LS Black, a general contractor based in Minneapolis, has needed to be at the forefront of construction cybersecurity because of government contracts. Peyton Kringlie is one of the team members driving the development of sophisticated cybersecurity practices and policies throughout the company. Peyton shares some great lessons learned for other contractors starting a similar journey.
Hugh Seaton: [00:00:00] Welcome to Constructed Futures, I'm Hugh Seaton. Today I'm here with Peyton Kringlie, business analyst at LS Black constructors. Peyton, welcome to the podcast.
Peyton Kringlie: [00:00:14] Thanks for having me. I'm excited to talk.
Hugh Seaton: [00:00:17] Yeah. And actually today we're going to talk about a unfortunately really topical theme, and that is cybersecurity.
So we're recording this a week or so after this big ransomware attack on the east coast. But before this, we had planned on talking about cybersecurity anyway. So Peyton talk to me about how you got into cybersecurity. I mean, your role is bigger than that, but it's something that you've really done a lot of, so talk to me a little bit about that.
Peyton Kringlie: [00:00:44] Yeah. So my organization, LS black constructors does a lot of department of defense work and the department of defense is requiring CMMC posture for, for contractors and supply chain. Basically kind of putting controls on your environment and your, your IT infrastructure system.
Hugh Seaton: [00:01:02] And what does CMMC mean?
Peyton Kringlie: [00:01:03] Cybersecurity maturity model certification.
Hugh Seaton: [00:01:07] That's great. I just want to take a sec and stop with the maturity model thing. I haven't spoken about that on the podcast before, but it's a, it's a concept that's pretty common as people think about how to assess different... IT systems. So they didn't invent it for this. It's actually a commonly used way of thinking about, like the name would imply, maturity. So what you're saying, I think is that they're asking how, how far along and how sophisticated your cybersecurity approach is, is that right?
Peyton Kringlie: [00:01:34] Yeah. And in the kind of standard is the NIST 801 71 in which a lot of, you know, national organization use. But there's, there's different levels of, of security measures that kind of, depending on your hygiene and how, how sensitive the information is your, your organization has to comply with with, you know, those different controls.
Hugh Seaton: [00:01:55] Got it. And, and when they think about those controls, is it related to what kind of information you're storing?
Peyton Kringlie: [00:02:02] Yeah. So I'm in the department of defense's case. It's, it's interested in CUI, which is a CUI. I can't off the top of my head can think of the What, what it specifically stands for- it basically means I think confidential information.
Hugh Seaton: [00:02:14] So one of the things I think you learn dealing with the department of defense is to get used to acronyms that you can't quite spell out. Right?
Peyton Kringlie: [00:02:22] Right. You know, there's all say, love them. I know all sorts of acronyms. It's half it's hard off the top of the head to remember Yeah, nonetheless, it's, it's definitely a huge overhaul for the, for the industry, especially on that, in that market.
And kind of trying to you know, bridge the gap, not only digitally for construction, but also to, to definitely put the controls in place to make the environment safe for my organization.
Hugh Seaton: [00:02:47] So how'd you guys get, how did you personally get, get started on this? Was there a project that kicked it off or was it your bosses said, Hey man, we got to get good at this or both?
Peyton Kringlie: [00:02:54] More or less my boss said, Hey, we got to get good at this. He was, he was a lawyer CFO and kind of just broke through the, the different DFARS requirements. As of now the NIST 800 171 is required. And the CMMC was supposed to be issued out in October of 2020. To the government's surprise, the industry is not quite up to the speed of where it needs to be. And there's a big concern with competition, costs, conflict with all these different controls to place on Industry with a lack of better terms, isn't as sophisticated as others.
Hugh Seaton: [00:03:32] And sort of unpack that a little bit, they're taking, they being NIST, which is the national Institute of Standards and Testing, I think, right. Something like that.
Peyton Kringlie: [00:03:41] There's another acronym.
