James Nasella

Director of Supply Chain Quality at Glanbia Nutritionals

 

Show Notes:

In this latest episode, "Mint Chocolate-Chip Ice Cream, Risks, and Collaboration with Food Safety," James Nasella of Glanbia Nutritionals unpacks the intricacies of food safety in the ingredient space. As the Director of Supply Chain Quality with over a decade of experience in global food ingredients, flavor, and starch industries, James emphasizes the role of collaboration in risk management. Learn surprising facts about mint chocolate chip ice cream and get insights from a Drexel and Michigan State University alumnus. Dive deep into the importance of inter-departmental cooperation in ensuring food safety, from IT to Cybersecurity to R&D. Whether you're in the food industry or just an ice cream enthusiast, this episode offers a blend of expert knowledge and delightful trivia.

Jame's Socials:

LinkedIn:  https://www.linkedin.com/in/james-r-nasella-m-s-00b4901b/

 


Listen to full episode :

Episode Guide:

(00:25) - Food Safety and Cybersecurity

(08:53) - Challenges in Food Industry Innovation

(21:12) - Supply Chain Risk and Food Safety

(30:55) - Importance of Collaboration in Food Safety

  • 00:25 - Kristin (Host)

    Hello and welcome to the Bites and Bytes podcast. I'm your host, Kristin Demoranville. Today we have a special guest with us, James Nasella. We had quite the energetic conversation, drawing the fascinating parallels between the worlds of food safety and cybersecurity to seemingly different industries. But, as you'll find out, we have a lot more in common than you think. Enjoy the episode. Really appreciate your time. We're just going to jump in with my two favorite questions. Out of all the questions I ask everybody who joins is what is your favorite food and your favorite food memory?

    00:57 - James (Guest)

    My favorite food is mint, chocolate chip, ice cream and favorite food memory. I would say favorite food memory. It's a ridiculous story. I cooked Christmas dinner one time at my grandparents house and did risotto with scallops and mushroom soup and we did spaghetti meatballs just like for the kids. Everybody ate the spaghetti meatballs. I don't like anybody. All the other real nice food that we cooked everyone's like oh, it looks really nice. They just ate the spaghetti meatballs.

    01:29 - Kristin (Host)

    Oh man, and risotto is like such a pain to cook. So, like I feel for you on that, I don't make risotto just for that reason. It's just too tedious and I don't have time for that in my life. But that stinks. Did you at least eat what you cooked, a little bit of it, or?

    01:44 - James (Guest)

    I was delicious, the scallops. I tried to cook them and it's perfect temperature. They were one of those real thick scallops too, and then the risotto was a cranberry risotto.

    01:54 - Kristin (Host)

    I'm already ready to come to Christmas then, because, like, that sounds awesome. And with mint, chocolate chip, ice cream, your favorite food. Do you prefer it with the food coloring of green or white?

    02:05 - James (Guest)

    Oh, green Green, with like the shards of chocolate in it not the like hard chunks yeah.

    02:11 - Kristin (Host)

    Yeah, yeah, I hear that. I think that that's also how I prefer it. It's less, it's less difficult to eat, it's just more smooth. With the spoon right, you just get in there.

    02:22 - James (Guest)

    It's a more enjoyable texture, like when you get those like large chunks because it's not real chocolate and ice cream because the fat's different, so it's just like you get that waxiness of the chocolate's too thick.

    02:33 - Kristin (Host)

    And I'm sure you just blur everybody's mind when they're like wait, it's not real chocolate. These are the fun things that I learned. Working with all of you is just these little food tips. Every day. I get new ones all the time and I'm just like I feel like I've been lied to my entire life about everything. Yeah, so you've heard of here. First, there's no chocolate. That's real chocolate. In ice cream, it's a different type of chocolate.

    02:57 - James (Guest)

    From a regulatory standpoint. It's not real chocolate in the fact that they usually switch the fat out so it has a lower melting point, because regular chocolate melts higher so it won't melt as easily in your mouth with the ice cream. And then, yeah, there's a whole entire like the food science of ice cream inclusions is really really cool. With, like, cookie dough chunks, they have to have certain moisture content because it'll pull it out of the ice cream, but if it pulls too much out then it gets all mushy. It's really cool stuff.

