VERN: Hello and welcome to the sixth in a series of podcasts that we're doing to help our employees understand the impact of what we're referring to as the acceleration strategy. And with me today I have Jeff Nelson. Jeff has kind of a wide variety of responsibilities as a Vice President within NISC. First and foremost it's legal and risk mitigation for our organization, but it's also the internal infrastructure that we have and cybersecurity. So, Jeff, you've been involved in all of these planning sessions as we talk about acceleration, and that's stepping up how we take care of our existing employees, the tools that we provide the existing employees. It's also preparing your division for kind of an influx of new employees also so let's talk about that. I know there's a number of things that you have underway - you're going through a normal rotation of desktops, you're launching a new ACD for our phone system, you've expanded the capacity of lines that we have, an inner connection between our facilities. Can you talk about some of the discussions with your people and some of your plans in terms of accelerating the service that you provide to our existing employees in terms of infrastructure? JEFF: Sure. I think the big thing here is we're going to talk about a lot of new employees that need to be supported from the Helpdesk on the infrastructure side and to support those people we want to make sure that the service that we're providing to all of our employees doesn't go down. So we have to be able to make sure for 50 or 100 new people that we can provide the same level of service. We're going to have to look for efficiencies in ways we can serve our employees as well or better with sort of the same staffing we have right now with some growth that we have planned in there. And on top of that, in addition to providing the support, there's going to be 50-100 new machines that we rolled out and there's actually a lot of time involved with rolling out these new desktops or laptops. We also have to make sure that we're providing the tools that all of our employees, new employees and existing employees, need to actually do their job. And part of this is as we look to recruit a lot of new employees, many of which are you know younger millennial types, and we wish to retain employees, some of it is we have to make sure we're giving them the "cool technology." VERN: So wait a second. Are you saying the old guys like me don't like cool stuff? JEFF: You may be an exception to the rule, Vern. You definitely like the stuff. But you know part of that is and sometimes it seems like maybe that's trivial, but I don't think it is to people to make sure that we are providing them those things that they're used to using or that they know their classmates are using at their job - things like that. I have to make sure we're staying up with the technology. VERN: And so cool and efficient right? And more and more, you know, our employees are traveling; they are working from the road. We've got 120-some employees that are virtual. And that kind of falls on the shoulders of you and your staff to make sure we keep all those humming along, right? JEFF: Yeah and a lot of this, the move to Office 365 and some other cloud things, are also helping people work more efficiently and easily remotely from the places that they need to work from or want to work from. VERN: By the way I love that. I'm so glad that we bit the bullet and made that migration. That has made a huge difference so thanks because I know that was a huge effort. Well, Jeff, let's shift gears here a little bit and talk about the legal side of your responsibilities. You've got a great amazing legal team - Amanda, Rachel, and yourself. We have centralized all contracts at NISC. I mean everything from who's going to put the coffee out at the member conference to some of the most sophisticated contracts that we may have with large vendors like Oracle or some of our Capturis customers like the Walmarts of the world. I know that we've come from a place where literally we had a unique contract with every single Member. So we had 800 and some contracts out there, almost impossible to manage, almost impossible to keep updated. You've gone through a major initiative here to make those contracts more contemporary like other software companies. Right? Can you talk about that and what that efficiency has done to your area and how it's accelerated, right, our ability to take care of new Members as they come onboard and the vast array of vendors that we deal with? JEFF: So unfortunately in many times the legal department is like the Department of No or The Roadblock to Getting Things Done. And that's certainly not what we want to be here. So really over a year ago I think it was, we started looking at the contract process and how could we be more efficient and really went from a one-off contract that you negotiate with all of our Members. We did this in the context of we're a cooperative, and we're different from some of these other companies. So we treat our Members the same. We can have a contract that's fair to all of them. They have representation on our Board; we're not going to put anything in our contract that's trying to get one over on our Members because our Board are our Members you know that do it. So we've moved to this idea of not quite a click-through license that you would see in some software, but getting to that point where we have standard terms that are posted on the website. Then when we go and we get a new prospective member in, we don't have a long negotiating process or drafting a new contract for all of that. It's really here are the terms, and we go through the explanation of where it is. I think that's, you know, if we have a 800 Members now, we want to get another 800 Members. That's difficult to do when you have a lengthy one-off contract and then tracking those where you've granted this exception to that Member but not to this Member. You have to have a mechanism to track all that. In the end of the day get to a place where is that the right thing or the fair thing to do in the co-op model, and I think we're on the right track there for our contracts with our Members. But like you mentioned, we do other contracts just besides our Members. We have contracts with vendors. We have partnerships. We have OEM agreements, potentially MNA-type agreements so we have to make sure that we're continuing to look at those processes and make sure that we're efficient so we're not the reason why those aren't getting done when we need them to be done. Because under this new plan we have to do things quickly so we're going to have to be efficient in reviewing those. VERN: Okay. Very good. Let's talk about the final item and everybody's favorite topic. Right? Cybersecurity. And we've gone from a place where cybersecurity used to just mean making sure we had the office to the mainframe or where the mainframe was located that we had that door lock. We did that man. We were secure because we weren't connected to anything. Today we've got more computers and servers than we have employees. Every single one of those is some way or form connected to the internet. Everyone is a vulnerability. Every time we add employees we have more mobile devices, we have more vulnerabilities. And so you've taken us through this time and you know we just finished a survey one year into our push to step up our cyber initiative. But we wouldn't have been able to do that without the cooperation of every single employee and that gets frustrating. Right Jeff? I know you're on the receiving end of that. We have complex passwords. We have, you know, all kinds of things that in some ways have made it more difficult to connect; for example, to our Members and to be able to take care of our Members. Now we jump through a couple of hoops, but I think everyone understands the importance of that. Everyone understands the risk of a breach. If there's one thing that you know could jump up and bite us and really jeopardize this organization, it would be a massive breach. And so I know you go home at night worrying about this stuff and hoping upon hope that we get the cooperation of every single NISC employee to help us make sure we're as secure as we can be because we know it's a moving target. Right? So, Jeff, I know it's been a tough part of your job. I know you've kind of been baptized by fire there in this area, but we're making progress and that is because of the help and the participation in the engagement of our employees. But what does this mean when we talk about growing our employee base, growing the number of Members, growing our connectivity points across NISC? What does that do to our cyber concerns? JEFF: I think we're going to go back to the mainframe days, Vern. We're going to lock it, and you're going to have to bring a disk in to do it manually. VERN: Good luck with that. JEFF: Actually that just reminded me just this morning or yesterday I saw another article talking about our missile command system that runs the nuclear missile arsenals run off floppy disk drives and how they're afraid to upgrade it because it's almost hacker proof because the technology is so analog and not connected. I think it said the machines have like maybe eight megabytes of storage and it's like kilobits of ram that they have. VERN: So, Jeff, if they need any more disks, I mean if they can't get them, I have a couple in my bottom drawer of my desk. JEFF: So given that we're probably not going be able to go back to that disconnected mainframe-type world, there are a number of things we have to do. One of the big strategic initiatives we've had, along with all the technical things that we're doing, has really been this idea of creating and enhancing a culture of cybersecurity. So when we bring 50-100 new people on we have to make sure that those people see that security is an important part of their job a
