You’re a security vendor and you’ve got a short briefing with a security analyst from a research firm. What do you want to get across to them, and what do you want to hear back from them?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Ed Amoroso (@hashtag_cyber), founder and CEO, Tag Cyber.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our podcast sponsor, Cymulate
Full transcript
David Spark
You’re a security vendor and you’ve got a short briefing with the security analyst from a research firm. What do you want to get across to them and what do you want to hear back from them?
Voiceover
You’re listening to Defense in Depth.
David Spark
Welcome to Defense in Depth. My name is David Spark, I am the Producer of the CISO Series, and joining me for this very episode is Geoff Belknap, he’s the CISO of LinkedIn. Geoff, what does your voice sound like?
Geoff Belknap
David, this is what my voice sounds like and this is what a podcast of Defense in Depth sounds like.
David Spark
Huh. You are very correct. Our Sponsor by the way, Geoff, today is Cymulate.
Geoff Belknap
Cymulate.
David Spark
Yes. You know all these cyber companies have to spell their names differently. Cymulate spells their name C-Y-M-U-L-A-T-E and they are a platform for security leaders to manage, know and control their cybersecurity posture. Guess what? We’re going to learn more about them later in the show.
Geoff Belknap
Can’t wait.
David Spark
But first, Geoff, on LinkedIn I asked a question that I posed in the show’s tease, I asked how should you present to a security analyst? Does it differ though how you present to a prospect? And I must say I’m going to say mea culpa here, I suggested a very short time window of you only have 20 minutes with a security analyst and everyone was like, “No way, no, it’s got to be at least 30 minutes, if not 45 minutes, an hour.” So interested to know how much time is appropriate for an analyst. Also, what should you say to an analyst? So Geoff do you think an analyst pitch differs from a potential client pitch?
Geoff Belknap
Oh absolutely. When I have been in the position where I’m talking to analysts, it’s very different because they want to talk about the concept and the theory and the company and why you built this company, why you’re solving this problem. They don’t have the specific implementation questions that I might have as a practitioner, and they’re less worried about specific details, like specific costs, and more about, you know, what’s the theory, what’s the strategy, how does this fit into the greater ecosystem that people like me are looking at. So it’s a really different conversation and I think we have a great guest to talk about the nuance there.
David Spark
Yes. He is the inspiration for this very conversation, because I met him when we were doing our live show in Newport, Rhode Island, and I loved what he was saying on this very topic, so I said, “Ah, this guy is going to be perfect for this conversation.” Very thrilled to have him. He’s the Founder and CEO of the analyst firm, Tag Cyber, Ed Amoroso. Ed, so nice to have you here.
Ed Amoroso
Hi David, how you doing? Nice to see you Geoff as well.
Does it play nicely with others?
00:02:43:08
David Spark
Ilia Sotnikov of Netwrix Corporation said, “In every analyst conversation, I try to talk about the why behind our product and portfolio decision. And in return, I want to hear how this reasoning stands in the light of their client conversations and market knowledge. This allows to validate or adjust the strategy, often showing us opportunity for additional research in the areas we may have overlooked.” And Paul Lanzi of Remediant said, “What are they hearing in their end user inquiry calls that they don’t feel they have a good answer for today?” And obviously referring to his industry. And to them what he wants to say is, what are the one to two things to remember about my company and the way we solve the problems in this tech space? So this is kind of a good opening outline of how to address an analyst. Agree or disagree, Geoff?
Geoff Belknap
Oh yeah I think this is exactly the right direction. You are approaching an analyst not necessarily as a customer or a prospect, but as somebody who understands more broadly the product space that customers and prospects are looking into, and is challenged themselves with understanding what are the landscape of solution providers out there and what is and isn’t available. And I think especially useful for security companies, what are customers asking for that they might not be telling those companies directly? And this is a great way to get started with that.
David Spark
Ed, I throw this to you. You are definitely the expert on this topic. Are both Ilia and Paul addressing this the right way?
Ed Amoroso
Well the question in a sense is a little malformed because the problem is the analyst community. The bulk of it, certainly in cybersecurity, is ready for disruption, they’ve not been doing their job. You heard a moment ago Geoff say they’re not practitioners, well if they’re not practitioners they shouldn’t be analysts, it’s as simple as that.
