We’re All Still Learning Cyber

We're All Still Learning Cyber

Learning cyber is not a question for those who are just starting out. It’s for everybody. Where and how do we learn at every stage of our professional careers?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor, SlashNext

SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext’s phishing defense services for email, browser, mobile, and API.

Full transcript

[David Spark] Learning in cyber is not a question for those who are just starting out. It’s for everybody. Where do we go to learn at every stage of our professional careers?

[Voiceover] You’re listening to Defense in Depth.

[David Spark] Welcome to Defense in Depth. My name is David Spark, I am the producer of the CISO Series. And joining me for this very episode, you’ve heard him many times before, but I want to make sure you attach the name with the voice. It’s Geoff Belknap, CISO of LinkedIn.

[Geoff Belknap] Hey, everybody. I’m Geoff Belknap, the CISO at LinkedIn.

[David Spark] Yes. He even repeats sometimes things that I say.

[Geoff Belknap] Sometimes I repeat things that you say.

[David Spark] Like that. Oh, are you going to be like the annoying brother that just keeps echoing what I say, and I yell, “Mom! He’s copying me!”

[Geoff Belknap] I feel like that’s the relationship we’ve had. That’s the magic that’s worked so well.

[David Spark] Yes. Oh, God.

[Geoff Belknap] Let’s lean into it.

[David Spark] Let’s lean into being irritating siblings.

[Geoff Belknap] That’s what people tune in for, right? The irritating banter? Yeah, okay.

[David Spark] I believe so. Our sponsor for today’s episode is SlashNext – all about phishing protection, multichannel phishing protection for email, mobile, browser, and API. More about SlashNext later in the show. Geoff, when we talk about cyber education on this show, the majority of it is around what those new to the industry should do, or what certification you may need to get to move up. But the reality is there is no time you end your education and never be ashamed that you don’t know something. So, it’s something our guest today actually brought up in a post on LinkedIn to an enormous response. And do you feel that at your stage where you’re a CISO now, that all your education has to be self-directed, or do you find yourself ever falling into any kind of formalized training yourself?

[Geoff Belknap] Oh, I find first of all that even as a CISO, what I’m really good at now is identifying quickly all the things that I need to learn more about and need to learn completely fresh. I am absolutely happy to go do that in a self-directed manner, and I think formal classroom education, for whatever that means in a quasi-post-COVID world that we’re in today, I think that’s great too. It can be challenging to find time to do that, so I think that’s part of the conversation I want to have with our guest today, of like how do we make this work? Especially if you’re busy, and you’re focused on your role. How do we fit this all in? What should it look like? Let’s get to it.

[David Spark] I like that setup. Excellent. Well, let’s bring our guest on, which we’ve had on other shows here on the CISO Series network, but the first time he’s been on Defense in Depth, and I’m thrilled that he’s here. It is Jerich Beason, the Commercial CISO over at Capital One. Jerich, thank you so much for joining us.

[Jerich Beason] Thanks for having me. I was ready to say that I’ve now appeared on all three of your shows, but you had to go and create the Capture the CISO show. Thanks for increasing the runway on that bucket list item.

[Geoff Belknap] Staying one step ahead of you.

[David Spark] Actually, five shows now. There’s another show I’ve got to get you on, the Super Cyber Friday.

Where do we begin?

3:00.513

[David Spark] Carlos Rodriguez said, “One of the best qualities leaders can display is humility by asking for help.” And James Bore at the Bores Group said, “Learning to seek help is right up there on the top skills list.” And lastly, Richard Phillips of Lewtress Natural Health said, “Don’t be afraid to ask most people. Even those high up in the tree want to be wanted and feel good if they have helped someone else.” So, this is kind of a very generic setup of – you know what? We’re all learning. It doesn’t hurt to not know and ask for help, simple as that. Yes, Geoff?

[Geoff Belknap] Yeah, I think the number one thing you can do as a leader, especially as a security leader with a discipline as fast-changing and the landscape is always improving and increasing in complexity, is when to ask for help, when to say, “Hey, I don’t know as much about this as I might have,” or I think one of my favorite things to do is to say, “Hey, you’re a subject matter expert,” maybe you work on my team, maybe you work on a different team, “Do you think you could educate me a little bit about this thing that you’re working on?” And what I find is, especially in those kind of cases, people are really excited to talk to you about that thing that they specialize in, or something that they’re working on.

