CISOs agree that multi-factor authentication is the one security control that once deployed has the greatest impact to reduce security issues. Yet with all that agreement, it’s still so darn hard to get users to actually use it.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Arvind Raman (@arvind78), CISO, Mitel.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Horizon3.ai
Full transcript
Voiceover
Ten security tip, go.
Arvind Raman
Strong fundamentals are key to the security but fundamentals can change for example moving from passwords which what we know to password less what you have.
Voiceover
It’s time to begin the CISO Security Vendor Relationship Podcast.
David Spark
Welcome to the CISO Security Vendor Relationship Podcast. My name is David Spark, I’m the producer of the CISO series. My co-host for this episode is, you heard him on the very first episode and he’s here on this episode as well, Mike Johnson. We started 2018 and it’s now 2022 Mike.
Mike Johnson
Into our fourth year, is that kind of how that works I guess.
David Spark
No I think it’s fifth year, hold on wait a second.
Mike Johnson
Fifth year.
David Spark
Am I doing my maths right?
Mike Johnson
Math is hard.
David Spark
2022. So we started 2018. Right that’s bizarre.
Mike Johnson
[LAUGHS] Regardless, four or five years or math or whatever it is, it’s really cool that we’ve been able to continue doing this and folks are still interested in listening to us.
David Spark
We are available at CISOseries.com. If you’ve not, head over and seen our beautiful new website, please do. A lot that is available and that’s like end. Our Sponsor for today’s episode is Horizon3.ai, they do autonomous penetration testing as a service, a hot new category and everyone needs a pen testing, so more on that later on the show. But Mike I’ve got a question for you.
Mike Johnson
Okay.
David Spark
An extremely close relative of yours, this is a fictional scenario.
Mike Johnson
I hope so.
David Spark
Someone you care about, dear to you.
Mike Johnson
Okay.
David Spark
It could be a good friend, it could be a close relative, whomever, refuses to use MFA on their financial site, how do you handle this?
Mike Johnson
So this is actually very easy because unfortunately a lot of financial sites still don’t support MFA.
David Spark
Which blows my mind right away.
Mike Johnson
It’s insane. So it’s, you know, password manager with an automatically generated long password that is unique to that site, that’s the best you can do and as long as you’re willing to do that then I feel pretty good about it.
David Spark
So you’re cool with that?
Mike Johnson
I’m cool with it but I would prefer MFA however, like I said, my own bank doesn’t support MFA so I can relate. I’ve actually pondered switching banks for that single reason.
David Spark
We had this discussion on the show before. Our Editor was complaining about this issue and [LAUGHS] the advice everyone gave was.
Mike Johnson
Switch banks.
David Spark
Leave that bank.
Mike Johnson
Yep.
David Spark
Blows my mind. Alright let’s bring on our guest. Now the irony is our guest is the CISO for an organization for whom we had a previous CISO before who later became a co-host of one of these shows, that being Allan Alford and now we have their newest CISO, so very excited to have him on, it’s the CISO of Mitel, Arvind Raman. Arvind thank you so much for joining us.
Arvind Raman
Thank you so much for inviting me, happy to be here.
There’s gotta be a better way to handle this.
David Spark
Mike, on this show you’ve mentioned multi-factor authentication is the single control that can have the biggest bang for the buck, heck we talked about it in the opening and you are not alone, including a past guest, Jerich Beason, CISO, Epiq who argued the same and he made a call for everyone to make a stronger push for MFA. Now we have heard many guests say the same thing on this show. If security professionals are all in so much agreement, why is this basic security control, which could have such a huge impact on reducing account takeovers and other threats so far from being widespread?
