Cybersecurity + Marketing

Tom Nixon (00:01.561)
Well, it’s great to be back on Bullhorns and Bulls Eyes and Curtis, it’s great to see that you have kept the regalia consistent for the last couple of episodes. Looking good over there.

Curtis Hays (00:10.437)
Thank you, I appreciate it. Our guest today has actually seen me out and about with this hat on, so I don’t, he can attest that I don’t just wear the cowboy hat on the podcast, that I actually do wear it.

Tom Nixon (00:14.905)
Hmm

Tom Nixon (00:22.651)
Oh, okay.

Matt Loria (00:23.682)
riding on your horse.

Tom Nixon (00:26.177)
his high horse such that it is. Well, yeah, we do. Why don’t you introduce our guest? It’s somebody that you know better than I but I’ve come to know a little bit exciting topic today. We’re venturing just a little bit outside of our normal content, but why don’t you invite Matt onto the show?

Curtis Hays (00:41.997)
Yeah, so we’ve got with us today Matt Luria. Matt Luria is the CEO of Oxium. He’s been a friend of mine for almost 20 years now. And we’ve got quite a few things in common. Actually, Matt’s company is in what we would call managed services space, which is the space that I came from prior to getting into marketing. And I’ve kind of seen his journey and him growing his company over the last, gosh, it’s been close to 10 years now, I think, Matt. So.

How is everything going over there at Oxium? You’ve had some big changes lately.

Matt Loria (01:15.37)
Yeah, busy as usual. You know, the technology business is ever evolving. So we’ve grown over the years, started in 2014. So we’re about nine years into the journey and got about 50 people now that work for the organization. And yeah, keeping it real.

Tom Nixon (01:34.361)
So explain that if you don’t mind for those of us who don’t know specifically what managed services mean. What does Oxium do and who do you do it for?

Matt Loria (01:42.362)
Okay, our business is actually kind of three pillars, managed services being one of the mainstay pillars of what we do. Managed services can mean a couple of different things, but it typically means the outsourcing of some or all of elements of IT infrastructure management and security. So we have some fully managed clients where we basically come in and we act as their IT department.

That’s typically for the smaller client types for 100 or less employees. And then for those with 100 or more or 50 or more, maybe up to a thousand, we offer a lot of co-managed IT services where we’re coming alongside the existing internal IT team and we’re doing certain things and they’re doing certain things. So managing the environment together and bringing together the best of both worlds and reducing a lot of risk for the for the organization as a whole.

Tom Nixon (02:34.181)
Awesome. I work with both law firms and insurance companies and the whole notion of cyber security. It seems like it’s this huge thing that’s getting huger and quicker as with each passing day. What are you seeing and where are we headed with security? It’s got to be a booming business for you right now.

Matt Loria (02:54.858)
Yeah. So as I mentioned, we have kind of three pillars to the business. One of which is the managed services. Two is our projects and product business where we do basically projects for organizations, typically larger organizations there or clients that are part of our managed services business. And then the third one is our cybersecurity arm. So we’ve got a fully dedicated group for cybersecurity, but security is implemented into every aspect of the realm, whether it’s…

the business that we run internally here or any of those three pillars of what we do to serve clients.

Tom Nixon (03:30.757)
But real quick, then I’ll turn it over to you, Curtis. Are the risks, are the hackers becoming more sophisticated? Are the risks, I’m sorry, the hacks also becoming more common? Are there greater, more things at stake now than ever? I mean, why are we hearing so much more about this now? You would think things would be getting becoming more secure, but it seems like things are becoming more at risk.

Matt Loria (03:53.75)
depending on the study that you’re looking at right now. I mean, there’s some that say the cyber attacks are up 60 some percent and then others say they’re up 150 percent over last year, probably varying on different markets that you’re in. But yeah, the attacks are becoming more commonplace. We typically see, you know, one to two a month of companies coming to us and saying, hey, something’s happened here.

And that can be net new clients coming in off the street. So, the volume of it that we see is higher than it has been in the past. And it’s just really everywhere and coming from kind of every angle, whether it’s typically done through email, but we’ve seen plenty of things where it’s coming through from even the website. The website can be.

Tom Nixon (04:47.565)
Yeah, Curtis. Yeah, I was going to ask you because you’ve seen that there seems like there’s so many vulnerabilities. I’m surprised there’s not more hacks to be honest through websites. How are people getting in through back doors on websites?

Curtis Hays (04:47.758)
Yeah, definitely. Yeah.

