Practical Cybersecurity for IT Professionals

Practical Cybersecurity for IT Professionals

You’re a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They’re not completely new to cyber. What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Scott McCrady (@scottsman3), CEO, SolCyber.

Got feedback? Join the conversation on LinkedIn.

Huge thanks to our sponsor SolCyber

At SolCyber we’re hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you’re being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting.

Full transcript

[David Spark] You’re a CISO, a vCISO, or an MSSP rolling into a company that has yet to launch a cyber security department. How do you communicate about cyber with the IT department? They’re not completely new to cyber, so what’s the approach to engagement that helps but doesn’t insult?

[Voiceover] You’re listening to Defense in Depth.

[David Spark] Welcome to Defense in Depth. My name is David Spark. I’m the producer of the CISO Series. And joining me for this very episode is the one and only Geoff Belknap. He’s the CISO of LinkedIn. Geoff, you sound a lot like what?

[Geoff Belknap] This is the conscious inside your head and the voice telling you to please, please enable 2FA.

[David Spark] Please enable 2FA.

[Laughter]

[David Spark] We should just say that. Maybe that will be my sign off. And you know, enable 2FA.

[Geoff Belknap] Spay and neuter your pets and turn on MFA.

[David Spark] There you go. Yeah, like Bob Barker would say.

[Geoff Belknap] That’s right.

[David Spark] We’re available at CISOseries.com. You’re familiar with that website. We have plenty of shows. In fact, four other shows besides this one that you should check out. Our audience, I know you know about them. Our sponsor for today’s episode is SolCyber. Let me spell that for you. It’s SolCyber. They are a sponsor, and they brought our guest, and we discussed this topic beforehand. So, the topic, our guest, and SolCyber all intertwined if you will. We’ll get to that in a moment. I want to first though talk about our topic. Geoff, I feel on this show and on our other shows we either shoot really high… We’re talking to either cyber leaders to cyber leaders… Or we shoot low, cyber leaders to noncyber people. But I don’t feel we spend enough time talking to that in between space of professionals who are technically proficient but not necessarily in the know of all the ways of cyber. So, I’m talking about really the IT department. So, what’s your experience coming into an organization that didn’t have cyber but did have IT?

[Geoff Belknap] Well, I’ve done this a few times now, and it’s been some of the most rewarding experiences in my career. But you’re exactly right, it’s a very different problem set from what we’re usually talking about. When you’re starting with nothing, you’re building narratives and processes from thin air. And in partnerships with some teams like IT that might have been doing some security adjacent work before, but now they’re going to be leaning in and learning, and building all this new, very focused part of the program with you. And so I think that will be a great thing to talk about today with our guest.

[David Spark] Yes, and I’m very, very thrilled to have our guest, a brand new sponsor. It is Scott McCrady. He is the CEO of SolCyber. Scott, thank you so much for joining us.

[Scott McCrady] Thank you, David. Pleasure to be on.

This is not just a security issue.

2:47.448

[David Spark] Taylor Lehmann of Google said, “Understand the mission of the company and all of its stakeholders by setting up discussions and listening to them.” And Shawn Harris of Starbucks said, “Storytelling and an understanding ear as they may be scared of what is about to happen. They can be assured by a pragmatic approach to implementation or augmentation of basic controls. Have humility. They are the incumbent. And learn from them. If you handle it right, you may find your first team.” Anatoly Chikanov of Enel X said, “Ask the if you can make their life easier.” And Taylor Lehmann, again, said, “Find the bright spots which you can use to 10X your initiatives.” So, a lot of this is just really about communications. I like this line that Shawn said from Starbucks, “Have humility. They are the incumbents. Learn from them.” It seems like a good place to start. Yes, Geoff?

[Geoff Belknap] Yeah, absolutely. There’s so many great suggestions here. I have to agree with the overall thrust here, which is while you’re chomping at the bit to start driving impact the first step is really to explore the organization. You have to understand its needs, its goals. And you have to really start figuring out where can you build out controls, what’s the narrative you’re going to start developing, and how are you going to make that resonate. You have to start building your relationship with your key peers, and your allies, and your partners. If you get started too fast and you start trying to execute or run a playbook that you’ve used somewhere else, you’re going to start to fail spectacularly.