Mike Johnson
So Jerich calls out one of the major hurdles, it’s not a simple flip of the switch and as I’d mention my own bank doesn’t support it, there are legacy applications that do not support MFA and without that support it’s kind of difficult to get there. And then you’ve got opposite legacy. You do have modern web applications that also don’t support MFA. People are writing new applications today for some reason that don’t support MFA. If they don’t support MFA you can’t implement it. On the other hand we are starting to see more and more adoption of Saml, the ability to integration single sign-on to modern web applications. It’s staring to become table stakes. For instance when we evaluate new vendors for my company, we make sure that they support Saml and that becomes a requirement if the mute application doesn’t support Saml we’re going to have a very long discussion with businesses to why they’re trying to implement that. And so at that point Saml, can get MFA and actually does become easier at that point. But if your application doesn’t support Saml, if it doesn’t support MFA, that’s where the switch that Jerich mentions is really hard to flip.
David Spark
As I described in the beginning sometimes people close to us just flat out refuse to do it. Arvind, I’m throwing this to you as well. It would be wonderful if we were all on MFA, it just doesn’t happen that easy does it?
Arvind Raman
It would be wouldn’t that right but, you know, one of the things I would say is MFA is like bolting security on top of the lock if you will right. A lot of legacy applications like as in Mike mentioned do not support it but they haven’t thought about it right. The architecture of those applications and the infrastructure at that time did not think about MFA because the cyber threats at that time were not the same as what we have now, you know. Either I spin a [INAUDIBLE] and it continues to be wall, so MFA at this point I would agree with you that it is probably one of the most important security controls that we can leverage in this growing crazy security world to protect the organization. But it all drives back to how can we as the CISO and security professionals drive that need from a business perspective. At the end of the day business needs to buy in right. We have to be seen as business enablers. Without that no matter what, you know, rationale you provide they’re not going to look at it the same way from an investment perspective.
David Spark
I get the sense that the difficulty of MFA also it’s a difficulty of a lot of sort of security awareness training we’re thing to do is like getting people to use more complex passwords, not reused passwords, things like that but even if like everyone used the same password and this is kind of one of the jokes we’ve done on our best bad idea game, you know, if everyone had the same password of password you’d have a pretty quick adoption of MFA, you know, [LAUGHS]. So, my feeling is it’s always going to be hard if you’re just trying to get all users to be more security minded. Yes Mike?
Mike Johnson
Well in the enterprise you can force it.
David Spark
Right and this is hence the same old situation.
Mike Johnson
That’s one of the big differences, is we can say look the only way you can access this application is to go through the same old gateway which is going to require you to do MFA. So we do have that advantage in our world. It’s not necessarily a volunteer effort. It’s on the consumer side that it’s a much bigger challenge to get that adoption.
David Spark
But I would also say and Arvind and I don’t know if you’ve ever done this before but there’s both a carrot and a stick technique. Like for example I have one service that actually provides a discount if I deploy MFA which I thought was a great suggestion.
Arvind Raman
I agree and I think the other thing we also need to think about from security professionals and CISOs who are becoming more and more important for an organization is you can try and do training and awareness, you obviously, you know, should never stop doing that but no matter what, you know, you’re not going to get to a zero percent click rate on phishing [UNSURE OF WORD] right. So MFA is a really good way to protect the organization no matter what the, you know, security posture is right from a phishing perspective. Now it does protect you and that’s the key message that, you know, I’ve used in the past, I used today in terms of hey we cannot control what people to do but what we can do is protect the organization with the additional layer of security that MFA provides and so when people click on it and this has happened, you know, for us and everyone else, top level executors click on things, right and they’re targeted more than anyone else right. So with MFA it actually prevents and protects the organization from bad things from happening.
Why is everyone talking about this now?
David Spark
Isn’t the high valuations for #CloudSecurity startups a vote against cloud providers doing cloud security well or is it a vote for multi cloud or something else? This was a question that Dr. Anton Chuvakin who works on Google Cloud asked on Twitter and it drove a huge discussion. Now I’m going to Paraphrase just some of the responses here: Third parties are needed to create and grade the homework. Referring to the cloud providers and that came from Leslie Forbes of Pentera; security is comfortable buying tools to solve problems, that came from Fernando Montenegro. Another said there’s confusion in the marketplace has led many to believe more tools is the solution and Alok Shukla of ShiftLeft said, “Most of these cloud security startups are solving for ease, automation and scale.” So I’ll start with you Arvind on this, how do you view the marketplace of security startups and how does it affect cloud providers’ performance? Is there a symbiotic sort of competing relationship looking to swallow them? What’s going on here?
