Podcast: Future Proof End-to-End Encryption and Data Security

Paul Clayson shares how AgilePQ is solving an insurmountable problem in our collective future with encryption software for all IoT devices – no matter the size.

By
Matthew D Edwards
December 2, 2020

Show Highlights

In this episode, I talk with Paul Clayson of Agile PQ, who as a young farmboy couldn’t wait to leave the Idaho cattle ranch to find easier work. Now, after 20 years in the startup world, he’s very fondly missing those days. Early in his career, he learned you only get one shot, so you better develop a winning strategy and stick to it. This knowledge came from serving as Chief of Staff for two congressmen and working for two Presidents in Washington, D.C.

The shot he’s taking now is with AgilePQ. His startup has the solution for today’s computing power and tomorrow’s quantum one with lightweight end-to-end encryption. The majority of industries – from energy, transportation, manufacturing, and the ones building consumer devices – must leverage the power of connected things and that means protecting their number one asset – data. 

We were also lucky enough to hear his most valuable lesson from his father, who served as a medic on Omaha Beach on D-Day.

Key Takeaways

  • There is an even greater explosion in IoT devices to come in the next five years.
  • Everyone is in a race to get to market first in an industry that is not well regulated.
  • Current encryption methods will be powerless when quantum computing is fully adopted.
  • AgilePQ’s solution provides the only security and encryption that fits on all IoT devices, no matter how small.

Read the Transcript

00:57 Matthew: In this episode of Long Way Around the Barn, I visit with a gentleman… He was a young boy on a cattle ranch in Idaho, could not wait to leave the ranch so that he could find easier work somewhere else. Now, after 20 years in multiple industries, including the startup world, he finally misses those days of simplicity and peace back on the ranch. Paul Clayson has done a lot. Early in his career, he learned sometimes you only get one shot or one opportunity to go after what's important to you. So you need to develop a winning strategy, on purpose, and stick to it. This knowledge came from his days of serving as Chief of Staff for multiple congressmen and two American Presidents in Washington D.C.

01:42 Matthew: The purposeful shot he's taking now is with AgilePQ. Many consumers may not be considering all the ways their IoT device ecosystems can be and are being exploited in their homes, offices, factories and cities. Paul's company has developed and implemented a new method of end-to-end security for these device ecosystems. It is designed to exist in a world of quantum computers. If your business and industry needs to leverage or is currently leveraging IoT technology, this may be a podcast for you to hear regarding IoT security in a post-quantum computing world.

02:19 Matthew: And we learned another interesting fact about Paul while we were talking. Not only has Paul taken his civic responsibility very seriously in this country, but so too have many who came before him in his family. We were lucky enough to hear his most valuable lesson, one he learned from his father, who served as a medic on Omaha Beach on D-Day. Let me introduce you to Paul Clayson. Well, Paul, good afternoon. Thank you for taking the time to join us today on Long Way Around the Barn, and thank you for taking the time to teach us and just be with us. We appreciate your time.

02:56 Paul Clayson: It's our pleasure to be with you. Thanks for the invitation.

03:00 Matthew: So tell us a little bit about your journey as a leader. Tell us about where you've been, where you are, and where you'd like to be going, or where you intend to be going right now.

03:07 Paul Clayson: Well, listen, the name of your podcast, Long Way Around the Barn is actually where my journey started. I'm an old farm boy, cattle rancher from Idaho, and I grew up doing that. And when I was out doing stuff on the farm, I could not wait to get off that farm where you had to birth calves in the middle of the night, you had to feed cows twice a day, and milk cows. You had to turn the crops, all of that. And I couldn't wait to get out of there, so I wouldn't have to work so hard.

03:40 Paul Clayson: Then I started doing technology start-ups, and I would like to now return to the farm so I don't have to work so hard. That's kind of the journey that we all go on in these start-ups. And I've been doing this for over 20 years on technology startups, with extremely early stage companies that are emerging technologies and emerging markets with emerging products. And that's a challenge, but it's a heck of a lot of fun. And we're doing that again now with our current security company.

