When Technology Sprawl Meets Real Estate: Managing Risk and Control in Modern CRE Ecosystems

Introduction to CRE Technology Evolution

Drew: Welcome back to the Peak Property Performance Podcast. I am your co-host, Drew Hall. And before we get to our panel today, the theme for today's show is the regression of CRE systems, the path that they've taken from operator controlled into platform driven ecosystems, and then ultimately into where we land today, largely where the complexity often outweighs the clarity. So real quickly, before we introduce our guest, as always, just want to remind listeners to like, subscribe, share, shout it from the mountaintops like so many of you do. It's how we're spreading the word on the PPP movement and changing an industry here. So please remember to do that. And if you think you'd provide value as a guest here, we welcome CRE thought leaders from all stages of ownership and operation. Please just reach out via LinkedIn or the PPP website itself. That's peakpropertyperformance.com. So without further ado, it's not just me as the talking head today. First, welcome our co-host, Bill Douglas. Bill, hello.

Bill: Hello. Our guest is really who's going to talk most of the time today. And today our guest is Michael Mullen. Michael, I'll read your intro, but say hello to the listeners first.

Michael Mullen: Good morning, everyone. Good morning. Good to be here, whatever time it is. I am going to tell the story real quick that you just told me. You got introduced to the trade show as the godfather of PMS. And you didn't necessarily like it, but I'm just trying to establish that you've seen it all. And that's why I'm excited about this conversation today.

Drew: Yeah, I think I've got 40 years in property management software now. Absolutely, yeah, you qualify. But when I say you've seen the full evolution of technology inside commercial real estate, you certainly have. From where we all had standalone DOS applications sitting on our desktops at the property level to dot com boom and everything trying to get consolidated back to headquarters. So in theory, you could get real-time data and information. But yeah, I'm looking forward to today's conversation about how we got here and how operators are losing more control than they realize. So rather than read the formal intro, I think we just did it. I think we should just jump right in.

Michael Mullen: Sure, great. All right. Yeah, so Mike, how would you say? Like from your perspective, how did early systems actually serve the operators better in some ways than they do today?

From Centralized Systems to Technology Sprawl

Michael Mullen: Well, I think partly it's because it was everything was very little, very centralized in that one property. So when people were using the system, all they had to do was worry about their own tenants, their own residents in those systems. They didn't have to worry about, am I in the right property? Am I in the right? Do I have the right tenant? Do I have? So the bigger it got, the more data that was in the system, the more the users had to figure out where were they in the right place. It helped the property staff remain very focused on their own systems, where they could run a budget control ledger. They could do their make ready board on their system. They could do all their accounting, really built around having an accounting system and obviously transition to where through some of the things we've got today, which to doing attraction alignment, doing resident portals and that kind of thing. We've gone much further than that. Back in the day, it was accounting, leasing accounting, budget control ledgers and make ready boards, all running in a DOS application on a standalone, usually on a standalone computer in their office with green screens.

Drew: Yeah, wow. Yeah, definitely come a long way. Multiple iterations too. And so as we think about how some things have definitely been consolidated over all this time, and certainly there's improvement to be expected in the consolidation of some of these things. But how do you think of that? Like when you think about some of the things that you've listed here already, when you think about the consolidation of those tool sets of systems, think through and tell us kind of some examples, maybe ideally, where there was not necessarily benefit, but maybe some blind spots were created along the way.