Curtis Hays (05:00.037)
Yeah, so the most common way is really, they find vulnerabilities in outdated plugins, outdated themes, specifically with WordPress, which is where we do most of our management. And I’ve seen more probably in the last four to six months than I’ve seen probably in my entire career in doing website management. Yeah, they get through outdated plugins, so a vulnerability gets released.

So it becomes public knowledge that there’s a vulnerability in a piece of software that you have on your website You or your team doesn’t go and patch it Then that is exposed out there. So there’s essentially an unlocked door into your building into your website in your organization that a hacker can then get in and basically exploit

So we definitely promote for our clients, we have sort of a managed service plan similar to what Matt offers his clients from an IT perspective, from a web perspective, we can do proactive management, make sure plugins are updated, make sure websites are updated, we can monitor who’s logging into the websites from an administrative perspective, to kind of sort of harden those environments and protect them from these types of vulnerabilities.

Tom Nixon (06:15.553)
guys, what are they? These people? I mean, I know that it’s going to differ but what are you typically seeing they’re looking for? Are these phishing scams? Are they looking for usernames and passwords? Are they looking to get into your financials? Is it yes, yes? I mean, what are we guarding against if we’re doing it right?

Matt Loria (06:32.33)
Well, Curtis, I’ll let you answer from the web from the website perspective. But from the from the general infrastructure perspective, I mean, they’re typically trying to get in through email and then cause some sort of havoc. And that havoc is either they’re going to come in through the email, burrow their way into the server, lock down your data in the server environment, wherever that may be, whatever data is that you need to access. And then they’re holding that for ransom. So that’s still a very typical move that they’re making. Other times, they’re just looking to.

to just extrapolate the data and take the data and do something with it. So if you’re a healthcare organization or a doctor’s office, even as simple as a doctor’s office, and they’re trying to get in and get the patient records and then they go sell that on the dark web. But generally it’s just some sort of havoc that they’re wreaking. Curtis can talk to this though on the websites, sometimes they’re actually trying to leverage your goodwill on the web and use it for their own benefit.

Curtis Hays (07:30.285)
Yeah, we used to see these pharmaceutical scams where people would post random pharmaceutical drugs and essentially linking those out to other places. We would call these like SEO attacks. And so what we typically see is once they gain access to your website, they use your website’s domain authority to post content and they try to do that without your knowledge and then they’re trying to get that content to rank and they can leverage then that content bringing visitors back.

to their own websites or improving their own domain authority, which are typically websites that are in foreign countries. So we’ll see any number of products from outdoor supplies to flashlights to all kinds of crazy stuff that we’ve seen in some of the hacks that have been recently. But they’ve all pretty much been these SEO attacks where they just go and put up content on the website.

Tom Nixon (08:27.961)
they still a while ago, I remember there was sites that were trying to get into your hosting environment then as almost like a launching pad to then execute what Matt’s talking about, which is now we’re going to spam out our email hack to everyone, but we’re not doing it on our own server, doing it in somebody else’s environments. We will get caught. Is that still going on gentlemen?

Curtis Hays (08:48.577)
I’d say from a web perspective, I don’t see that as frequently as I used to. I mean, they still want to fish and spoof email and those types of things, but it’s more difficult to do that through a website today than it is. I mean, there’s still spam attacks and those types of things that can happen on a website. But typically, and Matt, you could probably speak to this, but they’re…

usually, I think in your case, trying to pretend there’s somebody they’re not. So they’re pretending to be your bank. They’re pretending to be a credit company or something. And then they want to get in, you know, get a password, get access in some way. Um, and then once they have the keys, once they’re inside, like Matt said, they can totally recap it.

Matt Loria (09:34.766)
Yeah, we’re still seeing a lot of it is the getting in the middle, you know, impersonating a bank. But what they’re doing, everything’s very sophisticated now. So they’re not the average lie and wait, I believe, is 49 days right now. So meaning that bad guy gets into your system and he kind of burrows and just hangs out and watches for 49 days till he pulls the trigger to actually do the bad thing.

So they get very sophisticated. So let’s pick on Curtis for a second and say, they jump in, they figure out some of Curtis’s behaviors, patterns, even nomenclature that he uses in an email, and they’ll send you an email. Hey, Tom, really busy tonight with Fido the dog, and you know that Curtis’s dog’s name is Fido. I need that. I really need the bank information for XYZ.

which is somebody that you guys do business with on a daily basis. And you go, OK. And he says, I’m really busy, so sorry for the urgency. I can’t pick up the phone right now or something. And adding all these elements to it. But it can also be that they’re seeing that Curtis is invoicing General Motors on a regular basis. And so what they do is they start to set up these very sophisticated attacks where they take the invoice that you emailed to General Motors. They get a copy of it.