David Spark
Oh, okay.
Ed Amoroso
And let’s face it, when was the last time you read an analyst report that was worth the time? It’s probably been a while. So the reality here is that I think the analyst community and the analyst industry, characterized by Gartner and Forrester and others, is about where IBM was in maybe the late 80s; they’re big, they’re billion dollar firms, and when you get to be a four billion dollar entity your main concern is feeding the beast. So when a small company is talking to Gartner about something, they’re getting somebody who lives in a very thin tranche, it’s hard to find analysts so they hire people who don’t have experience, they’re one chapter ahead of you in the book, they’re asking from a template of questions, and then they sketch something out that they hand off to a sales team to try to get you to pay for a research subscription. So let’s face it, when a small company is pitching an analyst firm, they should recognize that that’s essentially a sales call for that analyst firm. So that’s wrong.
David Spark
So it’s the relationship that’s a little, I guess, stilted because it’s not in the way that we’d like to believe it, because it is as you said a sales call. So the way we, I guess, have been thinking about analyst meetings are broken as a result of that. Is that what you’re saying?
Ed Amoroso
I think that’s right. Now look the practical matter is if you’re a small company and you’ve got a VC behind you, they’re going to demand that you go play nice with Gartner and Forrester and you’re going to have to get on the phone with them, and you’re going to have to play act through some sort of a briefing where you show them your value proposition, and your advantage that you have that’s unique and the problem you solve and your [4.0], the adopters and why your Series A has so much money, and why you’re so much better than all these others. And the analyst firm will politely ask about cloud and about zero trust and they’ll write it all down and you’ll wrap, and then you’ll get a sales call afterwards saying, “For $40,000 maybe we’ll mention you in one of our reports.” That is the dance, that is the game and that not only has no impact, I think it has a negative impact on our industry, because it takes a sacred aspect of what we do, namely the relationship between vendor and the practitioner, and it makes a mockery of it. CISOs run when they see vendors and they run when they see analysts, it’s like nobody’s getting along because everyone sees everyone else as a revenue opportunity. That’s why I founded Tag Cyber. I hire former CISOs and they’re not looking for money, they’re looking for purpose. And that’s when we get on the phone with a small company, we don’t charge anything for our briefings. If they want us to do a webinar, yes, I’m going to charge them some money for that, if they want us to do an ROI, we’ll charge them for that. But I’m not charging them to influence what I think. We give them advice and when enterprise teams subscribe to our research, man they’re getting unbiased, honest information from practitioners who I assure you have as much if not more experience than the people who are paying for that guidance.
What are the best ways to take advantage of this?
00:07:59:09
David Spark
Carla Roncato of Teradata said, “As an analyst in identity and data security segments, I want to hear the origin story for why they created the company.” And Neil Saltman of Sotero said, “Make sure they understand where you fit into the security ecosystem (where you integrate and add value) and the use cases or challenges you solve for.” He suggests avoiding pricing discussions. And Fernando Montenegro of Omdia actually says, “I think pricing is a fair game for conversation, one needs to understand where the vendor sits in spectrum of pricing and how that relates to their messaging and expectations.” And I should mention that Fernando is an analyst himself. Geoff, these are sort of other angles to take with an analyst, pricing, telling your story, is this appropriate?
Geoff Belknap
I think it’s appropriate for a standard analyst conversation. But I think I reflect back on what Ed said, and why I love talking with Ed. The reality is the analyst relationship is not giong to be the same value add as a prospector or customer relationship. It’s a different game you’re playing, and I hate to phrase it as a game, but in reality it is one of those kind of things. If you’re a new startup or even if you’re established and you’re not covered by a set of credible analysts, it’s an easy way for larger prospects to eliminate you. And one of the things that a lot of new companies try to do, is just enamor themselves with a set of core analysts. So you get a couple of things, one, get that analyst thinking about you positively, which even sort of subconsciously they’re going to talk about you positively when they talk to customers and do customer calls, but then most importantly and especially if you’re a new company, they’re going to create a new segment for you or a new category for you of research notes.
David Spark
The number of vendors that I’ve heard who say, “Oh and guess what, Gartner’s creating a new category for us.” And all I can think is jeez, another thing to learn about?