    03:25 - Kristin (Host)

    Wow, sounds like I need to find somebody who works in the ice cream side of the house, because that sounds really interesting.

    03:31 - James (Guest)

    It's my dream job. I want to work at ice cream.

    03:34 - Kristin (Host)

    I support that for you. Anyway, it's James. Thanks for that, I'm gonna let you introduce yourself, since we just had that awesome little bit about you know, random knowledge that you shared here.

    03:42 - James (Guest)

    So All right, so I'm James Nasella. I'm the director of supply chain quality at Glanbia Nutritionals. I've been there for just over a year and we are an ingredient and nutrition supplement company covering the whole globe. And before that I've been in other food ingredient spaces those starches and sweeteners, flavor ingredients and then all the way back was working at the USDA in research for listeria and radiative foods. A lot of different background and experience.

    04:11 - Kristin (Host)

    I love that it's already diversified. You've gone from you know sweeteners to nutrition and then you know your research with listeria, like that's wow, that's a lot, and I'm sure you've seen more than you probably could even say in this timeframe that we're gonna be on, in terms of different aspects of our food system, from the government side to the private side, to everything in between. I think a lot of people don't realize that the food companies are privately held. They're not government run. People just assume that the food supply is all government all the time, and it's not it's. There's a lot of private companies, obviously, and that's what makes it even more of a daunting task to try to organize and create frameworks that work and protect it ultimately.

    04:49 - James (Guest)

    It's interesting because, from a regulatory standpoint, I give credit to the individuals that have to write the regulations, because you have to make it general enough because it's just the different process differences, even in like a global company like ours, where we've got different plants that produce totally different products and you're trying to write internal policies and procedures around food safety and food protection.

    05:12

    You're trying to write it general enough that the sites can comply with it and hit those things that they need to hit, but while also making sure that you didn't handcuff everybody that it's too rigid and too prescriptive. So it's it's a difficult space that I give them credit from a regulatory standpoint that they're able to do that and, to your point, there's a balance to where you have the regulatory piece of they're setting the bars, their level. Then there's even private entities and non government organizations that'll set it even higher. You have to play in those spaces and it's a it's a dancing act that you have to be able to do and stay abreast of it, because there's so many changes and then customer changes that will mess real quick.

    05:51 - Kristin (Host)

    I'm sitting here and I'm having flashbacks. I used to write global policy for Sony back in the day, and what you're saying is resonating heavily with me, because how you write something for the US is, and how you're going to write it for Japan, as you're going to write it for the rest of a pack, the rest of you know the world. The regulations that are in Europe are a lot more stringent than they are other places, and vice versa with other places. So what I had to do is write a baseline and have that be what you have to conform to.

    06:18

    This is the minimum requirements of how we're going to handle this, and then anything else you do over that is your prerogative right. If you want to, you know, buy extra systems and do all these extra things to tighten your security, like, go for it, but this is the minimum you have to meet, and it's so. This is the parallels between our industries, because a lot of it is paperwork.

    06:35 - James (Guest)

    And.

    06:35 - Kristin (Host)

    I'm sorry to say that, like I know, it's not sexy, because there's two sides of security.

    06:39

    You have your infosex side, which is your government's risk and compliance side, and then you have your hacker side, which is like you know, where people picture the hoodie and the matrix and all that stuff, even though it's not exactly that it can be, but it's not totally that and there's this sort of like weird disconnect with people when it comes to cybersecurity, that we actually are some of the people that just like sit there and write, you know, we are some of the people that just work on controls. There are some people who are doing the cool tech aspect, you know, creating all this different technology to help support, and it's the same with the food industry. I mean, you have auditors. It's all they do is audit, just straight up audit. There's other people that are literally going out and fighting the good fight, like where's the contamination, like the investigation, like the the full on, like I don't know, surely homes buys in a way.

    07:18

    And then you have the people that are defense, that have the shield, that have to get up and be obnoxiously loud about it and be like, look, you guys, we screwed up, let's do something about it, you know, and let's get the broom and clean up the mess. So I it's so many parallels and this is why I love this, what we do here, because I get to like, yes, we're together, we can do this together. It is awesome. And that actually is amazing because it leads into my next question, which is about collaboration. Anyways, how have you seen the worlds of food protection and cybersecurity intersect?

