The Seattle Kraken Edition

Marc Laliberte  0:12  
Hi everyone, welcome back to the 443 security simplified. I'm your host, Marc Laliberte. And joining me today is not our normal participant Corey Nachreiner. Actually, we've got Ryan Willgues from the Seattle Kraken IT and security organization here joining us, Ryan, thanks for hopping on. Thank you. Yeah. Awesome to be here. Cool. So today, we're gonna have a fun little chat, going through some of Ryan's background, what it's like working for a professional sports organization doing IT and security. And really just learn about what's interesting about your role. I guess to start, though, you want to give us a quick introduction about yourself?

Ryan Willgues  0:50  
Sure. So my name is Ryan Willgues. I've been working with the Seattle Kraken here as their cybersecurity engineer for the past two years. Prior to this worked in the financial services industry back in Michigan, and I moved out here for the job.I went to Oakland University, got a degree in criminal justice with a specialization in information security assurance

was a little bit on undecided. When I first started college, I knew I wanted to be in the technology field, I started off looking for mis degree, which is management information systems. Then my second year in college, they offered a new degree as InfoSec. So I thought, you know, it's cool, be cool to be one of the first people to kind of go in and kind of take some classes and figure it out. In in college, I was, you know, trying to learn as much as I can, and kind of got a more of like a law and criminal justice, background. And then they kind of added some cybersecurity courses in there. Interesting. And then I think I got a lot of my, my real kind of meat potatoes working for the financial services in Michigan.

Marc Laliberte  2:11  
Awesome. Yeah. So we typically start the show by asking about called the hacker origin story. And recognizing not everyone working in security would maybe label themselves as a hacker, but we'd like to learn like, background where you came from. And so it sounds like, like through college, you really jumped on a an opportunity to go into this relatively new at least from an educational perspective field with cybersecurity, criminal justice for you. Were your original sites like outside of the the IT space, or? Yeah,

Ryan Willgues  2:41  
we actually had a, we had a former retired police chief, who was one of our instructors. We had a mix in with some other business professionals. It was kind of like the best of like three worlds, you know, you had criminal justice, you had business and then you had kind of like your your computer sciences.

Marc Laliberte  3:01  
That's awesome, man. That sounds like a really cool program. Yeah. Oh, yeah. Um, so transitioning to like your role right now, though. So you are responsible for it and security at the Seattle cracking organization. And I guess to start with, like, Tell me about a typical day here, because from my perspective, like this seems like the coolest job in the whole dang world, like working for a professional sports team that at least like I personally love. I'm curious like, what it's like from the inside like, is it any different or just like a normal day job or walk us through it? Yeah,

Ryan Willgues  3:31  
so I was I was a hockey fan growing up. So I love hockey, I love sports. So kind of getting here in the morning. If you get here early enough you get to see the players rolling see the you hear them kind of downstairs working out you know we have we have actually have the the gym and the workout area right below our office in the IT room so we can hear him but kind of bumping the music kind of getting their sets in and then gets a little quiet and you know, they go out on the onto the ice. So from there, you can kind of watch them on the ice. We have kind of like a fishbowl here that where you can kind of look in and see him from from the benches. And then as far as you know, my daily routine is getting in the office, get some coffee going get get some doughnuts go and maybe get some of some other like sweet goods going and fire up the email, fire up slack. Kind of just, you know, do a little bit of reading we I subscribed a couple of Intel feeds from around the area.

Marc Laliberte  4:39  
What are what are your favorites for that one?

Ryan Willgues  4:40  
So I like I do DNS shield and I got atomic red team on on Slack nice, you know just kind of seeing their their discourse and see what's going on. They always have a good kind of up to date feed and you know sometimes I like reading Like InfoSec daily?

Marc Laliberte  5:02  
Yeah, that's good. So I imagine like, you mentioned your history, or at least your last role was in the financial sector. And moving from that, to professional sports is, like, from my perspective, it looks like a pretty big change, like, is there anything unique or different from what you used to deal with on like, a daily basis or so to what you have to work with right now?