Michael Mullen: Well, I think as we came through Y2K and that was kind of beginning of as we came through the dot com bubble, and we're all looking for ways to get to more real-time data, because back in the day, we would bundle up all the data up those systems, back them up onto a floppy disk, and we'd overnight the floppy disk back to headquarters where they would extract that data, put them into a reporting tool and trying to get the data. So Monday morning reports became like Wednesday afternoon reports by the time they consolidated everything and got it into a way they could present it to people. So I think moving to that consolidated internet-based system, you did get Monday morning reports on Monday morning. There was a cost associated to that. But I think one of the main ways to offset that was we were overnighting packages of data back and forth from properties throughout the week. There was usually three, four overnight packages a week that would go from each property back to headquarters, be they invoices, their backup data so they could do their consolidation. Those types of things were going back and forth. So much of the cost of moving to the browser-based applications was picked up by eliminating all those FedEx bills. And it did give people real-time data, sometimes too much, sometimes not quite fine-tooth combed before it got there. Property people were used to their own systems where they knew exactly what they were putting into those systems. And when their data was going up to corporate, they would kind of massage it, make sure it was right before they sent it off. When we went to real-time internet-based systems, everything was real-time. So there was no massaging. There was no fixing it before it got into corporate's hands. Everything was exposed right away, which was good and bad. Sometimes made people make decisions that weren't necessarily correct. But it also made everybody start thinking about what processes can we put in place to ensure that this data is better? How do we make sure that the systems are gathering everything properly in the first place?

Drew: We talk about this in the book a lot, the concept of loss of visibility. But really, and we talk about it a lot on the podcast too, more importantly, when the system owns the operator. The operator is paying for a system, but the system actually owns the operator because modern platforms often trade control for convenience.

Michael Mullen: Well, yeah. I mean, it's certainly, if you look at the kind of the three big players in this space, the MRIs, the ERDs, the real pages, it's an infrastructure. It's not a property management software. It's not a leasing application. You buy into the infrastructure. So everything becomes from that one vendor. And, you know, unless you're a really big company, you're not really getting much of their bandwidth from a software development standpoint. So you're having to kind of fix yourself into their processes. How they do a guest card is how you have to start doing a guest card, how they do a lease and the data they collect for a lease abstract on a commercial application. You have to kind of use what they say is the industry standard instead of saying, I want to do it differently. We talk a lot with our clients and with prospects about you're the buyer. You should control this process. Like, you shouldn't wait for the vendor to dictate the roadmap. You're writing the check. You own the roadmap. The vendor will play. Like, we will play. If a client comes to us and says, we want to do this for this property, or we want this performance or this data, we will alter our methods to get what they want. And most vendors will do that. But, you know, where do you see operators today losing visibility that they historically have? And do you have a real example of that? On a system limited decision making ability?

Michael Mullen: Yeah, I'm not sure I have an exact solution or example of that one. I think because we've gotten, there's so many tools out there today that we've kind of, we went from distributed operating systems to a centralized application, all built about, you know, kind of three vendors in their own way of doing things, to now there's been so much money invested in PropTech that it's, you've got, you're back to silos of information, certainly tool sets today with AI and whatnot. We can start bringing that together more easily. But you also, you had a, all your leasing was in one system and all your maintenance was in another system and not necessarily did all this stuff talk to each other. So you didn't, you don't have the clean views you might've had in a single operating system. You have to kind of wrap, put your own wrappers around it today to expose that to you. And applications today certainly have that ability. Certainly, I mean, I spoke with a client earlier this month that they've been working on trying to get a stacking tool to actually be the way they wanted the stacking tool to use. So stacking is basically going to show all your building, all the leases by floor, and be able to see who owns what. And they, if you highlight one, you should be able to get all the lease information, you know, rent per square foot, cameras, recoveries, all that data in one place. And there's commercial applications out there that do that, but they weren't convinced that they were, that they could get their lease abstract information into the, into any of the vendors tools. So they built their own, they just put, they grabbed all their lease abstract reports and all their leasing reports, put them in a common NLM, and so they have a tool over it. And in two days, they built themselves a property stacking tool that their leasing agents and their, are ecstatic about. Because now they can just highlight something, be able to see lease end dates. They can see first writer refusals from the, from the abstract and have it all in one place throughout the whole, throughout the whole portfolio. The portfolio is 25 million square feet. So they've got a lot of, a lot of leases to worry about. Just a way to move that, move that all into one place. And they've been trying to do this for, for years.

Michael Mullen: Years using the commercial application never worked very cleanly. And here they put a relatively junior programmer on it and in two days they came up with a system that they think is pretty good. Now, what's the security around it? Are the outcomes always correct? There's still stuff that you have to commercially make an application available to people. You need to be worried about other things than if you're only building an AI tool for yourself, doesn't necessarily have to take all those components into consideration.

