Kisco Systems Celebrates 40 Years
In the first installment of the new PowerTalk podcast, Justin Loeber discusses the need for IBM i clients to take action on security, and looks ahead to his company's anniversary celebration
Peg Tuttle: All right ladies and gentlemen, get ready to power up your day because it’s time for PowerTalk with Peg Tuttle. I’m Peg Tuttle, your host, and I’m here to bring you the latest tech insights, trends, and power packed conversations that will leave you inspired and ready to conquer the digital world. I am so excited to be here at TechChannel and we are launching this very first episode with my friend Justin Loeber from Kisco. Welcome to the show, Justin.
Justin Loeber: Yeah, hi. Happy to be here and congratulations on your first episode with TechChannel. I think it’s awesome.
Peg: I know. Me too. Me too, and you are just a wonderful person so I’m super happy to have you here so welcome.
Justin: Yeah, thank you.
Peg: Yeah, so you know what? We want to kick off talking a little bit about Kisco—actually a lot about Kisco. It’s a huge year for you guys. You guys are celebrating 40 years in the market, which is incredible inside of the IBM i space. So why don’t you go ahead and just talk a little bit about Kisco and your journey to 40 years.
Justin: Yeah, happy to do it and really proud of the achievement. The company was started by my father in 1984. I was 11 years old and I was an early employee. My job was folding letters. This was pre-email so we sent direct mail to promote our software. You know back then there was more of utilities for IBM midrange, so System/38 and then shifting over to AS/400 and then an iSeries. We didn’t put out our first security product until 1996, and that’s a product called Safenet. We’re still selling it today and then over the years of AS/400 into IBM i, we started adding more security products but then since 2021 have been focused entirely in the world of IBM i security and that’s the only thing that we do right now and it’s the only thing that we’re going to be doing as we go into our next hopefully 40 years.
Peg: Right, right. I mean it’s four decades. That’s crazy when you think about that milestone. That’s huge.
Justin: Yeah it is, and we do a lot of thinking about it. We’re going to have a lot of fun content coming out this year exploring that—and not just from a nostalgic perspective. You know our whole thing for this year is that the best way to celebrate our history is to really focus on the future and what we’re going to do next and what the market needs. So that’s a big part of our celebration.
Peg: Nice. I like it. I like it. When we were on our pre-call, we talked a little bit about your three brand pillars and I really like the messaging around your brand pillars. I would love for you to just kind of introduce them to our listeners and then break them down a little bit.
Justin: Yeah, our brand pillars inform every single decision that we make, every piece of content that we put out, every visual and every decision related to products and services. It’s really simple. The three pillars are education, innovation, and value. These pillars came about from our understanding of the security landscape within IBM i, which was anecdotally and also through various surveys that come out over the years. We hear that security is a top concern of IBM i administers and CIOs and IT managers, and yet we don’t see a huge uptick in spending or security projects. We are curious—
Peg: Even though it really is at the top of everybody’s list, which is crazy.
Justin: Yeah, so it seems more of a talking point than an action point—
Justin: So we’ve been super curious, or I was when I first became involved in the business of why was there a gap between awareness and action. So if you think about it, these three pillars are really about removing what we think could be barriers between customers being where they are and where they should be.
Justin: And so the three barriers would be maybe customers don’t know enough about IBM i security, and so we’re committed to education. Maybe they’re not getting the products they need, so we’re committed to innovation and continually developing our products. And then maybe they’re being asked to spend too much, and so we’re committed to value as well.
Peg: I want to talk a little bit about your pricing structure. I was thinking we could do it in a little bit but let’s go ahead and just have you break down kind of your pricing structure and how that works.
Justin: Well, I mean in essence there’s the practicality of how much it costs. You know everyone talks these days about cost per month in subscription models.
Peg: Yup, subscription models. We’re seeing a big push from IBM.
Justin: We are. We haven’t seen a huge interest in that from the customers, but it’s still helpful to think about the total cost of ownership in terms of what it costs per month. So we’re more interested in selling necessarily solutions than we are in selling software licenses. Of course the solutions incorporate our software in their licenses, but software is really only one component of running a secure operation on IBM i.
Justin: And so we’re looking at more of a complete portfolio, including other services as well, but if you were to take just our products by themselves this year, we’re selling them in bundles with three years of support—it’s the lowest cost we’ve ever been at. I know it’s unusual for vendors to roll back prices going forward, but we’ve done that this year because we just want to make it super easy for customers to get the tools that they need.
Peg: Yeah, step in and secure their systems. While the IBM i is very securable, it does require action by the user.
Justin: It does. You know the word legacy. It’s in my world a bad word, and so when I talk about legacy, I’m not talking about that IBM i is a legacy technology, but I want to talk about legacy mind set which is in my view when a technology has been in place in a business for so long it tends to still look a lot like it did when it first got installed.