Geoff Belknap
Well I think if they’re going to create a new category for us, is ooh they’re going to give us an opportunity to pay, we’ll just say way more than the $40,000 Ed was quoting earlier, so that you can be covered as one of the prime leaders in this category.
David Spark
Yes.
Geoff Belknap
And I’ll say I as a CISO, as a practitioner, don’t get a ton of value from analyst coverage but I understand, having been on the other side, that having positive analyst coverage is really important for the marketing engine of your business.
David Spark
Ed, let me tell you a quick story. One of the quotes that I got from Mike Johnson, who is one of my co-hosts for the other podcast, he said, “I am not going to ignore a possible vendor just because they’re not on Gartner’s magic quadrant.” The response from the community was enormous, because there’s been unfortunately a little bit of Gartner bashing and feeling, you know, you have to pay to play, has been a lot of complaints that people have made in the past. You’re saying, and we’re kind of going around the map here, but this is broken for the industry, referencing what we said in the first segment, so how can a company that I guess wants to talk to you, or even a Gartner, be able to tell a story that will be compelling enough for them to want to report?
Ed Amoroso
Think about it in your own life, the people who have helped you, advised or provided guidance, were they people who had a skill in asking you the right questions and helping you discover the answer, or were they people who sat as the genius analyst, I’m the great Om Swami from Gartner and I know all the answers? And you call me and I pontificate on, here are the three best vendors, there, I’ve said it. No business operates that way, you don’t love that in life. So a good analyst is somebody who’s not there to prove that they have some resonate and that they’re smart and “Call me and I know all the answers.” It should be somebody who’s knowledgeable, who can help you not only with questions but with context. An analyst firm should be there to advise, to provide assistance.
David Spark
Can you give us some examples of an engagement you would have with a company, somebody you’re excited about, but you’re saying, “Oh guys, you’re kind of missing this and you really need to know about this.”
Ed Amoroso
Here’s an example: You frequently hear these companies that come out of the government, and let’s say they took some technique that they learned in the federal world, like obfuscation or weird attribution, stuff that’s very cool, very cloak and dagger. And then they go to a VC and the VC says, “Oh my god, every bank, every Walmart is going to love this, retail is going to love this.” And you get on the phone with them and you listen, and you say, “Oh my gosh.” So they say, “What do you want to do?” “Well we want to go sell this to all the retail companies.” It’s your job as an analyst to say, “Now let me ask you a question, the last ten visits that went well, who were they with?” And they say, “Oh, it was with Leidos and Raytheon and IBM Federal,” you get the point. And you say, “What are the ten that didn’t go so well?” And they rattle off these commercial firms. And you say, “Does that tell you anything?” And then you find out that the reason they freak out about that is because some VC told them that if you’re selling fed gov or fed tech you’re a 3X company, whatever that means, but if you’re able to sell to commercial you’re a 10X company. So they call analysts saying, “How do we tune our message so that I can sell this thing to these others?” And I say, “You don’t. You celebrate that you’ve got customers who love what you’re doing. Don’t worry about what your valuation is.” The purpose here is solving problems, that’s why you start a company and you should be proud. Like is Raytheon’s money a different color than Walmart’s? No. But in the VC community they have this whole thing. So be proud that you can help someone, you can help someone with your product.
Sponsor – Cymulate
00:14:12:14
Steve Prentice
According to David Klein, Director and Cyber Evangelist for Cymulate, the beauty of extended security posture management is it optimizes a company’s existing security controls, allowing people and incident response plans to be the best that they can be. This is done not by placing an additional load on an enterprise, but by optimizing what they have. And this he says is of great interest to CISOs.
David Klein
What the CISOs tell me is they know what parts of their cybersecurity portfolio to keep, what to get rid of, they know their investment is optimized and most importantly they can explain enterprise risk and how to reduce it, and everything is based on empirical scores on assumptions. And thus by clear cut base-lining other security posture over time and trending, they’re able to avoid drift, avoid risk and if they are hit they can recover. And the best part is, you know, we have a very active community and we have a free academy, which even gets you (ISC)2 CPE credits.
