Paul: Hello, everyone. I’m Paul Parisi here with the Edge of Innovation, and our guest today is Adriel Desautels from Netragard. Adriel, are you there?

Adriel: I am.

What Does Netragard Do?

Paul: So, Adriel, you are with a company called Netragard. What in the world does Netragard guard? Or what does it do?

Adriel: So just like our slogan says, we protect you from people like us.

Paul: I love that slogan. So, “people like us.” What do you do? Are you hackers? Or are you light-head hackers or what?

Adriel: So we are hackers in the very real sense of the word. We have roughly 35 guys on the team right now, that are all vulnerability researchers and zero to exploit developers. So we really specialize in tearing apart technology, understanding how the technology works, and then finding ways to make the technology do things that it’s not supposed to do. And we apply this skillset to anything from automobiles and cellphones, all the way into large corporate networks or government networks and so on and so forth. The end product is we breach something, we hack something, we break something, and then we provide you with a solution to prevent other people like us from being able to do the same thing.

Paul: So basically, you guys sit around and try and break things. Or, I mean, because you said, you used very select words there. “Make things do things they’re not supposed to do.”

Hacking: Making Things Do Things They’re Not Supposed To Do

Adriel: Right. Absolutely. So, a prime example, right, with cellphones, for example. When you receive a text message from somebody, you expect the test message to display the message. If you receive a text message from us, our text message, you might never actually see it come in because it will be designed in such a way that rather than displaying a text message, it gives us complete control over your phone. So maybe when we send you a text message, the payload, or the contents of the message, will allow us to listen to your microphone, turn on your camera, track you via GPS, read the emails, look at what you’re browsing, etc., etc., etc.

And the way that we do that is by leveraging flaws that exist within that specific piece of technology. And the same would be for anything. You know, we did research on cars a while ago, we were in the news for the research there. And we found that it was possible to do things with the cars, like take control over critical systems such as the accelerators, the braking systems, seatbelt tensioners, other kinds of security things in cars. And so you can literally hack a car and turn a car into a weapon.

So we look for the different avenues of those kinds of things can be done and then we build solutions so that the people who are responsible for making these technologies can prevent those kinds of things from happening, hopefully.

Paul: Okay. Alright. Well, that sounds scary and interesting all at the same time.

How Adriel Became a Hacker

Paul: Let’s take a step back. So now, what’s your background? Did you go to school for this? Did you just figure out one day, “Hey, I want to be a security person”?

Adriel: Yeah, so, when I was about eight years old, my father picked up a Tandy 1000 and maybe I was even six. I was young. And I wanted to know how this computer worked, and I played Load Runner. I played with the word processor that he had, the big old disks you used to have to stick in there. And I became more and more curious. So I began picking up Basic, I think it was and just trying to figure out how things worked in that respect. And then, you know, I saw well, if I put in this text with this, the computer would beep in this way, or the computer would do this kind of thing.

That evolved and then I was gifted with a modulator demodulator and I thought to myself, so if I dial this telephone number, I get a connection. What happens if I try a bunch of different telephone numbers? Most of the time, it would be people that would pick up and be mad that they were being called by a modem. But sometimes I would be calling other modems, and I’d find that they connect to systems that I wasn’t supposed to.

And then from there I discovered the real satisfaction. Curiosity. You know, hackers are driven by curiosity. And there’s a saying that I hear all time, curiosity killed the cat, satisfaction brought it back. So, it kind of evolved from there.

When I went to college, I was studying a combination of computer science and philosophy. I ended up dropping out of college in my second year because I was already working in the industry. I was making more money than most people with a degree, and I was learning stuff in school that I had already learned and that was really antiquated. And so I thought, well, I don’t really need a degree to get me, nothing.

And so I dropped out of college and started my first business. Sold that business, worked in the industry for a bit, which is how I you met initially, I think. And then I started up my second business and here we are. And through the interim, the point between the two businesses, I realized that I do not work well for other people. I work much better for myself, with my team. And so here we are. And it’s been a great adventure, but it’s been a pretty successful one too.

Starting a Business Using Real Hacking Methods

Paul: Excellent. So what is that business that you started? It’s Natragard. But, I mean, what was your intent? And how long ago was that?

Adriel: Yeah, so back in 2006, really 2005 to 2006, right after we were running SNOsoft, or Secure Network Operations was the full name, we were approached by a bank. And the bank said to us, “Hey, we’re looking for penetration testing that will deliver a real hack. We really want to get hacked.”

And we said, “Well, we don’t really do this kind of stuff. My team is really into reverse engineering and zero-day exploitation and things like that. Right now we’re doing vulnerability research and exploit development, but we’ll try to find a company.”