[David Spark] And alienate as well.

[Geoff Belknap] I think that’s just part of failing. If you’re in a security leadership role and you start to alienate people and sort of go a direction completely alien to the org, you’re done. That’s the end of you as a security leader.

[David Spark] Scott, I’m throwing this to you. And I want to also reference Taylor’s last comment about find the bright spots you can use to 10X your initiatives. My feeling is it’s one of those things you listen, you think, “Where can we 10X?” And if you start with that, you become heroes. Yes?

[Scott McCrady] [Laughs] To a degree for certain. I’ll pivot back quickly to the last comment Geoff made. I was at a security company, and we were having some problems with our engineers being overly dogmatic in the security program they were trying to pitch. And so somebody got… We were giving the presentation on how to get better at being good with the customers, and somebody said, “You really need to be more self-defecating to your customer.”

[Laughter]

[Scott McCrady] Defecating. Which of course he meant self-deprecating. And so one of the lessons learned is definitely be self-deprecating when you’re talking with customers because you do have to establish a relationship. I have also never seen self-defecating do anything to gain you friends inside of a customer at any point.

[David Spark] No, self-defecating is I think a level lower than self-deprecating, isn’t it?

[Geoff Belknap] That might be taking it… Self-deprecation can be endearing and humble. I think the other thing…maybe that’s a step too far.

[David Spark] Yes, that is a step too far. Go ahead.

[Scott McCrady] On the bright spots, you have to find wins. So, you just cannot walk into an organization, even if they don’t have much at all in place, and start immediately talking about all the areas that are having major gaps. Even if you know them, and they’re very, very obvious to you. So, somebody at some point in time spent time, money, and effort, and energy to put what they have in place already. I think you’ve got to respect that and then start the process of figuring out where you can find places to leverage that investment. And more importantly, the political capital that’s been spent to get those…whatever programmatic pieces they have in place already. From there, then you’re going to be able to get time and efficiencies as you roll out the rest of the program.

[David Spark] Both of you, just give me a quick example of… Because I really want to focus on this 10X win thing. Have you been able to find that early on? Either of you, Scott of Geoff.

[Geoff Belknap] The 10X win thing really to me… Maybe I’ve experienced this differently than Taylor is where is the org already making progress. Where can you already lean in where people get it, and they’ve already started in a place you’re going to increase the velocity of the progress you can make there? Versus something that’s wholly new.

[David Spark] Good point. Scott?

[Scott McCrady] Yep, and I would say there’s a position in their head where you can get leverage out of products, resources outsourcing. And so if there’s something that’s going to take two years and if you get them to understand that you can outsource or leverage a certain type of product to get it done in two months, you’re starting to get that 10X type feeling back. And if you convey that well then the customers tend to be very happy at the end of it.

Who benefits?

7:28.896

[David Spark] Allen Westley of L3 Harris Technology said, “While going right for the IT team might seem like a good first step, I think the prudent thing to do is make the rounds to get to know who the key stakeholders, allies, and adversaries are going to be.” And Yael Nagler of Yass Partners said, “Why not start with legal and compliance?” And Allen Westley again said, “If you can’t create a coalition of leaders to get behind standing up a cyber security program, you won’t get off the first base in the IT department.” So, we set up this whole show to say, “How do you communicate with the IT department?” And this whole segment is saying, “Don’t start with the IT department.” Is that a good idea to not start with the IT department?

[Scott McCrady] I think it really depends. Because a lot of times when you have a company with not a mature security program they tend to be smaller. So, maybe 500 employees and less. And so in those particular cases, I believe you can talk to the IT department relatively quickly. But as far as the question of who benefits, I think this is really interesting because in our conversations with customers we have a lot of conversation about taking risk and offsetting that risk or moving that risk outside the organization. You can do that both from a cyber security standpoint but also in other business manners like cyber insurance. What happens is the IT team quickly…if you explain it well, we see the IT team go, “Yes, I would love to take the risk of a cyber breach and all the impacts of that and move that to somebody else who does it 24 by 7.” Then we also have been having a lot of conversations with like CFOs who are saying, “Yes, I want to get cyber insurance done quickly, or more efficiently, or at a better price.” And they’re also interested. So, in the mid-market, we’ve had conversations both at the IT level and at the financial level, believe it or not, and both of those organizations can see benefits.