Justin: And meanwhile, over the probably in many cases decades, IBM has continuously, many times a year released updates for this thing and added more security and more capabilities. So today we have a platform from IBM i that can do a lot of security, but we have customers running it in an older way. That legacy risk is a big part of why I believe IBM i is such a risk to IT organizations, and to their detriment a lot of them ignore it. But that gap between capabilities and what has actually been implemented in my view is a very big problem.
Peg: Yeah and many customers’ businesses running i today really struggle when it comes to security and really enhancing their IBM i security. I think you talked a little bit about providing an assessment to the customer to help with creating that roadmap for them. Can you talk a little bit about that?
Justin: Yeah, definitely. That’s something that the market is asking us to do. You know when I first got involved with the business, it was very much of the mindset that we were just going to continue selling licenses for security software, but that’s not really how security works.
Justin: Security is a fabric of technologies and management strategies. Our software, as amazing as it is all by itself, is not the answer to security—it’s a part of a broader solution. And so customers it turns out are looking to have their security solved, and that means more than just installing software packages from Kisco Systems. It often involves just figuring out what they’re running—and again it’s part of this legacy heritage in a lot of businesses of a system that was implemented 10-20 years ago and there’s not anyone there right now who is really quite sure where it’s at. You know we don’t know what we don’t know, so we start with an assessment. We have a very rigorous and well documented group of reports and analyses that we run that provide hard data that demonstrates where you are today. Of course informs a roadmap that can also be coupled with a penetration test, which is a completely objective analysis of showing weaknesses in your system. Then the really exciting thing, which I think we’re going to get into a little bit later, is that right now the manual process of the security assessment piece is being rolled into our security audit software, and later this year customers will be able to run self-assessments using our software tool. I’m really excited about that.
Peg: Yeah, absolutely. I love what you said about legacy mindset. Absolutely. I mean IBM i is the best product out there, the best hardware out there. It really is that legacy mindset. I love that term—I’m going to use that going forward. So if you hear me say it, I’ll give you a penny each time I say it for you know, royalties or something [laughs].
Peg: So let’s talk about something you mentioned just a few minutes ago about partnering, and I know this is a huge step for you guys. It’s a mindset shift in the way you have been doing business in the past and now how you’re going to do business as you move forward. Talk a little bit about update and operate and vendor partnerships and how these concepts are coming together.
Justin: Yeah, so let’s just start with like the core truth, which is that for 40 years, Kisco Systems has been selling software. That’s the only thing it has been doing—hasn’t been doing consulting, hasn’t been doing custom development. It’s only been selling software, and we have our portfolio of products. They are very well built and they are mature and stable. They are very valuable to us. So that is our expertise, but like I was saying a few minutes ago, security on IBM i is a fabric of whole group of different things of which our software is only one, and so if we want to start helping customers get the whole top to bottom solution that they need of that whole fabric—
Justin: You know, what are we going to do? Are we overnight going to become experts in disaster recovery, backup management?
Peg: Updating an OS, yeah.
Justin: Yeah, OS patching. No, we’re not going to do that because we wouldn’t be able to do it very well and it would dilute our focus on our products. So the best way that we can help our customers is to form strategic partnerships with best of breed companies who we know and trust and who can help with those other components. Then we work together with the customer to shepherd all these pieces together to build out an environment the customer can then operate. We don’t want customers to think about security as a project that they’re going to do once, and then they can tick the box and move on. Security is an operational challenge and it never stops. Not all IBM i shops are built for that. So the last piece of that is we do the assessment—we build a roadmap, bring in the partners, do the implementation, and then we have to operate the thing, handle the alerts, deal with changes in the business and how it affects the security. It’s constantly evolving and needs management. And we also then have partners who can even help at that level with a security operation center or network operation center. So we’re building the business to handle the whole thing.
Peg: 40 years in business. You’ve got to have a couple of excellent customer stories. We don’t ever want you to divulge the name of the customers because we’re talking about security here, but I think it would be great. 40 years—you’ve got to have a lot of good customers out there that have been with you forever that have maybe walked this path. Can you talk a little bit about that journey for a customer or two?
Justin: Yeah, I mean I love our customers. The oldest extant customer currently paying support is running our Safenet exit management product and has been doing that since 1997.
Peg: No way. That’s awesome.
Justin: Yeah. Actually, I think they just got billed for their 2024 renewal, so I love that fact. I think that’s pretty cool. And then if you look across the customer base, I think the average age of our current support contracts is 11 years—
Justin: You know, over a decade. So we’ve got really good stickiness as they like to call it, which I think is a testament to our products.
Justin: We lose customers because they go off the platform, and that’s the only reason.
Peg: Yeah, I think the loyalty is there. I mean there is something to be said about the quality of the product, the quality of the service for sure. So yeah, sorry, go ahead. Talk about your customers. That’s awesome.