04:15 Paul Clayson: In my past, I haven't always been in technology. I worked in politics for a while. I think for all of your listeners, my credibility just went out the window. But I worked in politics. I was Chief of Staff to two Congressmen, worked for two presidents in the past, ran some campaigns. And really, that's where I cut my teeth on strategy, how do you develop a strategy. Because in politics, Matthew, you've got one shot. On one day, you're either in or out of business. Well, I guess that's disputed this year.

04:51 Paul Clayson: But usually on one day, you're either in or out of business on that day. You can't go back and throw more money at it. You can't change your message, you can't develop a new classic marketing campaign, you can't go back and sell more. You're out of business or you're in business on that one day. And it forced me, early on in my career, to figure out how to develop a strategy that wins, and stick to that strategy, and then make adjustments and pivots as were necessary all the way along, to make sure that you get to that winning combination. So that's kind of where my early experience was rooted.

05:30 Matthew: That's good. So first and foremost, thank you for your service. We all have a civic responsibility to be part of, and contribute to, and help grow this country. And thank you for the work that you've done to help build that and grow that along the way as well. But thank you for not only seeing a need, but choosing to become part of the solution that enabled directions, and choices, and people, and so forth.

06:00 Paul Clayson: It was a lot of fun during those times in those years. I don't know if my wife liked it. She just doesn't always like the clashes and the conflict that comes in politics. And that's part of why I chose not to go on and make that a life's pursuit. But it was a lot of fun for me, and to be at the seat of decision-making for a while was pretty incredible. I look now, I go back to congressional offices, and I see the staff whose in their mid to late 20s.

06:39 Paul Clayson: And I look at those congressional offices, and I think they're passing bills, they're writing bills, they're doing things that are changing the world. And what are we thinking putting our lives in their hands? And then I think, "Well, wait a minute. You were that age. You were in your early 20s, and it was really cool to you back then, and it was okay then. Why is it not okay now?" And you know what? It is. It is young people with tremendous innovation and incredible intelligence. It's wonderful to see those kinds of people involved in our process.

07:16 Matthew: That's cool. So it sounds like multiple parts of your career, a lot of your career has focused on fostering innovation, fostering thoughts, harnessing energy, choosing where you want to go, and getting there. And that includes the start-up work you've done, the work that you've done in the politics, doing civic response, taking your responsibility to the countries pretty seriously. And the things you're doing now with your current company, so teach us a little bit about your current company. Who are you guys, what are you doing, what problem you're trying to solve, where you're heading, just teach us.

07:48 Paul Clayson: Sure, absolutely. I think being involved in technology started with me early. I don't think it would ever be on any trivia question. But when I went back to Washington as a Chief of Staff to a congressman, we ended up being the first congressional office in history to outfit our entire congressional office with, at the time, Apple Macintosh computers, and then link those back into a network system for Congress. And that really started it, and I'd loved the technology ever since. Now, what we have is the computers. And the computing age has dramatically changed, dramatically since those early days, and it changes dramatically every year.

08:33 Paul Clayson: So what we now have is computing formats and platforms that are no longer on a large scale. They're on a very microscopic scale. We're taking things, different kinds of things, and connecting them to the Internet. And we call those Internet of Things or IoT devices. These are devices with extremely small processing capability and very limited functionality. So think like a nest thermostat where it's a very small, what's called a Class 0 device, with a very small processor, not much memory. And it performs a function where you can set your temperature in your house through the use of your smartphone, and sending a message back to that device through a server somewhere.

09:29 Paul Clayson: Well, those devices are now prolific everywhere we look. There's over 20 billion of them, and projections are that there will be 35 billion of them by the end of 2021, and 75 billion by the end of 2025. It's an explosion of these tiny devices. Those devices right now have not had security. Well over 98% of all those devices going into practice today and being used today do not have security on them.

10:05 Paul Clayson: So we went out as a company and said, "This is a massive hole. We have to create security that'll operate on those small devices. And it must be secured. It can not only last today, but it's gotta last a long time into the future 'cause these devices are gonna be around for decades. So it must survive in a quantum computing world as well, when it's projected that quantum computers will break the encryption and the security systems that are on our smartphones and our laptops. So that's what we did. We created a product, we went to market with it. And we can secure the small list of IoT devices and can even secure them in a post-quantum world, and we have now taken that to market.