Navigating Vendor Relationships and AI Concerns

Michael Mullen: What you first described about all the silos of data and so many systems, you know, PropTech growing so much is technology sprawl, right? System sprawl. It's everywhere. It used to be a stack. Now it's a stack and it's getting wider and wider and wider. I'm not sure. Wider and wider. And I love when a client actually does it themselves quickly. But the problem is the client is not a software developer. And when that person leaves, then they have an old system. It'll quickly become old because it won't be maintained. And the technology sprawl is creating an even larger gap that is an insurmountable problem.

Michael Mullen: So I'm not advocating they not use the vendors. I'm just advocating that they drive the vendors roadmap instead of accepting the roadmap. And solutions are great, but definitely, and you and I could probably have, and Drew, a whole nother show on this, definitely have to build a maintenance schedule for anything you build because what you're paying for is maintained. You have to build security to the infrastructure. You have to make, there's Q&A that's got to be done. It's got to be, you got to maintain it.

Michael Mullen: And while, you know, the demise of the software company is, AI is the demise of the software company. It's just not. The structure of designing and building the architecture, that's not something that you and I or the average person is going to run out and say, Hey, technology guys do this for me. They're not going to take into the important things that we have to worry about too. And vice versa.

Michael Mullen: Listen, I had a client call me a month and a half ago or so that said, Hey, I want AI taken. I want co-pilot taken off all my systems. I don't want people using AI. And my conversation started with, you think we will be co-pilots going to stop them from using AI? I mean, they're just going to go use Gemini. They're just going to go use chat. They're going to go do something. If you don't help them use it, all you're doing is bringing the shadow IT into your organization and putting yourself at risk. So you should, you know, instead of taking it off, trying to deny it, like there'd be a buggy with guys saying cars are never going to be successful. Give them the tool. Don't let them go find it on their own.

Drew: Yeah. And they will, right? I mean, we know that, you know, somewhere around 60% of employees are using AI in some way for their job and just telling them they can't, it isn't going to stop them. And it's enhancing many of their lives. I mean, it's making their jobs better if being able to use these tools, as long as they don't believe them that they're, you know, they do hallucinate at times. You have to be careful, but as long as you're checking your results, you should be, you should be good.

Managed Service Providers in CRE

Bill: Mike, when you think about the history of managed service providers involvement in CRE over the years, how would you describe, or how do you think about that? Was there something that broke along the way that made MSPs more necessary than they used to be? Because what is it? How would you describe the introduction of MSPs in the first place? And then we'll talk a little bit about how that's changed over time.

Michael Mullen: Well, I think I'll go back to Bill's comment about the sprawl. I mean, the sprawl has gotten bigger and bigger and bigger and bigger. And as a owner operator, you could try to have somebody that does all that, everything for you, but they probably aren't, can't. So you've got to find, how can I use what I, leverage what I have internally? What outside resources can we bring in to help? And it depends on the, it depends on the organization.

Michael Mullen: We've got some, some small owner operators that, we are their virtual CIO. I mean, we, we kind of drive their technology, roadmap, year over year. And there's others that we're just there to do help desk for, as their internal organization works on other projects for them. So I think it gives, it gives an owner operator some flexibility in how they use their own internal staff and gets them exposed to maybe things that they wouldn't have seen in the technology arena that, you know, because we're wandering around in the wilderness by ourselves a lot, we see, we see stuff that they're never going to see in the technology world.

Drew: Yeah, that's good. Well, and that flexibility, I mean, exactly what you're talking about, Mike, just plugging in, whether it be at a help desk only level or doing a more thorough engagement as an MSP for some of the clients, how do you see that slide occurring? I mean, where, you know, MSPs, if not implemented, or if not given the proper level of control up or down, they might generally reduce risk, or they might actually introduce more abstraction and more risk and that sort of thing.

Michael Mullen: So I think it's going to be, I think it's going to be a conversation always between the MSP and the, and the owner operators and, and the software vendors that we're always talking, thinking about how, what risk are we bringing into the organization and ensuring that that risk is a level of risk that the owner's willing to take. There's some people that will, that just have blinders on and they'll, they'll running around with, you know, with no EDR in their, in their organizations. And they're okay with that. But most people want to know that they've got a good cybersecurity stack around them, that they've got, you know, good authorized use programs. They've got a good response plan. They've got strong backups that can be recovered from.