[David Spark] They are not shy of wanting to teach others at all.

[Geoff Belknap] That’s right. So, one of the best things you can do, I think Carlos is right here, is a leader should be humble, and one of the best ways to model that for other people is to just ask when you don’t know something and to admit and be willing to admit in a meeting that you might not know, or you might be wrong and to look for opportunities to become more informed.

[David Spark] Simple as that. So, have you, Jerich, on either side, been asked and asked yourself when you needed help?

[Jerich Beason] Constantly. It’s part of the job. Anyone that’s been in cyber or tech long enough knows that the only constant in our industry is change, so there’s always going to be something new to learn, new adversaries, new tactics, new cloud providers, new quadrants, new hype cycles. The list really goes on and on. It’s really about identifying who your subject matter experts are going to be, who you can go to, when you can go to them, and approaching them with a very teachable spirit.

[David Spark] You know, there’s also this thing, and I talk about the connectors, the power of the connectors, the person who knows the person who knows that thing. Do you know, can you think of a person like that, Geoff or Jerich, of like, “Oh, when I need to know something, this guy may know, or woman may know, or they’ll know the person who does know.” Do you have that kind of resource that you go to?

[Geoff Belknap] I think for me, I’m very lucky in that I spend a lot of time in the CISO community and the security community writ large building relationships with people largely because, look, I feel like many days I don’t know anything. And a lot of people in the security community spend time focused in certain areas, and you can figure out like, “Hey, is this a network segmentation thing? Is this a malware thing? We talking about threat intelligence? What are we talking about?” There’s almost always somebody in the CISO or the broader security community that is really good at that thing, that’s well-known for it, that is happy to take 30 minutes or an hour to talk about it.

And I honestly, this is the thing that – sorry, sales folks – this is the thing that sales folks hear and maybe lean into the wrong way, or maybe the right way, but that practitioners don’t lean into enough. It is A-okay, and I think even advantageous, like if Jerich is familiar with something that I don’t know, why wouldn’t I reach out to Jerich and be like, “Hey, man. I saw your talk or a blog post you put out; I hear you’re working about this thing. Can we talk about it for 30 minutes over coffee or Zoom or whatever?” The more you take risks and put yourself out there, you connect to people, and you connect to their knowledge, I think the better everybody is for it.

[David Spark] Jerich, your final thought on this?

[Jerich Beason] Yeah. The CISO community for the most part, once we become CISOs, we’re generalists, but we all specialized in something at some point. And I identify those people and I keep them close.

What are the complaints?

7:06.414

[David Spark] Ken Underhill of Cyber Life said, “If any cybersecurity professional claims to know everything, then I know they’re one of the charlatans.” And Matt Doan of Transcendent Media said, “The ‘know it all’ leader is a red flag and seriously unnecessary in the post-content age. Better: leaders that infuse a ‘we can learn this’ mindset across their organization.” So, Jerich, I’m going to go to you first. I will say when I started reporting in cybersecurity, I’m going to say maybe a dozen years ago, and those first 5 years of that, so I’m going to say 8 to 12 years ago especially, but even a little more recently, I ran into a lot of know-it-all cybersecurity people. A lot. And there was a lot of “just listen to me” and a lot of “I told you so” kind of behavior. Just purely anecdotally, I see far less of that now. Would you agree or disagree?

[Jerich Beason] I would agree. I would think the know-it-all leader went out the door with the leader that says “no” all the time. It kind of happened around the same time. I think Socrates said that the only thing he knows is he knows nothing at all, and the longer you’re in security, the more that quote resonates with you. So, acting in contrast to that is actually what shows self-awareness. My value isn’t in the individual knowledge I have, but more so in the knowledge of the teams I build and the networks I’m part of, and collectively they have far more experience than I ever will. And when you understand that, you naturally value the ideas and input of everyone around you, you embrace opportunities, you add diversity of thought to your teams, and you really create an environment that fosters inclusive and learning cultures.

[David Spark] I’m going to throw an odd thing at you, Geoff, and you tell me if you agree or disagree. I am sometimes so overwhelmed with what I have to learn within my expertise, and there’s things I want to learn, but I realize I know people who are experts, I’m never going to be as good as them, so I often just defer the knowledge to them in the sense that I just don’t have the time to learn all this, but I know and I trust them. Do you ever find yourself in that position, you’re like, “I can’t learn this all, but I do trust these people because I do know that they know it better than I, and there’s no way I would get up to their speed”?