They send it to, they resend it to General Motors and say, you know, we’ve updated our bank, please use the new wire instructions. They’ll even grab some other sort of identifying information that might make somebody not question that. If they get even more specific than that, they’re actually grabbing the send before it actually sends out. And GM never sees the first one, they only see the second one, they only see the fake invoice. And then, you know, then GM pays the invoice and you never got your money.

All sorts of things like that, we see it consistently. Other times, it’s these random hacks that happen and you get locked down. And even if you try to communicate with the other person, you can’t even have, nobody even communicates back with you. And it’s like, cause somebody set loose a bomb basically that, you know, that goes out in it. That didn’t really target, you know, you guys specifically or have a broad based attack, goes out, you happen to meet the person who grabs onto it, infects your computer.

Matt Loria (11:55.502)
And maybe that guy’s in jail by the time you’re trying to negotiate with him, but his program has executed. It’s locked down your computer. You’re saying, hey, I’d love to pay you to get my stuff back, but the guy’s gone. And so there’s that too, where it’s just radio silence on the other end of the attack.

Curtis Hays (12:07.495)
Yeah.

Tom Nixon (12:16.889)
does a cop this may or may not be related to the specific topic, but I see I know my mother-in-law doesn’t listen to this podcast. So let’s throw her under the bus. She’s constantly clicking on things on Facebook and willingly giving up her username and password. That’s the same for everything that she uses. Right. So as soon as they got it once they got it a billion times. So now we’re talking about then these external channels that you don’t even own websites right whether you own in your email you own to a degree social media, you know,

Curtis Hays (12:25.405)
Thank you.

Tom Nixon (12:43.937)
you get locked out of your social media account and they have that, you can’t even ever get it back in some cases. So are they are the sophisticated hackers then leveraging those external networks too, to kind of either learn more about you or to exploit some sort of vulnerability that might be deeper within the organization?

Matt Loria (12:59.05)
Yeah, sure. I mean, that same guy who’s smart enough to get into your email system, figures out who Curtis Hayes is, goes to Facebook, figures out who Curtis Hayes is, figures out more identifying information on him. That’s certainly one way. That turns into more of what we would call spearfishing, right? Where they’re actually learning and very direct with their attacks. But you mentioned some other things like leveraging the same password in multiple places.

Yeah, I mean, you can make one mistake in one area. Let’s just pretend we’ll pick on your mother-in-law. She has a Yahoo mail, right? Or AOL? Okay, Hotman. If she has password 123 for that password, she probably has it for her Facebook. She probably has it for her Shopify account. She probably has it for this, that, and the other thing. And so that’s a real easy script that somebody can run and go figure out, okay, let’s go try this against all these normal.

Tom Nixon (13:30.971)
Clough, Hotmail, yeah, that line.

Matt Loria (13:52.286)
normal accounts that everybody has, like Amazon account or whatever. And then they find out, wow, we just hacked into everything. That happens. And those again, there’s just some good hygiene things that you can be doing, which one would be using an encrypted password keeper that randomizes and makes a new password for every single account that you have. And that’s helpful, right? People can argue that the password keeper itself could get hacked. It sure can, but the alternatives are…

are weaker than that solution. But the real challenge, boy, when they get into your social media and they take it over, that’s a huge pain. It just happened to the ski area that we spend a lot of time at. And it’s just some random other Facebook account took it over, and they haven’t still yet to be able to get it back. So it’s been gone since before Thanksgiving. So.

Curtis Hays (14:23.492)
Mm-hmm.

Matt Loria (14:48.234)
That’s one where now you have to, you as the individual now have to go deal with the thousand pound gorilla called Metta or Facebook and try to explain to them, no, I’m the real person, you know? And that can be kind of just a big black hole of lay and wait sort of thing. So, you know, all of that downtime, right? Where you’re not able to address your audience becomes really impactful.

Curtis Hays (15:16.081)
So how, from the CEO of OXIEM, you’re in charge of sales and I would assume marketing as well. I would anticipate that it’s probably pretty easy to get a new client who’s already in one of these situations. They’ve been hacked, they’re likely desperate, they’re just looking for the company that can help them in the situation that they’re in. How are you being proactive and working

to try to bring in more companies to build awareness. So just from a sales and marketing perspective to sell more of the proactive pieces so that they don’t get hacked. Same scenario here with me, oftentimes companies are coming to me when they have an immediate need versus let’s invest in the proactive. It’s sort of that mindset of let’s pay for the uptime, not pay when we’re down.