Ryan Willgues  5:24  
Yeah, I would say, going from a company's probably with 20,000 employees to one but 300, you know, you, your resources, kind of, you know, kind of, kind of almost kind of whittle a little more and more, a little bit more important in maintaining them. Yeah. And, you know, the, the, just the manpower, and I was part of a sock, like, just like an actual sock a 20 person in person socket we had at the Financial Services. And here, it's kind of like a sock of two or three. And, you know, we have a department about eight people. But it's, you know, a little bit more of a fun challenge, you know, you don't get as many fires to kind of deal with as you would have, like, Barrett bigger organization, but you really feel that you're part of, like, everything that happens here, you know, it's a smaller organization. You know, we keep our keep eyes and tabs on everything that kind of goes on. And, you know, it's a, it's a very social environment around here, you know, people come into the office, we're here every day, pretty much even on game days, we have people come in here. So our office kind of lives seven days a week, for the most part, you know, nine to five, sometimes more. Yeah. Okay.

Marc Laliberte  6:43  
So I imagine like every organization has their own kind of threat profile of what they're concerned about, like a Watch Guard, like my biggest fear is the nation state, threat actor trying to like execute a supply chain attack. Like that is what we try and make sure we set ourselves up for to protect against, imagine a professional sports team. Like it's got to be a unique beast, where you mentioned like, it's a much smaller than your last role in terms of like headcount here, resource uses, but at the same time, like the Seattle crackin, are a global brand, like people in Europe and in Russia, and everyone, they know, the Seattle Kraken, because we're a major league sports team. So when it comes to like, the threats that you're that are on your radar, like, what are the things that you tend to focus on,

Ryan Willgues  7:27  
we see a lot of phishing emails, we see a lot of smishing alerts, like we get employees who gets phishing alerts on your phone. We see, you know, on day games, sometimes, you know, fans or, you know, even people outside the work the realm kind of email and little bit more than usual. It's a very, you know, kind of Intel and kind of sales oriented profile here, I would say, even to to the extent of, you know, other teams, you know, there's been not just outside of hockey, but other organizations like MLB, NBA NFL, there's been kind of like a rotating attack of, you know, three or four where it's ransomware, phishing, just trying to, you know, intercept any type of

Marc Laliberte  8:20  
electronic funds and espionage within those. Yeah,

Ryan Willgues  8:24  
MLB had a couple of cases, you know, back in the day. I mean, I think we're lucky, we, you know, we're three years old. And, you know, there's not a lot of people leaving here, this is one of the best places to be right now. It's kind of known that, you know, no one's really left too much, you know, we're just growing more and more. So.

Marc Laliberte  8:42  
Let's actually, let's jump into that, like, so only two, three years old now or so. So what's it like coming into that? Like you You joined two years ago, you said, yeah, so still really early to the start? It sounds like you basically have the ability to control your own destiny with a lot of IT and security work. Tell me about that. Like, how is that different than where you were last time where you maybe came in, into an established organization.

Ryan Willgues  9:05  
So I came in, in in October of 21, which is right when the season started. And at the time, we're just happy to get everything up and running and get the arena going and have, you know, have games happening and figuring out as we go, and through that, you know, we've we we got to kind of pick and choose to add certain tools and to add certain kind of features that we thought were needed in the first part and the first part and just going through it the whole time was you know, learn by trial and error for a little bit. But then, towards the end of the season, we kind of figured out that some needs we needed a set some in the offseason and kind of you know, put it towards our goals to add new new features. And, you know, everybody was everybody here kind of just was listening In to Me and to our IT staff and there wasn't really a lot of pushback, we kind of knew what we were asking for. And it kind of came, you know, you got to be patient sometimes to you know, in the middle of season could be a little bit different than in the offseason where you can get a lot more done. So we kind of tailor our kind of like our team, in a sense to do a lot in the offseason. Meanwhile, it makes sense as we, as the team plays, and as everything else around the team goes, we kind of do a hands off.