Arvind Raman
I think it’s a complementary relationship if you will but the challenge is security start ups, you know, as I would kind of go back to security data and picking the security start up is like picking a needle in a haystack right, you know, it’s so hard.
David Spark
With three to 5,000 of them out there, yes.
Arvind Raman
Yeah and it goes back to the early 2000 if you will on the Internet, you know, were booming right, you know the IT companies and all of that, you know. [UNSURE OF WORD] really how do you evaluate the security company. It’s a tough question [LAUGHS] to answer and I start off with saying like if there’s a new start up trying to reach out to me I ask them to explain if I’m intrigued by them what problem are you trying to solve. If they can’t answer that clearly and concisely then I tend to move on. I think there’s a place for native cloud security vendors or cloud security providers to have security in, you know, what they offer. But I think from a centralized security team perspective you want to bring them all into a single pane of glass if you will for the organization. That’s where I think you’ve got to see if the security vendors what ADR are they playing in. Are they playing in a niche space, are they playing in an integration space, you know, where are they playing .
David Spark
Per Anton’s question about do you this valuation is warranted for them because some of them are going– you know the number of unicorn companies out there valued at one billion or more is kind of astronomical.
Arvind Raman
It is but we’re living the free market right. So you’re letting the free market beside like anything else right, you know, sometimes the stock evaluation it doesn’t make sense to us but, you know, it’s all how the market sees them.
David Spark
Well these are not public companies that have these one billion dollar evaluations. Let me throw this to Mike now, what’s your take on this in that why is this sort of crazy behavior going on?
Mike Johnson
Well so first of all you just [UNSURE OF WORD] it, it’s crazy behavior. I think these evaluations are driven primarily by fomo. It’s venture capitals who are worried about missing out on the next big thing.
David Spark
By the way we’ve all seen this many times, one company sky rockets and then all of a sudden everyone are looking for me too solutions here.
Mike Johnson
And that’s what I think is going on, they’re not rationale valuations, that’s not what’s happening. So I don’t know what the long term looks like.
David Spark
By the way none of us are expert, you know, investors.
Mike Johnson
No, I might be doing something different if I was. Like if I really knew the answer to this question I might have a different profession but the reality is it’s not sustainable and I don’t know when the music stops but it’s not an indictment that the cloud vendors aren’t doing security well, that’s not what this is. Now that said I like what Arvind had to say about multi cloud security solutions. When you’re already using multiple clouds AWS, GCP, Azure, like if you’re using all of these cloud services, so frankly even if you’re just using more than one you’re going to need some sort of security tool that gives you the ability to broadly apply policy to broadly grant you that visibility. AWS isn’t gong to provide you a security tool for GCP. Google cloud and Anton works on a product that is meant to be kind of like a sim, he would probably hate that I’m calling it a sim but it does provide visibility across multiple clouds but that’s probably the one exception, the one time that you have a cloud vendor who’s providing a security tool that can be used for multiple clouds. GCP isn’t providing you tools for managing your policies in AWS or vice versa. So that’s where I think the advantage and the possibility for these tools lies is giving you the multi cloud solution that you’re not going to get from a cloud vendor themselves.
Sponsor – Horizon3.ai
Steve Prentice
Anthony Pillitiere is Chief Technology Officer for Horizon3.ai. After spending 23 years in IT ops for the US Airforce he co-founded his company with an eye to applying the same drive for innovation to the cyber security field.