[Geoff Belknap] Not only do I do that, I swear by it. Boy, I can’t stress enough. I feel like Jerich just hit every point I would want to make on this previously, so I don’t have a lot to add to it. But in a security role, especially a security leadership role, you are not adding any value if you are holding yourself out – the security leader – if you’re holding yourself out as the smartest person in the security department. That’s not the role of the CISO. The role of the CISO is, as Jerich said, bring all of the subject matter experts together, build a team that has that depth and breadth of knowledge, and apply a layer of either governance or risk-making or whatever the objective is for your team so that you can use that knowledge to further the goals of the organization. You cannot learn how to do everything, and you cannot let people believe that you as the security leader or in any role know everything. That’s how you fail, that’s how you get people believing that security is solvable. Like, “Well, if this guy knows everything, then we can solve the problem.” It’s not realistic, it’s not helpful, and I think the reality is it kind of makes you a crappy leader if you’re going to be the one that tries to know everything.

[David Spark] Jerich, you didn’t come out of the womb as a CISO. You worked your way up.

[Geoff Belknap] Wait. Is that an option?

[David Spark] I don’t know. That’d be kind of cool, like out of Zeus’s head, pop right out. But there was a time you were a practitioner, and you were the expert, and yet the knowledge that you had back whenever you were not a CISO is becoming less and less relevant. And so do you feel – and Geoff, I definitely want your answer to this too, and I know you said your job is not to know everything – but being that your knowledge that you did have is becoming less relevant, how relevant do you feel as a leader if you feel much of your core knowledge is sort of falling away? Jerich, you first.

[Jerich Beason] Yeah. So, the knowledge that has changed is I no longer know how to turn the knob, I no longer know how hard to hammer the nail, but I know what good still looks like. So, as a leader, I can still direct them to do those things without being able to do them hands-on myself. And there’s very little value in me getting that deep into it because then I limit their ability to grow and their ability to develop, and I’m spending time not dealing with the executive types of conversations and the strategic type of conversations that I need to be having. So, there’s a balance once you become a leader in knowing where you need to stop working, and where you need to allow your team to, and you need to trust them to do so.

[Geoff Belknap] Yeah. I feel the same way. I came up from the networking side, telecommunications and network architecture, and certainly, those are the technologies I can pick up the quickest just because I’ve had a lot of experience. But what I realize is I’m never going to go back and get a CCIE at this point, and I’m never going to be configuring switches or routers again. But what I also realize is, to Jerich’s point, it’s my job to know what the outcome the organization is looking for. And when I can bring all those right people together to drive that outcome, I don’t really need to know the specific details of how we got there.

Sponsor – SlashNext

12:33.731

[Steve Prentice] Phishing has long been the scourge of workplace security. A single mistaken click can invite all kinds of trouble into an organization. Jeff Baker, director of solution engineering at SlashNext, says his company is all about eliminating this problem in a unique and effective way.

[Jeff Baker] Most people associate phishing as an email problem, but it really is anywhere you can make a click. So, it can come from your browser, it can come from a thick client, but we’re all about protecting organizations from making bad clicks on computers and on mobile devices.

[Steve Prentice] Their proprietary technology researches URLs independently to locate dangerous links before they get to the human user.

[Jeff Baker] We are not dependent on a domain’s reputation, so we don’t care if it’s on sharepoint.com, onedrive.com, google, etc. We are not operating from a list of known bad. We scour the web looking at tens of thousands of feeds, and we see over a billion URLs a day, and we run those URLs through our scan engine. We named it SEER – Session Emulation and Environment Reconnaissance – and it literally will detonate those URLs in this cloud, and we use machine learning classifiers to look at the artifacts within that web page. We don’t trust URLs; therefore, we verify them. And that’s the real difference between the way SlashNext does it and everybody else.

[Steve Prentice] For more information, visit slashnext.com.

What are they looking for?

14:08.480

[David Spark] Maurice Miller of Tata Consultancy Services said, “Researching and finding a solution that works in your environment is a skill in itself.” Mohammad Abu Jarour of Qualys said, “What sets talented and successful people apart is the ability to find, learn, and apply the knowledge to complete your task in the desired timeframe.” And lastly, Shawn Bowen, CISO at World Fuel Services, said, “Along a similar vein, a lot of us have the certifications you have or are chasing but couldn’t pass them today. We just keep paying our ‘cert tax’ to keep them current.” I was reading that quote, Geoff, and I said to myself, “If I took the SATs today, I would fail miserably.” How bad would you do?