And so we scoured the internet. We looked and looked and looked, and we could not find a penetration-testing firm that would actually do what they said they were going to do. They all said that they would do manual testing. They all said that they would use a research-based methodology. They all said they were going to do these incredible things. But when it came down to really talking about the technology, they were all going to effectively deliver a vulnerability scan, vet the results, and produce a report, which is not what our customer wanted or our friend or associate wanted.

And so they said, “Well, why don’t you guys deliver this test?’

And we said, “Alright. We’ll give it a shot.” And so we took our vulnerability research and exploit development methodologies and we created a methodology. It was called Real Time Dynamic Testing. In about 2006, we used that methodology to test this bank, and we managed to breach the bank and take the domain in four minutes flat. And the reason why we were successful in doing that was because they had a critical system that was exposed to the internet but it was configured in a way that the traditional scanning technologies wouldn’t detect it. I don’t know if it was delivered. But the scanners didn’t recognize the system.

We began to look at the network, and we said, “Hey, what is this glaring hole? Let’s play with this,” and boom. You know, we were right in.

And so the bank said, “Wow, this is incredible. Not only did you take our domain in four minutes, but we didn’t see you do it. And, you know, how did you do it?”

And we said, “Well, we just used real hacking methods.” Right? We didn’t depend on scanners, and that was that. So they began talking about us. Other banks began calling us, pharmaceutical companies and so on and so forth. And we just kept on testing and kept on evolving and methodologies continually evolved.

And on the side, for the longest time, we were also doing the zero day vulnerability research, zero day exploit development, and we were catering to the zero day market. So the business was running on two fronts.

Today it’s strictly offensive. Today we are strictly hacking people and breaching people using the same kinds of methodologies and the same kinds of threat as you’d experience from nation states or from real world hackers.

Is Hacking Complicated?

Paul: So now you mentioned there that you were able to break into this. And this sounds complicated. Is it complicated? Or is it not complicated?

Adriel: No, it really isn’t. The most complicated part of breaching a network is doing the research upfront to identify the points of weakness. Once you identify a point of weakness, it’s generally pretty simple to exploit it. For example, if it’s going to be a local file inclusion vulnerability in a web application, right? You have to understand how an application is constructed. You have to be able to apply a path so that you can include a file from the local file system and just really were to paste or write a simple string. And that one simple string enables you to call a file.

So a really simple example would be an ISP that we were working on back before cloud computing was a really big thing. These guys were kind of like your pre-cloud computing hosted environment.

They had an infrastructure set up with a management interface, and the management interface had a glaring local file inclusion vulnerability in it where you could see the path, and you could see the file that was being called right in the URI. So what we ended up doing was we ended up generating a bunch of PHP based error logs by dumping PHP code directly into the server, and that would get a recorded in the error log, and then we directed the path in the URL, the URI, to the error log for Apache, because we knew they were running Apache. When it loaded the error log, it interpreted the PHP, and we got a shell in the system.

Paul: Oh my gosh. Wow.

Adriel: Yeah, so it’s pretty simple stuff.

Paul: Well, once you say it, it’s simple.

Adriel: Yeah.

Paul: That’s very important, I think. It’s like, I would not have thought of that, but now that you say it, it’s obvious.

The Art of Hacking

Adriel: Yeah. It’s funny because even the most complex hacks become trivial once they’re discovered. And so the real talent and the real art is in the discovery, and it’s being able to think in such an obscure and different way that you almost… It’s not really out-thinking other people, but you — for a lack of a better term — you out-art the other people.

Paul: Well, it’s almost out-thinking reality because you’re not just taking it for what’s in front of you. You have to look behind it and around it and under it.

Adriel: Yeah, exactly. And sometimes you have to build an entire ecosystem or environment for this thing to exist in to break it. Because certain pieces of software are meant to exist in certain situations. They’re meant to do certain things. So put them in a different situation that’s designed specifically to make it break, make it uncomfortable, you know. Doing that’s really what hacking is all about.

Paul: So it sounds like the kind of work you’re doing is finding the — I don’t want to say “esoteric” but… I didn’t know. Is that fair? Esoteric? Because I’m wondering now, you must offer something or do something that, checks for the run-of-the-mill things.

Pricing Based on IP Addresses is Not Ideal

Adriel: Oh, yeah. Absolutely. So, when we offer our services, there are three different levels, and the higher level includes the lowest two levels. So there’s silver, gold, and platinum — the whole packages that we offer. The silver level package is the industry standard package. It’s what you’re going to get from 90% of our competitors or 90%, 99% of the industry. And it’s really how many IP addresses do you have? I’m going to price based off of the number of IP address. Right? So you say you have 10 IPs at 500 bucks per IP, $5,000. We don’t price that way. This is the competition.