Marc Laliberte  10:29  
How was it from, like a governance perspective, where you're literally a three probably a little bit technically older company that effectively started from scratch, I'm assuming, does the league give any guidance on like, how to set up risk management or security policies? Or is it all on you and your team to come up with that? So

Ryan Willgues  10:49  
it's funny to say that we are we felt we were a startup at first. I mean, we were right, we're a startup that happened to be a hockey team. So you know, being here in Seattle, everybody can attest to how it startup is kind of run from the first couple of stages. And then, you know, you slowly build that steam, get the get the ball rolling. And you kind of get to make your own kind of guidelines and rules. The NHL does have some, like kind of set guidelines and rules that we have to follow. It's more so for the hockey team. The players kind of like the hockey ops organization side, our business side kind of has some, some continuity with the NHL as well. But as for it, and what we kind of control here at the Iceplex it's all on us. With a lot of people here come to us for guidance, which is good. It's where the quickest they can ask, you know, we're, we're always here. Sometimes if you had to maybe contact someone back in New York, like what the league office might take a while, because they're busy dealing with their own stuff and 31 other teams?

Marc Laliberte  11:55  
So are you saying you do like tech support for like Matty Beniers?

Ryan Willgues  11:59  
Maybe? Yeah, we, you know, occasionally on game days, we have a team that kind of rotates down in the locker room. And players need something, we're there to help them, you know, we try to stay out of their way as much as possible on game days. But yeah, in the offseason, you know, if they have questions, or maybe, you know, their, their TV shop in their computer shop, and you know, they might come up to us and just kind of ask, what are we looking? What should we be looking for, you know, you know, what, if they go to like, you know, electronics store across the street, and they don't want to be taken to the cleaners by, you know, some salesman there they come and ask us kind of, what should I look for in a computer? And then we asked him like, well, you gaming? He's like, Yeah, like, all right, well, here's some things to look for. So it's kind of fun, you know, in a sense, you know, sometimes it comes with an unlimited budget to for them. So we kind of, you know, can play by that rules. But yeah, it's nice

Marc Laliberte  12:46  
to know, other than the unlimited budget, professional hockey players are no different than my parents and grandparents. Oh, yeah. Oh, you're the tech guy. You must know which TV should I get?

Ryan Willgues  12:55  
Yeah, and a lot of them too, are big gamers, too. So some are like, the younger younger players are big into, you know, eSports and gaming too. So, interesting.

Marc Laliberte  13:05  
So back on, you mentioned treating it like a startup as an organization like what are what is the organization kind of like in terms of what you have to protect? Like we talked earlier before this about, you know, how it's not just a marketing wing of hockey, like you actually have a lot of basically software development in here too, as well. Right. You're right. Tell me about a bit bit about that. Yeah.

Ryan Willgues  13:27  
So we have our own app in house that everybody uses to go to the hot to hockey games into concerts. We have the the Kraken app and yeah, we have like a mobile app development team. They started the app from scratch and yeah, they they continuously develop it they add updates. You can track players you can track stats, it's you know kind of like your one stop shop for finding out all like the quick stats about hockey and you know in there it's it's tied in with Ticketmaster. So when fans are kind of going in the game they can log in Ticketmaster download the tickets to your wallet you know everything's digital, you just scan your your phone at the entry and you go in

Marc Laliberte  14:10  
man so it's not just you know, trying to sell tickets but you are a software company Yes. Go Yeah, it's crazy like to think about all the things that go on behind the scenes that like I never would have thought of beforehand when it comes to like trying to secure an organization like this that's super interesting. So back to like I guess the league as a whole it feels like you know, yes, on the ice you're all competitive with each other and you know the crack and want to win every single game but behind the scenes, like from a business perspective, the cracking are similar to every other organization. Do you guys like do any information sharing like help each other up or is it also competitive from the it seen as well?

