my wife and I can both enjoy because she’s not fond of two wheels.
She’s great with three. She doesn’t mind that at all. She just doesn’t feel quite as safe on two wheels. So we’re looking to save up to buy a trike so that we can go out and enjoy that because we’ve enjoyed that for the last couple Well, since two thousand nine off and on riding together.
So that’s awesome. And you can get like a little sidecar for the kids or maybe even smaller sidecar for the dogs. Right. Probably a sidecar for the dogs.
My, my youngest child is twenty one. So we’re. Oh, OK. No sidecars there.
No, no. They can ride. They can get their own bikes. Yeah.
Yeah. But get a little one for the dogs. You know, it’s like I was in I was in my wife and I, we were in Destin, Florida last year. And there is this one, I guess it’s a local there almost every morning riding up and down the road.
The main drag there, the dog that has, it’s like a bulldog. It has little goggles on. It’s hanging out and barking at everybody as they’re driving by on the motorcycle. So we’re going back there in just a little bit and looking forward to seeing the dog.
But that’s a little bit about my future plans. What future plans do you have?
I definitely plan on staying in the IT space throughout the rest of my career. I’m very much hands-on, very much a people person. I would like to, I guess, for career goals, get into management or even possibly director positions. level areas. But I don’t want to ever lose the hands on ability of whatever job I’m doing, if at all possible, you know, if I can be an IT manager and, and stay hands on, you know, in the weeds with the rest of my crew, I think that can only be a benefit to my team.
But yeah, I definitely plan on sticking around in IT. I’m still very much interested in cybersecurity. I don’t get to touch on it quite as often in the sysadmin space, especially with a third party SOC, but definitely want to keep up with that and keep pursuing that. Well, I completely agree with needing to keep hands in the technology.
You know, I configured my first Linux box. It’s probably been about thirty three, thirty four years now. And, you know, compiling a kernel on a laptop, it was like, oh, this is like really cool. And to my right here, I’m working on updating another linux server that I just added more memory to and added a solid state drive to and have more plans for it so it’s like you know a third of a century I’ve been geeking with linux and it’s like I still even though I do the management stuff and all that I still keep my hands in the pie so absolutely Well, Keith, it’s been absolutely wonderful having you on this morning.
Appreciate the great insightful conversation and advice for folks. And I realized that as we were talking, it’s like, wow, this has gone a lot faster than I thought it would. Usually it’s like I’m watching the clock and I’m like, oh, wait, we still have like twenty minutes to talk about. And I got to where it was like twenty five minutes in and I’m like, I’m going to wrap this thing up.
But that usually happens when it’s really a good conversation. So I really appreciate you coming and spending some time with us this morning. I appreciate the opportunity, Greg. It’s been awesome.
And everybody stay secure.