Hugh Seaton: [00:03:42] Exactly right. See, I did that on purpose. So we both feel like we are, we're not good at spelling out acronyms, but anyway, so the, the idea that you're saying a minute ago is the government started putting out requirements, and obviously quite detailed requirements in terms of, you know, where your data goes and what people are able to click on and what training you have.
I mean, what goes into some of these standards can be really detailed. And what they found, what I'm hearing you say is what they found is that they were having trouble finding construction companies that were, that were ready for that, because they're just. It's it's a big expense and they hadn't prepared for it beforehand. Is that about right?
Peyton Kringlie: [00:04:18] Yeah. And a lot of, a lot of construction companies, including supply chain down to the subcontractors and the trades aren't as you know, digitally sophisticated yet, nonetheless, to kind of understand their, their, their scale and their, you know, their mold of their IT place.
Hugh Seaton: [00:04:35] And one of the things that comes up in other places also is that that the IT departments of, of construction companies as a category, as a sector are growing and become, this is why the maturity model you talked about earlier, I think is really appropriate because they're getting there.
And there's some companies that are amazing, but as a sector, construction has not had to have quite the same level of IT spend, and IT sophistication that some other sectors have had to. And it's, and this is, I think one of those areas where it's showing up and people are saying, all right, well, we got to start thinking like this.
Peyton Kringlie: [00:05:13] For sure. And it's definitely a needed place on businesses and in construction professionals radar, you know, just from the premise that that to put controls on old systems, you might lock yourself, you know, tighter into, old ways while we're trying to become more agile and, you know, kind of bridge that gap for the industry.
I think it's an interesting you know, topic within the industry, primarily for that reason, you know, as security and freedom, it's a term, you know, as old as time, as far as how to balance the two.
Hugh Seaton: [00:05:46] And when you say lock into old systems, do do you mean like we're going to set up processes and we're going to put in passwords and all this sort of thing around old stuff, and then you're afraid, well, oh my God, we've just invested all that time and money around, you know, an older ERP or a, a process that, that we knew we needed to change. So is that what you're saying is that one of the hesitations is we're changing other things too, and before we invest the time and money to secure that process or that software, let's make sure that's the one that we're going to want for the next, you know, five years.
Peyton Kringlie: [00:06:19] Yes, precisely. I think that that's incredibly important for the strategy of an organization. You know, primarily just because you have to think of the policy and the bureaucracy. That happens when you put controls on a process or a system, it makes it, it makes it less agile for, for continuous improvement.
So you want to make your environment safe, but you also want to make it so that there's iterations and the ability to kind of build off that.
Hugh Seaton: [00:06:48] And are you, when you were thinking this through and you, you guys are doing the learning and the, you know, maturity for, again, lack of a better word. Have you brought in consultants?
Do you find that there are people outside of the industry that are helping you think this through.
Peyton Kringlie: [00:07:04] Yeah, we, we have a tech service you know, consulting group of a bunch of specialists that kind of, it's an extremely technical and sophisticated environment, so you know, they're a huge help to me and kind of understanding the different milestones and, you know, benchmarks in which to, try to be that translator to the people in the organization that kind of gives you a glaze for lack of a better word.
I mean It's, you know, the more I'm involved in it, the more I see it's important strategically for an organization. But also on the flip, the specialists are definitely helpful in reaching that for sure.
Hugh Seaton: [00:07:40] Well, I mean, they, you have to figure out the what and how much, but they're going to figure out the how. I assume that's, that's sort of part of it.
Peyton Kringlie: [00:07:46] Right, right. Yup. And kind of identifying, you know, the gaps and trying to figure out how to close them. What's, what's needed to, to migrate different systems understanding, you know, does that, does that project document control. You know, is that FedRAMP certified? Is that, is that something that in the future they're planning on the roadmap to be FedRAMP certified?
If not, you know, then is it a system that you want to, you know, bury money in? If you have to bounce off of like process process-wise nonetheless.