    07:46 - James (Guest)

    Like one of the ones I think about and it's it's slowly kind of grown is in the GFSI and the third party standard space where there's clauses in those standards talking about password protecting your critical control points, uh, metal detectors, normal processing units and all so they don't get tampered with and in one sense it's so people aren't messing with it on the line, so they're not releasing unsafe product just because, oh well, the machine went off. But then there's also that intentional adulteration, cybersecurity side where the person's trying to do actual harm, intentionally You're preventing them from accessing it. And we've kind of seen that growth where I'll say, three iterations ago that didn't exist in the standards, they didn't even have it on the radar.

    08:30 - Kristin (Host)

    Well, no, because everything was still, you know, pen and paper. It wasn't in this digital space that it is now, and access controls were done via like lock door with a key, where now it's a passcode, it's, you know, key fob, a swipy card. You know biometrics, eye, finger. It has to be more of a combined conversation because of that Right. So we've evolved. I think a lot of people forget how fast the food industry evolves. I mean, innovation is like middle name. There's so much cool stuff coming out of the food industry in general.

    09:02 - James (Guest)

    See, I think that's the interesting with the food industry is, from the R&D standpoint, there is a lot of creativity, there's a lot of change constantly happening, but from, like, the operations side, in a lot of cases there isn't that much change. My plants are running fine, I'm producing products safely, I'm producing at a high volume. I don't want to change it. And even though we have all these digital solutions, there's so many food companies out there that are still pen and paper. They're still doing everything analog, analog style, and I give them props for being able to deal with it. But to what we were saying earlier there's so many records being generated, so much files being generated. It's how do you maintain that? How do you manage it safely and functionally?

    09:45 - Kristin (Host)

    Yeah.

    09:45

    And also, what are you doing with backups? Is that included in your disaster recovery? I mean, there's questions there. I mean, are you sending your documentation or copies of it off site? Because that's what we used to do back in the day. It was those tapes we unloaded or any docs would just go straight out every day.

    09:58

    I think the challenges on either side are still really daunting, either from a food contamination perspective or food safety perspective, to a cybersecurity potential breach or data breach or any kind of attack. These bad actors if you will both sides of the house are there to do various things. They won't want to hurt somebody or steal something or make a profit or just be a jerk. Discrentiled employees are a huge challenge, right, because it's all seasonal workers in some perspectives or it's low, underpaid wage. It's people show up in factories because they have to, not necessarily because they want to be there.

    10:31

    So there's always this challenge of how do we handle access control for people who are only going to be there for like a month? Or what about these third parties that are coming in, you know, are they going to create more paperwork, but also they're going to be in our facility? What do you think the challenges around digital transformation, because that's a huge buzzword right now in the industry how the boards really want to evolve and digitally transform. But, like you said, there's so many that are still. If it's not broke, don't fix it. I'm going to continue using my clipboard and not a tablet.

    10:59 - James (Guest)

    It's one of those situations where it's ROI. So again, in like R&D I go. When I spend money on a software system to manage my product development and manage all my formulas, there is ROI on that because I can turn around and say, well, I just won this business, I just got sample product to my customer faster. And you can see that ROI where when you have a Kappa software and a plant for food safety and even just personal safety issues, the ROI isn't that visible. So it makes it that much harder to argue those pieces of why I need this software and why I need to have this in place. And you can make some arguments for ROI on time of oh we're, I'm saving X amount of hours from these employees managing it paper wise and I can be more efficient.

    11:50

    But again, it's still the dollar numbers you can get from R&D and show from R&D always will outweigh anything from a quality standpoint. And I still remember in continuous improvement Greenbelt class when it's all qualities of cost center and it's and it's like on paper that's the truth, Because again, you're not really generating any money and quality people out there probably screaming like no, we are cost safe, but it's, it's one of those little out of the pieces. From a basic, fundamental standpoint, your cost center and R&D will always make the money operations. You'll always be able to show it because, hey, I produced product. So the bottom line is insulated.