10:48 Matthew: Alright. So the problem statement that you guys are working to address is securing our internet, Internet of Things, or connected things ecosystems, and recognizing then where you see this heading is an explosion of more and more devices and more and more roles across more industries and implementation types. And the common thread across all of them is everyone wants to get to market. But perhaps security is being kicked down the road, or security across these different classes of devices is inconsistent or non-existent, and for sure is not a regulated behavior. So it's an entire class of attack vectors all by itself. So the approach your company is taking is security first.

11:38 Paul Clayson: That's very, very well said. And we have to do that because the pandemic itself has created greater explosion of and dependence on these kinds of devices, not only because people are working from home, that's a small part of it actually, but also because companies have now tried to look out at the market and say, "In the absence of people, how do we monitor processes, and devices, and things, and environments, and so forth?" So they started using devices more prolifically. And that has created a massive number of attack vectors out there. And when they have no security on them or very inadequate security, it opens up a world to bad actors for misuse of these devices. And we're telling the world, "We do have solutions. There are solutions, but you've got to begin with it at the front end of your planning for IoT communication systems and deployment."

12:44 Matthew: Okay, that makes sense. And you mentioned post-quantum as well. So where you anticipate the market heading is not only the need for security, but to address security in a quantum computing world. And so you're thinking farther out into the future, than perhaps just get product to market, or just secure that thing, localize your thinking, as computing power changes, so too will the security design and architectures need to change. So you guys are already there.

13:18 Matthew: What are the things that you can teach us about some of the innovations that you believe differentiates you guys in the marketplace? It sounds like this post-quantum idea is one of those differentiators, if not the differentiator.

13:33 Paul Clayson: It is one of those differentiators. So maybe I'll back into that, with the understanding that on your smartphone and mine, we have various security methods, layers of security that include an authentication and authorization layer. When computers are talking to each other, it includes encryption layers and encrypt data that is going back and forth. It includes all kinds of layers. That's the best security method, by the way, is to have multiple layers. However, to encrypt a single message on your smartphone requires 3 megabytes and several rounds of encryption to just encrypt the small list of messages. That 3 megabytes of footprint on an operating code will not work on a nest thermostat or will not work on a small IoT device.

14:27 Paul Clayson: The real innovation that we did was we looked at that and said, "We have to change the way we encrypt those kinds of messages." So rather than taking 3 megabytes or 3000 kilobytes, our system takes 2 kilobytes to execute those algorithms and one round of encryption instead of 14. That allows us to save massive amounts of battery power, another real innovation on our side, since these small IoT devices will be using batteries at a clip of about 90% of them will be battery powered.

15:04 Paul Clayson: It also allows us to speed up the encryption, because we're not running a large amount of code and multiple rounds of encryption, so we can speed it up. And we cut so much of that operating code out from 3000 kilobytes down to 2 kilobytes. We were able to then increase the size of the keys. So every time an encrypted message is sent to you, it has to have a key at the front end and a key at the back end. And those keys are what allow us to obfuscate the data and then be encrypted on the back end. Well, because we cut so much out of the operating code, we were able to use a key size that instead of the standard on your phone, which is a 32 byte key, we used 288 bytes for a single key.

15:56 Paul Clayson: And what that allows us to do is have this much larger key space. So we not only figured out a way in our innovation to make the code smaller, we figured out a way to make it vastly more secure than what's on your current smartphone. And that kind of key space will survive in a post-quantum world. So we're able to accomplish both tasks and allow the smallest of devices to survive even in a post-quantum world. Those are some of the real innovations that our brilliant engineers came up with.

16:32 Matthew: So Paul, those things are all very interesting. And it sounds like you have a lot of work to do, a lot of great future in front of you on the work that you're doing. Are there any particular markets, or industries, or market segments that you think, "Gosh, these guys are using a lot of IoT devices nowadays, and it looks like their risk is exponentially getting greater and greater. I'd really like to go talk to them" or "I'd like to know what their security strategy is," or "There's someone we'd like to work with." Do you have areas that are more interesting to you than others right now, or is it everyone?