Hugh Seaton: [00:08:18] And you brought up my favorite word, FedRAMP, let's talk a bit about what that means. Cause we started this whole discussion with you talking about how it was federal contracts that got you really focused on, on cybersecurity.
Let's talk a little bit about what FedRAMP means. You don't have to spell out this, this one.
Peyton Kringlie: [00:08:36] Yeah. So FedRAMP certification is what, you know, cloud providers have to essentially certify essentially through the federal government say that data is safe within that server or that environment. And, you know, the industry is, is, is wanting to continuously move towards the cloud because the access and the freedom of updating and kind of taking things off premise you know, but the problem cyber security related wise is as you offload all of the things that are under your control, you put it in the hands of other people's control.
So That that is definitely, you know, something that software companies moving forward are going to need to have on their radar as well, especially within the construction industry considering, and assuming that these regulations and controls will be more and more prevalent with things that we see, you know, the, the colonial pipeline for an example.
Hugh Seaton: [00:09:29] Right. I mean, this has been happening forever. You know, there was, there were, I mean, not so long ago, you name it and either the, there was a credit card company or it was a target or it was everybody's been hacked. They didn't, it wasn't always ransomeware. Sometimes it was just stealing data that they could sell elsewhere.
But there, it seems like ransomware's the flavor of the year. Right. But the reality is this has been coming for a while. Are there levels of FedRAMP?
Peyton Kringlie: [00:09:53] I'm not completely sure. I do know that, you know, just because our environment isn't required to be FedRAMP, I believe it's FedRAMP or not, but I could be wrong.
CMMC has five levels which is on the contractor supply chain, anyone that interacts with the department of defense. FedRAMP on the other hand seems as though it's a software company standard.
Hugh Seaton: [00:10:17] And there's an equivalent in in the non-federal space called SOC two, SOC two.
And that's that's, you know, from as far as I understand it, I've never been all the way through it, but we've investigated it at a couple of places that I've been. And it's... fedRAMP is like a quarter million to half a million dollars to do it. So it's a big deal cause they get, they do penetration tests. They do... I mean, actual humans do things it's not just taking, you know, A test and doing some other things. SOC II is a little bit less, it's more like 50 grand. And it's more about internal process.
Peyton Kringlie: [00:10:48] It seems, it seems it's financial information focus.
Hugh Seaton: [00:10:51] I think it comes from the audit industry. So you're right. But it's also, it's about the process that you use internally, which if you think about it, an auditor would think like that. Right. So it's are you training people to make sure that they don't click on links and that they don't pick up USB sticks and put them in their computer and all these other ways of, you know, normal human behavior that creates vulnerability?
Peyton Kringlie: [00:11:15] Yeah, no, for sure. It's, you know, the Phishing and all the different attempts of definitely even, you know, uptick through the COVID, you know, time. We saw it and, you know, some of the different protections that we had to put in place like an ATP filter that Microsoft provides it kind of tries to automate out all the phishing attempts, but they somehow still get through.
And the biggest component to that is it's actually the human factor. It's not necessarily the controls, you know? It's yeah. It's it's a, it's a tricky world and more and more, they're becoming more and more deceptive, nonetheless.
Hugh Seaton: [00:11:47] Well, this is this, you bring up a really important point and that is, everyone will tell you that, is that there are some things you have to do on the technical side with encryption and double passwords and so on and so forth. But you know, that isn't that hard to do when it can be done by, you know, an IT team of two or three people, but the real vulnerability and the problem is in humans, just acting based on, "oh, look, someone emailed me, let's see what that means."
Or, you know, I got an email from PayPal, but it wasn't really PayPal, but you don't know that because you didn't check what the email address was, but it says it was from PayPal and you click on the thing and all of a sudden you've got, you know, you've got yourself a problem. So a lot of it is that right?
A lot of it is the human side. How much of that have you guys started with. Cause it's, it's a, it's a long road. There's a lot of training and all that. How much have you guys started looking at training and awareness inside of your company?