    12:26 - Kristin (Host)

    Yeah, very relatable. I T and cybersecurity are cost centers, right, and they can be quite expensive at times, depending on what needs to be done in terms of any digital transformation or new employees that need to be brought in or new tech that needs to be put in, or if there's upgrades. Upgrades are expensive. Same idea, I feel, for the quality people. I do, but they're super important and, in fact, I've spoken to a few here and I just I have so much respect, so much respect. And also for sanitation. Yeah, those people are. Yeah, make friends with sanitation people If you are in the food industry and cyber or IT, please. God. They're amazing. They literally know everything about everything in the facility. Who's touched what? Trust me, it's, it's intense.

    13:08 - James (Guest)

    You will have a lot of anxiety when they come over your house Like did I clean my kitchen clean enough? You think we'll see every, every little thing.

    13:14 - Kristin (Host)

    Oh, my goodness I am. I actually I'm so worried now. I have like this like anxiety moment where I'm like making dinner and stuff and I like go back over and wait my counter like five times constant way. Big M chasing after my partner.

    13:26

    It's become this moment because I'm just so terrified. I'll have someone in my house and they're just going to be like what did you do? Why is this like this? And I'm like I didn't know. I didn't know, I'm learning, so let's, let's switch gears a little bit and talk about current events, and I'm not. This is not a name and shame thing. This is not a picking on anybody. We're just trying to go through current events that are in the news and talk about what's going on in the food industry and how that intersects with digital and, obviously, cyber.

    13:51 - James (Guest)

    One of the big ones and it's it's still related to fisma with the 204 rule, with the traceability component, and it just ties completely into the digitalization piece where, from my contacts, there's confusion on the standpoint of oh, we have traceability, we have our SIPs and our ERP systems, but you start looking at the rule and how it's written it's creating some confusion. So it's one of those where it's all right, I need to have this level of traceability and for most food companies they have that traceability. But what other things do I need to have in place? And it came out of that blockchain type of thought process where I have full visibility of my entire process stream, which, on paper, sounds really, really good, but from a food ingredient standpoint, it gets so complicated, so convoluted and it's just really difficult to see.

    14:42 - Kristin (Host)

    Can you break that down just a little bit for the average person who doesn't understand that particular aspect, because I find that really fascinating.

    14:50 - James (Guest)

    And again, this is just high level because I'm still dabbling in it. So, basically this additional rules that are coming out with smarter food safety. They've categorized high-risk food products so leafy greens, soft cheeses, things like that where they want additional traceability and more visibility of the supply chain of these products. So if there is a food safety crisis later we're able to track it with more information back. And if anybody's seen Poison there's a whole entire section in there about lettuce and they talk about it- yeah, highly recommend that.

    15:24 - Kristin (Host)

    Make sure you watch Poisons on Netflix.

    15:27 - James (Guest)

    And I'll just pick on leafy greens for right now, where they're trying to just have the level of traceability, to say what farms it came from and find that level of detail, which is really really good. And when we started hearing all these things about blockchain, we'll be able to see the entire everything on the way back to the farm. And there was companies demoing these things of oh well, we've got this meat product. It can go all the way back to the animal that it came from. That sounds really really good in theory, but when you start dealing with complex systems and foods with ingredients that have multiple components speaking from like the flavor industry formulas are your IP. You don't want to share that at all. So if you're trying to have this level of traceability but then still try to protect your IP, how do we find this balance? And it's not easy.

    16:17 - Kristin (Host)

    You know I was talking about the traceability rule the other day and someone said how are we going to trace a blueberry? And I went you won't you trace the plant right? Well, they're like what if that blueberry fell off during transit and it wasn't part of that plant? I was like you're going down this hole and I can't follow.

    16:31 - James (Guest)

    Sorry.

    16:32 - Kristin (Host)

    Like wow, that's a lot, but that's that's how you have to think. Like it's, it's crazy. We can't exactly tag a pea, you know. We can tag the plant and we'll know what, like which part of the field it came out of and possibly what seed it was. Obviously the farmers checking records that deeply which they do but that's crazy to think that you're going to have that level of traceability right now. Like that's going to take time. We have to put tech in the field, we have to test it and it has to be done in a way that the field is picked differently, whether it's for machine or human. It's crazy to think about that.