Anthony Pillitiere
We have built an autonomous pentestine platform. Our mission is to find, fix and verify exploitable weaknesses within organizations to help them shift the economics of an attack back in their favor. What we have built is a way to look at the environment through the eyes of an attacker. We call this turning the map around and figuring out how would an attacker attack my environment and fix those things first. So if I can fix the ways that I know an attacker can take advantage of right now, I’m fixing things that matter and shift the economics of an attack far more efficiently than starting at a critical that is irrelevant and working my way down. So if you think about what the defenders are doing or the IT operators are doing, they’re receiving this long list of criticals that don’t really matter and as they fix them attackers are going to be able to get to causing them a bad day. So offense to inform defense is really the best way to look at your environment. Anybody can use it. I wanted to make offensive security and the philosophy of offense to inform defense available to more organizations.
Steve Prentice
For more information visit Horizon3, that’s Horizon and the number 3.ai.
It’s time to play what’s worse.
David Spark
Arvind, alright this is the name of the game it’s called What’s Worse. I’m going to give you two scenarios, both of them stink. You have to determine from a risk management perspective which one is worse. Good news for you though is I always make Mike answer first. So here’s a scenario and these actually are real situation that both the person who submitted and a friend of that persons has experienced, alright and they don’t even know which one’s worst.
Mike Johnson
Okay.
David Spark
But I’ll explain the true story in the end of this. Alright.
Mike Johnson
A true story, confession time.
David Spark
True story. Alright Mike you have a medium size security team but no budget for tooling whatsoever and your team has a bad work ethic which you can’t change okay.
Mike Johnson
Okay.
David Spark
Now the other situation is you can get great tools but you will have to cut down your team to just yourself and one other person.
Mike Johnson
[LAUGHS]
David Spark
And that one other person still also has a bad work ethic.
Mike Johnson
Okay.
David Spark
So [LAUGHS].
Mike Johnson
Alright.
David Spark
So which one is worse? Both have bad work ethics, one has tools, one doesn’t but one is a medium sized team with no tools and one with you and one other person with a bad work ethic with tools.
Mike Johnson
Okay so the reality is because they both have bad work ethics you can just remove them. Like that’s not part of the decision making and then you’re let with medium sized team and no tools versus very small team but tools.
David Spark
Extremely small.
Mike Johnson
Extremely small. I think generally what I would lean towards is more a place where I have people who can do– they’re still going to do work.
David Spark
No but this is the thing. You have mentioned this before but you can’t throw away the bad work ethic because the people with the bad work ethic aren’t going to necessarily make tools for you.
Mike Johnson
That’s not the path I was heading at.
David Spark
Okay.
Mike Johnson
I wasn’t heading down the make tools path because that’s the bad work ethic but at the same time if they really are that bad the situation will take care of itself, the people would no longer work for the company, that’s the solution for the low work ethic which I guess is kind of now having me change my mind to.
David Spark
[LAUGHS] Hold it, how about this. I’m going to throw in the real story to add some color to this.
Mike Johnson
Okay.
David Spark
So this person says I’ve got a team of people who are there only because they stayed around for 10 plus years but don’t have any aptitude skills in any area of security, no soft skills even like doing tasks I give them, that’s pretty bad all the way around okay.
Mike Johnson
Yep.
David Spark
And they don’t have the right tools either. Now tools are either bought in an ad hoc way and simply tossing without any configuration or anything but as far as to met someone in a similar organization as I and he doesn’t have a team like I do, he did it all on his own and basically where he was for two years goes is where I can realistically aim us to be in a year but I may not get the budget unless I decide to cut my team.
Mike Johnson
So there’s a variable there was left out of the scenario.
David Spark
Okay.
Mike Johnson
They have existing tools, that’s the scenario that you just read out was I have a team, tools were bought in an adhoc manner with no real rhyme or reason to them. I’m now back to that one being the better of them because.
David Spark
Well we’re adding this to the story.
Mike Johnson
I’m going to fire all the people over time, that’s what’s going to happen and.