Peyton Kringlie: [00:12:37] Yeah, so one of the requirements of CMMC is to have some sort of annual security training in place.
And that includes also, you know, giving out, you know, fake phishing. So essentially trying to see where your vulnerabilities are from a human perspective you know, kind of who, who is the most susceptible to kind of getting sucked in. You know, one of the things that we've kind of found is, is the phishing attempts are kind of actually more directed now towards the people that are higher in the organization.
I think they call it whaling now.
Hugh Seaton: [00:13:07] Really. Yeah. that's funny.
Peyton Kringlie: [00:13:10] And, and, and that's, and that's even a more, you know, of a bigger reason for business leaders and people that are at the, at the top to kind of, put this on the radar from some perspective, because, Hey, I mean, one of the most important, you know, forms of information is money and assets and all these different, you know, these different information This, you know, things that people own essentially digitally, that, that are important.
Hugh Seaton: [00:13:36] You know, there was a, it wasn't that long ago that the FBI was going around and talking to midsize companies because there had been a real uptick. This is about four or five years ago where there'd been a real uptick in like foreign government and foreign entity incursions. And what they were doing was going after midsize companies, they weren't going after the big ones.
I happened to be in the Northeast and in the Connecticut area where there's a lot of big insurance companies. And these people were, the insurance companies were Fort Knox getting in was just really impossible, going straight. But what you would do is you talk to one of their outsourcing companies, right?
Or like an HR company, or, you know their maintenance team, whatever it was, as a way in and crazy things would happen. Like there was an example once of how somebody hacked into the HVAC system of a Target and, and got in through there and stole some crazy amount of data.
And I, I, I'm not sure it's it was target. It was something like that. But the point I'm making is something you would never guess. Like, how is it that an HVAC system has A, has an internet connection. And obviously that's because it's sending telemetry back, but, and then B has a connection back into the rest of the system, but they figured it out and they got in there.
So it's, it's this idea that, that, you know, it doesn't have to be the big players with the big pockets because you can be in a way in to something even bigger and you wind up still being liable for it. Which is crazy. So you may think, wow, they're only ever going to go after the big pockets, but you may be the way into the big pocket.
If you're a, you know, a 50 person mechanical contractor or something, you know what I mean? Where you think it's, it's above your pay grade, but actually it's not. And doing a little bit of not very expensive training about how not to click on things can be worth doing.
Peyton Kringlie: [00:15:23] Right. And a lot of people think that I'm not important enough to, you know, have, you know, get, get information selected by me or trying to kind of say, Hey, my organization doesn't deal with anything that's, you know, from my perspective, sensitive to where this would happen. But we see it all the time. Like you just said with, with the HVAC system, if it's connected to a network it's connected to a network, it's it? There's a net of things that it can, you know, essentially gravitate towards if needed, you know, people find vulnerabilities all of the time.
It's, it's definitely you know, I think of, you know, what, what is happening with the colonial pipeline to you know, like the Stuxnet, the big issue that happened in Iran with the centrifuges, they kept trying to figure out why, why the centrifuges weren't working. They kept replacing it.
Well, it ended up being a malware warm and, you know, they didn't even see that they were being attacked. And you know, they always say there's groups of people that know they've been attacked, cyber security wise, and there's, they there's groups of people that haven't, that have basically, you know, yeah.
Hugh Seaton: [00:16:31] Yeah. And that's what you speak of another point here. And that is you may have onboarded something bad and you don't know it yet because one of the big things that happens with cyber attacks is they're often patient over time. So they may not attack you when the minute they get in, they may let it sit there until something happens or until, you know, whatever,whatever set of factors come together that make them want to strike. So that the reality is that that often it's not like it is in movies where it's someone with a hoodie banging away on a keyboard. And it, you know, it's like playing a video game. It's much more like doing your taxes. Like it's not, not really, but it's like a longterm, put this in there, then let that happen, then let that happen. Which is really hard to look at. It's really hard to see.