    17:05

    But in a factory, it can be a little more controlled.

    17:07

    We know we can tag the bins that they come out of and we can tag where they are in the warehouse, but a lot of people don't know, too, that some of the food ingredients are combined, and I think this is what's interesting to me, because we have so many sensors and IoT devices that are on these lines now, and you would think that we'd be able to use that and all combined together, but the problem is they run on different systems and some of them are created for different reasons.

    17:29

    This is why I really think this cybersecurity can come alongside the food industry, because we're actually already looking at all of that right. Anything that is pulling a network IP, for the most part, we could put into one of our systems and take a look, so we may be able to actually help and determine when that furnace got turned up too much or there's too much pressure, or nine blueberries hit the batter instead of eight that were suspended perfectly for blueberry muffins, and I really think that we're going to have to have these deeper conversations at some point of how we're going to figure this out, because ultimately I think we hold some keys of keeping foodborne illness down.

    18:02

    access control, totally cybersecurity that's what I'm interested to see. Is that particular synergy? Hey there, listeners, we're going to take a quick pause and let you breathe. If you're enjoying what you're hearing so far, please hit that like button and subscribe. It would really mean a lot. Are we ready to dive back in? Let's continue. Do you see any other synergies, James?

    18:41 - James (Guest)

    Customer complaints, like exactly what you just said, with there's just so much data, and when you have customer complaints and then you're trying to do investigations or root cause analysis, well, I need to look in my ERP system, then I need to look at the complaint handling system that just came in and then I need to look at my operating system to see, all right, what were the production systems. And then, if it's in paper, then I need to go out and look at my bad sheets and you've got all this data that you need to digest put together and let's say it's just a quality complaint and you've got a response time. You need to get back in three days. You're rushing to try to get that. God forbid.

    19:17

    It's a food safety issue that you're even further under the gun and you're trying to compile that as fast as you can. It's not easy and that's the synergy piece that we really need to think about. And in the food industry you and I have talked about this with just software. I buy one piece of software and then somebody else buys a piece of software. They're not talking to each other and in a lot of cases there's overlap.

    19:40 - Kristin (Host)

    It's true. I mean, there really is, and it's almost like the security community needs to realize that not only were they are protect the assets, because that's, by definition, what we're doing you know, digital assets but also, at this point, it's a partnership we're actually have to go deeper. It's about protecting the people that are working with it and beyond the public in this, in this particular aspect, I'm sure not all industries I'm not going to say that for, like finance, necessarily. I don't think there's anything like threatening there at this moment, and if there are, please correct me, somebody come for me. I think we really need to take a harder look at our role and responsibility within this sector in terms of what can we do to keep protecting people, because I think I said, it goes beyond the digital space for us now, because we're too intertwined and I think that's the futuristic view.

    20:22

    Moving forward is how do we envision what that looks like? And I see, I see cross train, I see people who are cross train in both fields working together and this you know more of this food protection culture by where there'll be food safety and security and defense people that are trained in cybersecurity and how to recognize and attack just as much as a flip side. The sock is trained on recognizing when there's been a contamination and I think that's I'm excited for that, because I think our food is just going to like the whole value is going to go up in the supply chain aspects, which I know you can speak to, James, so I'll let you just run with that. So, in terms of a supply chain view, what's your futuristic viewpoint for the food industry?

    20:59 - James (Guest)

    So two of them and this is one thing that I've had some conversations already about it One is from an intentional adulteration food defense kind of realm is how do we assess our supply chain on that? And going back to the one of the beginning topics we were talking about policy and how things are written, all right, us as intentional adulteration role there's past 96, that's global. And if I've got global suppliers, all right, how do I assess the supply chain on that to make sure that you have food defense pieces in place so we don't have that risk, because the supply chain is just that gigantic? And then the other piece on the supply chain, and again it's assessing it as the food safety culture piece, where, all right, how do I have a set metric that I can understand? My suppliers have a good food safety culture.