Matt Loria (16:09.986)
Right, right. Yeah, I mean, I’m sure, you know, there’s a lot of doctors if there’s any doctors listening to your podcast They’re like probably thinking you’re speaking my language, right? I tell these people to be healthy But they only want to listen to me after they’ve had a problem Yeah, I mean well a couple of things I’ll answer this a couple of different ways. I mean one we’ve actually had to adjust our model We’ve always been very security focused even when we started nine years ago Because when we got into the business, we actually recognized that there was no

Tom Nixon (16:17.637)
Hehehe

Curtis Hays (16:17.725)
Thank you.

Curtis Hays (16:22.225)
Right.

Matt Loria (16:39.718)
standard security policy that was really pushed onto every company. So at the time that we had started this company, I was renovating a house. And so it’s the first time that I ever had to deal with things like building inspectors and things like that. And, you know, all of a sudden you realize, oh, OK, so there’s an electrician’s code, right, which says this is the safe way to install an outlet. This is a safe way to install a circuit breaker or, you know, here’s how you nail down the wire every X number of inches or feet or whatever. And

And that’s all based around safety, right? And so somebody comes in and looks at it before you close up your walls and says, okay, yep, that looks like it was done within the code. When we started Doxium, we realized there is no code out there that is holding anyone accountable from an infrastructure reliability standpoint or from a security standpoint. And so we set out right away and we instituted and made our own.

Curtis Hays (17:32.129)
Mm-hmm.

Matt Loria (17:36.766)
version of that and said, here’s what we’re going to hold ourselves accountable to, and then hold our clients accountable to as well. Was that, and we, we recognize that right there kind of made us not fit everybody, right? Because like the doctor, it was like saying, hey, we will, you can be our patient, if you’re willing to behave in a certain way. And that’s a, that’s a tough pill to swallow for a lot of people. But we had to look at it and say, how can we make sure that we can provide a certain outcome for you?

right, which is that your services are up, you’re less likely to be attacked without putting some parameters around it. And so, you know, that was something that we did early on. And now, fortunately, many clients, many companies are, especially in the Detroit area, right, most companies here have some affiliation to the big three, right, or at least many companies do, maybe not most.

And the good thing is that if you’re in a supply chain, the larger organizations are pushing down through their supply chain certain security protocols that they have to have in place. And so a lot of people ignore them, but fortunately a lot of people listen to them as well. And those that listen to them actually are instituting kind of what the typical new standards would be. So we have that, but there’s still just a lot of, you know, to…

with your hat theme here, you know, it’s a lot of Wild West out there still in motion.

Curtis Hays (19:08.368)
Yeah. So this sounds like ISO 9000, like back in the 80s or whenever ISO came out, that became a big standard in manufacturing and automotive and those types of things. But there is no ISO version of security, is what you’re saying.

Matt Loria (19:12.012)
A little bit.

Matt Loria (19:19.922)
Yeah, so there’s a couple of things. I mean, there’s ISO 27001. There’s the CIS 18, which is a group of kind of rules. There’s a government standard for companies that are in the defense supply chain that they have to follow and abide by. But again, the policing of that is still a little bit loose. So while there are more standards out there now,

Curtis Hays (19:45.501)
Mm-hmm.

Matt Loria (19:50.862)
It’s just not something that’s truly enforced. And so that’s the unfortunate piece is that, unless you’re willing to self-police, it’s not always there. And the challenge in the entrepreneurial world, I mean, especially, I mean, I know your podcast really caters to sales and marketing professionals and then also to entrepreneurs. Entrepreneurs is one of the last things on their mind is security. Even entrepreneurs been in business for 25 years and we hear it all the time.

I’ve been in business 25 years. I never needed this thing before. Why do I need it now? And it’s like, well, you know, the car that you bought in 1990 does not have the same secure safety features. So let’s use security and safety as parallels. It doesn’t have the same safety features, right? You’re not as safe in a 1990s car than you are in a 2024, you know, Malibu or whatever, you know, whatever this whatever the standard issue car is nowadays.

Tom Nixon (20:45.573)
Well, maybe we can mention shift gears to sales and marketing now, because I’m curious. And you mentioned entrepreneurship as well. I’m curious, a nine year old company, if you can think back to when you first got into this business, I would assume that it was very much a sales driven organization because you need to make the cash register rig and keep the lights on. Could you if this is true, tell us how maybe your sales approach has evolved and included more things that we might consider more marketing.

in general in how your mind shift staff, excuse me, how your mindset shift may have occurred as the company’s grown from sales to sales and marketing.