Steve Prentice
Cymulate’s services include breach and attack simulation. How well are my security controls and security processes performing? Continuous automated red teaming. Where is my attack surface vulnerable and how can an adversary breach my defenses. And advance purple teaming. How do I craft and automate assessments and assurance unique to my environment. For more information and a free trial, visit cymulate.com.
What are they doing wrong?
00:15:48:10
David Spark
Angie Byrnes over at Spark 180, I swear we’re not related, has suggestions about what not to do in an analyst conversation, and Angie suggests “telling them about the trends/market they already are covering. Claiming to be the best-in-class, industry leading unicorn, without any competitors. Using your sales/pitch deck. And running out of time before getting to use cases and case studies.” Geoff, I hear all of these in a pitch. Yes?
Geoff Belknap
Yeah, look, when you’re talking to a prospect, these are also probably great don’ts. I wrinkle my nose at how many cold pitches I get in my emails that are like, “Ah these are the ten things a CISO must do, or if you’re managing security, this is what’s happening in the market.” It’s like, no listen, I’ll tell you what’s happening in the market or I’ll tell you what I need to do. It’s not sitting around waiting for somebody else. I wonder how many accountants or CFOs or chief legal officers get those pitches that are like, “Hey you’re not a good lawyer if you’re not doing this thing, this list of things.”
David Spark
But have you ever seen a pitch where often it says, “Oh we need to get a data point from some outside research to validate the thing we’re doing.” And it says, “X percent say that all hacks are coming through this port.” And I think they’re assuming, oh I didn’t know that, now officially at this point, I’m worrying about that thing. That never happens.
Geoff Belknap
Yeah, I feel like everybody, especially in the security space where there’s so much noise and it’s so hard to rise above, that everybody’s looking for a hook and they would love an analyst quote, or they would love some thought leader to give them that hook, just so that they can have the conversation. And like I said, I’ve been in startups, I get it, but it’s not great. The reason secret is like go build relationships with people and invest the time, so that I believe that you understand what my problems are and how I want to solve them. Don’t hire just more SDRs and feed them full of analyst reports, like that’s not the way to go.
David Spark
Alright, Ed, one of my favorite things that you said when we were having dinner back in Rhode Island, was you said, “All pitch decks, just delete the first two slides.” Was that it?
Ed Amoroso
Yeah more or less. I mean it’s funny, just as a backdrop, I listen to about 700 cybersecurity pitches per year with my team, and it’s quite fun, like I mean it’s exciting, it’s almost like people like to rummage through garage sales looking for a diamond in the rough. It’s so exciting when somebody’s pitching and it sounds great and it’s the real thing, and then we really want to dig in with them. By the way that’s what an analyst is supposed to do, not who’s got the deepest pockets but who’s got the best idea. So I think that if there was like a Guinness Book of World Records category for listening to the most pitches, I’m putting my name in there, I’m in the top ten. So your point is well taken about the decks.
David Spark
It was your quote actually.
Ed Amoroso
Well I say I’ve no idea what your deck is and if you must use a deck by the way, I absolutely metaphysically guarantee that it would be better if you start on chart four than on chart one, just throw out the first three. Because we all know the first chart tells you that according to the famous Om Swami analyst, 83% of CISOs say, “Gosh, we should be in the cloud.” And it’s like well thank you.
David Spark
By the way, have you seen someone pitch a pitch deck to you with a quote of yours?
Ed Amoroso
They do do that from time to time. Now let me comment on that. So I would definitely throw that back at them a little bit. But here’s one thing I do think that they should do. Look, everybody’s different and nowadays it’s really easy to figure out somebody’s kind of shtick. Like you can look up me, you can look up either of you guys, David or Geoff, and I get in one second what Geoff is about. You should tailor the pitch to the person you’re talking to. Is it that much trouble? Like if you’re talking to somebody who’s obsessed with compliance, and normally in your pitch deck, quote, unquote, that’s the third most important thing in your product but you just did it randomly, move it to number one then! Why not?
David Spark
So can you describe just two or three elements of somebody who you’re just like, “Wow, you guys got this pitch right.” What were they doing, that made you sort of really stand up?
Ed Amoroso
Well I’m going to tell you what I think it is, but I also want to tell you that when you ask people about pitching they know what the answer is. Just like if I asked either of you what your diet is, you would say, “Oh I eat a lot of vegetables.” And then I watch you for three days and you’ve got a bag of Fritos in your pocket. So people say one thing and do another.