Peyton Kringlie: [00:17:14] No, you're right. And I think, you know, it's kind of a central theme too. It's, it's kind of, it's kind of difficult from an IT perspective because we want to entitle people to as much information as possible for them to learn.
And, and kind of creating that open source, you know, collaborative space, but you know, an over entitlement and, you know, provisioning to different information from, from an IT perspective, obviously, you know, there's... every new person that you onboard and give an over over entitlement of provisions is an exponential vulnerability to your system.
So trying to find that sweet spot, because you obviously don't want to under entitle you know, people within your organization or, you know, subcontractors or whoever, because then they're starving for that information. And then again, it kind of stifles the communication.
So there's a sweet spot in that again, kind of, is one of the things that we're kind of trying to define and trying to figure out the different controls on , you know, does the superintendent receive this type of, permissions to this information? And it seems super trivial, but it's extremely important.
Hugh Seaton: [00:18:24] Well also you're coming up with policies, right? So it's not like Fred, the superintendent does, or doesn't get to see something. If you're going to make a decision, you pretty much want to make it true for everybody. So that makes it that much harder. Right? Like how do you guys, what's the process you're undergoing to think that through? Is it, is it testing and trying some things or is it kind of committees thinking it through? What, what are you guys doing to figure this out?
Peyton Kringlie: [00:18:47] You know, a lot of times it's, it's me and a couple of project managers trying to like identify gaps or trying to figure out one, you know, the biggest reason that these assessments happen or trying to figure them out is, is process-related right.
You're trying to clean up the stream of... You know, trying to be lean as possible, but also simultaneously there's there's vulnerabilities that you need to keep people's you know, you want to be transparent as possible, but simultaneously you don't want them to obviously have access into the administrative network, for example.
Primarily one of the things I do with the cybersecurity and in our gap assessment, but a lot of it is, is me training in the project managers and decision-makers, Hey, we need to identify this risk. With these provisions on, on this defining role. And in construction, you find all the time, you know, apples and oranges on different projects, there's different, you know, people playing a different role.
We have department of defense, you know, projects, and we have other, you know, other different clientele that wants more information and they want, you know, we have design build delivery method. So all of these different things and processes are important for information flow and from a cybersecurity perspective, you make it a lot simpler when you just put it on your radar to start with and just kind of assess the risk.
And I think that a lot of people kind of Kind of put it to the back burner in some aspects and you could definitely get way ahead of it easily.
Hugh Seaton: [00:20:18] That's interesting is as you think about all of the aspects that go into project planning and it's, it's easy to see how cybersecurity might be, not one of the things that gets that makes it on the list, or if it's on the list, it's, you know, it's the one that gets missed because the meeting had to, end at, you know, at the end of an hour or something, you know what I mean?
Peyton Kringlie: [00:20:38] Right. And, and for an example, you know, what environment is the field, you know, what type of cyber security does the field have, has as an extension of your policies and controls? Are they,you know, having their own wifi connection? There's all sorts of risks to assess as has each project is almost its own little business in some regard.
Trying to uniform and kind of create continuity between everyone while simultaneously trying to train. But then again, create iterations of, of becoming innovative in, making your processes. You know, it's an ongoing battle, but I do think that, again, it's something that if you're someone with the decision power, it's, something to put on your radar.
Hugh Seaton: [00:21:25] Yeah. You, can't not. Right. So it just becomes another thing that you have to manage and, you know, you have to figure out how to prioritize it without it taking up too much time, cause you're not a cybersecurity company. You're a construction company.
Peyton Kringlie: [00:21:37] I know exactly. Exactly. It's a lot simpler if you just kind of identify it and kind of tackle it before it grows into something that's very unmanageable or worst case scenario, you get attacked, you know?
Hugh Seaton: [00:21:51] If you were to give advice to somebody like looking back on lessons, you've learned about , starting from, I guess, zero or close to it and, and say, I mean, I'm sure you guys had some things in place, but my point is your personal kind of journey of figuring this out.