And then we’re going to take the IP addresses that you give us. We’re going to give them to a vulnerability scanner like Nexpose or Nessus. And then we’re going to run the scan. The scan is going to find what it’s going to find. We’re going to pass the results of that off to a team of engineers. The engineers will exploit whatever is exploitable, and then they’ll produce a report. Right? So that’s sort of the entry level penetration testing service.

It’s not ideal for several for reasons. The first is, when you price based off of the number of IP addresses, you’re not actually pricing based off of workload. So, suppose you have the 10 IPs, and they’re all running complex web application, maybe 40 man-hours per IP, $5000, that’s $12.50 an hour roughly. Nobody can work for $12.50 an hour, so you have to compensate with automation.

The second reason why it’s not ideal is automated vulnerability scanners only identify the low-hanging fruit, which kind of goes in the question that you were asking. Right? So they only identify the, the basic stuff that exists — maybe 30%, 45%. Someplace in that range, anyhow, is configured of the vulnerabilities that exist with a network. So if your methodology depends on automation, you’re going to be leaving a major gap. You’re going to be leaving a lot of exposure, which is part of the reason why businesses are suffering breaches left and right. Right?

Real Time Dynamic Testing

So then you escalate up into the gold level of service, and the gold level of service will include that low-hanging fruit type thing, the basic checks. But then we bring in Real Time Dynamic Testing, which is the methodology that we use for doing research based penetration tests. It incorporates major components of our vulnerability research and exploit development practices. So Real Time Dynamic Testing and it gets you close to a 90, 95% point of coverage as far as technology is concerned. We don’t just use — and sometimes we don’t even use— vulnerability scanners, but we really depend on our own experience, expertise, hands-on digging. Right? And that coverage you get the low-hanging fruit, the basic stuff. You get the really advanced stuff in there.

And then you go for the platinum. Platinum is realistic threat. We will cover the gamut — social, physical, electronic — and there’s no limit to what we’ll do. We have zero day malware that we use. It’s called RADON. We have different variance of RADON. The social engineering practices that we use have been written about in The Economist, Bloomberg, Forbes. We built a mouse that was fully weaponized that breached networks for us. I mean, all kinds of things. Yeah. So that was a very long-winded answer to a very simple question.

What is Penetration Testing?

Paul: No, I appreciate that. So let’s roll back a little bit. And first of all, for our listeners — because we have a fairly wide range of listeners. So you mentioned the word “penetration testing.” And I know that’s generally referred to as pen testing, and it’s not testing whether your pen works. Is that breaking into a network? What is penetration testing, very simply?

Adriel: Yeah, it’s a test that’s designed to identify the presence of points where something can make its way into or through something else. And then when applied to network security or applied to networking, it’s the same kind of thing, but it’s a test that’s designed to identify the presence of vulnerabilities, in an infrastructure that can be breached by an adversary.

Paul: Okay. So you figure out how to get in.

Adriel: Yes.

Paul: Whether you do it or not, you, you know that now there is a door that is ajar or a window that’s not locked.

Adriel: Yes. So we, we figure out how to get in, and we do get in. We demonstrate by exploitation. So we demonstrate by proof.

Paul: Okay. So you go in and put something on their coffee table.

Adriel: Yep or, if it’s a physical point of entry, you know, one of our treasuries, we literally walked into a data center and walked out with a computer.

Paul: Really?

Adriel: One of the state treasuries. Yeah. In other cases, we’ve turned on web cams and microphones and recorded entire conversations in businesses. And in one case, we actually took a video of a guy picking in nose, playing solitaire, and drinking coffee.

Paul: Wow. Well, I know that can’t be me because I don’t drink coffee.

What Should You Do About Cyber Security?

Paul: So, okay. Good. Alright. So now, we hear about cyber security, network security, security all over the place, all the time. And, general citizens have no idea what to believe. Is it good? Is it bad? Is it getting worse? Is it getting better? Is there risk? Give me an answer, it’s some point. We’ll put in some stakes in the ground here. But what would you tell the ordinary, average person? Should they be using a computer? Should they not? Should they not worry about it? Who cares?

