Sustainable Supply Chain

Revolutionizing Supply Chain Security: Trust, Transparency, and Collaboration

March 20, 2023 Tom Raftery / Jon Geater Season 1 Episode 302
Sustainable Supply Chain
Revolutionizing Supply Chain Security: Trust, Transparency, and Collaboration
Digital Supply Chain +
Become a supporter of the show!
Starting at $3/month
Support
Show Notes Transcript

Hey everyone, Tom Raftery here, and I've got an amazing episode of the Digital Supply Chain podcast lined up for you! I had the pleasure of chatting with Jon Geater, Chief Product and Technology Officer at RKVST, about the ever-increasing need for security and trust in supply chains.

During our conversation, we dove into the importance of integrity and transparency in digital supply chains and how companies can leverage technology to ensure a more secure and efficient process. Jon shared fascinating insights on how RKVST is helping businesses remove paper from the process and streamline information sharing.

We also discussed the power of collaboration in supply chains, with Jon emphasizing the need to overlay a simple collaboration layer to improve efficiency without compromising security. He shared some valuable resources for those interested in learning more about secure digital supply chains, including the RKVST website (rkvst.com) and the Supply Chain Integrity, Transparency, And Trust (SCITT) group's site (scitt.org).

Towards the end of our chat, we touched upon the motivation behind improving security and operational quality in digital supply chains, and Jon raised some thought-provoking questions about what will truly drive businesses to take control of their digital processes.

You won't want to miss this episode, as Jon's expertise and passion for creating more secure and efficient supply chains shines through every minute.

Check out the full episode, and don't forget to connect with Jon on LinkedIn to stay updated on his latest insights.

And don't forget, the video version of this podcast is on YouTube at https://youtu.be/Ercc3ZUXUWA

Happy listening!

  • Tom

Elevate your brand with the ‘Sustainable Supply Chain’ podcast, the voice of supply chain sustainability.

Last year, this podcast's episodes were downloaded over 113,000 times by senior supply chain executives around the world.

Become a sponsor. Lead the conversation.

Contact me for sponsorship opportunities and turn downloads into dialogues.

Act today. Influence the future.



Support the show


Podcast supporters
I'd like to sincerely thank this podcast's generous supporters:

  • Lorcan Sheehan
  • Krishna Kumar
  • Olivier Brusle
  • Alicia Farag
  • Joël VANDI
  • Luis Olavarria
  • Alvaro Aguilar

And remember you too can Support the Podcast - it is really easy and hugely important as it will enable me to continue to create more excellent Digital Supply Chain episodes like this one.

Podcast Sponsorship Opportunities:
If you/your organisation is interested in sponsoring this podcast - I have several options available. Let's talk!

Finally
If you have any comments/suggestions or questions for the podcast - feel free to just send me a direct message on Twitter/LinkedIn.

If you liked this show, please don't forget to rate and/or review it. It makes a big difference to help new people discover it.

Thanks for listening.

Jon Geater:

we've got this, internet-based, security, which is trying to keep everybody out and trying to keep all your data in, right? And that's great. If you are an enterprise and you are defending one castle, that works. If you're a website and you're defending against hackers, that works. The problem is that falls down when you enter this sort of supply chain case or this collaborative case where you actually need to share data in order to realize the value of, of that digital transformation or connection that you have with your partners

Tom Raftery:

Good morning, good afternoon, or good evening, wherever you are in the world. This is the Digital Supply Chain podcast, the number one podcast focusing on the digitization of supply chain, and I'm your host, Tom Raftery. Hi everyone. And welcome to episode 302 of the digital supply chain podcast. My name is Tom Raftery, and I'm delighted to be here with you today. Sharing the latest insights and trends in supply chain. Before we kick off today's show. I want to take a brief moment to express my gratitude to all of our amazing supporters. Your support has been instrumental in keeping this podcast going and I'm really grateful for each and every one of you. If you're not already a supporter. I'd like to encourage you to consider joining our community of like-minded individuals who are passionate about supply chain. Supporting this podcast is easy and affordable with options starting as low as just three euros. That's less than the cost of a cup of coffee and your support will make a huge difference in keeping the show going strong. To become a supporter, simply click on the support link in the show notes of this or any episode, or visit tiny url.com/d S C pod. Now, without further ado, I'd like to introduce today's special guest, Jon. Jon welcome to the podcast. Would you like to introduce yourself?