Where did you start?
Peyton Kringlie: [00:22:06] So personally just kind of reading up you know, from a high level down to, you know, understanding what was on the ground. I was trying to understand cyber security from a general perspective, understanding what other industries and, you know, reading up for example, on Stuxnet and, you know, there's, there's so many real world examples that you just mentioned.
One, I was trying to get motivated about why it was so important. And, and I think that is one of the that's, that's 80% of it. And then kind of just understanding your infrastructure or even just your digital hygiene. Like, even if you're a personal, you know, your personal accounts, identifying what email address you sign up things for, you know, like if you're throwing around your email and it's in certain databases, I guarantee you're getting hit by fake PayPal accounts and you're getting hit by all these different things.
I would suggest trying to isolate, you know, simple rules of measure, I guess, just like if you're handing out your work email, you're making it way, you know, making the probability way higher that your company will get hit.
So those, all those things need to be put into consideration. You know, from a company standpoint, getting across, you know, it's a big undertaking for an organization to kind of one get people on board. Each individual employee, but then on top of that, put all the controls, migrate the... we're basically having to migrate to a government level tenant right now next, you know, these upcoming weeks, and those are things that one it's unknown because we're the kind of the tip of the spear for it.
But, you know, we're all having to do that together. We're kind of having to figure out vulnerabilities because it's an ongoing thing. We're always going to be attacked and it's just kind of a back and forth of cat and mouse, in my perspective, from what I've learned. You know, the bare minimum is trying to do a gap analysis and trying to see where your hygiene level is for, for your organization. But also it's practically good to, to kind of think about your own hygiene as well.
Hugh Seaton: [00:24:14] And some of this has to tie back to the strategy of the company, right? So you guys have a strategy of going after federal contracts and that forced you to maybe move along the cybersecurity process faster.
And I think that, if you're building for certain types of organizations. You're obviously going to have to think like this, and if you're not, you're little, be less true. So residential tower is probably going to require that less of you than working for a data center, because I think data centers, I don't know how much that's part of your business.
But that has to be part of how... cause that's, that's all they do all day long is think about cybersecurity. So one assumes that they're asking of course not FedRAMP, but they're asking for some similar assurances, have you run into that?
Peyton Kringlie: [00:25:01] Not, not a ton. I kind of primarily focused on, on, you know, where we were in assessment to what we needed to be at, within the construction industry.
You know, it's a, new thing for this industry because it doesn't seem as though a building would be sensitive information, but you know, to people that are essentially trying to... you know, nation states or whoever that want floor plans, they want different systems. They want to know how the network layout of the building.
You know, as we get into BIM and digital digital twins, and I mean, this is going to be an evolving thing that. To just to, just to start with, just to understand where your environment is is, has got, it's gotta be on your radar.
Hugh Seaton: [00:25:44] Yeah. And again, it's not only about the building that you hand over.
It's also about the process of the building. I mean, I know that... No, one's personally said, "yeah, we got hit by ransomware", but companies I know in the cybersecurity space have told me that not surprisingly, construction companies have been hit by ransomware because of course they have, right?
Like if you were to suddenly shut down the ability to pass back and forth, primarily digital plans, what do you do? As an organization building a building and you don't have access to your plans anymore. Well, you, you know, You can sweep the floors and that's about it. So, so, you know, in every day is how much money?
So to be able to think about someone's ability to just shut down your ability to totally shut down your ability to operate what would that do? Like that's a, that's a chilling thought and it happens across the economy, right? It's not just construction.
Peyton Kringlie: [00:26:41] I mean, yeah. Look at the colonial pipeline and seeing how much money that you don't even know. I mean, yeah, it's, it's, you know, the security comes at a cost no matter what, it's either.
Hugh Seaton: [00:26:53] Totally. But I mean, on the other end of the spectrum, so a pipeline is big and it's visible and you could see how it would make an attractive target, but I knew somebody who was a, a, a. Consultant coach really? And so, you know, he may be had a personally had a, I don't know, a quarter million dollar business.