[David Spark] Geoff, what’s your experience been?

[Geoff Belknap] I think exactly to the point, you can’t just focus on IT. Security is not…

[David Spark] But the argument in this segment is don’t even start there.

[Geoff Belknap] Well, yeah.

[David Spark] Essentially get everyone on your side before you even talk to IT.

[Geoff Belknap] Well, I think you have to talk to IT to at least understand what’s going on there, but I think you have to start by establishing security is not fancy IT. It’s not some off shoot of IT. It’s a very unique multidisciplinary technical domain of its own. Your success of the security program that you’re building and the department that you’re building depends on understanding how the organization works, helping the organization understand what security is that is unique and apart from IT. Because just like Scott said, very early on organization CIT is like, “Aw, this is the place where I get my laptops.” And it’s not until they start to mature until they see it as like an accelerant of the business.

So, if you build that bond or that sort of connective tissue too soon, people will get the wrong idea about what you’re trying to do. But I think most importantly where you absolutely have to start is, like I said before, you have to understand how the organization works, how you make products, how your legal and compliance teams operate, how customer support operates, how recruiting works, what your go to market strategies are. And most importantly, who your customers are. Whether they’re actual customers or its internal customers. But you can’t possibly be building what the company needs if you don’t really understand what the company is.

[Scott McCrady] Yeah, and I’ll just add onto that, the larger you go or the larger the enterprise, the more important that aspect comes of building out a cohort of leadership and really understanding the intrametric interests that they have in the program because they’re all going to come at it with a different need. Some will be very practical. Some will be risk focused. Some will be, “I just need compliance and get some things off of compliance.” Some could be go to market. So, I think the bigger the company that you’re working, the more this cohort of allies matters.

[Geoff Belknap] And even more to that point, it’s like you have to figure out who needs to learn about security and who already knows. Who do you need to convert to an ally? Because maybe it’s the first time they’ve worked with a real security leader before. And who is already on board? Who just needs to meet you and understand where you’re coming from? All of those things are great reasons to not start with IT. IT is the easy part. All the other stuff is where you’re really going to have to put in the effort.

How do we go about measuring the risk?

11:48.236

[David Spark] Anthony Chryseliou of Sony said, “People seem to forget that cyber security is just an updated and flashier name for information technology risk management.” And Dmitriy Sokolovskiy who’s the CISO over at Avid said, “As long as risks are correctly with your assistance measured, business owners are assigned. There is a reoccurring reassessment process. And you, the IS team, are always available to advise.” To paraphrase Andy Ellis, who is by the way the cohost over at CISO Series Podcast, he said, “If they write down their own risks, they’ll feel like they have to fix them.” I’m going to ask you, Scott, have you found…? I’m interested to know about Andy’s comment. Have you found that to be true? Like if you commit them to write down the risk, they own it? And have you been able to do that?

[Scott McCrady] [Laughs] We always joke in the industry that there is no silver bullet. I would definitely say when it comes to managing risk or an asset register of risk, writing it down obviously is the first step. But you can quickly tell inside of an organization the programmatic methodologies that they’re using and whether or not the risk register is actually being used as an affective tool, or whether it was done one time and then every now and then when they come across some audit they have to do it. So, I would say it’s one of those things where you have to do it, but I would also say just because I’ve seen it… I’ve also seen organizations not have a good security program or posture in place.

[David Spark] Could you back up? Let’s just spend a moment talking about the risk register. What is it? How is it used, and how can it be used more efficiency, Scott?

[Scott McCrady] I think the main thing about the risk register is like any other asset, you’ve got to get the policies around it on how you’re going to use it. That’s the most important thing. So, who are the people that contribute to it, who own it, and who are accountable to it. And then what’s the policy as far as how often do you meet, how often is it reviewed, and who’s going to fix the items. And then who’s holding that entire process accountable. For the most part, that’s where I’ve seen it break down because of the fact people get busy. Somebody leaves, or multiple people leave. And then you’ve got these gaps, and nobody pulls it back together. And so it’s like anything that you put in place one time – it’s got to be sort of nurtured, and maintained, and owned. And as soon as you start getting gaps there if they’re not put back in place, I’ve seen it just sort of fall apart.