Adriel: Yeah, there is no such things as security when it comes down to corporate security or commercial security. There is just a market. And it’s a self-perpetuating market. And that market really does provide, in many cases, a false sense of safety. When it comes to help people should be using their computers, they should think very carefully about the kinds of data that they want to store on their own computers. And they should also think very carefully about what they put out into the cloud, you know, social media. Anything like that. Because that moment that information is out there, it’s no longer their information. It might be protected by contracts. It might be protected by privacy policies. But as we’ve seen with Equifax, and as we’ve seen with Target and Sony, Hannaford, Home Depot, Ashley Mad—, you know, I could go on and on. The information is no longer their information.

Paul: Well they don’t have control over it.

Adriel: Right. And one of the things that has really surprised me about people is people think, “Well, Facebook is private. That’s my Facebook page.”

Yeah, well, you know, it really isn’t. If you’re a private person, you shouldn’t put it out there. There is no control.

What’s the Big Deal with Online Profiling – Social Engineering

Paul: Okay. So let me just unpack that a little bit. That seems to be, well, when you are doing something — whether you realize it or not — you’re explicitly sharing information. You go and you put on Facebook that I like the color orange. Okay, so the world knows that. So what’s the big deal? So people know I love the color orange.

Adriel: Yeah. So the big deal is profiling. One of the things that we do when we hack businesses is we, for the platinum level stuff, we socially engineer people. To socially engineer people, we have to be able to understand what they like, what kids of pets they have, who they’re married to, who their children are, what the last meal was they ate, anything like that. Any of that information that might seem benign. That information can help us to build a false story around a false persona that meshes very well with them. And then that enables us to befriend them on Facebook or befriend them socially in the business.

Once we befriend them, we can begin to build a trust relationship. And once that trust relationship reaches the point where I can send them content by email, a document, or I can get them to click on a link, I can breach the network. So any information that they put out there is going to be useful for me to help leverage them or breach them. Or maybe even just create a falsified story, you know, and, and extort them.

I saw something really interesting recently. We have a friend here that’s going through a divorce and she received a letter in the mail. And the letter was sent to her house but it was addressed to her husband, her ex-husband, or soon-to-be ex-husband. And it said, “Hey, you know, I have really dirty information on you. And I’m not going to share it here because I don’t want your wife to know what this is but I think this is worth some hush money,” effectively. And “If you give me $2000 in bitcoin, I won’t tell anybody about this kind of thing.” Right? So the reason why they figured out this divorce was going on was because of information that was disclosed in public. It’s actually a fairly common scam. So any information that you put out there is stuff that can be leveraged by people looking to extort you or breach systems. Or, if we get hired, we’ll use it to break into whatever networks you have.

Paul: Okay. Alright. So the point here was that my use of technology as an ordinary citizen, you’re telling me I shouldn’t share things on Facebook.

Adriel: Right.

Paul: Without understanding the risks and if I’m okay with those risks. Is that fair?

Adriel: Yes.

Paul: What do you tell your close friends? Don’t use Facebook— don’t even use the internet? That seems like the safest thing.

Adriel: Yeah, it would be. Don’t trust anything on the internet is what I would say.

Paul: That’s fair. But now Equifax, I could have never used the internet, and Equifax, all of sudden, let all my information out.

Adriel: That’s right.

Paul: So I have been foregoing the enjoyment of the internet — because it’s a pretty cool place. I can do lots of stuff. I can learn lots of stuff. I can have great relationships and get to know people and see what my friends from high school are doing. And I’ve foregone all that. And then Equifax does something stupid and so I basically said, “Oh, I’m going to abstain from the internet.” How do you speak to that? What do you think of that?

Internet Abstinence Won’t Protect You

Adriel: So your abstinence doesn’t necessarily protect you.

Paul: Well, but there was no way to protect me there. There was no way to protect me.

Adriel: Right. There isn’t.

Paul: So why not just use the internet? I understand your argument.

Adriel: Yeah. That’s what a lot of people do. It comes full circle.

Paul: I understand that you’re saying that the more information I get, the more exploitable I am. The more I give, the more exploitable I am. But then it’s sort of like Chicken Little. It’s sort of like, “Well, I’m never going to use the internet, so I’m safe.” And then Equifax does something, and it’s like, “Well that was a waste of time.”

Adriel: Yeah. That’s exactly right. And that’s where this conversation always inevitably ends up here. Is, well I won’t use it. Well, even if you don’t think you’re going to use it, you’re still using it. Your bank is online, period. You’re living in this country, and this country is in its financial system, uses these ridiculous things called credit scores. Your purchases, everything you do, are online. You own a credit card, that’s online. You own a cellphone, you’re online. And you don’t have to have a social media presence, you’re there. The only thing that you do with your social media presence is you feed the engine unnecessarily.

Paul: Okay. Good. That’s great.