    21:44

    And it gets even more complicated when you start dealing with ingredients suppliers that maybe they're not food, maybe they're just pure chemicals. And when you go to them and you ask, all right, what are your food safety programs? They'll come back to you and say, well, we're a chemical supplier. We don't need to have a true HACCP program and a true food safety plan for the regulations, because we're just producing X chemical at a chemical refinery and that's some challenging pieces, especially in the processing aid space. That's one that's really, really challenging because use percentage is so low. It's technically not there in the end product but it's going into food products during processing.

    22:20

    And do I hold them to food safety culture requirements? Do I assess them when they're most likely not going to have those pieces in place? So it's really interesting to look at and try to figure out. How do we measure this and food safety culture? I'm afraid to say a little bit of a buzzword currently, but we're still trying to figure out how to do it in our own plants. And now you look at it and say, all right, well, how do I look at it in the supply chain? And if the rules aren't set for myself and I'm not very clear on how I want to do it, how could I hold my suppliers to it?

    22:48 - Kristin (Host)

    What is again echoing cybersecurity concerns as well, because cybersecurity awareness culture is a hard one to push out, and this is why I think, even if you can't assess from a food safety standard, if we had cybersecurity ruling in those facilities you're talking about the chemical facilities you could have some confidence that things are a little bit better because they are held under high regulation for that as well. It's funny how that's critical infrastructure and we're now just realizing the food's part of critical infrastructure. It is part of the big 16, and it's interesting that you say that. I was thinking that nobody really has a good way to handle supply chain aspects at all. There's little chunks that can be bent off. Sure, you could attach security riders, which I highly recommend. There are aspects. Are there food safety riders? I mean, is that something we need to do?

    23:34 - James (Guest)

    So you have it in terms of conditions and contracts at all, where you'll have basically like regulatory requirements. Whether it comply with US regulations around food or if it's in a different country, you have to make sure that you finesse the wording right where it's compliant to that region. So there's language in the contracts and that's one thing I'll say from a supply chain quality standpoint. We run into situations in this space where you have the actual legal contract and then someone will come in after the fact and say, well, we've got a quality agreement that we want you to sign too, and it's like well, if I'm a lawyer, that's great that you have this quality agreement, but is it really a legal contract, whereas the other contract that I've signed has the pricing, has all the clauses in it, that was created by a lawyer, has more weight to put the quality stuff in there. Don't try to create this extra thing. That confuses the supplier and in some cases it might get overruled in the court of law.

    24:27 - Kristin (Host)

    It's true, and this is why usually I tell people we're going to attach a security rider. Do it at your renewal, that way you can roll it right in. But that doesn't help when you some of these contracts are three to five years, depending, or longer. The supply chain risk is so huge. How do you accept it and mitigating it to hold our conversation? But how do you accept the risks that you know that are there and that's hard, especially in a food company, because you're accepting risks that you could be potentially eating, your termination and outbreak.

    24:54 - James (Guest)

    It's how you want to collect those risk factors, how you want to analyze it within your risk models. We've got our own that we put together with every single supplier that we have in our supply base, and then it's also connected to the ingredient side. Where they're connected, but they should be separate risk assessments where it's what is the material risk, what is the supplier risk, and then you combine them together. It's not easy. There's a lot of math and there's a lot of finesse that you have to do, because you have suppliers that are making true food ingredients and then you have other ones that are doing processing aids. Thank you that. Maybe the risk is different because that processing aid doesn't have a true food safety risk, and you just have to build that into the math.

    25:32 - Kristin (Host)

    We have so many different risk assessments that are running in a food company, right? So many, all the ones you just mentioned and then there's a cybersecurity risk assessments and things of such. It'd be really interesting and I don't know if this is job for, like, the chief risk officer, who would specifically land on and I'm not picking on them either, but who does handle this If they all took all the risk assessments and evaluated them all together, would that create a better culture, like? I always wondered that. Like, and I don't know, is there some kind of like? Are we doing double work? Are we doing too much? Are we doing too little?