Jon Geater:

Yeah. Hi Tom. Thanks for, thanks for having me. so Jon Geater, I am Chief Product and Technology Officer at RKVST. Uh, we specialize in digital supply chain integrity, transparency, and trust. Uh, I've got about 25 years in the, uh, industrial and financial cybersecurity industry.

Tom Raftery:

Okay, cool. And. This is not a topic we talk about a lot on this podcast, not because I don't think it's important, but just because it doesn't seem to come up often enough, and it's obviously a topic that's hugely important for supply chains, given that supply chains are lots of different organizations interacting with each other, and you need that kind of trust there. So let's start off, first of all with a little bit of background about yourself and why did you get into this space and why is it important?

Jon Geater:

So I've been, um, working in the high end of cybersecurity for about 25 years now, and everything from, the sort of big boxes that go into securing cryptography for cloud services through to tiny embedded chip security, for mobile phones, um, and a lot of industrial use cases. Um, things like airports, things like, the smart grid tariff management and security. And through working on all these different projects, there's a couple of key themes that really emerge. So one is that that trust that you mentioned between businesses is super important. And the other is that the tools that we've built for computer security over the last 40 years or so are not built to enable that. So what tends to happen is that we've got this, internet-based, security, which is trying to keep everybody out and trying to keep all your data in, right? And that's great. If you are an enterprise and you are defending one castle, that works. If you're a website and you're defending against hackers, that works. The problem is that falls down when you enter this sort of supply chain case or this collaborative case where you actually need to share data in order to realize the value of, of that digital transformation or connection that you have with your partners. So, yeah, I spent many years working with some of the best people in PKI and crypto and key management and cloud native security, trying to wedge all of that stuff into these contexts like airports and smart grids and industrial, uh, industrial networks. And there was always this thing missing. And the thing that's missing is representing different views of risk, right? So, so it is very easy if you've got one view of risk, which is you steal my stuff or not. That's relatively easy to lock down. You've only got one person to ask. You've only got one insurance policy to underwrite. It's all great. Once you get into having many people in the chain and they're dealing with the same data in the same systems, but they have a different view of risk, or they have a different exposure to different risks, then it becomes more complex. And that's the challenge that we're trying to solve. Not with this kind of confidentiality or the hard crunchy fortress that keeps everybody out. But adding an additional layer on top of that, that gives you confidence and trust and allows you to check the provenance of the data you are dealing with. So you can actually take control of your own risk and make your own judgments, uh, based on what's sort of coming in and flowing through those, through those networks. So it's really just a missing piece that, that, that we discovered, uh, over the years, which you're now trying to, trying to fill in.

Tom Raftery:

Okay. And, I mean, this podcast is called the digital supply chain and digital, I mean, supply chains traditionally have been as a lot of processes have been, have been very analog with clipboards and pens and paper and stuff like that. But we are slowly shifting to digital. A lot of processes are more digital now. What, what implications does the digitization of supply chain have for security?

Jon Geater:

So it's, it's really. It's exciting in, in, in many ways. And it's funny that, so one of the other things that I do, I'm the co-chair of, uh, an IETF, uh, group, that's the Internet Engineering Task Force. The guys who kind of create all the standards for how computers talk to each other largely mm-hmm., in the Supply Chain Integrity, Transparency, And Trust working group. So we're working again at sort of the leading edge of the technology and the standards and with a lot of stakeholders, to try and solve this problem in a very you know generic, forward looking, adoptable way. And what we find is there are a couple of very different views of what a digital supply chain is. So before you get to answering that question of, of, of impact, there's the digital supply chain as you just, expressed it, which is kind of digital transformation. We take processes that already work and we've kind of put them on computers or we take systems that used to be monitored manually and we put sensors in them that, that, that kind of thing. And then, and that's essentially taking things that used to be pieces of paper and turning them into emails or something like that. Like not ideal, but that's, that's what happens a lot of the time. And then there's another digital supply chain which comes alongside that and is, is sort of silently growing, which is the pure digital stuff. This is the, the recognition. It's always been true, but I don't think it was terribly recognized that software flowing into your organization is a supply chain and software updates and open source components that come and go. All of those pure digital things have their own supply chain, which often goes very, very deep. Mm-hmm., and often goes into, as, as one very famous rather nerdy cartoon suggests, you know, you can have the entire infrastructure of the internet resting on something that some guy in Nebraska wrote in 1985, no longer maintains So those two things actually have very different implications. The implications on, the pure digital side is really speed and scale. You know, all of the processes and best practices that that we have in place to assess what's coming in and do vendor assessments and do security reviews, all that. In theory, they work, but in practice, the updates are so big and so complex and so fast. We just can't scale to meet it. We can't hire the people and the experts to, to do those things. So that's one, one side of it is pure deluge that says these manual processes and the once every three month approval committee just can't, can't handle that anymore. On the digitized supply chain side, it's a little bit different, the speed and scale isn't accelerating as fast because you're essentially taking things you already did and just doing them more efficiently. So that's okay. You can still have your fundamental processes and checkpoints and all of the sort of important bits of, of what you are doing and what your data analysts do, and what your business quality analysts do. All of that can stay in place, but now what you're doing is you're taking some manual processes, potentially face-to-face processes, potentially physically secure connections where somebody can take a cache of documents and get in an armored van and drive to between sites. You're taking all of that and you're turning it into digital communications. And so the new threat on there, the sort of the security or the trust overlap on that is saying, well, how do I take advantage of this really much more efficient supply chain and the opportunities for me to communicate with more partners and the opportunity for me to communicate in seconds rather than days. How do I take advantage in that and still have in the instant enough trust in the data that's coming in that I know it's the real data and not a hacker. I've got lots of very hilarious stories about what happens if you trust the wrong data.

Tom Raftery:

Oh good!.

Jon Geater:

So, uh, how do I know it's the real data coming in from the real place, firstly? And then if your business is of any size and has any kind of risk exposure, how do I know in three or six or nine months time when audit time is coming around that I can demonstrate that this lump of stuff that I have here, right now is the stuff that I worked with was the right thing to make my decisions on, and is auditable and verifiable and has its provenance, trackable to the satisfaction of my auditors and assurance company and quality people and regulators because the piece, and I'd be very glad, um, to hear from your experience from other listeners and everything else. I'd be very happy to hear that the next thing I'm about to say is, is wrong. But I, my, my experience of this thing is that one of the very last things to really digitize is the kind of regulator auditor loop. You know, they'll come in and they'll look at your digital systems, but they still want to go through those same set of processes, and it's very, very difficult to rewrite a 3000 page ISO 9,000 or 27,000 manual. So that trust in knowing I've got the right documents, they are the documents I use at the time, and they came from the place I expected them to come from. That's the big challenge that we're kind of trying to solve in order to unlock the real digital transformation efficiency.

Tom Raftery:

Okay. And I mean, you mentioned some hilarious examples there. Can you give us one or two of them to show why this is actually important?