17:08 Paul Clayson: So it's pretty astounding that even our own federal government have gone to market with IoT devices that are not secured. So just this week, in fact, or maybe it's Friday of last week, the United States Congress, the Senate and the House passed a piece of legislation that mandated that all IoT devices, especially in the US military, must have a minimum layer of security on them if they're going to do business with you as federal government. They did that because departments of federal government were going to market on initiatives with data that was, in some cases, even top secret that was being collected, but not having adequate security. So it forced the issue, that now has to take place.

17:57 Paul Clayson: We see that in multiple industries. So the energy industry, they're using IoT devices on oil and gas refinery, so just an example. What if a bad actor could go out, take over an IoT device, send a false reading to the server saying, "The temperature on this furnace is exactly right." But while they're sending that message, they're raising the temperature, and they can cause an explosion. Those are fickle resources, and the energy industry has those.

18:29 Paul Clayson: Transportation is another one. There are transportation systems for railroads and airlines and so forth that are using IoT devices that do not have adequate security. That's a must. Consumers, you and I go out to buy a device and we make an immediate assumption that if we're buying that device, it must be secured, and that isn't happening in a lot of cases. So consumers, we're starting to see consumer protection legislation come forward in states, GDPR has it already in Europe, US Congress is looking at consumer protection, state of California already passed one that says a minimum layer of security must be on these devices. So those are all markets, and there's many, many more that have critical need and that we target, but it's going to take some time to drive those initiatives to market and assure that 100% of these devices are secured right out of the chutes.

19:36 Matthew: Sure, that makes sense. And it does make sense that folks may presume or assume that if it's available on the open market, and I can go to the store and buy it, it must therefore meet some minimal standard, or surely it couldn't be in this box on the shelf for me to buy. But then we have the other interesting challenge for startups, and you know this by living this life, a startup only gets a short life, and this is to your point earlier at the front of this conversation, where your strategy is either correct or it's not correct, and sometimes you only get one shot. Some startups are very focused, very heavily influenced perhaps by private equity funding, venture capital funding, or they only have five bucks left in the bank, and they believe they only get one bat. So getting something to the market so that they can gain traction often takes precedence over getting something to the market that's also secured. So I think that there's a lot of value to what you're saying, and plenty of data to substantiate what you're saying.

20:46 Paul Clayson: In fact, there was a recent study done by a group out of Santa Fe, New Mexico, that measures corporate risk, and they did a study and they showed that less than 25% of companies who are deploying IoT devices know where those IoT devices are on their network system, or even how many they have. So you very articulately stated the problem, and that is is that sometimes we go to market faster than we can secure, that is absolutely evidenced in the data.

21:21 Matthew: You know there are interesting forks in this conversation as well all over the place that I'm curious about your perspective on as it relates to the entire point of a connected device is to enable some sort of functionality or access that we didn't have prior to the connection of the device. So the way that works then is after I plug it in, I now have access to more information that I had before the device. And when we take the numbers that you've just mentioned, the growth up through the next number of years to 2025, if we assume all of those devices are turned on, they're collecting data, they're sending data, all of that data is being stored somewhere. We have all kinds of amazing new and crazy problems to solve as well, which is this giant volume of data that's going over the wire, that wasn't previously going over the wire, and now it's being aggregated, and it wasn't previously being aggregated. So it's not only just securing the IoT devices themselves, but the wires between the originating and terminating point, and then the data aggregation layers.

22:34 Matthew: So when you guys are focusing on IoT security, how far into the larger system conversation do you desire to go or do you plan to go is the line that you're drawing, is we're talking about your device itself, or does the device ecosystem include the originating and terminating points and the data and the data aggregation? What's your purview? What's your desire? How do you guys plan to be involved?