David Spark
But you know how this game works, you can’t do that. You’re stuck with these people.
Mike Johnson
That’s what the reality is they’re going away. They will work themselves out of a job very quickly, so.
David Spark
Alright, we got to bring Arvind in on this one.
Mike Johnson
Yeah.
David Spark
Alright Arvind do you agree? The scenario you think is worse, I’m sorry Mike.
Mike Johnson
Is the second one.
David Spark
The second one where it’s just you and one other person and you do have tools but you got, okay. So [INAUDIBLE] it’s crap tools and crappy configured, Arvind which is the first scenario, go ahead.
Arvind Raman
Yeah so I actually think the first one is worst the reason being is, it depends you said they’ve been there for a long time.
David Spark
Yeah 10 plus years and it seems like they’re completely useless.
Arvind Raman
But and it’s effortless, yes it’s not easy to just let them go either right at the end of this.
David Spark
No, yeah they’ve got some serious tenure here.
Arvind Raman
Tenure right. But as the other one is more of a potentially greenfield opportunity where there is tools and I can then as a CISO potentially justify adding the members based on what I see from the tools and say like in order to better perfect our organization, we have tools but no one to use them. I men the people.
David Spark
Well hold on, first let me just also qualify Arvind in a perfect world you could do what you’re saying but in this game the way it ends up and the way it begins stays the same [LAUGHS]. Like you only get your one team member, that’s it, it stays that way.
Arvind Raman
I would still pick two.
David Spark
You’re still staying with your answer though.
Arvind Raman
Yes.
David Spark
Okay. Mike how do you feel? Are you changing your mind at all?
Mike Johnson
No, no because it really just comes down to which of the bigger problems are you willing to try and tackle, you know, because you’re going to have to go after one of these and it’s either is getting budget really hard, that’s the first one because the second one has a budget for tools and they can do whatever they want but the second one is they don’t have the ability to hire more people and ultimately that’s what it comes down to is which of those particular problems do you want to tackle first. We’re going to have to tackle them both but which one do you want to go after first.
Um, maybe you shouldn’t have done that.
David Spark
Both of you have embraced zero trust principles for your respective organizations, but you didn’t get to start with a clean slate. You had to work around a pre-existing IT and security architecture. When you have a greenfield situation, which very few have, it’s far easier to deploy zero trust principles. So I’m going to start with your Arvind, looking back at the steps you’ve taken so far in your journey, what would you say is the one element of an existing infrastructure that causes the greatest headache to deploying zero trust?
Arvind Raman
I would say it’s not the existing infrastructure that gives me the headache, it’s actually the need for change. People find it hard to change. Change is hard and we all know that. Humans don’t change easily. So when you’re trying to introduce some new concepts to the organization, you know, yes there are legacy environments that zero trust not necessarily placed well but having said that zero trust is the new fancy word right, you know, citrix is a concept of zero trust. We had that for decades. So we have used that in the past but when it comes to introducing a new concept in security, the biggest hurdle I find is people and how we as security leaders, you know, need to overcome that from a change perspective.
David Spark
Mike do you agree or disagree with this assessment of the toughest part of zero trust.
Mike Johnson
I think that’s a really good point that change management is likely the biggest challenge. In terms of being able to get the by end that you need, you’re moving people’s cheese and that’s never an easy thing. So figuring out how you get the by end all across the company at the highest and lowest levels because it’s going to impact everyone, that’s really tough.
David Spark
So it’s architecture the mind, not architecture of the environment?
Mike Johnson
Yes you could look at it that way as architecture of the minds, plural, of all across the company and the infrastructure side it’s not easy. There is still plenty of work that needs to be done but once you can get the mind share then it’s a little bit easier to go and tackle the technical side of it. So I do agree with Arvind that it’s the change management.
David Spark
So is it architecture of the mind that’s the toughest thing? Would it be far easier to hire a company of nothing but young children who have yet to be exploited?