Adriel: Yeah. So I mean, that’s really the best way to explain it.

Paul: There’s a lot of stuff, we could do this a couple more times I’m sure. We’ve been talking with Adriel Desautels of Netragard. He’s a security expert. And we’ve been exploring security and penetration testing and security testing and all of the different things that coalesce to mean security, what is security and what isn’t security. There will be a tremendous amount of links that will be in our shownotes, that I think will be worth looking at. Many of the articles that Adriel mentioned and many of the sites and of course a link to Netragard as well, and ways to contact Adriel.

So Adriel thank you very much for your time. We really appreciate it! It’s really been fascinating and I think a lot of people will learn a lot today and I really look forward to doing it again.

Adriel: My pleasure, any time.

Paul: Thank you Adriel.

Exploring Christianity: Who is God?

February 6, 2018 / Hannah / 0 Comments

On episode 58 of The Edge of Innovation, we are exploring Christianity and who God is with Pastor Paul Buckley of King of Grace Church.

Exploring Christianity: The Good News

January 23, 2018 / Hannah / 0 Comments

On episode 57 of The Edge of Innovation, we are exploring Christianity with Pastor Paul Buckley of King of Grace Church.

Exploring Christianity With Pastor Paul Buckley

January 9, 2018 / Hannah / 0 Comments

On episode 56 of The Edge of Innovation, we are talking with Pastor Paul Buckley of King of Grace Church in Haverhill, Massachusetts.

Show Notes

The King Of Grace Church Website

Follow Paul Buckley on Twitter

Paul Buckley’s Blog

Follow King of Grace Church on Facebook

Listen to Paul Buckley’s recent sermons

Find King of Grace Church on Soundcloud to listen to more sermons from Pastor Paul Buckley and other King of Grace pastors

Link to SaviorLabs’ Free Assessment

Sections

What Is a Church?
A Faith Community
An Engineer Becomes a Pastor
Planting a Church
What Do People Look for in a Church?
A Christian Worldview
What is Christianity?
What is Sin?
Knowing Right from Wrong

Exploring Christianity with Pastor Paul Buckley

Paul P: Hello, everyone. I’m Paul Parisi, and today I’m here with Paul Buckley who is a lead pastor at King of Grace Church in Haverhill, Massachusetts. Welcome, Paul.

Paul B: Thanks. Great to be here.

Paul P: Good to have you. As we’ve talked about the Edge of Innovation, we talk about a lot of eclectic, different things and we really want to focus on the people as opposed to what they’re specifically doing technically. We’re a technical company, Savior Labs, but all of this technology is built to do something. And we’re not really focusing on the technology here. We’re talking about what we’re doing and what we’re hoping to accomplish.

What Is a Church?

So, I guess, King of Grace is a church, it’s that fourth word. It says King of Grace Church.

Paul B: Yeah, we’re a church.

Paul P: So what does that mean? I mean, there’s a lot of churches on a lot of corners. We’re in New England. It seems like they’re everywhere. Is it just an ordinary church? Is there something ordinary about church? Tell me about what a church is?

Paul B: Yeah, good question. That’s a word we use, and I think we don’t necessarily think about what it means. Really, it’s a community of people who are committed to faith, to their Christian faith, and they’re committed to one another in living together, walking out that faith, and serving the community. In some ways, a church should be a community within a community. So churches are all around us. They’re in multiple communities. But really, the historic idea, the biblical idea of a church is it’s really a faith community. It’s a faith community that lives within a community to be an influence for good on that broader community as well.

Paul P.: Okay. So you’ve used this word faith a couple of times. I don’t want to get too far afield here. But what is faith? Is it a wish, a hope? I’m not sure. What is faith? Give me a high-level understanding of it.

A Faith Community

Paul B: Yeah, well, there would be two aspects of faith when the word faith is used. It can be, you know, what you believe — the particular things you believe are true. It also is a body of belief as well. So when I say a faith community, I mean it is a community of people that believe something, but it’s really it’s a community defined by a body of belief. It’s a worldview really. I would argue that we all have faith. We all have a faith. We all have a worldview, and that influences who we are, how we interact, what we do with our lives.

So a church is a faith community. It’s a community defined by a body of belief, a particular worldview.

Paul P: Okay. So now we’re talking about…you’ve mentioned churches and faith, and so there’s lots of different churches out there. There’s like the Catholic Church, Mormons, Buddhist churches, Jewish churches, you know. What do those differentiations and how do they… I’m not asking for a sort of detailed analysis of every faith that’s out there, but how do you, at a high level, from a social point of view, talk about those?