David Spark
Oh I don’t.
Ed Amoroso
All that time and cynic stuff about why that’s true, I think that there’s a reason we want to hear about the why, because in our business you’re not going to lose if it’s your vocation. If you decide that behavior analytics is what you do, it’s what you believe in, you did it for 20 years in some bank, you have all these ideas, it was your dream, you begged your wife to let you try, you’re finally going to do, you’ve got these ideas and you work 24 hours a day on this thing you’re obsessed with, and I say, “Why are you in business?” and they tell you that. That sounds pretty good versus, “Well I exited three companies, I’ve got my Ferrari, I knew a few guys, I hear behavior analytics is big, I can start a company, I’ll exit in three years.” To me I want to vomit at that story.
David Spark
It’s amazing the number of times your first introduction to somebody is they exited X number of companies.
Ed Amoroso
“Yeah I’ve got all this money.” And you’re thinking, look, practitioners in security. I mean I got lucky, I ran a big program at 18, so I made some money. Most people don’t make as much as you think. And the last thing you want is some guy telling you, like, “I was just on with some big fancy company, it’s a big valuation, a big six billion dollar valuation,” the guy’s in his 20s and he’s telling me, I’m 60, saying, “I’ve never seen anything like this before.” And I say, “Well that’s because you’ve only been looking for about three years. I’ve been looking for 40 years and I see it happen all the time and guess what, when you’re this high and there’s not that much, you’ve got to watch out.” Like this particular company I remember telling me their valuation is six billion dollars and they have 200 people in the company. So I said, “That means every person in the company is worth 30 million dollars.” Stunned silence, “Nobody ever said that to me before.” And I said, “That’s because you’ve got Gartner crawling all over you because they see dollar signs. If you’ve got that big a valuation, they’re going to charge you $300,000 for conferences and subscriptions, they’ll create a service just for you.” When I look at it I see a bunch of 20-somethings and I say, “Why are you in business?” And the answer for every damn one of them is to make money. So that’s why that why part really is important and you can’t fake it.
Does anyone understand what’s going on?
00:23:20:06
David Spark
Abhik Mitra of Code42 said, “Describe the market problems you are addressing and how customers and the market validate them. Communicate the vision of where we aspire to go. Does our business roadmap align to where they project the market going?” Meaning the analyst. And “Go into it hoping that you are going to get the critical feedback you need to hear.” John Grim of Verizon Business said, “Pause along the way for them to ask their questions and for you to ask questions to elicit feedback.” And Chris Roberts of Hillbilly Hit Squad with more saying something to analysts, “Question more, trust less, believe nothing without the burden of proof.” Of which I do see a lot of people making claims. I’m going to start with you Ed on this and then we’ll toss to Geoff. How does the two-way flow go the best? Because we’re not talking enough about the flow of getting that feedback from the analyst.
Ed Amoroso
Well first of all I love Chris, he’s a cool guy.
David Spark
Yes he is great.
Ed Amoroso
That’s a great quote from him and also a cool name of his organization. I think money has to be taken out of the equation. There needs to be an honest conversation where the point is that cybersecurity is about protecting society and infrastructure and we all have a role. Let’s say for example you’re an ambulance company and I’m an analyst advising townships on buying the best ambulances. Should there even be a financial component in that conversation at all? Or should it be, “Listen, you’re going to be transporting children, how are you guys building this? Oh, that’s great, let me write that down. That’s a good way to do it, like the Volvo engine, good job.” Isn’t it supposed be that for cyber? We’re all trying to provide service here. An analyst who’s there to take your money, should not be asking the question in the first place. That’s not the role of the analyst in cybersecurity. Maybe like in movies, who cares, you want to be a movie critic, go, make a bunch of money, do red carpet. But we do things that have life consequence to it. I’ll give you one last thing that will tell you the purpose. Would an analyst be living the same life, doing the same thing, if there was no money involved? I mean let’s say the President passed a rule that you can’t make money anymore, you guys know damn well I’d be doing exactly what we’re doing right now, but would all the Gartner guys do that? No. So that’s the point. So if you want to get a general sense of whether somebody’s got the right point, is it a money thing or is it a purpose thing?