Matt Loria (21:23.798)
Yeah, so I mean when we started, I mean it was just the reach out to the friends and family network as quickly and strongly as you can and get a meeting with everybody you know, let them know what you’re doing and let them know what type of company that you’re building your company to serve and see who they can introduce you to or if they happen to own one of those companies, you know, see if they’re interested in your service. And that was really what we did. And so we still have a lot of those clients today, you know, that we started with.

And so that was really the approach. Exceptional grassroots, not very scalable sort of approach. We’ve definitely tried and fumbled on a lot of different ways to try to scale it over the years. And I think we’re getting closer to being better at it than we have been in the past. We’ve kind of moved on to a lot of work with Curtis’s organization doing the SEO and paid search.

type of approach. That’s definitely something that’s worked. And when we find something that works, we can scale upon that and add dollars to things that are working there. I always tease and say, hey, for anybody who’s coming in on a marketing tangent with us to Oxium, I say Curtis is our sacred cow. Because on a napkin, I can say he drives enough closed business per year that supersedes the costs that we incur with him.

Curtis Hays (22:40.221)
Thanks for watching!

Matt Loria (22:49.298)
So I don’t know exactly what the ROI is on that and I’m probably you know, anyone who’s watching this they’re probably telling thinking how poorly a poor I am with that KPI there, but You know, that’s all I need for that one So that’s been that’s been super helpful. We do a bit with Kind of an customized account based marketing outreach

Tom Nixon (23:02.021)
Get the man a napkin.

Curtis Hays (23:04.143)
Hehehe

Matt Loria (23:18.658)
Um, where we’re, there he is. It’s like Tom looked like Tom fell down.

Curtis Hays (23:26.081)
We lost Tom for a second there. We can keep the audio part of the podcast, we can keep going, but the video part, that’s going to be comical.

Matt Loria (23:27.726)
Okay. There it is.

Tom Nixon (23:34.097)
Okay. Good. All right.

Matt Loria (23:35.686)
There you go. Time to see the triple backflip. I was watching way too much of the Olympics. Yeah, you stuck it. So really focused on account-based marketing, saying, what are the industries and what are the specific named accounts, clients, companies that we really know that we could do a good job for? Now, of course, they have to need our service and want our service.

Tom Nixon (23:41.489)
All right. Nailed the landing though. Yep.

Matt Loria (24:03.882)
At least we can hone in on who they are versus just the complete broad based approach of hoping that somebody is searching for us at the right time. Now, both of them have their place. Right. I mean, much of our business has been a lot of our business comes from people who are in the middle of a problem today. We can solve it. So we’re like calling the fire department. Right. We do incident response for active cyber outages, whether that’s

an attack of sorts, or maybe it just might be some sort of outage. And we’ve got a SEAL team that basically parachutes in and comes in and rescues and helps. So we need that, you know, those people, they have to find us through the web, right? You know, I’m in a problem, I need help. How do you dial 911, essentially? But this account-based marketing, you know, to really know that, hey, we serve other people in this, in this…

personification, you know, whether it’s law firms, and we serve a lot of law firms. They have a very high need for our service. It works great with the co-managed aspect, especially in the larger firms. The people inside of the firm can stay very focused on driving business, driving revenue, driving the applications that run the business, and we can keep the lights on. We can keep the network running. We can keep the PCs running or whatever. That’s just an example of that.

But we can give that targeted message to another law firm. So if we’re serving a law firm that has 300 people, we can go out and search other 3, 5, 1,000 person law firms and say, look, this is what we’re doing for people in your space, very specific value propositions that we can put in front of them that are meaningful to them. And that is very effective as well. So I think that’s what’s changed is that it’s just a multi-pronged approach over the years.

Curtis Hays (25:52.665)
Mm-hmm.

Matt Loria (25:59.958)
I would say we’re well branded, right? And my advice would be brand enough for identity, but don’t overbrand, right? Because we just don’t have the budget to be Target, right? So I mean, we can’t just put a red bullseye on the screen and know that, oh, that’s bullseyes and, you know, you know, that’s your podcast. No, I think somebody’s gonna think that’s Target. They’re gonna think, you know, I can buy anything from…

Curtis Hays (26:26.397)
Great.

Matt Loria (26:29.062)
underwear to a toothbrush to a vacuum cleaner.

