DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Grandpa Joe Stayed in Bed for 20 Years: The "Not My Job" Origin Story

Name: Willy Wonka & the Chocolate Factory
Released: 1971

Patrick Duggan
Oct 23, 2025
7 min read

# Grandpa Joe Stayed in Bed for 20 Years: The "Not My Job" Origin Story

**Published:** October 23, 2025

**Author:** Patrick Duggan

**Category:** Culture, Security, Film

**Reading Time:** 8 minutes

The Connection I Just Realized

I just wrote a blog post about "Chico and the Man" and how Freddie Prinze's "not my job, man!" catchphrase became enterprise security's failure mode.

**Then my AI assistant pointed out what I completely missed:**

**Ed Brown (the garage owner fighting "not my job" culture) was played by Jack Albertson.**

**The same Jack Albertson who played Grandpa Joe in "Willy Wonka & the Chocolate Factory" (1971).**

**The guy who stayed in bed for 20 years claiming he couldn't work.**

Grandpa Joe: The Patron Saint of "Not My Job"

**Willy Wonka & the Chocolate Factory (1971):**

**The Setup:**

- Charlie Bucket's family lives in extreme poverty

- Grandpa Joe shares a bed with THREE other grandparents

- All four grandparents stay in bed claiming they're too old/sick to work

- Charlie's mom works in a laundry, Charlie delivers newspapers

- Family survives on cabbage soup

**Grandpa Joe's Claim:** "I'm 96½ years old, I can't work"

**What Actually Happened:**

- Charlie gets golden ticket

- Grandpa Joe LEAPS OUT OF BED

- Dances, sings "I've Got a Golden Ticket"

- Walks perfectly fine for entire factory tour

- Drinks Fizzy Lifting Drink, FLIES to the ceiling

**The Math:**

- Claimed disability: 20 years

- Recovery time after golden ticket: **0.4 seconds**

- Medical miracle: Not really

The Irony: Same Actor, Opposite Role

**1971: Jack Albertson as Grandpa Joe**

- Stays in bed 20 years

- Claims "can't work"

- Family starves around him

- Golden ticket arrives → suddenly fine

**1974-1978: Jack Albertson as Ed Brown**

- Runs a garage (actually works)

- Employs Chico Rodriguez

- Fights against "not my job" excuses

- Cantankerous BECAUSE people won't work

**Same actor. Opposite problems. Same cultural disease.**

The Enterprise Security Parallel

**Grandpa Joe's "Not My Job" Playbook (Applied to Security Teams):**

Phase 1: The Bed Years (Pre-Breach)

**Infrastructure Team (Grandpa Joe #1):**

- "We can't do application security, we're too old/specialized/tired"

- Stays in their lane (management plane only)

- Perfect infrastructure, zero workload security

**Application Team (Grandpa Joe #2):**

- "We can't do infrastructure security, we're too focused on features"

- Stays in their lane (code only)

- Ships features, ignores security scanning

**Security Team (Grandpa Joe #3):**

- "We can't implement controls, we just write policy"

- Stays in their lane (documents only)

- 400-page security policy, zero enforcement

**Management (Grandpa Joe #4):**

- "We can't do technical work, we just approve budgets"

- Stays in their lane (PowerPoint only)

- $5M security budget, still gets breached

**All four teams:** SHARING THE SAME BED (organizational structure)

**The family starves:** Customers get breached ($12M settlements, regulatory fines)

Phase 2: The Golden Ticket (Breach Happens)

**Breach discovered → Everyone suddenly CAN work:**

**Infrastructure Team:** "We'll implement network segmentation!" (Why wasn't it already done?)

**Application Team:** "We'll add security scanning!" (Why wasn't it in CI/CD?)

**Security Team:** "We'll enforce policy!" (Why wait for breach?)

**Management:** "We'll hire consultants!" (Why not prevent breach?)

**Just like Grandpa Joe:**

- Claimed 20 years of disability

- Danced when incentive arrived

- **Could have worked the whole time**

The Dell Azure Stack Lesson (2017-2020)

**What I watched at Dell Technologies:**

**Our Team (Dell + Microsoft):**

- Built perfect Azure Stack management plane

- Hardened infrastructure, automated patching, RBAC enforcement

- Did our job exceptionally well

**Customer Behavior:**

- Deployed workloads on our perfect infrastructure

- Used default passwords (`Password123` for SQL `sa` account)

- Hardcoded credentials in code

- Left databases exposed to internet

**The "Not My Job" Chain:**

- **Dell:** "Workload security is customer's job, we did management plane"

- **Microsoft:** "Customer is responsible for workload security per shared responsibility model"

- **Customer Infrastructure Team:** "Application security isn't our job"

- **Customer Application Team:** "Infrastructure security isn't our job"

- **Customer Security Team:** "Implementation isn't our job, we write policy"

**Result:** Perfect management plane, breached workload plane, **$12M settlement**

**Everyone was Grandpa Joe. Staying in bed. Claiming "not my job."**

The DugganUSA Difference: We Got Out of Bed

**The Problem with Grandpa Joe:**

Not that he couldn't work. **He could work the whole time.**

The problem: **He chose not to until external incentive (golden ticket) forced him.**

**The Problem with Enterprise Security:**

Not that teams can't secure both planes. **They can secure both planes.**

The problem: **They choose not to until external incentive (breach) forces them.**