Justin: Yeah, so when we’re talking about this whole idea of delivering the whole fabric of IBM i security, I’m super excited about a deal we’ve got going now actually. It was just signed last week and it’s a customer of ours who has been running one of our software packages for—I’m going to think about 11 or 12 years—and that company has been through three or four rounds of mergers and acquisitions and carve outs and the whole thing.
Peg: Oh, painful.
Justin: The IBM i just went along on that whole journey. You know the company kept changing, but the IBM i was there the whole time and now they’ve been carved out again. They’re back with an independent business with just two people responsible for the IBM i, but when the customer reached out, it was just him and he was looking actually for help to hire somebody. I said well what about doing a managed service, and that kicked off a conversation that allowed us to introduce our partners. It allowed us to talk to some of the people on his side, and the end result of all that is that their infrastructure on-prem is going into the cloud—well, going into a managed service facility with disaster recovery and managed services, a suite of Kisco products that will be configured and operated by us and our partners. The beauty of that is—well, there’s a couple of things. One is it cost that customer so much less than he had thought—and that was based on previous efforts to explore what it would look like to move the hardware off the property. So when he saw the final numbers of everything, he was shocked at how affordable it was. But then the real value to their business is that because he and his dedicated IBM i resource are no longer going to be responsible for managing and running the infrastructure, they can focus entirely on returning value to the business by kicking off, you know, sort of their wish list of modernization projects and really making the technology work for them. I mean we all know that one of the things that we talk about in the IBM i community is resource constraints. There doesn’t happen to be enough people to do what needs to be done. And so if that’s the case and you’re in your organization and you are constrained on resources, do you want your people to be doing day to day operations and management of the platform, or do you want them to be adding value to the business by creating new business logic, new applications—
Peg: Yup, driving the business forward.
Justin: Yeah, exactly, whatever it might be. And so to me, that’s the real win and that’s ultimately what the customer is most excited about. They’re just happy that the infrastructure and security is taken care of and they can go create value for their business.
Peg: Yeah, you know moving to the cloud is an excellent option. What a great resource you’re bringing to your customers. Thanks for really understanding what the customer needs, because that’s priceless.
Justin: Thank you. No, we’re really excited about it and again it’s not the company necessarily that I was envisioning when I came on board, but I mean, adapt and overcome. You have to go to where the market leads, and I feel like we’re doing that.
Peg: Yeah, I think you are. I think you are, absolutely. So let’s talk a little bit about that. Not the company that you thought it would be. You are—I want to say you’re an IBM legacy. Your dad started the company 40 years ago. You grew up in the house of IBM i speak, you know. What do you envision—now it’s been 40 years. What do you envision for your products, for your companies, for your customers as you go forward? Maybe start with your products and then go from there.
Justin: Yeah, we consistently release updates, major updates every year. Last year we did three. This year there’s three that I know about, so I’ll just run through those really quickly.
Peg: Yeah, please.
Justin: I want to focus on two of them. So we have a product call iEventMonitor, which is a complete monitoring solution for IBM i that encompasses system monitoring, performance monitoring, but it also encompasses monitoring for security events. For example, it parses the audit journal and can create alerts and notifications for any number of events that it recognizes in there. So that has always been a single LPAR product, so in multi-LPAR environments, it has been a little bit of a challenge to manage notifications across the whole environment. So I’m really excited that our next version, which is currently being tested—development is done. This is going to be iEventMonitor version 8, which is going to include a new license level which is an enterprise monitoring license that will centralize all the event reporting into one system into one pane of glass view of all the event activity across your LPARs. It also will include a centralized management utility so you can create your rules and alerts from one place and then push them out to the remote LPARs—
Peg: Yeah, making it easier, yeah.
Justin: Much, much easier, and it’s doing it all with native IBM i technology. That’s one of our internal core values for product development—what we say is no dependencies. Well, not no dependency. We say that simplicity is the #1 thing.
Peg: Right, right. You want to make it easy for customers to update your product. When you’ve got new versions and new enhancements coming out, it needs to be easy for them to update.
Justin: Yeah, absolutely. So, none of our products have any non-IBM i native dependencies, and the same is true for our new enterprise release for iEventMonitor. Then the other thing that I’m excited about—I mentioned it at the beginning of the show—is that we’re expanding the IBM i security audit capabilities of our audit software, which is called iSecMap. And that it is going to include a self-assessment capability. So all of the assessment reporting and tools that we have in hand now to run our manual assessments will all be baked into the product.
Peg: And so they’re going to be automated. A customer can run them anytime they want, anytime they need, and then reach out to you to discuss them in greater detail or—?