Ryan Willgues  14:54  
No, I would say it's very sharing. We share we you know, we talked with you UW athletics here in Seattle, we talk with the Seahawks, we talk with the Mariners, we try to keep it as local as possible to like even with the Sounders, you know, some people there. And even from going on that aspect of we we have no qualms about even reaching out to other local businesses, local companies. But yeah, like, that's the thing about sports. Entertainment, is you tend to allow people on people kind of shift around to, you know, locate like teams, different teams and locations. So we always keep that line of communication open, whether it's, you know, people down in Arizona, or people up in Michigan, people aren't Florida, people in Texas. So we go, we're always kind of talking to other teams, seeing what they're seeing something that happens, you know, we're all all on it together. Yeah, it's like a big information sharing.

Marc Laliberte  15:56  
That's good. And when it comes to the organization itself, so the Kraken Blackbird, you're headquartered here in Seattle. But you've got a global workforce, you got to protect America, you've got scouting networks, and like Europe, and even Russia, which historically in terms of cyber isn't on the best of terms with the United States. It's true in a security perspective, like, how is that for you? Like, how do you manage or deal with securing remote employees all around the world?

Ryan Willgues  16:22  
Yeah, so we have, you know, we have scouts in, in Europe and in Russia, and you know, these scouts are pretty much on the move, you know, six days a week, you know, they're they're scouting games always on the move. So from a, from a, from an endpoint perspective, you can always see them logging in from new locations, and you kind of build a profile on Okay, well, we have the scout who's always been in, you know, Moscow, and then we'll move sometimes down. And, you know, it can be a little tricky at times, to what the timezone difference and just kind of chasing where the where the games are. But, you know, with the help of, you know, a lot of these like SAS modules where you can kind of see where people are logging in from making sure you know, no one's changing passwords, making sure nothing's changing from a user account perspective. You know, it kind of stays status quo, for the most part. Occasionally, you might have someone who vacations over to Europe in the summer, it's odd, it's out of character, and then they forget their password. So they gotta change it. And then that's when, you know, we see an alert, saying, Oh, well, this person lives in Seattle. We see him signing in from Italy, but he's there on his, you know, his summer vacation, and he forgot his password. So that may be a instance where really, you know, we may reach out to them, lock the account, and they reach back out to us to help them reset their password and kind of go from there. I

Marc Laliberte  17:45  
guess I'm a little gullible. I'm not glad that I'm not the only one that works on vacations. Yeah, does tend to happen, especially at high powered organization like this.

Ryan Willgues  17:54  
Yeah, you can never get away from the email.

Marc Laliberte  17:58  
Um, so when it comes to, I guess, pivoting away from the Kraken specifically, and just talking about technology, because, like, you seem like a tech nerd like I like I am as well. When it comes to cybersecurity, what are the some of the things you're keeping an eye on? Like, from my perspective, if you'd asked me like, three years ago, when I thought about AI and machine learning, I'd be like, Oh, it's a stupid buzzword that you just hear at tradeshow booths. But it really feels like we're starting to see some evolutions in IT and security that can leverage some of these tools. Yeah, I'm curious about your perspective, like, what are you nerding out on right now? Like, what's really interesting and on the radar for you?

Ryan Willgues  18:34  
I think AI is great, I think, you know, it takes a lot of that like, kind of, like low level kind of just like, kind of meteoric rise of just kind of your, your low level alerts, like takes it away, for the most part. I think, you know, just seeing, you know, even old texts kind of resurface, just, you know, we have, you know, something that always we always keep an eye on out here is just people trying to, like, maybe get accessed from outside. So we're always kind of keeping tabs on just just our access cards, such as physical security, physical security, too. Yeah, that's something that we always kind of have in the back of our brains here. You know, not saying it's a bad area, but you know, you can never be too safe. I also think, just kind of seeing what the latest attacks are. I mean, it's always ransomware. You seem it seems to be you know, I think Microsoft released a Trends report, maybe at the end of last year on venue security. I'm gonna round the world cup. And that was pretty interesting. Given that, you know, I don't I don't see too much. Kind of devoted from bigger organizations on the highlight of sports. And just seeing that they are. They're targeting, you know, these big, big operations on game day. You know, the World Cup has the most eyes on it. And they are saying, you know, it'd be like point of sale system attacks, you know, just trying to do whatever you can to interrupt business and, you know, bring everybody to a halt, crack

Marc Laliberte  20:15  
and just hosted the Winter Classic this year, right? Which in the hockey world, or at least in like that NHL world, that's a pretty big marquee game too. And I imagine leading up to that was a little bit stressful or making sure you've got everything tucked away.