[David Spark] I got to assume keeping a risk register together is extraordinarily difficult. Yes, Geoff?

[Geoff Belknap] No. You would think so, but I think the reality is no, it’s not too hard to keep a risk register. It can just be a spreadsheet. Most places, that’s where you start. The hard part that Scott is alluding to here that really goes back to the whole thread of the conversation we’ve been having so far is building that rigor and that discipline in the organization that people other than security own the outcomes that are in this risk register. Security, like we said, it’s not just fancy IT.

[David Spark] That’s really what I’m driving at – the maintaining of the ownership of the outcomes.

[Geoff Belknap] Yes. So, in that case, that is difficult to start. If the organization doesn’t have that yet…

[David Spark] And to maintain I would assume as well.

[Geoff Belknap] You know what? Once the organization gets going… I remember we started from scratch, of course, at Slack. And it didn’t take more than a couple of meetings for people to realize, “Oh, this is really valuable.” And frankly I had fantastic executive engagement early on because Slack had a major breach about a year before I started. So, they all realized, “Well, security is really important.” So, where I wouldn’t expect every single executive risk committee session to have the CEO, and the CFO, and the CTO, they all came. We became more than… I kind of cringed when Anthony said information technology risk management. We became the drivers for risk management, period, in the organization. I think frankly most cyber security teams should aim to do that unless you’re in a financial services space or something. But that is a fantastic thing to do, and it really is where a lot of your energy should go early on is helping the business understand where they’re a stakeholder and where they’re an owner of these risks. And to Andy’s point, writing it down or aiding them to write it down or to read it in color…whatever you need to do to get them to buy in, that’s going to pay off.

[David Spark] Scott, when you’re engaging with a company, how often are you kind of hammering this, or is there sort of this curve of they finally get it, and then there’s a point where you’re hands off? How does that work?

[Scott McCrady] Yeah, I would say in my background, my experience, the most important aspect is seeing if there’s engagement around the program, the ownership, whether or not they believe it. Executive sponsorship as Geoff was saying. Once you see that taking place, there’s a level of confidence that you can move forward through what I would just call sort of the nitty gritty of the process. “Let’s go gather all the information. Let’s consolidate it, collate it, and then assign everybody to do the things that they have to do.” But what you see very quickly is you tend to get organizations going one of two directions. They’re doing it because they have to. They don’t want to. Or they actually care about it, and they really do want to move the process forward. And obviously the latter is much easier to work with.

How do we determine what’s most important?

17:06.493

[David Spark] Grant Yost of VillageMD said, “Understand why you were brought in the organization. Hopefully it is tied to a business strategy.” That is a good hope.

[Geoff Belknap] Hopefully.

[Laughter]

[David Spark] Jen Schubert, CSO or CREALOGIX Group, “What is the value of the cyber security program for them? How does it make their lives easier, and how does it generate more insights that they can run their estate more affluently? How can well managed risk help them acquire the necessary budget for improvements both teams jointly aim for?” Scott, let me start again with you here on this. Is that the whole concept of security making your lives easier and helping the business run more efficiently…what often needs to be shown to demonstrate that is a truism and that they’re all on board and they’re running with you?

[Scott McCrady] We have a term that we use a lot, which is called practical security. Because I think in today’s world there’s just a lot of complexity out there. And so when we start talking about working with the IT team and you’re not talking to a very legacy or very mature organization, I think it’s really important to just get to some of the practical pieces. I got asked today, and Geoff actually mentioned earlier, if there’s one thing I could do to help secure my organization, what would it be. And I said two factor authentication. It’s not the silver bullet, but it was literally the answer I gave to a customer. So, I think what is most important in how you sort of drive that is talking about a level of practical security. Then in today’s world, you can really start tying that into other things. In the mid-market, they struggle with cyber insurance. They struggle with incident response plans and incident response retainers. And sot hey struggle to sort of barbell a good security program. If you help them understand that they can make their lives easier and offset some of that risk that they’re engendering by not having a good program, it’s actually a relatively easy conversation. At the upper end of the market, they tend to know that they need to do it. It’s just really finding out the reasons why they want to do it.