Michael Mullen: So I think that you, if you, as the growth of MSPs in general has been, technology has become, everyone's a technology company today, right? We have more and more and more of this in our lives. So I think that we're, as we, we have to stay, if we go in, we try to make it a very consult, consultative discussion of how can we help if they're, if not every organization can we help it. Maybe it's just a time and material basis, but they're good at owning and operating real estate and we're pretty good at technology. And I think that, that you stay in your lane, I'll stay in line and we can help each other be successful.

Bill: I mean, you know, to share a story from our side, what we've seen, you know, the life cycle of a building, obviously you don't see management companies come and go, mergers, acquisitions, that sort of thing. And I mean, we even have one that's happening right now where the requirements change only because the logo of the company that's managing the place has changed, even though the people haven't, just the logo and the parent company. And so there might be some requirements that are in place, whether or not they make sense, doesn't necessarily matter, but that's just what their requirement is.

Bill: And of course I'm talking technical here. And so, you know, we often influence those discussions and say, let's take a look at the requirements. How can the, what are the possibilities for those being met? What are the expenses? How can we, you know, vary technically, but without getting too much into the weeds, how can we defend the security posture of the campus? Which that's the ultimate goal is to make sure that the security posture is correct and everything is addressed accordingly. So, I mean, it's really important, but it's, you know, sometimes those assumptions are just kind of broad sweeping and they don't, they lack a little bit of real analysis. And it's just interesting to see that change from company to company as management changes in a situation like that.

Michael Mullen: Yeah, I think that as long as you remain in communication, I think that the one thing that we try to do with everyone is have regular conversations about this. You know, we would say quarterly, we're always going to have a conversation with the customer, but anytime that you have a question about technology, I want you to pick up the phone and call me and ask. If there's, if you hear something that you're interested in, call me, let's talk about it. You know, it's a little harder because we're not walking down the hall and saying, hey, you got a second, come on in. But that's what you want them to get to that point where, you know, all right, listen, we're talking about this, let's call Mike and see if he can lend any insight here.

Bill: Don't want- Well, what we see, Michael, is I'm going to be, I'm going to play sarcasm here as we see the new property manager come in without looking at anything in the stack, in the campus or the property, assume that everything needs to be refreshed and new. And if we spend money, we'll be covered. And they, they just, a lot of the outside IT firms or the IT, not OT, but IT inside of a, of a new firm coming in has a budget and they love to buy new things and they love to implement new networks and systems and devices that are already there. Like it's already mapped out for them.

Bill: Yeah, we put it in on a five-year plan and you're only a year and a half in. Why do you need to refresh all this? You're talking about 50, 75, a hundred thousand dollars sometimes to redo the core of a network that is perfectly good. It has been pin-tested, it has, et cetera, et cetera. But I'm baffled how many times they don't ask.

Data Security and AI Risks in CRE

Michael Mullen: Actually had a conversation with the group last fall. They were just right aboom. So they had had an event occur in the June timeframe. About 75 laptops, I'm sorry, desktops had been attacked and ransomed and they were still bruised. I started talking to them in August, September. They had been with their current MSP for 15 years. They liked them, but they felt uneasy without having somebody kind of watching over their MSP to make sure that there was enough layers of the onion, layers of the onion skin covering up their data.

Michael Mullen: So residential owner, operator, they've got all kinds of PII on the network. They've got, it's just, there's big exposure to the, just to the data. Hadn't been lifted. So they were just ransom. There was no data taken, so that was okay. But now they were very worried that somebody was going to come and get their data. So they brought us in to just kind of say, let's talk about the tools that are here. What assessment can we make to, and what additional things can we do just to put a couple more layers of the onion skin around the heart, just to make sure that we're, that we've got everything buckled down.