23:01 Paul Clayson: Well, by virtue of the fact that data is streaming from endpoint to server and back, we are right in the middle of that, we have to touch that. But it's a very interesting dichotomy in the world today that companies consider data to be their gold standard now. They wanna protect their data, protect their IP, protect the collection of that data at all cost, yet they don't take adequate measures to secure that data where it's collected at the endpoint. It's such an interesting thing. And I can tell you right now that we do know that nation states around the world are hacking into and collecting data that are in databases, corporate government, civic, any place they can get it, they're downloading that data and storing it, even though it may be encrypted and can't be broken now, because they know that quantum computers will come along, break the encryption, and then they have access to all of that data when that happens.

24:08 Paul Clayson: So data collection and utilization becomes a critical, critical topic going forward now. In our case, almost 100% of our customers don't want us to touch their data. They don't want us to see it, they don't want us to collect it, they don't want us to have access to it in any way. So we developed systems whereby key servers and the execution of an encryption system on an endpoint device can all be handled at the company itself. They can handle that. We deliberately developed it that way so the data wasn't passing through our servers or any process, any IT system connected to us. Now, there are a few companies that say, "I don't care, it can pass through your system, I just wanna sign it up as a SaaS model, runs through your servers and you can do all the key exchange there." We can do that, but it's not our preference. We want people just to secure their own data at their sites. So we advise a lot, a portion of our revenue model allows us to do consulting for companies on these IoT security systems and help them set up a system, and then utilize our technology going forward. So we're right in the middle of that. We have to… We can't avoid it, nor do we want to. We wanna be able to be a resource to our customers for this.

25:42 Matthew: That makes a lot of sense. And so, as well as possible, when it comes to data collection and utilization, I think what I hear you saying is you don't actually want to collect data, you don't want to utilize the data, you would like the client to take on the responsibility of the traffic and the round-housing and storage collection, all of the things. You can, if necessary, but that is not your desire. Your desire is you enable this framework so that the client can live a better life because of your involvement than prior to, but you don't wanna get in their stuff, is what I think I heard you say. "Please take responsibility for your own stuff, we don't wanna see all your stuff."

26:25 Paul Clayson: That's precisely, right. Plus they should be because their data is their gold standard regardless of who they are, and it's worth a lot of money moving forward, and they need to protect it.

26:35 Matthew: So of data, there's an interesting balance in the privacy and security conversation, which is knowing all of the things you need to know and none of the things you shouldn't know, and finding that balance is really hard and variable with the more parties involved, the more complicated it becomes, it's easy math. But when you're talking about privacy and security, are you finding… Is your experience that… Are clients coming to you and saying, "Hey, not only do I wanna leverage your stuff, I want to know for sure that you don't know anything about us. I wanna know about your privacy compliance." Are they asking these questions, or are you finding that you need to educate them about, "Here are the privacy things you should think about, here are the compliance things you should think about"? Do you end up being the teacher a lot of these times, or do people show up and say, "I understand all this, just give me the stuff"?

27:32 Paul Clayson: Yeah, it's both. There is a teaching element to this though, because we are operating at the smallest of IoT device level that we don't know anybody else in the world can operate at that level with a full encryption product that's also post-quantum. So we do have to teach a lot, we do have to help people understand what we're doing, how that integrates into what they're doing, and in some cases, we've helped people actually do the technical integration so that they're confident that it's done right. Because the knowledge workers, the expertise that's out there to do it directly for them, for them to hire, has not been there, it's an emerging industry. There haven't been those knowledge workers on the IoT side who know how to do that. So that inhibits our growth a bit because it creates manual element to getting things done. But the longer we go along, the more people start to understand, and each deployment that we have helps us to understand better how to provide documentation and information to allow people to do it themselves more quickly.

28:41 Matthew: So Paul, an interesting question to me then is, and maybe to the people that are listening as well, as so many people work to understand the words "digital transformation" and "cloud adoption" and "cloud strategy", all of these words, all of these words are difficult to use, what do they mean, and everybody believes something differently. The reality is, many companies either own all their own stuff, or they're moving all of their stuff out into a cloud, whether it's a private solution or a public solution, there's a lot of cloud work going on, and historically, a lot of like the consumer-based IoT stuff, everything just magically happens. You just plug it in, things connect, it works, I'm super happy at my home. They don't know if they're in a public cloud or private cloud, and do they even need to care, that's up to them in their context.