Jon Geater:

Yeah, so there's a , well one of the funniest ones I heard, it's not my story, it's secondhand one as, as all the best are. But you know, you can use, signals to your advantage. You know, attackers love using security systems against themselves. And so, you know, the, the, the, the simple untrue example, but e easy to imagine sort of basic thing is, you know, if you, if you receive a signal from the fire alert system, Do you open the fire doors or not? Well, that's an interesting question. If there's a fire, yes, you definitely should. But if that's a false signal, then you probably shouldn't, because the likelihood is that the people wanting to rob your, rob, your store, or your warehouse are standing outside the fire doors just waiting for the, for the locks to be turned off. Right. So in that vein, there is a funny story from the, uh, from the water industry, for example, where, they were looking at implementing, security by kind of insight. The guys inside there were really obsessed with logs and monitoring. They wanted as much information as possible so that they could look for patterns of behavior or they could look for intrusion attempts and things like that. And this was back in the days when, you know, you didn't have nice, easy, simple printers. These were big, heavy thermal printers. And so one of the things they wanted to do with their security intrusion monitoring system was to, send a message and print a physical log record of every time, a beam was broken. Every time a bar was raised, every time any, sound was detected around the perimeter, all that. And, what resulted from this is that they got tons and tons and tons and tons of records every time anybody touched the wall. Anytime anybody went to the security desk to ask a question, everything got printed out. First problem there's too much. You can't search through that. You can't find the needle in that haystack then if you just print everything. But the second better problem was that it was discovered that if you just sort of stood outside and waved a stick through the right bit of the barrier, you could cause so many messages to be printed out on that printer that it smoked and set off the fire alarms and opened the security doors. So by implementing supposedly better security, Based on this internal, very crunchy, hard walls model, uh, they actually made it worse and made it possible for somebody outside with a very analog attack to open the doors and, and, and override the security systems. Tom Raftery: Okay. Okay. Well, given then that this is causing so many problems, is it worthwhile? Is, is the digital transformation of the supply chain actually worth it? Well, I would hope so. It's, it's happening anyway. It's happening anyway, so I think there are a couple of. a couple of different things. So if you wanna look at problems happening, you know, real examples on the, on the fully digital side rather than, you know, funny, funny old anecdotes. The number of security threats we get from open source packages or unmaintained packages. Everybody knows about Log4J. Everybody knows about, Sunburst. That was the, the thing that, um, SolarWinds and Microsoft and VMware all got, uh, all got owned by. We've seen all of this malware. and back when the NHS was kind of crippled by malware for a few days, there were also lots of pictures of things like motorway information gantries that had, ransom demands on them. Not because people were trying to target Highways England, but because the thing just spread. And any computer it could find that it could infect, it got on. And so loads and loads and loads of things got taken out, kind of by accident. If, if, if we look at it that way. Um, and that was caused by not having a good enough view of where the software comes from because, you know, let's break it down. Digital transformation is about using data to make business decisions. Mm. The data has to come out of a computer. The computer has to be running software, and that software has to be right. And right means, you know, up to date maintained, faithful, appropriate for your use case. AI is a great place where appropriateness is, really poorly understood, for example. So, you know, all of these big software attacks that, that tend to come in and get publicized are essentially digital supply chain problems where people have put off the sort of integrity and validation and this collaborative working in favor of just buying more firewalls and more antivirus and hoping that they don't get hit. So yeah, I think that has already happened. That horse is bolted. People are not gonna stop doing that. Mm-hmm. So whether it's worth sort of continuing or expanding or not, the current situation that we have with digitization already needs this to be fixed in order to move forward safely and actually, sort of make the money savings and the efficiency and the better insights and create our cleaner, greener, better future rather than spending lots of money on cleanup or as I'm sure a lot of people will recognize, you know, continuing to employ humans and real creative human brains sitting and watching the computer systems that are supposed to be automating the mundane away, but can't quite be trusted to do that yet. So yeah, I think, I think there's a lot of potential in, in digital transformation. It saddens me and it's the reason why I started my current business, that it's not delivering as fast or as much or as well as it could. And I think that's the reason.

Tom Raftery:

And how do we secure those, you know, physical to digital systems?