Ryan Willgues  20:30  
Yeah, you know, we we had a lot of help from the league on that. And we had a lot of help from the mariners since we played it in their in their building. But yeah, it was, it was quite the spectacle. I mean, we actually had, like, I think a great two day stretch there where we had sun and like, sunny skies for 14 was 45. Because we didn't know if we could play with the roof open or not. It happened to be so that's awesome.

Marc Laliberte  20:53  
Yeah. And venue, security is really interesting. I had a lucky chance to chat with the CFO of the NFL two years ago. And he was telling me just like the logistics of the security around the Superbowl. Yeah. And I know, that's like the the pinnacle of like single sports events. But I imagine like on game day, like, you've got to be on high alert for the types of threats that could be targeting the organization like you don't want your your data team being shut down, right in the middle of a game as you're trying to, like, help out? The coach on, I don't know, analyzing what's going on? Yeah,

Ryan Willgues  21:28  
yeah, we. So we always have someone from our IT staff in the equipment room, helping out the team with what their game day, you know, needs, whether it be video boards, or coaches and such. But also we're, you know, we're keeping tabs on, you know, we have like VIP users here, just keeping a tab on their, their email, keeping the tab on, you know, anything that would may happen with the arena. So the arena staff, arena has their own IT staff, we kind of partner with them and help them on game days as well. So we're all we're pretty much all hands on deck. And even for the playoffs last year, we had, you know, three, three, or six home playoff games, you know, three in the first round three in the second round. And we we even had more than we had probably four of us kind of just floating around the arena help making sure to help out with people on the press bridge, people in the media room, people on the owner suite, or GM sweet as well. We're just there to provide assistance for anybody if they needed anything. I think that's kind of like an important part. You know, you never know what might pop up. And, you know, time is of the essence when it's in the middle of a playoff game.

Marc Laliberte  22:40  
Yeah, that's an I love hearing that you're, you're focusing on that partnership and being there as the help and not being there. As you know, typically security, sometimes we can be seen as the blockers for everything like oh, no, you can't do that. Because XYZ. And I liked that. It seems like you're building a program here where it's the partnership, and let me help you do that. And we can make sure we do it securely. Is that accurate?

Ryan Willgues  23:04  
Yeah, it is. It's, you know, everybody around here, you know, I, I get up Monday morning sometimes. And we have like an all staff meeting. And I'll just kind of go over a quick two slides of like the state of cybersecurity, just kind of given, like some grill like kind of basics. And you know, everybody here has kind of grown accustomed and kind of know, no need to do that now. So they're always on the lookout for me if they need help with anything. And then when they see me at the arena, they they always, you know, kind of say, Oh, are we cyber safe today? I said, Yeah, I'm here, you know, so? Yeah, I mean, it's, it's not just me, though, it's the whole team as well, like, you know, I'll distill some information down to our team and just have been pushed out to some people here in like, all staff emails, too. So it's like

Marc Laliberte  23:52  
building this this culture then, at least within the administrative organization here. Do you ever get to do like security presentations for like the players at all? And like, here's how to not fall for the latest, whatever, gender scam or something? Yeah.