29:33 Matthew: When you're working with clients, do you encourage clients to head one direction over another, or is it something that's not as relevant to you? Is it context-driven? Like "With client 12 in industry 13, we highly recommend we work entirely in a private cloud, we'd like to do some on-prem stuff, but that's what we recommend here versus over here with this client, it doesn't really matter, a public cloud would actually be your lowest cost of acquisition, quickest time to market, and we can help you get the job done." How do you interact in those different business models and do you guys have a preference or recommendation heading forward on those?

30:15 Paul Clayson: So there are some inherent advantages to using a public cloud because they become so big and they do so much of it that they also can develop and use best practices in the industry quicker than private clouds often can on their own. We don't take the position as a company, whether we recommend one or the other. In some cases, there's reasons why people don't want this in a public cloud, they want their data completely owned by and controlled by them without any outside intervention. But without a doubt, the majority of our customers use public cloud, and they use that because they, again, are assuming that a public cloud operator is going to have the best security practices possible that are out there, and we have interfaced with all of the major public cloud players, and so they can accept encoded, encrypted messages from us, decrypt them on the backend, we can do that all seamlessly with public cloud. We can also deal with private cloud.

31:24 Paul Clayson: I think it's just individual perspective and individual need, but the public clouds do a nice job with having tremendous security around a particular customer's data. They know how to do that, they use best practices, they have very large security staff already. Sometimes it could take a private cloud, somebody developing their own internal system, a lot of years to figure out the difficulties that public clouds have already figured out.

32:04 Matthew: Yeah, that makes a lot of sense. Okay. There are different organizations using various levels of security and current public cloud solutions, so I get what you're saying. Even the government is using public cloud solutions or instances, their own nuanced versions of it, but I get it. So you're saying context-driven, but still customer choice. So you meet the customer where the customer is.

32:27 Paul Clayson: Yeah, I do wish, which we haven't been able to get to yet as a new company, I do wish that every public cloud operator or every public cloud company out there would tell all of their people, "If you're gonna be sending data to us from an endpoint, we can't guarantee that it's secured unless you're operating with a full security system on that device, starting at the very endpoint." If they do that, our market would explode. So far they haven't been willing to go there, although they're getting there, they're starting to see the tremendous number of access points and the tremendous problems that it occurs, so hopefully we'll get there.

33:09 Matthew: Yes, that makes sense. Maybe some policy legislation conversations continue to motivate things in that direction as well.

33:18 Paul Clayson: Yes, that'd be great.

33:18 Matthew: Alright, so teach us about this then as it relates to your journey as a leader and as a teammate, and then all the different chapters of growth and opportunity that you've had through your life. Are there things that you regularly do in your life or in your career that have helped you master your craft of being a leader, of being an innovator? Are there some things that have been greater influences in your journey than other things? What do you do on a regular basis that contributes to your journey?

33:50 Paul Clayson: Well, there's two parts of answers to that question; one is organizationally, structurally, and the other is personally. So let me start with the personal. A long time ago, I learned and honed a process that I try to undertake, and not always successful, but I try to remember it. I call it the lair principle, L-A-I-R. Wild animals develop a system around them and create a lair where they live that includes their family members or people around them, it includes processes that they develop to go out and be successful at hunting and surviving. Well, to me, that lair principle is critical. It's an acronym for listen, ask, investigate, which means reading or watching whatever it might be, and then repeat what you've just learned, teach other people, repeat, whether that be to write or review or record, but in some way capture and repeat what you've just learned. That principle of L-A-I-R creates a lair, if you will, of competitive advantage around you because you're undertaking the right principles, you're always looking for best practices.

35:11 Paul Clayson: We should never worry if it was invented here. "Not invented here" syndromes kill companies. So that listening, asking, investigating and retaining has been a core personal principle that I try to utilize in communications and in development. Outside of that, organizationally, there are multiple things that I've learned over time and that I try to adhere to in startups. There are three critical principles; making sure that you've got the vision, you understand the vision, and you keep the vision in front of everyone in the organization to a transparency that everybody knows everything in a startup, because you have to, you have to know if you've got plenty of money, or using your earlier comment, you've only got five bucks in the bank. You have to be able to be very transparent. And it's not always pleasant, but it is always essential.