Curtis Hays (26:33.625)
Yeah, so there’s a couple of really good points in there, Matt. I think the first is any entrepreneur who’s out going to start their own business, get out in front of that and talk to your network, because referrals become hugely important. I know when I was going to go out on my own, about six months before, I knew I was going to go out on my own. There were a couple people I trust who I talked to. So when I did and I was ready to take business, they were actually already ready, and they were already introducing me to people and those types of things.

And so be active in your networking, which I know you are really active in. You’re in Vistage, which is the leadership organization, which probably gets you referrals from the different members of that organization. You’re heavily involved in Chambers as well. So kind of taking that core network that you have of friends and families, but then how do you sort of branch that out in with other organizations to continue that.

that referral sort of engine to keep coming in. And then you’re likely more likely to close those referral deals than you are something cold that comes through, right?

Matt Loria (27:37.354)
Sure, yeah, yeah. Statistically, we’re much better at closing a referred client. And I mean, it all starts out. Why do you start with the friends and family network? Because they trust you on a different level, right? So they know this is a good person. This is somebody who’s going to do what they say they’re going to do. And not everyone else knows that. And so that’s why you start with that. And then once you’ve done it for a few people, then they can tell the next batch of people, hey, these guys, you know, they might have been a small company when we first started with them. But this is what they said they were going to do. They did it.

Or here’s where they made a mistake and here’s where they made good on their mistake. You know, so, you know, then they just start to start to build trust. So, I mean, it’s really a I mean, I always tell people it’s about good clean living. I mean, you cannot go scorching the earth behind you. That doesn’t that doesn’t do any good for really anyone, especially yourself. So.

Curtis Hays (28:28.773)
Yeah, so people buy from people whom they trust. So I think then when you were talking about account-based marketing, Tom, maybe you could add a little bit from a content marketing perspective of organizations who need to do that account-based marketing of, in order to build that trust, they have to put out a lot of free stuff, a lot of education, they need to get out in front of those audiences, either through some email marketing or other means of educating so that

those organizations become aware and then start to learn and trust that their organization. So when they do have a need, then you’re who they think of.

Tom Nixon (29:09.449)
Yep. And I think that’s as the any entrepreneurship matures from stage one to stage two, as they say stage two, you the you’re at a scale now where Rolodex marketing no longer is effective. Because, for one, maybe you’ve already exhausted most of the Rolodex. But two is the needs of the organization growth. So you have to do what worked well from in belly to belly sales, and you have to do that at scale.

And I’m a firm believer that the best way to earn trust for people who don’t know you already is to get them to know you. And there’s all sorts of ways to do that. And you can share my favorite way is sharing ideas freely, sharing your best ideas, things like this, like stuff that Matt has said today in imparted advice in really thought leadership and just guidance to the entrepreneurs that are coming up after him. That’s a good way to get to know what makes Matt tick, what he’s good at, what he’s smart about, why I should trust him.

And if I’ve never met many of the listeners on this podcast, I’ve never met Matt before, but they’ve taken the first step to trust him a little bit more than when they turned on the podcast. And marketing is all about doing that with rigor and doing it with consistency and persistence. And it’s not something that you can just buy. I don’t think on the cheap often. I think it is something that you have to earn over time. And when Matt mentioned something about the value of a brand, I’m not going to ask him to get his napkin out again, but there is some calculation in his mind that says, if people know me.

people know the Oxium brand, I started to chip away at whatever exterior that exists between the prospect someday in the trust that I need to earn to get them to be a client. So that’s when you know, courtesy, you and I have collaborated on things like that where it’s just, it’s content that doesn’t sell. And this is kind of what I asked you the question, man, I’ll go back to you. So the mindset shift, it’s difficult sometimes for people who are in sales, to say I’m going to do something that does not have immediate gratification.

Has that, was that ever the case with you and how did you overcome that? Because marketing can be an investment in delayed gratification.

Matt Loria (31:12.33)
Yeah, I mean, I think that when you’re building something, I mean, one of the most important things for us, I mean, we don’t have any commissioned salespeople here. And so I was never commissioned. Obviously, I sink or swim by the success of the organization. But never has anyone here thought about commission in their.

you know, in their in their living. Now, now, can I guarantee that we won’t have commissioned people as we continue into, you know, further into stage two here? You know, I can’t guarantee that. But I know that my mindset was never based on, you know, how much money am I going to get this month? It had to be based on all I’m trying to do is deliver on my promise. It’s all I’m trying to do consistently. And if I keep doing that, it the long game is, you know, is become successful. And so.