Michael Mullen: And when I went and looked, listen, they had, they had a good tool set. It was, you know, they had good AV, they had good EDR, they had a good MDR product. They were, they were really sitting there pretty well. If you remember, SonicWall had an issue and, you know, they snuck in through the SonicWall thing and got in and was able to, to elevate a user to, to admin privileges and were able to take, take advantage of things. Could the, could the MSP have done something? Probably, but you don't know.

Michael Mullen: What exactly, because, you know, SonicWall isn't really very, very disgusting about it. And they don't, they're, uh, they said, you know, if you just go change everybody's passwords, everything's going to be okay. Yeah. You know, I'm not sure.

Drew: Well, that's, you know, you're talking about network and security risks, right? Can I go back to something you said earlier in the show here and revisit risk introduced by AI and AI tools?

Bill: Sure. Like, like, can we make, can we spend a minute on that? Cause I think your experience there and do's don'ts or gotchas might really help the listeners. Like we see operators introducing risk without realizing it, especially with the free tools and sensitive data. So what are you seeing in terms of teams using those with confidence, confidential information? Like you mentioned PII, but what about financials and some other things?

Michael Mullen: Yeah. So, so annually we do a data, we kind of do a scan of all data on the network just to see, is there stuff that's in common areas that should be put into areas that are, are encrypted. And we found that one of the things we started testing for was data that was sent to, sent to AI engines. And we found that one, this one client had actually uploaded their financials to the free version of chat GDP 504 times. Now they love the reports they were getting, all these comparisons they were doing and the questions they could have, they thought it was great. They said, but guys, there's no security around this. Your data became part of the model. And they had no idea that what that meant. And now would you have to write a pretty good prompt to go find it and be useful? Yeah, probably. But you don't know what particularly with all, you know, as this technology is faster and faster and better and better, you don't know what you've, what you've left out there. But yeah, they were, they were running, they were running multi-year financials and they were doing, using chat to do comparisons. And they had no idea that it was 504 times. So we kind of taught them how they can do this without exposing it to the general public.

Michael Mullen: Did another one at the same time and found their employee's census reports for insurance purposes. They found multiple, we found multiple spreadsheets on the system that had been, they had done, somebody in HR had sent to the last two years to do a comparison between the, their census from last year, census this year and the cost differences of their insurance. And you know, chat's really good at doing some of that stuff. And if you ask them to write a prompt and ask the right questions, but now you've just sent up every employee, every employee's address, social security number, and in a spreadsheet, that wouldn't be all that hard to find if I weren't looking for it.

Michael Mullen: So a couple of years ago, a year and a half ago, I found in doing research on our competitors using a paid LLM, I found, and Drew's nodding his head because he knows what I'm going to say, a document that was a strategy marketing document for our company that one of our vendors put up there. I actually found where it came from and we no longer use that vendor. We terminated the contract because it was specified in the contract. You can't put this up in a free LLM. Yeah. That does not to be disclosed. Like this is strategic proprietary information. And everybody should, everybody should be writing that kind of things in the conference with their, into their conference with their customers and their clients.

Michael Mullen: We have paid accounts for all employees. And if they use a free account with any client or anything else, it's terminable. It's a terminable offense, no warnings. Like here are the free tools. Now they're not free. Here are the paid tools, privacy, and all of our rules applied. It's not that difficult to set up. It was very straightforward. Well, I hate to use the word guardrails. And everybody has tools now. So.

Michael Mullen: Yeah. It's, to use this word guardrails, because I think it was getting overused, but you do have to put some, some guardrails around this stuff. And it's not, it's not all that difficult to build your own NLM and have it inside your firewall and protect it from, and use what it needs to use outside. What we do now, Michael, that's what we do now. But you know, a year and a half ago, that was a lot more difficult than it is now. In a year and a half from now, it's going to be like, you'll just think it and it'll happen for you. Yeah, probably.

Responsibility and Risk Management in CRE

Bill: So relative to commercial real estate at a property or portfolio, and I'm on both of your opinion on this because Drew is so very technical, right? Where does the responsibility sit to apply both security and AI guardrails? Like, is it at the operator or the project manager? Is it an IT and the owner's IT or is it in the ownership group?