[David Spark] So, Geoff, it seems like in your history you’ve been fortunate to work with business leaders who get it, and there’s not as much of a struggle to bring them along. When you’re tying in the IT department, to get back to our initial subject here, how is this all tying itself together eventually where you’re starting to help the IT department?

[Geoff Belknap] I think if we’re talking about helping the IT department understand what they need to do or if we talk about whether you’re bringing in a new CISO or vCISO, I think what’s most important is to take a step back and say most organizations, the most important thing is that the organization grow, and thrive, and be as successful as possible. And it’s really important to understand that security has to be a big part of that. Then figuring out where to start with security and what you need to get going is going to be your most important task as you start on a security program. Whether you’re a leader, or whether you’re just part of IT, and you’re starting to focus on security. I think figuring out how to measure progress and security and articulate what security success looks like either for the  IT department, or for the vCISO, or for the organization in general is really the next step. If people didn’t know how to judge success of a security program or hold a program accountable they don’t really know what you’re doing, and that’s a quick way to fail early.

If somebody else gets to decide whether you succeed or fail, you’re going to fail if you’re not a part of defining that. Then I think the fastest way to success is helping people see that velocity and speed towards these security outcomes, that’s a fantastic way to build solid base of support going forward just like anything else in IT. Look, eventually you’re going to be building programs that help the sales team close deals faster, and helping understand what success is in that – that’s how you succeed in an IT program. It’s not really any different in security. Help people understand what success is, help them see how you’re going to measure your progress towards that, and then articulate your progress. Boom. You’re well on your way.

[David Spark] Scott, I’m going to let you have the last word here, and I’ll ask… I want to know practical security, making the business go faster, how do you tie it together?

[Scott McCrady] Practical security is there’s some basic things that we all know. Two factor authentication, proper EPPDR [Phonetic 00:21:25], somebody to look after things and respond. There’s a basic set of things that…we call it foundational security at my company. It’s just the foundation is the basics.

[David Spark] By the way, we’ve talked about this endlessly on the CISO Series. So, you’re very much in tune with our audience here.

[Scott McCrady] And if you do the foundational pieces and you deliver that quickly… To Geoff’s point, we always talk about can you get quick wins inside of 30 days. You tend to get people bought into it much faster. Now, I will say one major benefit that I’ve seen in the last three years…and, Geoff, I don’t know if you’ve seen this as well…is there’s always somebody who’s a sponsor now for security in a company. It is very rare that somebody on the board, at the executive level, in IT somewhere that isn’t really wanting to go, “We got to get better at this.” And so I see a lot less pushback than maybe four or five years ago where maybe they’re only doing it because they’re getting hit on the head by a compliance reason.

[Geoff Belknap] Yeah. No, lots of people want to do this now.

[David Spark] Yeah, I made the comment, this is now the mainstream news. It’s breaking in the Wall Street Journal, not in the trades. So, everybody knows about it.

Closing

22:27.160

[David Spark] Well, that brings us to the conclusion of our main part of the discussion. Now we come to the part where I ask you what was your favorite quote, and why. I’m going to start with you, Scott.

[Scott McCrady] I’m going to go with Mr. Anatoly. I love the concept of ask them if you can make their life easier. Most people in the IT business, wherever you sit, security or standard IT or whatever, are busy. They’re overworked. They’ve got too many projects. And so if you can just try to make their life easier, less complicated, sleep better at night, some of those cliches, but they’re true… I love that concept. And I think if you can do that as a vendor or a partner, that’s really fantastic.

[David Spark] Good point. Geoff, your favorite quote, and why?

[Geoff Belknap] Boy, there was so many here. Which… I don’t want to sound like a jerk. Sometimes it’s hard to pick, and sometimes it’s hard to pick because there’s so many good ones. But I’m going to say Shawn Harris from Starbucks had the highest density of good advice in their quote, which is, “Storytelling and an understanding ear as they may be scared of what is about to happen. They can be assured by a pragmatic approach to implementation or augmentation of basic controls. And here is the key – have humility. They are incumbents and learn from them. If you handle it right, you might find your first team. You might find those people that you can partner with to get all kinds of stuff done.”