Our Approach: No Bed, No Excuses

**Management Plane (Infrastructure) - Our Job:**

- Azure Key Vault with 90-day rotation ✅

- RBAC enforcement ✅

- Certificate automation ✅

- Network restrictions ✅

- Audit logging ✅

**Workload Plane (Application) - Also Our Job:**

- Judge Dredd pre-commit enforcement (9 laws, blocks insecure commits) ✅

- CodeQL security scanning (every commit) ✅

- Dependabot alerts (auto-patching) ✅

- ThreatFox IOC monitoring (7,089 threats daily) ✅

- VirusTotal malware scanning (6 microservices) ✅

**Result:**

- 81% SOC1 compliance at $77/month

- Zero breaches (180+ days production for Cloudflare bypass, 16 days for full platform)

- No "not my job" excuses because there's only ONE job owner: Us

The Math on Staying in Bed vs Working

Enterprise "Grandpa Joe" Approach

**Security Budget:** $5M-$13M/year

**Team Structure:**

- Infrastructure team (Grandpa Joe #1): $2M/year

- Application team (Grandpa Joe #2): $2M/year

- Security team (Grandpa Joe #3): $3M/year

- Management overhead (Grandpa Joe #4): $1M/year

- Incident response (golden ticket response): $5M/year

**Total:** $13M/year

**Breach Cost:** $12M settlement (SQL default password - "not infrastructure's job" to fix app passwords)

**All four stayed in bed until breach happened.**

DugganUSA "Already Working" Approach

**Security Budget:** $77/month ($924/year)

**Team Structure:**

- Patrick: Does both management and workload plane security

- No handoffs, no "not my job" excuses

**Breach Cost:** $0 (preventative security, not reactive)

**Cost Advantage:** $13M vs $924 = 14,069× more efficient

**Why?**

**We got out of bed on Day 1. We didn't wait for the golden ticket (breach).**

The Fizzy Lifting Drink Scene: Proof He Could Work

**In Willy Wonka:**

Grandpa Joe drinks Fizzy Lifting Drink with Charlie. They float to the ceiling. **They almost get chopped up by the fan.**

**This scene proves:**

1. Grandpa Joe has full mobility (floating, steering, grabbing things)

2. Grandpa Joe has full cognitive function (warns Charlie about fan)

3. Grandpa Joe has been faking disability for 20 years

**In Enterprise Security:**

Security team writes 400-page policy document. **Never enforces it.**

**This proves:**

1. Security team has full technical capability (wrote detailed controls)

2. Security team has full domain knowledge (knows what needs securing)

3. Security team has been claiming "implementation isn't our job" as excuse

**Both Grandpa Joe and enterprise security teams: CAPABLE but CHOOSING not to work until forced.**

The Charlie Bucket Parallel

**Who is Charlie in this story?**

**The customer.**

**In Willy Wonka:**

- Charlie works (newspaper route)

- Charlie's mom works (laundry)

- Four grandparents stay in bed claiming disability

- Family starves on cabbage soup

**In Enterprise Security:**

- Customer pays $13M/year for security

- Customer expects teams to secure both planes

- Four teams claim "not my job"

- Customer gets breached, pays $12M settlement

**Charlie deserved better grandparents.**

**Customers deserve better security teams.**

What Willy Wonka Got Right (That We Got Wrong)

**At the end of the movie:**

Wonka gives the factory to Charlie. **Not to Grandpa Joe.**

**Why?**

Because Charlie WORKED when no one was watching. Charlie didn't need a golden ticket to get out of bed.

**In enterprise security:**

Companies should give security authority to the team that WORKS both planes from Day 1.

Not to the teams that claim "not my job" until breach happens.

**DugganUSA = Charlie Bucket approach**

We work when no one's watching. We secure both planes without waiting for the breach (golden ticket).

The Gene Wilder / Mel Brooks Connection (Bonus)

**User mentioned:** Gene Wilder (Willy Wonka) was in "Blazing Saddles" (Mel Brooks, 1974) around the same time.

**The Mel Brooks Lesson:**

Mel Brooks famously **bamboozled** Frankie Laine (singer who did "Blazing Saddles" theme song).

**What happened:**

- Frankie Laine was a legendary Western singer

- Mel Brooks asked him to sing theme for "Blazing Saddles"

- **Never told him it was a comedy**

- Frankie sang it 100% seriously (thinking it was a real Western)

- **That's why the song works** (earnest performance + satirical film = comedy gold)

**The Enterprise Security Parallel:**

Most security teams treat their jobs like Frankie Laine treated "Blazing Saddles":

**Dead serious about the PROCESS (writing policy, holding meetings, presenting PowerPoints)**

**Completely unaware their APPROACH is satire (no enforcement, no implementation, no results)**

**DugganUSA approach:**

We know the industry is satire (95% theater, 5% actual security).

We CHOOSE to do actual security (Judge Dredd enforcement, production validation, receipts).

**That's why it works.**

The Lesson: Get Out of Bed

**Grandpa Joe stayed in bed 20 years.**

**Enterprise security teams stay in their lanes (management plane OR workload plane, never both).**

**Both claim "not my job" until external incentive forces them.**

**The Fix:**

**Stop staying in bed. Stop waiting for the golden ticket (breach).**

**Secure BOTH planes from Day 1.**

**Be Charlie, not Grandpa Joe.**

The DugganUSA Standard

**We don't wait for breaches to start working.**

**We don't claim "not my job" when security gaps exist.**

**We own:**

- Management plane (Azure Key Vault, RBAC, certificates, audit logs)

- Workload plane (Judge Dredd, CodeQL, Dependabot, ThreatFox, VirusTotal)

- Both planes, zero handoffs, zero excuses

**Cost:** $77/month

**Breaches:** Zero (180+ days Cloudflare bypass production proof, 16 days full platform)

**Grandpa Joes on our team:** Zero

**Next Post:** "The Fizzy Lifting Drink Protocol: Why Security Teams Float to the Ceiling When Breaches Happen"