Paul B: Yeah. Good question. The word church is usually used in the Christian context. So if you’re speaking of Jewish churches, rough equivalence of a church, it would be a temple, a temple community. Other as well — Buddhist temple and so forth.

So when we say church, there’s an implication there that we’re speaking of a Christian-faith community. And certainly we can look in society, and we see all sorts of faith communities and they may call themselves churches or associations, temple communities, so forth.

Paul P: Why isn’t it called a club?

Paul B: Good, good question. Yeah, well, a club would be different. Generally speaking, a club is an association of people who have a common interest, and they usually limit their activities to those particular interests. So, they’re generally narrower interests in a club. So a tennis club. What do you do there? Well, you play tennis. So generally, that’s how we use “club.” A church, faith community really is more holistic. That body of belief that we hold together is not a very narrow interest. It’s a very broad worldview, and there are commitments. There are lifestyles that follow from that worldview. So it would be much broader. And that’s why we wouldn’t want to use the word club because that would imply that somehow it’s maybe more casual and narrower in scope and so forth.

An Engineer Becomes a Pastor

Paul P: Okay. Well I’ve got a bunch more questions on that, but we are too far afield. So you’re Paul Buckley. Now I know that you have a Ph.D. So did you go to divinity school?

Paul B: No, I didn’t. I went to Johns Hopkins, which, actually, Johns Hopkins has a divinity school there, but I didn’t get my Ph.D. in divinity.

Paul P: So what was it? What was it in?

Paul B: In science. A Ph.D. in material science.

Paul P: So that doesn’t sound conventional. I mean, I imagine most people who are — I guess I’ll use the term — clergy. I guess you could be a monk or a priest or a pastor or a lot of different terms for that. Most of them don’t get there by going to school for material sciences. Is that true?

Paul B: At least not immediately.

Paul P: Yeah.

Paul B: True. Yeah. I didn’t get my Ph.D. merely to be a pastor. Certainly it has implications. I think it has a lot of implications in pastoring. But I was a research engineer for 14 years for the government and loved what I did, loved my work. And I did a lot of work that made a Ph.D. really important and really helpful.

Paul P: Okay. What could have happened that said, “Okay. I’m going to take this” — I don’t know — “lucrative career” — an engineer — “and go into this other business or career becoming a pastor”?

Paul B: Yeah. Sometimes I ask myself that question. It was a process, and it was a long process in some ways. Though I have to say, from very early on, I had an interest in Christian leadership and trust in a sense of call, obligation that I think, was more than just my bright idea to serve in that capacity, though I always thought of it as really being a lay leader of some sort. That’s what my personal preference, in some ways, would be.

Paul P: Okay. And by lay leader, what do you mean?

Paul B: Yeah. I mean by that someone who’s not full-time, you know, ordained clergy or really not ordained is what we mean when we say “lay.” So not being an ordained pastor, not being full-time. And so my expectation was just to serve in a capacity where, you know, I was a leader in the church, not necessarily a pastoral leader.

Paul P: Okay. But something must have… I mean, that’s a pretty radical departure from saying, “I’m going to be an engineer working in a job” — you were in a career — to saying, “I’m going to throw that all away.”

Paul B: Yeah. Well, it felt like that at times, and certainly when I told my dad initially, he thought that. Yeah. Good question. Again, it was a process. And so my desire to serve led me to serve in multiple capacities. And as I did that over time, I found myself being fairly effective in pastoral-type roles.

Paul P: Interesting.

Paul B: And it wasn’t necessarily planning to do that. At times I was, and, you know, toyed with the idea. But by the time the opportunity opened up, at that point in my life, I wasn’t planning on it. And I was, to a degree, effective in that role. And that wasn’t just me. It was those that I helped, those that I served, those that were over me — my pastors. Basically, there was a choir of folks saying we see a pastor here. And, I was probably the last guy to say, I guess you’re right. But it became pretty obvious, and I had to make a decision. I had to make a decision what the best stewardship of my gifts in my life would look like. And I would love, and still would love, to be in science. But you can’t really do both, at least the particulars that I chose.

So as I thought through that, I thought through what is responsible, and really, behind all that, a sense of what is God doing, you know, when I look at how I’m being used, and I look at the opportunities; I look at the needs; when I pray, when I talk to others, so forth and so on. You know, what do I think God wants me to do? Where’s my purpose? And not that it was some sort of lesser purpose to do science — I would have loved to continue — but there was a strong sense, well, I think this is what I ought to do. I think I do, in a sense, add value, a particular value, in this role. And so that’s kind of what led me to become a pastor and to become a church-planting pastor.