Ryan Willgues  24:04  
Nothing for the players? Yeah, maybe Maybe that's my offseason task list. I know, we have. We had some See, some players fill up their email, email inbox, which I know you can fill up a Google inbox, but there's a limit, I guess, I guess, and maybe, you know, all these players are just kind of putting their their emails out there for trials and stuff and accounts. But yeah, it's, it's kind of, it's kind of cool in the sense to where, you know, a lot of companies you know, they have their own Cybersecurity Awareness Program, or they're paying for email like email phishing, kind of setup like alerts. And here, just from the start, I knew we, you know, I, if I didn't have the budget at the beginning, I can just go up and kind of talk about it and educate people on what I know and just kind of bring it to everybody on the on kind of like a basic level. So I've been doing that here for a while now. So two years and it's been working out well,

Marc Laliberte  25:03  
that's good. Yeah. And that's, like speaking is the one that helps run that I've watched guard. Like, I've really found that like that custom content so to speak, and like cybersecurity training training of like, coming for me versus the ghost of Kevin Mitnick. No before like, yeah, it helps a lot with building that culture and getting that buy in and also tailoring it to the organization instead of Yeah, hey, don't click on a fish. It's, hey, here's exactly what we're seeing. And here's some things to keep an eye out on. Yeah,

Ryan Willgues  25:31  
yeah, it's super, it's super easy to customize it for everybody's needs here. Because we know the needs, you know, sometimes those services you pay for are like kind of out of the box. And they don't really fit some of the examples or people that we, we kind of target to, to them here.

Marc Laliberte  25:47  
And especially because, again, I had a professional sports team, you're pretty niche in terms of, like, the things you have to deal with. And so an out of the box, might be a bit of a challenge to really fit in. That makes sense. Yeah. This has been super interesting. Yeah. And anything that you wanted to cover that if you'd like we haven't. Um, what's your favorite? So you mentioned doughnuts earlier? Yeah. Top pot or Krispy Kreme?

Ryan Willgues  26:10  
Ooh, around here. Yeah, top pot. I learned that. So I came from Detroit. I'm, like I said, I was born and raised there. And something that we just had here recently was Fat Tuesday. And there's a maybe maybe it's just like a Midwest thing. But I don't know if you've heard of a paczki. Now, so it's basically like a deep fried donut with jelly in the middle. But instead of it being like a doughnut shape, it's more like a round kind of like, round. Just ball of tasty, goodness. Yes, goodness. Yeah. Yeah,

Marc Laliberte  26:41  
you have to go find a paczki, then. Yeah. So

Ryan Willgues  26:42  
well, they only have him on Fat Tuesday. So it's, it's like a kind of like a I don't know the whole story on it. But I know, the Polish markets in Michigan kind of started the trend of that.

Marc Laliberte  26:55  
Okay.

Ryan Willgues  26:56  
All right. Next year, then. Yes. Next year. Cool. Well,

Marc Laliberte  26:59  
thank you, Ryan, so much. This has been really interesting. I really appreciate you taking some time here to chat about your role in such a cool organization. Absolutely. Yeah. I'm glad that weren't now partners as well, too. Yeah. And really looking forward to getting to work with you, hopefully. Yeah. Quite a bit over the next few years.

Ryan Willgues  27:19  
Yeah, I'm, I'm super thrilled to be to be partnered with a cybersecurity company for a hockey team. You know, three years ago, I never thought I would be here, you know, work in cybersecurity for a hockey team. And we have this great partnership now. I mean, just yesterday, we were filming some content out on the ice with grubauer and some some your other employees with the WatchGuard here. And it was probably the funnest day I think I've had here in the past, you know, three years getting the shoot on goal on the goalie and, you know, be a be spreading the awareness for cybersecurity and just being a great partner to WatchGuard sometimes,

Marc Laliberte  27:54  
you know, cybersecurity can be one of the most stressful jobs in the world. Yeah, I don't know about you, but I feel like I have the best job in the world sometimes. And I bet this probably felt a bit like that, too.

Ryan Willgues  28:04  
I think if you pull out of cybersecurity professionals, they would they all love their job. It's the reason they're still doing it, you know. Awesome.

Marc Laliberte  28:13  
Well, thanks again, Ryan. I appreciate it. Absolutely. And hope to see you around again sometime soon. And thanks, everyone for listening. As always, if you enjoyed today's episode, don't forget to rate review and subscribe. If you have any questions on today's topics or suggestions for future episode topics, you can reach out to us on Instagram now at watchguard_technologies. Thanks again for listening and you will hear from us next week.