Mike Johnson
[LAUGHS] So I used to work for a company where one of the co-founders talked about the beginner’s mind as a concept and that’s kind of what you were saying like facetiously but the reality is if you can change folks perspective in the way that they look at things to bring a beginner’s mind, yeah that actually would help a lot.
David Spark
Arvind is there a way that you could sort of get people to sort of rid themselves of old ways of thinking of doing things or is there a way maybe like a component by component way of doing it? You mentioned like the opening tip. You talked about the fundamentals can change. We get very stuck on the concept of passwords. Passwords are comfortable with us. The concept of password less is a little uncomfortable for us but that could be the new fundamental or what we’re pushing towards, yes?
Arvind Raman
Yes absolutely. And I think the one way to look at zero trust is at the end of the day if you can find the value for people and business right. So the way I tried to promote zero trust is more like trust but verify right, you know, zero trust can be a negative term for some people but underlying value is two things right. It can reduce the attack surface for an organization while enhancing the end user experience. If you had to say like zero trust how Google that implemented beyond [UNSURE OF WORD] and what not. It allows the people of organization from everywhere to access from anywhere. So that freedom, the traditional way of, you know, first up this VPN software, enter your credentials and, you know, whether you’re in Singapore or whether in Australia you’re routed to a central [INAUDIBLE] before you can go out anywhere, you know that [UNSURE OF WORD] legacy or latency and what not right, so. So it’s all about I guess providing the value for what zero trust can do for you as an organization. I think you got to talk about it from a business proposition perspective in terms of how zero trust can add value to your business and help you differentiate and this could help you attract top challenge.
That’s something I’d like to avoid.
David Spark
Mike what are security red flags and as a security professional considering working for a company that has these red flags should you run or consider it a challenge? So the reason I bring this up is over on the cybersecurity subreddit, a redditor asks, “If a company doesn’t have simple email protections like a DMARC policy, do they really take their cybersecurity seriously?” What do you think? Is a red flag a challenge or a signal to run as far away as possible?
Mike Johnson
[LAUGHS] So it certainly depends on the red flag. I don’t know if that.
David Spark
Obviously. So give me like an example one way or the other of one.
Mike Johnson
I think a company that very blatantly paid no attention to security so it could be something like they had a breach and they didn’t handle it well and maybe they had a second breach with the same behavior, that’s now a pattern at that point that they’re not taking security very seriously. That’s a red flag to me. A company that maybe has a breach and handles it well, like talks about it, that’s not a red flag to me. Breaches in of themselves are not red flags to me it’s really about the mindset and the perspective that company brings. You know if they don’t have DMARC policy, you know, that’s solvable. That’s something that becomes high on my priority list if I’m joining that company. It’s hard to put something down and say or if they’ve had two breaches then that’s a red flag.
David Spark
Let’s touch on the DMARC policy. DMARC policy is pretty standard, you kind of need it and if they don’t have it shouldn’t that warrant like further investigation well if don’t have DMARC policy what else don’t they have or are they not aware of and, you know, wouldn’t that warrant further investigation at that point?
Mike Johnson
So again if it’s a company that I’m considering going to work for it’s different than what the redditor asked but if it’s a company that I’m considering to go for work I don’t see that as a red flag. I see that as they haven’t looked at all of their security problems and that’s why they’re trying to hire a security leader, potentially a first time security leader because they haven’t had someone keeping their eye on it. That’s a tiny thing that if you’re not really well versed in security you might not look at it. So therefore go and hire someone who is.
David Spark
Alright Arvind you were nodding your head along with that. How do you feel about these, you know, red flag and Mike sort of put together the two things that DMARC policy, no big deal, you know, they’re looking for someone like me versus they’re poorly handling breaches that’s something to stay away from.