[David Spark] I like it, too. Both quotes excellent, as well. How to make your life easier and have humility. Good themes to close out this show. Scott, I’m going to let you have the last word. Two things I would love to hear from you – one, I ask it of everybody, are you hiring. And two, please tell people about SolCyber – how they can learn more about it. But first, Geoff, any last thoughts on the topic?

[Geoff Belknap] I’ll just start with it can be very daunting and very rewarding to start a new security program regardless of how you’re starting it. I encourage you if you don’t have a security program, take the lead. Start it off. And maybe one of the first things you could do is turn on two factor auth and SSO for your organization. And if you’re looking for help, maybe try LinkedIn.com.

[David Spark] There you go.

[Geoff Belknap] A fine website. [Laughs]

[David Spark] You could also work for Geoff. Geoff is always hiring as well.

[Geoff Belknap] Also, yeah. We’re not starting from scratch. But if you have lots of experience, maybe starting from scratch, come look me up.

[David Spark] Scott’s company is SolCyber.com. Correct? You are a .com?

[Scott McCrady] Correct.

[Geoff Belknap] The other one would be cool, too, Scott. You should…

[Crosstalk 00:24:44]

[David Spark] Yes. Too close to Soul Cycle though I think would be the problem there.

[Geoff Belknap] Maybe just close enough.

[David Spark] Maybe.

[Geoff Belknap] Start a cult, Scott. Maybe that’s the way to go.

[Laughter]

[Scott McCrady] It’s the thing to do right now, isn’t it?

[David Spark] All right, so please tell us if you’re hiring, and please let our audience know what they can learn about SolCyber, how to get in contact with you, why everyone wants it.

[Scott McCrady] First of all, we’re always hiring, and we are a LinkedIn recruiting partner. Actually you can find us on LinkedIn, obviously SolCyber Security out there. And the main thing we’re trying to do, which is to me pretty straightforward, is… I’ve spent my entire career in helping Fortune 100 companies with security. We’re trying to take security into the midmarket in a very easy to consume manner. So, we’re trying to take Fortune 100 level security and make it easy to consume for the midmarket. And so we run into a lot of people that have been promoted into a CISO type role, but they may have been the head of IT. And so we come in and say instead of taking two years to get your security program up and running, we can help you get up and running in about 30 days and have a really foundational set of security deployed, implemented, and you’re in a position to have a really solid detect/response capability. And we do that in a financial model that is SaaS based. It’s per user per month, and everything is on the website. So, we get amazing feedback because it allows companies within a month to basically go to a really solid foundational security program, and that’s what we’re trying to do.

[David Spark] Nobody sells foundational security. What a great basic concept.

[Geoff Belknap] Everybody should.

[Scott McCrady] It’s actually called foundational coverage. The funny part is any customers who use our foundational coverage get a 30% discount off their cyber insurance because we cover so many controls. So, we’re trying to really help companies sort of offset that risk via these methodologies.

[David Spark] By the way… And this was mentioned to me by another guest of ours, Nick Ryan, who’s with Baker Tilly… He’s very bullish on cyber insurance companies forcing companies to up their game. Are you seeing that happening?

[Scott McCrady] 100%. Right now we’re seeing a one in three rejection rate on applications and a 50% plus increase in premiums. And so what’s happening is our foundational coverage, we’ll put it in, and they get preapproved. The reason for that is it’s just like the thing in your car that measures if you’re a good driver. The insurance companies have to understand whether or not you’re having an ongoing solid security program over time.

[David Spark] Excellent point. Again, we champion the cause of foundational security. We’d actually like to echo what Yaron Levi, who’s the CISO over at Dolby Laboratories, that said, “Don’t call it basic security because it isn’t basic, but it is the foundations.” And so we’re on board with you. Well, thank you very much, Scott. Scott McCrady, who is the CEO of SolCyber. They are again SolCyber.com. My cohost, Geoff Belknap, he’s at LinkedIn. I know everyone listening to this knows how to spell that, so I’m not going to spell that for them.

[Geoff Belknap] [Laughs]

[David Spark] Everyone, we appreciate your contributions and for listening to Defense in Depth.

[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cyber security. This shows thrives on your contributions. Please write a review. Leave a comment on LinkedIn or on our site, CISOseries.com, where you’ll also see plenty of ways to participate including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.