Justin: Well yes, they can do that because I think that that is what we imagine customers want to do. But what I think customers will end up doing is another new service that we’re coming out with later this year, which is a managed security audit service. So basically, we’ll use our software for you on your behalf. It will connect into your environment quarterly, run the audit, and then schedule the discussion and see where you are compared to the last quarter and come up with some ideas of things you might need to still be doing.
Peg: Absolutely. I do have a quick question for you. Do you do ransomware and cybersecurity kind of stuff? Is that baked into your product as well?
Justin: We do cybersecurity from the perspective of exit point management, and then we’re doing multifactor authentication of what we call data protection technologies. We have not done anything with ransomware or antivirus because we think that you can solve those problems or minimize that risk with exit points and some judicious architecting of your IFS.
Peg: Sure, excellent.
Justin: We think the only reason a company should ever buy those tools is because they have to tick a box on an audit. They’re among the most expensive cybersecurity tools in the IBM i marketspace and for us, we’re not convinced of the value of it, so we don’t do that. However, there is a good possibility that by the end of the year that you could see us with a field encryption product, which I do think is a very interesting technology and it’s again, completely native to IBM i.
Peg: Yeah. Growing your products and meeting the needs of the customers in the IBM i space. That’s excellent. Any other fun future developments or innovations you want to share? Did we get it all?
Justin: No. Well, there’s like just the community stuff—so you know, that education brand value really drives a lot of what we do. I think you can see if you spend any time on our LinkedIn or on our website. There’s so much content that we share, and then end of last year to kick off our 40th anniversary celebrations, we launched our fellowship program named for my father.
Peg: Yes. Yes, and we have the first winner.
Justin: Yeah, Cameron Stewart from our customer Oakley Transport in Florida.
Peg: Yes, that’s so exciting.
Justin: Yeah, really excited about that. Then we’re already starting to think about and schedule the promotions and the awareness to pick our next fellow for July, so we’re going to keep rolling with that program and really excited about that. I’m excited about the free content on our website—something we call KiscoU, which we’re constantly adding to and expanding. Basically as we go through and we do our internal R&D, we just publish all our R&D into that section of the website.
Peg: So it’s like a knowledge base then?
Justin: Set up just like—more like, you know, sort of bite size little snippets and articles. You can definitely put your email address in there and receive a notification when something new comes out. Then the last thing I want to talk about is just life on the road.
Justin: Conference season is coming up and I’m excited to get back out there. We’ve got WMCPA. Pretty sure we’re going to be at the Blue Print conference in Dallas in May, and of course we’ll be at POWERUp. POWERUp is the big one. That’s where we’ve decided to celebrate our 40th birthday. We booked an awesome venue. We’re going to have a great party and we really hope to see a lot of people there.
Peg: Yeah, I’ll be there. Heck yeah.
Justin: You better.
Peg: Yeah, oh for sure. I love it. So we’ve got a lot of good stuff coming out of Kisco, everything from product updates to the fellowship program and the very first winner, Cameron. That’s awesome. I can’t wait to meet him. That’ll be fun to catch up with him in a few weeks and just hear his story, and then to get everybody together and have just a blowout party. It’ll be super fun.
Justin: Yes. We’re really excited about that.
Peg: Yeah well, you’ve got to celebrate victories and these life-changing events in our lives. You bought a company and here you are, really growing it and really taking it to the next level. It’s really wonderful. Thank you for all you’re doing for the IBM i community for sure.
Justin: No, thank you. I mean it’s really been an unexpected bonus to getting involved. I’ve had no awareness whatsoever of that community or the value it would create when I got involved in the business, so that’s been a surprise and a huge blessing.
Peg: Yeah, yeah, absolutely. Wonderful. I know everybody will be excited to meet you at the conferences, WMCPA and then POWERUp. So if you guys are interested as we begin to wrap up our interview today, if you guys are interested in continuing this conversation with Justin, please reach out to him Justin@kisco.com. Don’t forget to sign up for all of the resources that they have available. Justin just talked about KiscoU. Reach out on LinkedIn, stay informed with their newsletter. Don’t forget to sign up for POWERUp and get registered for that conference. Come to this big celebration: 40 years providing security solutions, the Kisco party. That’ll be great. Then again, I just mentioned LinkedIn, but you know go ahead and stay in touch on LinkedIn. I know that they would love to see you out there. So Justin, thank you so much for joining me today on this launch of the podcast, the PowerTalk with Peg Tuttle show. We’re so happy you were able to join us today. Thank you so much for being here with us.
Justin: No, thank you. Pleasure is all mine.
Peg: All right. Thank you everybody, and we’ll see you on PowerTalk.
About Kisco Systems
The IBM i can be incredibly secure, but often isn’t because of its legacy heritage. Weak passwords, over-authorized users, complex security features, and other issues create risk for unauthorized access, data loss and system downtime. IBM i products and services from Kisco Systems address these issues to minimize cyber-risk and maximize system availability.