Arvind Raman
Yeah I tend to agree with Mike but I also want to add like when somebody had a breach right, I think the first thing I would look for is have they learned from it, I think that’s something that Mike mentioned as well but when I’m looking to work for a company and I did that when I was looking to join Mitel as a CISO as well right, I want to understand what is the business objective? What is driving the need for hiring a security leader, why do you need it now? And then what I will be looking for is are they looking at me to see how I would solve their business objectives right, why and what do they need a CISO for or security leader and then do they have the right atmosphere, right buy in. So make sure that if you’re looking to go work for a company as a security leader I will want– it’s a two way street right, you know, interview at that level is a two way street. You want to make sure that you are actually comfortable going into an organization which believes in security for the right reasons. The right reasons could be customer needs, the right reason could be reputational, right reason could be regulatory but as long as there is a right reason for them to believe in it. And then most importantly I want to make sure they understand that risk in the digital world cannot be eliminated, can only be effectively managed. If I hear otherwise in an interview then I’ll probably want to stay away from it but if they understand that even though it may be considered a red flag that they don’t have a security leader, I’m happy to join them right at the change.
David Spark
Excellent. Well that brings us to the very end of this show. Thank you so very much Arvind. That was Arvind Raman who is the CISO over at Mitel and Arvind I’m going to ask you this and hold your answer because you’re going to have the last word on this. So first make any plug about Mitel you want but also I’ll want to know if you’re hiring too because we always ask our guests if you’re hiring too. Hold on to that for just a second. I first though want to mention our sponsor Horizon 3.ai autonomous penetrating testing is a service that hot new area that is giving a lot of buzz. Please check them out at horizon3.ai. Mike any last thoughts?
Mike Johnson
Arvind thank you so much for joining us. I really liked how frequently your answers focused on change, change management and being interested in helping to change an organization and I think that’s something that we haven’t discussed enough on this show. So thank you for bringing that perspective. I also want to go back to something that you’d said when looking at the security market place and this is advice for those vendors who listen to our show, be able to ask the question what is it that you do or what problem are you trying to solve. Expect that question. And so that’s a really good nugget for folks who listen to the show, they need to be able to answer what problem are you trying to solve. So thank you for sharing that nugget and for coming on the show in general and sharing your wisdom, thank you.
David Spark
Alright Arvind, any plug for Mitel you want to end, are you hiring?
Arvind Raman
I am absolutely hiring, always hiring. So interested people can contact me or apply on-line for mitel.com.
David Spark
I’m sorry, very quickly, how do they contact you? What’s the best way?
Arvind Raman
LinkedIn.
David Spark
Okay LinkedIn, Arvind Raman. And also by the way on the post here we’ll have a link to your LinkedIn profile as well and I’m assuming theirs is mitel.com/jobs or something like that?
Arvind Raman
Yes.
David Spark
Alright, go on.
Arvind Raman
I really appreciate having the opportunity to come onto this show and enjoy the discussion with you both David and Mike, thanks for having me.
David Spark
Well thank you for coming on. We greatly appreciate it and we greatly appreciate our audience as well. As always please, you know, you can always submit stories, submit what’s worse scenarios, today we had a split that’s my favorite kind of what’s worse scenarios when.
Mike Johnson
It’s true.
David Spark
And the guests disagree. Oh by the way the web address I’ve been informed Arvind it is not Mitel.com/jobs, it is mitel.com/careers, that’s where you should find all the jobs at mitel.con. By the way Mitel is spelled M I T E L.com not M Y Q 3Xs, T and a F which is the way every new start up is spelled these days. So thank you very much Arvind, thank you very much Mike, thank you our audience for all your amazing contributions and for listening to CISO Security Vendor Relationship Podcast.
Voiceover
That wraps up another episode. If you haven’t subscribed to the podcast, please do. If you’re already a subscriber, write a review. This show thrives on your input. Head over to cisoseries.com, and you’ll see plenty of ways to participate, including recording a question or comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at david@cisoseries.com. Thank you for listening to the “CISO/Security Vendor Relationship Podcast.”