Michael Mullen: Yes. All those people's responsibility. I think ultimately this whole clarity of it. I still think that I think whoever within an owner's organization is responsible for risk, and that's going to be, you know, the CFO, controllers, someone at that level, maybe it's, maybe somebody actually in risk who has a title of risk management has to be responsible for, for, for this kind of activity. But ultimately we are all responsible for this stuff, but who's going to get sued? It's going to be management that's going to end up getting sued, right? And looking for someplace else to get sued.

Michael Mullen: I mean, in New York state, with the New York Shield Act, every PII record that you lose, you could be fined $5,000 for. So in this case of this operator we have in the city, they set up about 150 records in two different spreadsheets. So 300 records times 5K, it's, that's a pretty good slap on the hand. And if you fail to, if you know, and you fail to report it to the attorney general, they can fine you up to a quarter of a million dollars. So it's, you gotta, it's the only way the government knows how to teach us to do something is to fine us if we don't do it, or fine us in the kitchen. That's how they, that's how they justify all this stuff, right? We want, here's your carrot, and it's, it's your, that you're not going to get the stick.

Drew: Drew, how would you answer the question? Where do you think the responsibility lies?

Drew: Yeah, well, I mean, first of all, I was going to say, I like what Mike said there about, you know, whoever owns the risk, but it's interesting because as I think about our various clients and then all of that activity that we see with multi-tenant, let's say, let's just say commercial tenants in commercial spaces, you know, those conversations are usually had with discerning tenants, you know, not all tenants ask, but many do. And as they should, they all should. So oftentimes, you know, from Opticalyzer's perspective, we, you know, it's, it really is in that vein of a picture's worth a thousand words kind of thing. A lot of times we lead with that information to say, here's how, here's how we ensure that security exists in this multi-tenant property that we have designed that has all these awesome features associated with it. You should be asking about security. Here it is. So it just goes right in there with those. And oftentimes it's just like, oh, wow, that's amazing. We'll look at it. And we don't hear another thing. Sometimes the conversations will go deeper. So, you know, I don't think that's the right way that it should be. It shouldn't be left to tenants, but I will say that's where most of the chatter comes from. I don't see it often coming from management. They're kind of busy doing those day-to-day things and just assuming everything's okay because everything's okay. And I'm in there with a can and a stick pounding. I say, hey guys, you got to listen to me over here. You're going to get in trouble unless you get your, unless you get your hands, your arms around this thing.

Bill: Well, I, I agree that with you, Michael, the CFO is very effective, but a lot of times the ownership groups don't have necessarily CFO to be a general partner. You know, they might have somebody on staff to do it, but the GP or the CFO is typically the most reactive, most willing to take accountability for this issue. I mean, I want to make the point that this is not AI hype. AI is accentuating the problem. This is a high signal, real world risk conversation that ties directly to control of data and operations. AI is just a piece of it. I mean, look at these emails that we're seeing now. You know, I've seen some coming in for me that, you know, these are, there's an embedded, there's an embedded invoice in the email. And if you look at the trail, it looks like this conversation is occurring between people and the email addresses are the same or are proper. And the, the writing's good. And all of a sudden it looks like this is a legitimate email. It's a $52,000 invoice attached to that, that I'm requesting my AP people to pay immediately. We're not going to pay that invoice immediately. They're going to come running in and go like this, but many people will just, they'll process that stuff and it'll go on its merry, it's going on its merry way.

Bill: I've had one client that's, I use natural language processing, listen to this podcast and then write an email that sounds like me and Drew and send it to employees with our own company. We had to train our employees, zero trust, start with no. That's right. Yeah. This isn't right. We're not going to ask you to pay an invoice for us. We have systems for that. We have approval process. I think Reagan said trust and verify and now it's verify and trust, right? It's verify the identity before you trust anything. I think Reagan was one with a little trust in it, but we're going to verify that. We have to reverse that today.

Bill: Appreciate you spending a few extra minutes on that because I know a lot of people, not just our listeners, a lot of people that we talk to don't understand the risk in actually using AI. And if you set it up right, there is no risk, right? There's manageable risk, put it that way. There's always risk. I did fix that statement, but there's exponential risk if you don't.