Planting a Church

Paul B: Okay. Now wait a minute. So you became a pastor, but then you said…what’s this church planting? I mean, there’s lots of churches everywhere. Explain what you mean by church planting.

Paul B: Yeah. A church plant is really a church, a new church, that’s started. Every church that exists, at some point, was a church plant. In the West, we’re kind of used to established churches. So we don’t think in terms of church plants because they were planted a long time ago. But they were planted. So the history of Christianity is a history of church planting. Jesus gave his followers this commission. He told me to go out and make disciples and affect the whole world. And really, the pattern in scripture and the pattern in Christian history is through churches, through local faith communities being started in areas growing and becoming more like Christ in their belief and practice and then being a positive influence in the community where they are.

Paul P: So you decided to — I imagine with other people’s encouragement — plant a church. And where did you do that? Is that in Haverhill where you are now?

Paul B: The church in Haverhill is the one we planted. Originally, we were in Methuen. So we were, at the time before we started the church, before we planted — and we did this with a team. It wasn’t just us, my wife and I. It was a whole team. Before that, we were in Maryland, though we’re from the Boston area. My wife is from Haverhill actually. We were in Maryland, and then we were in the Philly area. And so, from there, we came up and started the church, and as we worked with an organization, our denomination, and others as well, we made a decision to start something in the Merrimack Valley. And so originally, we thought Methuen would be a good place, and it was in many ways. We picked Methuen, and grew.

And over time we were kind of drawing people from a regional area, a fairly broad region, and we are to some degree still doing that. But we started to realize we were going to be more effective if we concentrate on a particular city of town, not to the exclusion of anything else, but to major on a particular city or town. And through a number of circumstances — one being that a wonderful building opened up in Haverhill, others being that everything we were doing in Haverhill was very successful, very well received. And also that, of any particular town, Haverhill was the most common one where people lived in our church. So all that kind of led us to locate in Haverhill in 2009.

What Do People Look for in a Church?

Paul P: And so now, I imagine people come to church and go from church. It’s something to do on Sunday, I guess. But what do you think people — families, individuals — are looking for? Why are they going to churches? I mean, we have so many different social opportunities now. Not that that’s too different. I mean, you know, years ago we had the Elks Club and the, whatever, the Square Dancing Club and all those different clubs. Is, is church different than that? I mean, you’ve mentioned it sort of is because there’s a common faith. But what are they looking for? Is it where I get my needs met? Or what do you think it is?

Paul B: Yeah, that’s a great question. I think initially, there can all sorts of thoughts there. And, and we as a church are prepared to welcome people coming from all different motivations. But I think long-term, to stay a part of a church, stay a part of our church and many others, there’s something more going on than just a particular interest, a club-like interest. Because there people who come because they want to have a spiritual experience for their children. They think that’s a positive thing. So they want to expose them to that. And that’s fine. That’s a fine motivation. But I don’t think that motivation is going to sustain someone’s involvement in the church long, long-term. They might come just because they like what we do in the community, and they want to check us out and see what’s going on.

But long-term, really the things that keep us and lead us onward are, are I think, more substantial than those particular interests. It’s really the idea of a robust worldview that shapes our lives in a positive way makes a real difference in how we live, how we relate to others, what we think about ourselves, how we understand God, and the choices we make in life, really, in every arena. It’s about a comprehensive worldview that propels us, that gives us something bigger than, I think, we can get in all those other interests. So clubs are great. I’m involved in clubs and so forth, but you’re not going to find something robust and comprehensive, define your life on a larger scale from those particular clubs and interests.

And I think, you know, it’s something to think about. Sometimes we can affiliate with a lot of different organizations along different interests but never have something that kind of gets deeper, gets to the heart, like, why am I here? Who am I? What should I be doing? You know, what is this about? Is it, is it worth something? Is there a purpose here? Those are really important questions that, I think if we don’t address them, they’re just going to be there, and they’ll nag us, and there with be a sense of disease, of just being ill at ease and so forth if that question doesn’t get answered.

A Christian Worldview

Paul P: Interesting. So as you were talking about that, I sort of thought of sort of different silos. Like I like photography and woodworking. So I could go to a photography club or a woodworking club or read magazines on photography or woodworking or computers. I love computers. And I could be really good at computers, but that doesn’t really inform photography. Or it doesn’t cross those barriers. And so, I guess it’s more holistic. Would you go there?

Paul B: Yeah. I think your, your worldview does influence your view of those different silos, and a Christian worldview is a robust one. I think it has an answer, and.it has truth. It has a lifestyle that affects all the different silos. So, a Christian should be involved in these different interests. It’s part of what it is to be human and to thrive as a human. But being part of a church helps you understand, have the perspective, the reinforcement and, and the fulfillment that, that God intended in all those activities.