That’s my focus all the time. That’s my focus when we started the company. When we started the company, we had a little bit of funding which helped us to not be living hand to mouth. Maybe that was part of our sauce that was helpful. But that attitude has to be there. People can see instantly through somebody who’s transactional. There’s no question. We have all the quintessential,

Matt Loria (32:35.802)
What’s the word I’m looking for here? You know, explanations of what a sales guy looks like, right? And it’s like, you know, you can see that coming from a mile away. Nobody buys from that person anymore. I mean, if you do, I mean, I think you’re crazy. But, you know, I know I don’t. You know, I’m not buying from somebody where I feel there’s a self-centeredness to it. You know, because again, it’s all about the long game. I don’t want to change.

any of my professional relationships if I don’t have to. I don’t wanna change my lawyer, my real estate guys, my accountants, I don’t wanna change any of that if I don’t have to. And so people want, I think most people want the long-term relationship. And maybe there’s certain generations that certain things feel transactional to them. There’s not very much in my life that I want transactional. I want everything to have some sort of relationship, have somebody vested into it.

um you know and make sure that I feel like they’re with me.

Tom Nixon (33:40.505)
Yep, absolutely. Curtis, it takes a long time to build a long term relationship. But what are some of the metrics that you look at early on to see if I don’t you can’t you don’t have a trusted meter, I’m assuming at your office, we’re like, oh, the trusted meter is going up. So how what are some of the metrics you can look at early on to give you the confidence that you’re having an effect even if it’s not directly resulting into a sale or conversion of some time of some kind? Yes.

Curtis Hays (33:56.723)
No.

Curtis Hays (34:08.633)
with a brand or like with your branding or

Tom Nixon (34:11.313)
Yeah, what that your marketing that you’re doing that isn’t really resulting in instant gratification. Are there other metrics besides sales or signups that you can look at? So, okay, we’re having an impact and we’ve traditionally had it one year buying cycle for this type of service that we’re in. We’re having an impact and it’s going to show and we need to be patient.

Curtis Hays (34:30.617)
Right, right, yeah, I mean if you’re putting out content, looking at those engagement metrics would be helpful. So as you’re creating that content, are you getting users to stay in view with that content, or people, when you share it, what are your impressions and views on the content that’s shared? So typically you’re looking at, you know, a lot of times I’m thinking of more of the vanity type marketing metrics. Use additional tools like maybe Hotjar or Clarity, which might give you.

a little bit more insight into how people are actually interacting with that content, how far they’re scrolling down, what content is resonating with them. And then, from there, then it’s looking at, okay, how do we get people to sign up? How do we get people to join the newsletter? How do we get people to subscribe in some way so that we can continue to send them additional content?

Tom Nixon (35:22.773)
Yeah. All right. Well, we should probably wrap there. But before we go, maybe you guys could each give one. If you had to do one thing now, next, as soon as we wrap this podcast and not a moment before, what would you tell people to go to take the first step to making sure that they are securing their hardware, their software, their business? What we will start with you, Matt, what would be the most? The first thing you would tell someone, go do this now.

Matt Loria (35:49.922)
Hmm. I mean, if I was only given the choice of one thing, I would have to say you need multifactor authentication. So something you know, versus something you have so that we standardize on a product called duo security. And, you know, I would I would highly recommend that people Institute multifactor. I mean, it’s one of the things that people push back on the most and they say, I don’t like having to go look for my phone when I’m logging into something and

You know, it’s that’s one of the safest the biggest impact smallest dollar amount items that you can do I mean, there’s ten things you really need to be doing but I guess if you’re only gonna do one do that

Curtis Hays (36:32.206)
Yeah.

Tom Nixon (36:32.781)
I will say I used to hate that and now every time I do it, it gives me such calm and confidence that I’m like, nobody else can log in right now. This is so beautiful. Curtis, what would you recommend? First thing.

Matt Loria (36:39.85)
Right.

Curtis Hays (36:43.897)
Well, an easy one, which I mentioned earlier, is go and patch everything. Matt’s exactly right. There’s a bunch and two factor authentication is in my list. But in the WordPress world, change your default login URL. So every WordPress site has a default login that’s slash WP hyphen admin. So we can go there, a hacker can go there and then brute force or social engineer, a username and password and get in.

If you change that and they don’t know what the login URL is, it obviously makes it a lot more difficult for them. So, and that’s something that can easily be done by developers to change that login URL amongst a bunch of other things.

Tom Nixon (37:27.317)
Alright, well if you want to know, go ahead.