Jon Geater:

Yeah, so that, that's a, an interesting point and I, I do really think the physical devices and the the real world are, are super important. Actually in this we talk about digital and there's lots of software and, and crypto and stuff that comes into the conversation. But really that should all just be in service of, of making our real world work work better. So, again, they're kind of two sides to this, depending on whether you are your own, shop, doing your own thing or whether you are working in this collaborative, supply chain context, cuz IoT as it's, you know, often shorthanded has quite a lot of technology and, and techniques to it that are good enough if you are just managing your own factory and your own risk and it's all your own stuff. So you put a digital certificate on it, you put a little bit of physical shielding on, and then at that point you've done enough. There are bigger problems to worry about. The issues start to come when we want to connect these things. And you have something like advanced manufacturing or you have this software supply chain or you know, data marketplaces are, increasingly springing up where you can use other people's sets of data to drive your own insights or decisions. At that point we, again, come from a point of simply protecting the device and putting a nice, sort of warm, fuzzy blanket around it, or hard castle shell, depending on, on your proclivities. And we actually have to have integrity in that data and we have to know where it came from and we have to have, um, you know, security has this, this triangle, this CIA triangle of confidentiality, integrity, and availability. Okay. Recently we've, we've done really well at the confidentiality. People often think as a shorthand that cybersecurity is all about secrets, so that's great, but actually as soon as you are collaborating and you want to make use of that data, it's the other two that are important. You need the integrity, meaning this hasn't been tampered with. It is what I think it is, came where I thought it came from. And the availability, you know it, many, many people I'm sure will have had this experience where you're working with somebody, it's all fine, and then your supplier relationship breaks down and you need some records or you want some information from them. And what you are faced with is reaching into their database or asking their people for a copy of some kind of report, and you just can't get it. And that's not good enough. You can't run fully digital operations if you can't rely on that data being available to you, when you need it, whenever that might be. Whether it's within the second for a decision to be made or whether it's in seven years when you've got an audit to be done, you've gotta have it available to you. And so this, again, is where the IETF group comes in and the standards that, that I'm helping to build and a lot of colleagues in fairly large companies are also helping to build, is to come up with standards for exactly those kinds of devices to say, here's what I did on this given day. Here's irrefutable proof that I, this very trustworthy up-to-date device, created this piece of information for this purpose and I push it up onto, what we call an attestation lock. So you can make attestations, you can make provable statements, irrevocable statements about what was happening that then give confidence to other people to pull that data off and use it, in their processes. So that's kind of where the, where the crossover comes out. If we are gonna have sensors, like traffic flow centers. How many times have you seen, so this happens more in the US I suppose, but I see it here too. How many times have you seen a traffic light or a light pole with like five or six or seven lidars or cameras or something on them? And mainly the reason for that is because each one of those cameras is sending basically the same data back to a different company that wants to make different decisions and sell different insights and do different things. But it shouldn't be that way. We should have one camera. It sends all the footfall data to one central place. You sell it to everybody. And then whether you are doing social planning or whether you're trying to decide exactly which street corner to build an next McDonald's on, just get that data that was made once. The reason they currently don't do that is because you can't trust that data. And if you can't trust the data, we end up with this huge wastage and inefficiency, that that's coming along. So I think that's the place to, to consider, the next phase of security on the cyber physical.

Tom Raftery:

Okay. You've mentioned collaboration a few times. Can you talk a little more about that? Because it has to be really challenging to do collaboration in, in this kind of scenario

Jon Geater:

That yeah, very true. And it'll almost sound like I have a hobby horse here, but I guess everything comes back to, comes back to the same kind of truth. In theory, supply chains and value chains, even, uh, value chains more in some sense, can be much more efficient if we use digital transformation because you take out, a lot of administrative work. Yeah, A lot of what I work on day to day is basically, not just digitizing paper, but actually removing paper from the process. You know, if you've got somebody doing some useful work at one end and eventually that thing, that work product goes to the supply chain and goes to the next person who's gonna do useful work. Typically what we see in the kind of big industrial spaces that, that, that we work in is that there'll be many stages of paperwork in between. There'll be the guy, the first guy fills in their paperwork, they did the thing. Some manager then checks it, puts it on a job sheet, somebody else does the business quality audit and puts it on an outbound. Somebody else then does all the redaction and the destination copying works out things, emails people separately or puts it in a different Dropbox or, and then that whole process is repeated in reverse on the other side until the, the next lady along has to do her job and., all of that is wasted. No, nobody wants to do that job. Nobody really needs to, it's only there.