    26:02 - James (Guest)

    I'm on the same wavelength as you and I think that you should have a comprehensive, or called a risk register. The problem that you run into is each individual person who's assessed the risk, they will automatically think that their risk is the highest priority. That's the challenge piece, that trying to create a level playing field where, like from a supply chain piece, I'll say, when you're trying to make supplier scorecards, all right, supply chain and the procurement group will have certain metrics that all right, well, they're meeting our terms, we're getting paid in the right ways, main quality is coming in. Saying that there's food safety risks. Well, when you're trying to build a scorecard, you're trying to balance that math between the two and both groups are gonna look and say, well, my risk is more important than your risk, so put it higher on the list. And it just gets that much more convoluted when you have dozens of big wigs and some of these companies with their risk profiles trying to combine it together in one register.

    26:54 - Kristin (Host)

    Yeah, it's the same as cybersecurity with vulnerability management. There's usually a color system, one through five, and I've been in rooms where I've had to slam my fist on the table and be like, look, the worst day scenario is death. Start there because we get so granular with it. In an all reality it were wasting time because the people who actually wanna hurt us have moved past this already. They don't care, right, they don't care if it's a step five or a step one, they don't care. I think if we created an overarching company risk acceptance and severity risks, maybe that would be better. If you attach it to, like you said before, if you quantitate it and you attach the financial to it, people kind of get that a little bit better.

    27:32

    Maybe, that's how we create a food protection culture inside of an organization. Because we have this. These are our top five. This is what we're gonna always evaluate against, no matter what happens for our organization, and our suppliers need to understand that. This is what it looks like for us. Maybe that's an idea. If somebody tries to let me know, I would like to know.

    27:50 - James (Guest)

    Yeah, it would be good. I mean, it's one of those where you're setting your internal expectations and then expressing them to your supply base. And that's one of the things that we see in the food safety space, where you have supplier expectation manuals that they're really good but sometimes they turn into phone books and it's just like those internal policies. How do I write this thing? General enough that one supplier of a chemical compared to a supplier of actual ready to eat food. How do I balance that? So it's general enough that everybody's on the same page.

    28:21 - Kristin (Host)

    You know I was just thinking about it from like terms like normal person-ness. You know we kind of have on set rules walking into each other's homes, right? We expect that you're not going to, like, I don't know, use the couch as a toilet. You're not gonna leave dirty shoes everywhere. You're not gonna, like, trample through someone's house and make it just disgusting and unlivable.

    28:37

    I don't know why we can't take that type of mentality into work. You know, like we all understand that right, we got the basics of being a human and not being a bad human, right. Why can't we just take it into our jobs? We get it so convoluted, like you said, it doesn't have to be overly complicated, we just have to take it back to basics. Is this gonna hurt people, yes or no? Like follow the flow chart.

    28:57

    Maybe we need to start creating that as like a part of risk acceptance in you know, a food company. Maybe it's us, James, maybe it's just you and me. We're gonna have to do it, but I think that would be amazing and that way you get everybody gets a say and they understand like this is what being a human in this company looks like, and then this is what the tech looks like around it and has how we're gonna protect it. I think that could be a good start towards the future and, as we're coming to the close of this, I give some advice to both the cybersecurity side of the house and to the end of the food protections out of the house about you know the future or anything you've learned in your career.

    29:31 - James (Guest)

    For me it's one of those. You just have to talk to each other. We had this presentation a few weeks ago about food safety culture, and one of the things that we were talking about was trying to connect it to each individual department and a company. And I remember when I was working on one in the previous job, when you're trying to get IT to understand why food safety culture matters and it's like you work in a food company but then they look at you like you have three heads, like, well, I work on a computer, I'm not directly impacting the product, why do I have to focus on food safety culture? And it's like you have to think bigger picture.

    30:03

    All right, you might be dealing with an IT request for something in a computer software system, but that request is for someone that could directly impact the product and it's all connected. And that's one of the things that I wish everybody out there would just keep that view of. It's not just the four walls in your plant, it's everything is connected the IT and food safety protection, r&d to customers. All those different things are all connected and it's all all dominoes that have to fall the right way and then, when one domino falls the wrong way, the chain breaks and there could be catastrophe. Being able to see that from the perspective of that interconnectedness of all these systems.