Matt Loria (37:27.554)
I mean, Curtis does it better than anybody else, though.

Tom Nixon (37:31.602)
Alright, I’ll just…

Curtis Hays (37:32.166)
How so?

Matt Loria (37:33.522)
I just think you’re the best at changing that administrator login.

Curtis Hays (37:35.289)
Oh. We do have a standard process like you do as well, Matt, from a security perspective, and we’re working to continue to evolve that. So yeah, we do have a pretty easy process to get that done.

Tom Nixon (37:38.357)
Just like wearing cowboy hats.

Matt Loria (37:47.614)
I know you do. Yeah, that was only half and just, I just know that you don’t like to sell yourself, so I wanted to do it.

Curtis Hays (37:54.169)
I appreciate that. Well, before I let you go, I mean, for those who are listening, behind you is an AU in gold, and AU, which is part of your name and logo, is the elemental symbol or name for gold. So tell us a little bit about the Auxium name, if you could tell us a little bit about the brand itself. You told us what you guys do, but tell us about the brand and where that AU comes from.

Tom Nixon (37:54.181)
Ha ha!

Matt Loria (38:23.278)
So AU is gold and axiom is a rule or something known to be true. So we smush those together and make the word oxiom. And it’s our way of saying, you know, we follow the golden rule of treating other people how they’d want to be treated. Actually, the golden rule is treat other people how you would want to be treated. The platinum rule is treat other people how they want to be treated. And the oxiom rule is treat other people in a way better than they ever expected to be treated. So that’s part of that’s our one core value that we say.

that we have is that you have to follow that oxymoron.

Curtis Hays (38:56.165)
We could probably do a whole podcast on culture and talking about how, you know, brand and creating mission and values can help, you know, develop a culture. And you’re now at what? 50 employees, right? So that helps create a standard now inside of your organization for how you hire, how you fire, how you do reviews and manage and train all of your people.

Tom Nixon (38:56.195)
Love it.

Matt Loria (39:02.475)
We could.

Tom Nixon (39:17.337)
Good.

Matt Loria (39:17.722)
I’m typically involved in every one of our hires, but only from a cultural perspective. I always tell people, I’m going to sit with you for about 30 minutes here, and by the end of that 30 minutes, I’m going to pretend I have two gunmen that have a gun to my head. One is saying, hey, with what you just learned in the last 30 minutes about this person, would you put them in front of your best customer to have a conversation with them? And then the other gunman has got the other gunman saying, OK, in these same 30 minutes,

You know, you’ve got to make a decision just based on what you’ve learned in these 30 minutes. Do you believe this person is going to be a cancer to your organization or a net benefit to your organization and to your best employees? And how are they going to, you know, are they going to pollute the culture of the people that you’ve that you’ve already brought together that are doing a great job? And so that’s the only thing I’m looking for, right, is how does that person show up and could I put them in front of those two exceptionally important groups of people, my clients and my employees?

Tom Nixon (40:12.269)
love it. And that standard that you’re referring to, Curtis, is often referred to as the gold standard, I believe, at Oxium, which is another fun play on words that a wordsmith such as myself can really appreciate. All right, Matt. So where do we go to learn more? Oxium.com is the website. Great. All right.

Curtis Hays (40:23.933)
Thank you.

Matt Loria (40:28.006)
Auxim.com, A-U-X-M-I-O-M.com.

Curtis Hays (40:31.789)
And you’ve got, for those of us who are local to Michigan, you have any events or anything coming up soon?

Matt Loria (40:39.274)
Yeah, we have an invite only event coming up in January. It’s a cybersecurity panel with our own Chief Information Security Officer from a cybersecurity perspective, a cyber legal expert, a cyber law expert, and then a CEO of a mid-sized law firm who has instituted security into his organization. And he’s going to be talking about what it’s like to.

shift some of the culture there to be more security conscious. So it’s got every kind of aspect that you can imagine from a security perspective. Those experts will be on our panel to talk to the group. So people can reach out to me and see if we can get them an invite. I’d be happy to entertain that.

Curtis Hays (41:25.201)
We’ll get your contact info in the show notes.

Matt Loria (41:28.75)
Sounds great.

Curtis Hays (41:29.829)
Close this out, Tom.

Tom Nixon (41:31.201)
All right. Well, thanks again, Matt. We’ll invite you back for a whole episode on culture coming up after the first of the year in Curtis, I guess, until the first of the year. Say root and toot and yeehaw. And thank you for coming back to Bullhorns and Bullseyes.

Matt Loria (41:45.942)
Thanks, guys.