Tom Raftery:

There's huge opportunities for transcription errors and all kinds of things like that as well.

Jon Geater:

Transcription errors. Yep. Absolutely. This is the irony of the whole thing, is that all of those paper copies are there to make sure that the data is absolutely pristine and all it does is actually introduce opportunities for mistakes. So what we do, you know, primarily the sort of easiest thing to do here is we take out the six copies and just have one reliable copy of the actual original information as far as possible, to go across. And that means that you can get this better collaboration between, between people cuz they know they're dealing with the right stuff, they know it's up to date and they know it's going to be available for their audits and, and insurance policies and everything else to move forward. So it just speeds everything up. Now imagine doing that with traditional IT where all of your supply chain partners have to have a login to your identity system or a kind of host guest email address, or they have to all have mediated access to bits of your core internal databases. Just doesn't happen. It's impossible. And so again, what we're trying to do with this collaboration, and the sort of integrity approach and the new, the new standards is to say, look, let's not do a really, really hard job of trying to turn over everything we've ever known for 40 years and sort of punch little holes in all your defenses. That would be silly. Leave those alone. Keep all your defenses, keep your internal operations running the way they do. And you just overlay a very simple collaboration layer that says, well, by policy, I already share yield information. I already share end of day information. I already share, you know, whatever invoices. I just wanna do only those in a more efficient way. And then those things get filtered onto this sort of shared evidence log with the attestations, things like that. Everything else is left alone. So, you know, you don't have to retrain everybody on the, on the ground, cuz that's a big no-no. If you have to retrain too many people, then it's not happening, right? So don't change any of those operations. Just put this, collaboration layer in. Make those attestations to say, yes, I did this on this date and this is what it means. And then everybody just moves on, moves on with their day. So I think that's, that's why I mentioned the collaboration thing because I think that's key to unlocking all of the theoretical efficiency and money saving and carbon saving, of digital.

Tom Raftery:

Okay. For people who are listening, John, if they want to start on a journey to reach, you know, what we, we consider a secure digital supply chain, where should they start? What are kind of first steps?

Jon Geater:

So a couple of things depending on, on what they, what they want to see. So on the corporate side, I mean, they're, they're very welcome to come to my company's website. That's, RKVST, R K V S t, dot com, and we've got most crucially, you know, we've got a free platform so you can just play with it if you're technically minded, without any kind of obligation. But we've also got some case studies there. We've got one for handling nuclear materials and we've got one for handling, transparency in the carbon, supply chain, you know, environmental and sustainability and governance goals. So that'll give a kind of broad company based overview. If you want to look at more sort of standards and transverse non-vendor-y stuff, then we've got quite a lot of resources on and coming outta the Supply Chain Integrity, Transparency, And Trust group in the IETF. and the easiest thing to do, probably, is to go to scitt.org, that's scittdot org. Uh, and we've got a whole bunch of the, sort of the rationale, the use cases, how it enables both this kind of cyber physical and the pure digital, supply chains and breaks down some of those. Um, Maybe trickier concepts if people haven't been working in cyber for 25 years, then really unpicking that, that crucial difference between integrity and transparency and confidentiality. I can imagine it's not the the easiest thing to get into. So that SCITT website really kind of boils that down. Takes out the core concepts and just says very simply, This is how powerful attestations can be in improving the quality and integrity of the supply chain operations. So I'd say that rkvst.com or scitt.org. Um, good resources.

Tom Raftery:

Okay, superb. We're coming towards the end of the podcast now, John, is there any question that I have not asked that you wish I had or any aspect of this we haven't covered that you think it's important for people to be aware of?