36:16 Paul Clayson: So you share with people, and oftentimes, the best ideas in a startup come from somebody who's not even in the department, considering the critical function that they see, they think, and they hear, and they respond, and we listen, and we ask questions around it, and then we hopefully will investigate that to make sure it's the right thing, and then we utilize it, we repeat it back. And then the final thing organizationally, just at a high level, is to continually check ourselves to determine if we are avoiding things… Doing things that don't matter, there just is no value in doing well, those things which we shouldn't be doing at all. Just zero value. We can become very good at it and it doesn't benefit us. So we constantly have to be asking ourselves, "Is this gonna benefit us going forward or are we just getting motion but no progress because it has no value to us?"

37:19 Paul Clayson: Those are three really critical things in startup organizations that I've learned have a major, major impact, and then overarching all of it is just the simple statement to always do the right thing. Always do the right thing in our organizations. Don't be ever, ever tempted to not do the right thing, 'cause that only leads to all kinds of strife and disruption.

37:48 Matthew: That was a great payload of things to teach us. So lair, learn, ask, investigate, and repeat. Did I get that right?

37:58 Paul Clayson: Yes.

38:00 Matthew: And then vision, and transparency, and do the right thing.

38:03 Paul Clayson: And avoid things that don't matter.

38:06 Matthew: And avoid things that don't matter.

38:08 Paul Clayson: Yeah.

38:09 Matthew: Those are hard to figure out sometimes.

38:11 Paul Clayson: They are very hard. [chuckle]

38:13 Matthew: Well, is there anything… When we talk about the journey, the long way around the barn, the whole point of that analogy is that sometimes we take a longer meandering way to get from A to B than we actually needed to. And as it relates to solving problems, sometimes the journey is actually an important piece of the education, and as it relates to life, good grief, we all have amazing journeys and all kinds of crazy directions and ups and downs and that type of thing. But is there anything that you think that I should have asked you that you're surprised I didn't, or is there anything that you think, "You know what, as we leave, these are my parting thoughts, these are the last things I'd like to share with you before I take off"?

39:00 Paul Clayson: Maybe only one, and that is, is there something you learned through failure that really, really set a course for you? And Yes, there was something that I learned through failure early on, and it probably was more rooted in being too full of myself to step back and to help recognize that it doesn't matter if I already had a thought or an idea, if it can be expressed from within the organization, it's better that it comes from there. And we all stand on the shoulders of giants who went before us, and we have to recognize that and go for it. I keep on my credenza here, a wonderful memorabilia.

40:00 Paul Clayson: Your listeners can't see it, but this is a medical kit that my father carried on to Omaha Beach on D-Day during World War II, and he was a medic, and he would crawl out on the beach and pull people behind some sort of embankment or shelter, administer aid to them, or as one of his shipmates told me, at times he would hold their hand and comfort them till they died. I think about sometimes that kind of sacrifice that we all have in our lives, and life is not really about me, it's about the journey that I learned from other people, from you, from the people in our company, and the values that they bring and what I can learn from them. And that's probably something I learned by being too vocal and less accepting of other people's ideas in the beginning, and hopefully we've rectified that over the years.

41:00 Matthew: That's a powerful story. Wow. Thank you for sharing that. So as we close then today, one of the things that I have most enjoyed about the story is your journey, figuring out how to add value as a leader. Now, you didn't use those words, but basically what I've heard you talk about is figuring out what matters, figuring out how to include and lead and guide, and then making sure that you're actually part of the solution as opposed to being part of the problem, which includes, I believe, not your words again, know when to talk, know when to be quiet, know when to lead, know when to get out of the way.

41:46 Paul Clayson: Very well said. You summarized that very, very well. Your listeners could have benefited by having you say that and they wouldn't have to listen to me, Matthew.

41:57 Matthew: Well Paul, thank you very much, this has been an outstanding time to learn from you. I hope you have a great day.

42:02 Paul Clayson: We will do, and thank you for the opportunity to be with you.