Michael Mullen: Yeah. Well, I think we see it from the insurance companies. I mean, it wasn't that long ago, five years, seven years, that an application for cyber insurance was eight questions, 10 pages, single piece of paper. Do you have a firewall and do you have AV? Now you've got 10 and 15 page applications. They want to know the vendor. It's much more- We have to fill those out every year. Yeah. Much deeper into it. But it's one of the questions I think you have to ask your vendors. Do you have cyber insurance? What are your limits? How are you going to- Protect us as your customer through those things too. And we have to, as a service provider on many facilities across the country, we have to fill those out and provide insurance statements every year. Yeah. Yeah. It's just part of the contract. So I would encourage everybody to really consider that.

Michael Mullen: Well, yeah. And don't listen to your broker. Your broker says, just say yes to everything.

Michael Mullen: And as soon as there's a breach, the first question the forensics guys are gonna ask are, let's see your application. Wait a minute, you said you did MFA and you don't do MFA, or not everyone did MFA. You can't say, well, most people did MFA. No, everyone must do MFA. So you just have to make sure that whatever you say on that application, you actually do throughout the term of the policy. Because the first thing a forensics guy is gonna do is try to find a way out of paying you, and they wanna see if you kept all those things that you said you're gonna do, you're actually doing them. There's one of the things we try to help people with is ensuring that the controls that they put in place remain in place throughout the year.

Final Thoughts and Personal Insights

Drew: All right, Mike, this is good. Before we wrap up, we always like to take our guests up to what we call the extra floor. So it's just a quick set of, there's three questions in this case. Just gut level, it's not conversational like we've done so far. Just short answers, whatever comes to your mind. Number one, what is the best piece of career or life advice that you think you might've ever received?

Michael Mullen: Always be a learner. I think I had my first boss out of college. I was working at a bank in the branch organization, and he brought me to his office and said, Mike, I'm 35, my boss is 54. You want my job, I want his job. This is not changing for a long time. I wanted to go talk to this gal I know who happened to be on headhunter for Wall Street. And she got me a job working for then Lehman Brothers. And Dick Fold, who actually was the CEO when they took that organization class, was my boss at that time. And he was the one that said, you always have to be learning. Something new every single day. Something new every single day.

Drew: What's a habit or practice that consistently makes you more effective besides always be learning?

Michael Mullen: I hate to say this, but I keep a paper day timer, and that's where my to-do list is, where all my meetings are, and it's where all my notes are for that day. I've got stacks of them around my office for the last seven years, because if the IRS ever asks a question, I got something I can show them. But it keeps me focused on the things I need to do by having that list move along with me day to day to day. And if something starts getting stale, I gotta figure out why it's getting stale and not getting done.

Bill: Yeah, that's good. I mean, shoot, in this day and age, having a thing or two that's analog is not a bad thing.

Michael Mullen: Yeah, it kind of keeps your feet on the ground.

Drew: Exactly. Okay, final question here. Are you an early bird or a night owl?

Michael Mullen: I am an early bird. I'm up before five of every day, and I'm asleep by 10.30 every night. Yeah, okay. But I think I get more done between five and eight than I get done the rest of the time, focused work. Most of the rest of the time, I'm putting out fires, answering phones, talking to customers. I get to get what I need to really get done from a work standpoint from five to eight. Then the phone starts lighting up.

Bill: Well, we will put your information in the show notes, but please tell the listeners how they can contact you.

Michael Mullen: Sure. My email address is mmullin at IBSRE.com. And certainly if you have any questions or need any help with anything perplexing, I'll certainly give you some time.

Drew: Well, Michael, thank you. Mike, as we should say.

Michael Mullen: Thank you guys, that was great.

Bill: Thank you to our listeners and everybody out there. Be sure to like and share and subscribe and follow, and all the things that you know would really help get the message out. And share it with some friends, send them an episode and tell them why you liked it. And welcome to the Peak Property Performance Movement.

Michael Mullen: Thank you, everyone. Very cool.

Drew: Thank you very much, guys.

Bill: Thanks, all.