Jon Geater:

So I'm always interested to understand motivation. I know what my motivation, is and was. Yeah. I used to be on the other side of this. I worked in aerospace, prior to starting RKVST, and, and a lot of my life was spent verifying and validating and copying other people's documentation for my own cause. So I, I, yeah, I felt that pain and I feel the things moving. But a lot of the time what ends up being talked about is, a regulatory push or a security push or an incident push. Yeah. So I guess the thing that maybe I, I would've expected you to ask or, or would expect you to, to, to have some opinion on is what's really pushing the need for improving security or operational quality in the digital supply chain? You know, there's a, there's always this caricature, and I, I'm absolutely certain this is not true, especially having worked with people who work in the, the, you know, critical infrastructure and things. I know that they are better than this, but there's a caricature that says, well, we'll just keep on adding computers until something catches fire. And then we hope the first one to catch fire isn't us, and then the regulation will start, and then we'll fix it. Obviously, that's a very long and destructive loop and we don't want to get into that. Now as I say, that isn't what's happening. There are very diligent people who work in, in, in these spaces, and I know, that they do better than that. But what is the perk is good right now. All of the ransomware attacks, all of the many issues that we have with current integrity. Just in December, Samsung and Microsoft both had issues with stolen signing keys for software packages. So even if businesses have done the very, very best they possibly can and done all their defenses right. You are relying on this very one-dimensional security of somebody signed their software and now you are completely owned because, well, the signatures work and it came from Microsoft, or it came from Samsung, so it's definitely fine. Well, sorry guys. It's not, it, you know, you, you've just, you've just lost a hundred percent because you were only relying on one thing. So, I think the, the big thing that's interesting to me is what will be the motivator, you know, NIS could have done that. The, network information systems directive, it's been in force for several years now. Has all of this stuff in. But hasn't really had a big impact. You know, there are other things in the US, presidential orders, you know, could have done, but actually you're moving very slowly. So I think that's the, the interesting thing is to, um, really put in, in people's minds this question of why aren't they looking at getting, getting better, taking more control? Because you don't have to just throw up your hands and say it's computers, it's hard, or you know, it's software. It comes from other vendors. Equally, nobody can be an expert in everything. This is why we have vendors and supply chains is so that everybody can do their expert job. But I think there's a place in the middle that's currently missing. And only really gets filled with heavy handed regulation that I think I would like to encourage people to think a little bit more carefully about. Can we take a bit more control if we just organize ourselves in a slightly different way, in a slightly more digitally native way, can we take control of that risk a little bit more so that when my vendor falls over, which every vendor will fall over at some point, I'm actually in a position to mitigate that risk, look after it and continue on, maybe with degraded operations, but with operations. yeah. So that, that's always the big unknown for me. It's like, this is gonna happen, but when is it gonna happen? That's a great, great question.

Tom Raftery:

Okay. Superb. Good one. Good one. Okay, Jon, if, uh, people who would like to know more about yourself or any of the things we discussed in the podcast today, you've already directed people towards the SCITT site and your own RKVST website, and I'll put those links in the notes. Is there anywhere else you'd like me to to direct people?

Jon Geater:

Um, yeah, so I'm mostly active on, on socials, well, other than I'm a rower, so I spend most of my time when I'm not at my computer on the water, and you're welcome to find me there too, but, beyond, beyond that, I spend most of my sort of socials time on LinkedIn. and so I am linkedIn slash um, Whatever it's profile, Jon Geater all one word. Um, I'm the only one on there, so, um, it's relatively easy to find me.

Tom Raftery:

Great. I'll, I'll link that in the show notes as well. Perfect. Jon, that's been really interesting. Thanks a million for coming in the podcast today.

Jon Geater:

Thanks, Tom.

Tom Raftery:

Okay, we've come to the end of the show. Thanks everyone for listening. If you'd like to know more about digital supply chains, simply drop me an email to TomRaftery@outlook.com If you like the show, please don't forget to click Follow on it in your podcast application of choice to be sure to get new episodes as soon as they're published Also, please don't forget to rate and review the podcast. It really does help new people to find a show. Thanks, catch you all next time.

Podcasts we love