David Spark
Geoff, that’s a good line to conclude on. Money versus purpose. I mean when you speak to a vendor, with you being a prospect, I’m assuming you’re looking at that as well?
Geoff Belknap
Yeah, look money is always part of the conversation but you’re not going to not engage with a vendor or a solution provider that provides a fantastic service, just due to cost. You’re not going to be like, “Well this thing works well but I’m not going to buy it because of how much it costs.” That’s not true. The other side of it is, what Ed’s saying is definitely what I found to be true, really good analysts are excited about the space that they cover, they’re excited to discover new companies and what they’re doing, and they are not just sitting on their hands waiting for the clock to tick by, like great I have to go through 30 minutes of listening to this god forsaken speech again from another vendor. They really truly want to help you, the company that might be pitching them, and they really truly want to be better informed so that they can inform their customers. And I think the unfortunate thing is like that is not all analysts in my experience and I think that’s really sad. There are definitely great analysts and I think even in a company that’s as easy to make fun of as Gartner, I’ve had some great relationships with analysts there, and the review board and some of the other things they’re doing, they’re great. Because they bypass the sort of nonsense of the analystic game, and there are definitely analysts in parts of analyst firms that are focused on really digging in deeply to the problem spaces. And I’ve found that those great analysts can even change the way I’m thinking about a space, even though it’s maybe not a note or anything like that.
Closing
David Spark
Alright, great way to conclude. Alright, quick from both of you and I’ll start with you Geoff, what was your favorite quote and why?
Geoff Belknap
Abhik from Code42’s quote here, “Describe the market problems you’re addressing and how customers and the market validate them. Communicate the vision of where we aspire to go. Does our business roadmap align to where they project the market going? Go into it hoping that you’re going to get the critical feedback you need to hear.” And I think good analysts will give you that and I think that’s a great way to think of it. You should assume you’re going to go in and talk to a good analyst. And thinking about it that way is a great way to verify it.
David Spark
I like that. Alright, Ed I know you tipped your hat to Chris Roberts for his quote. Is his your favorite quote or do you have another one?
Ed Amoroso
It’s my favorite quote from this but can I give you a good analyst metaphor quote?
David Spark
Sure.
Ed Amoroso
Abe Lincoln made it. He said something that I think is such a funny thing for the analyst community. He was coming out of a play and somebody said, “What do you think of that thing?” And he said, “It was the kind of play that somebody who likes that sort of thing would like.” And it’s like a lot of the analyst speak that you read.
David Spark
That’s a good one to close on as well. Ed, that was fantastic, thank you so much. I’m going to let you have the final word here but first I want to thank our sponsors, Cymulate. Remember they are C-Y-M-U-L-A-T-E and they are a platform for security leaders to manage, know and control their cybersecurity posture. Geoff, I know you’re hiring. LinkedIn hires. If you’re looking for a job somewhere else, why someone would want to work other than LinkedIn, but people surprisingly work in other locations other than LinkedIn, I don’t know if you know about this, but they do.
Geoff Belknap
Allegedly.
David Spark
Allegedly. But one could find a job if they’re going on LinkedIn as well. Any final words on that or our discussion?
Geoff Belknap
No I think LinkedIn is a great place to work, especially with me, even though I might be biased and it’s a great place to look for other jobs. And also a great place to discuss this kind of topic as we, David and I and some of our co-hosts, frequently do, so join us there.
David Spark
Alright and Ed, any last words on this topic, and also by the way, Ed’s company is Tag-Cyber.com. How can people get in contact with you if they are a vendor and want to pitch with you? I’m assuming just go to the site. Anything else you’d like to say or pitch your company, happy to hear it.
Ed Amoroso
Well thanks for including me and by the way, LinkedIn is a great place to post articles I’ve been doing it for years, 35,000 followers, I’ve been able to build up a nice following. So people can reach out to me on LinkedIn or on the website.
David Spark
Awesome. Well thank you very much Ed, thank you very much Geoff and thank you to our audience as well. We love your contributions and for listening to Defense in Depth.
Voiceover
We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site: CISOSeries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@Cisoseries.com. Thank you for listening to Defense in Depth.