That's I mean, we're really not talking about something huge. He got hit repeatedly. Repeatedly. I don't know. Maybe you met someone somewhere and whatever, and he, you know, rubbed him the wrong way. But the point is that companies of all sizes get hit by this. Because again, you, you, the wrong person gets the wrong details, whether it's your email and then they send you something and you click on it and so on.
But, but it's, it's an issue for every size of company.
Peyton Kringlie: [00:27:36] No, I can echo that. I mean, it's, you know, from a practicality standpoint, it's... There's so much information out there now. And the information flow is it really is just it's, you know, you could take it down to a it's philosophical components, but you can also just take it to a practicality.
How do you want your organization to interact within its environment and have its employees, you know, feel safe within that. We want people to not resort back to analog forms of, of...
Hugh Seaton: [00:28:10] right.
Peyton Kringlie: [00:28:11] You know, that's, that's, that's the trickiest thing is, you know, it's, it's easy to have a key that has grooves in it and you know, it's the only key.
But from, from the perspective of someone who has a digital key or an RFID, you know, how many, experiments have been done that RFID's can just be transferred over and mimicked, right? So there's, there's all sorts of precautions that are not precautions, but worries from people that are, especially in industry, that's trying to get its feet wet with the digital adoption.
Trying to not have to resort to back old processes because it's worried, you know, it would just take one company to get hit and then go I'm I it's it's too much or vice versa. They're going to have to sink a lot of money into trying to figure out where it lies.
Hugh Seaton: [00:28:56] Well, I think that's not an option though. I mean, it's, for some kinds of owners, it might be. But I think the reality is that the industry is expecting increasing levels of digitization and, you know, digital models and so on. So I think like everybody else, every other sector and every other industry. It's just another thing to, it's another thing to manage.
It's another thing to, to say this is an immovable object. We are going to remain digital. We can't go back to, to be...
Peyton Kringlie: [00:29:23] you're saying it's essentially an eternal force. I mean, I think that's definitely a valid point. Yeah.
Hugh Seaton: [00:29:29] Well, I mean, I think, you know, there have been other forms of fraud and criminality in construction, just like every other industry.
Like, you know what I mean? People get. People do bad things happen to companies in lots of different ways. And that's always been, you know, why people lock things up and why they're financial controls and so on and so forth. This is just, it's not just, it's a powerful, really scary new form of that.
But the reality is that nobody gets to say, I don't want to be digital, not for long, or they can put it off for a year or two, but at the end of the day, The number of clients and owners that require it, that require that you hook into their systems that allow them to see how things are going. And so on is just, it's not really optional anymore, I think.
Peyton Kringlie: [00:30:14] Right. So yeah, you have one, one construction company that, you know, resorts back to analog systems and construction company B that was kind of, you know, put this on their scope and has been able to remain agile, competitive, innovative has been able to work in all these digital spaces. I mean, those are the, the proprietary companies that are getting... it's gonna, I don't know, it's going to be an interesting interesting dynamic, just because the construction industry, in my perspective is it's it's the digital adoption, it's it's like you said, it's an immovable force, but...
Hugh Seaton: [00:30:50] It doesn't mean it's fun along the way as there's still going to be a lot of process and a lot of back and forth.
Well, listen, Peyton, thank you for sharing your experiences. I mean, I think what comes out of this conversation is how early it is and how people are figuring it out. And, you know, you're out there doing research to find how to solve this problem or that problem on the company's kind of journey up that ladder of digital maturity. So I really appreciate your sharing, what you guys have learned and what you've been through.
Peyton Kringlie: [00:31:16] Yeah, and I appreciate the opportunity to come talk and discuss and dismantle all the, all the different topics. There's , a lot there.
Hugh Seaton: [00:31:24] Awesome. Thanks man.
Peyton Kringlie: [00:31:26] Yeah. Thank you.