    30:41 - Kristin (Host)

    I cannot agree any more to that. That is yes, exactly. We are all interconnected. I mean we have environmental systems that are one system, like water for example. I love that you brought that IT bit up, because I've also been on that soap box multiple times. When I was sitting it was a food professionals meeting talking about sanitation, and they were asked. Somebody asked a question like where are all the other aspects inside of a food production facility potentially would be touched? And someone said R&D, which I was like, yeah, of course.

    31:08

    But, I kept quiet because I wanted to see if someone else was gonna say because I'm one of the only cybersecurity people there. But IT, it touches everything, everything, everything. And I think sometimes people forget because it's just a job and they just suit up and walk in and fix whatever annoyance is happening for somebody and then get on with it. Right, we still have to glove up, we still have to mask up, we still have to put the hair nets in, we still have to get the lab coats on the boots, whatever you have to wear to go do this job. But we also are near the food. Sometimes you have to go fix a sensor that's on the line. You are on top of the food. You are on top of the food and even though you're only fixing computers in the office, that doesn't mean you're not interacting with food. People are coming in from all aspects of the company into your area. But it's so interesting that you say that I just oh, that's great, that's so great, James.

    31:55 - James (Guest)

    If anybody wants to reach out, talk more.

    31:57

    I'd like to talk more on that, just the food defense and the food safety culture and the assessment and the supply chain.

    32:03

    I think it's something that we we as an industry have to put our heads together and kind of look at that to figure out. How do we even how do we wrap our heads around this? Because we've been trying to wrap our heads around food safety culture since Frank Yanis brought it to everyone and now it's just slowly morphing and that's the next iteration of it. So that's that's one thing, that the co-out of people want to reach out and talk about it more and then, like I said, just stay connected. It's so easy to just get so sunk into your role and your responsibility and you just don't realize how much it connects to the other departments, especially in like these large global companies, that the silos exist and the silos so we'll just get bigger and bigger and the fences between them will get larger. It's like, no, at the end of the day, we're we're making a food product that people should enjoy, so we should be working together so it's safe and the customer's happy and healthy.

    32:51 - Kristin (Host)

    Yeah, that's a tough one, Cause cybersecurity is not very cumulative, like we don't talk to each other and if we do, it's sort of I don't know, I'm not going to go down that rabbit hole of of the things, but there's a lot of shame and I and this is something that I love about the food industry is you all talk to each other. You don't care what department you're from, you all hang out together and it's you also have been really inclusive to me. You know I'm just this, this girl who's been doing IT and cybersecurity for a while, and you kind of just are like, okay, cool, come on, hang out with us. That's great, we'll talk about food and we'll talk about safety and we'll talk about culture. It's great. And I think that's the.

    33:21

    The interesting again connection between our two spaces is cybersecurity. Awareness is almost kind of like cringy to us now, like we're like, oh, not that again, passwords and two factor, but it's it has to be constantly said because it keeps happening. Right, same with anything that happens with food. We need to make these things so simple that it's a stop, drop and roll moment. You know like you get it, you know you need to do when something happens and we haven't reached that in either one of our cultures really yet, and I think that's that's probably like the way we have to start, James, like honestly and I've been, I've been screaming this for a little bit and yeah, that's just really fascinating, but so, yes, we need to communicate more.

    33:58

    If you're in cybersecurity, it, please open your mouth. You're a food company, go share lunch or wait for some tasting of frosting or something else that you need to go do and start talking to people, because you know, oh, you need to. We need to communicate together. Thanks for your time, James. This has been an awesome conversation. I actually feel really energized.

    34:17 - James (Guest)

    It was a pleasure. I had a lot of fun. Have a good one.

    34:21 - Kristin (Host)

    All right, folks. That brings us to the end of today's episode. A huge thank you to all the listeners for tuning in and supporting the show. Your enthusiasm and dedication really do me in the world. Remember to stay safe, stay curious and we'll see you on the next one. Bye for now.

Previous
Previous

Ep. 005 - Tacos, Tenacity, and Trust: Navigating Cybersecurity in Food Defense with Megan Francies

Next
Next

Ep. 003 - Bread, Bugs, and Bytes: Cybersecurity’s Role in Food Safety with Sabetha Wells