What is Christianity?

Paul P: So, I mean, so you, you’ve used the term Christian several times. And what’s the simple definition of, of that? And how does it differ from other religions? Because I think that everybody — certainly in the 21st century world would say they’re all equal. You believe whatever you want. We have an almost overwhelming encouragement to believe whatever you want, as long as you are true to yourself, you’ll be fine. So is that part of Christianity? Is that an extrapolation of Christianity? What is Christianity, I guess?

Paul B: Good, good question. Yeah. When we talk about being a Christian or having Christian faith, there are different aspects of what we mean. First there’s people that are nominal Christians, and what I mean by that is they take the name of Christian, and they like aspects of that and I don’t think that’s necessarily a problem. But historic and biblical Christianity is really following Christ. That’s probably the simplest definition. If you’re a Christian, you’re a follower of Christ.

Paul P: A follower of Christ. Okay. He’s not alive today. He’s not walking around. I can’t follow them with my car. What do you mean by that?

Paul B: Good question. Yeah. Well, I think he is alive today. That’s fundamental to following him, that we believe he is alive. We believe that the accounts of his life contained in the scripture are true and that from what we read and know, he did die, but then he rose again. He died on a cross. He suffered, died for sins to make atonement for sin so that we could be forgiven in him and have life in him. And then he rose again from the dead, and he ascended into heaven, and he’s coming back. Those are basic Christian truths that are contained in scripture, have been believed for thousands of years. So a Christ follower, one who follows Christ is one who follows a Christ who has died for sin and rose again and is alive.

What is Sin?

Paul P: So what that he died for sin? What does that mean? What is sin? I mean, because nowadays, it’s like do whatever you feel is good. Right? I mean, we define what’s good a bad by our own selves right now. So he died for sin. Can you flesh that out? What does that actually mean?

Paul B: Well, sin is not a happy word for us, really, is it? We don’t like to talk about it. It’s not mentioned much.

Paul P: So yes and no. But I don’t think anybody that can be reasonably intellectually honest about things, there’s this thing called sin, which you can define any way you want. You can give me your definition of it, and it’s neither. People don’t like to talk about it. Why do you think about people don’t want to talk about it? I mean, somebody has to talk about it. It’s like saying there’s no water in the lake. It’s like, well, we don’t talk about that. But the reality doesn’t change. So sorry to interrupt, but if there’s this thing called sin, and you’re saying that Jesus died for sin, what does that equation mean? What does that actually mean?

Paul B: Yeah. Well, we don’t like to talk about it because it’s uncomfortable, but we always deal with it. We see it around us. When someone does something wrong, we react to it. We know, really, what’s wrong and what’s right, to a great degree. Sin is really doing the wrong thing or failure to do the right thing. So we know that. We live with that.

Paul P: So is it that simple?

Paul B: Yes, it is.

Paul P: So you’re saying I shouldn’t do the wrong things. If I’m being intellectually honest, and I don’t like what somebody is wearing, I shouldn’t kill them. I mean, I’m being extremely outrageous here. But where does that come from, that notion that it would be wrong? And I think 10 out of 10 people would say, “That was wrong to kill that person. Why did you kill that person?”

“I didn’t like their shoes.” Well, that’s even worse wrong. So where does that come from?

Knowing Right from Wrong

Paul B: Yeah. That’s a great question. I think it comes from who we are. Fundamentally part of what it is to be human, what we would say, we’re made in the image of God. We’re made like God in the sense that we understand about people, we understand relationships, we understand ethics and so I think it’s inherent. Even if someone were not to grant me that, I would say it’s always very logical. The Golden Rule — do to others as you would have them do to you —and then there’s different versions of that, of course. It makes sense because you’re not the only or central being. When you start to acknowledge other identities around you — you know, “What right do I have over them? I should treat them as I would treat myself or want to be treated.”

Paul P: Okay that sounds reasonable.

Paul B: And that’s a biblical truth, but it’s also a logical truth that you see across all different worldviews really. But I would say it’s more than that. It is that, but it’s more. I think it is part of what it is to be made in the image of God too. I think we have inherent understanding of right and wrong and it’s built in.

Paul P: Well, let me stop you there. We’ll get back to that whole concept here of this.

Interior Designers: More than Meets the Eye

December 19, 2017 / Hannah / 0 Comments

On this episode of The Edge of Innovation, we are talking with interior designer, Amanda Greaves of Amanda Greaves and Company, about what it takes to be an interior designer.