[Geoff Belknap] I didn’t do great on them the first time around. I definitely peaked on the ACT side which I don’t know if that’s even a thing anymore. To some extent, I have to ask Shawn why are we even trying to keep our certs alive? Are they really that relevant or are we just fully invested in something that was important to us in the past? I don’t think either of those things are bad necessarily but…

[David Spark] It may be tied to his job, I don’t know.

[Geoff Belknap] That’s possible as well.

[David Spark] You think like in the legal profession, you have to maintain your license.

[Geoff Belknap] Oh, yeah. You have to keep your…

[David Spark] Continuing education.

[Geoff Belknap] …continuing education going. And honestly, infosec would really benefit from some of that. Although the thing I would say is maybe not even the technical continuing education, but let’s focus on the reason that there is an infosec or a security team to begin with, and that’s to manage risk for the organization. And I find that it’s good to remind people that that’s the job, that we’re not actually here to always implement the most technically correct, dogmatically correct security program that could possibly be built ever because that’s not generally the reason these organizations are in business. They’re there to provide value to someone in some way, ad security is a part of making sure that they’re doing that and that they can continue to do that. I think continuing education is something that gets lost on more technical disciplines like security, and it would really great for us to bring back.

[David Spark] Let’s get to actually something that Geoff brought up at the very beginning, Jerich, is how do you find time to educate yourself. Do you force yourself to have it, or is it just on a need-to-know basis? How do you do it?

[Jerich Beason] So, there’s formalized education and then there’s organic education. So, I’m organically educated by being around smart people all the time. But then there’s platforms like LinkedIn that are just constantly barraging you with ideas and suggestions and so forth. That being said, sometimes we’ll go and look to do something new or go into a new industry, a new framework, whatever it may be, and then, yeah, you have to do the research, you have to find somebody or some type of training program that offers you an opportunity to grow in that area, and you make that investment yourself. The investment in yourself is necessary as a leader because as the leader grows, the team grows.

[David Spark] And do you find – by the way, everyone learns completely differently. For example, my wife just adores classroom-style education. So, I’m assuming you kind of learn from your staff, like some staff say, “I really want to take this training course,” or something like that. I’m assuming there’s some budget that both of you have for your staff to learn, to educate. Whatever they say, “This is the way I like to do it,” you’re kind of all onboard. Yes, Jerich?

[Jerich Beason] Absolutely. One of the things I do when I have my team go do a training is they have to write down what they’re going to get out of it, and then they have to come and bring that back. We’re not going to have you put something in your head, and we get no outcome from it. So, part of that includes teaching everyone else, so we can have a train the trainer type of approach.

[Geoff Belknap] I think that’s really important, but I want to tease out something you said earlier, Jerich, that I don’t think we in a community spend enough time talking about, which is we also have to redefine what learning is. Learning is not just going to a class; it’s not just going to a talk. Learning is doing something different with people that are skilled in something that you’re not. Learning can be working on a problem or a project that you’ve never worked on before and solving that problem with people that you haven’t partnered with before.

And it’s interesting – sometimes you’ll hear from people that are like, “Ah! I’m not learning anything! I’m not growing in my career!” And you’re like, “Well, wait a minute. Didn’t you just complete a project that this company has never completed before? Didn’t you just work with a team that you’ve never worked with before? You’re learning, you’re growing in your career professionally.” At a certain point, I think the whole premise of this is like look – when you’re starting in your career, the learning is much more formal and structured. As you’re growing in your career, and as you’ve spent 15, 20 years in your career, it’s almost never going to look like structure. The learning has to come from different places, and you have to recognize that and value it for what it is.

[David Spark] And let me also add that, and I cannot remember who told me this, but one leader said when they send their team to Black Hat, they make everyone give a presentation of what they learned at the conference, which I think is enormously valuable. Because I think that’s one of my fears of going to these security conferences. My knowledge is just what I happen to see and hear, and the event is far bigger than that. And if literally everyone is having that experience and then we all get to share it, I think it’s powerful. Have either of you done something similar?

[Geoff Belknap] Absolutely.

[Jerich Beason] Yeah.

[David Spark] All right. Let’s just cap it at that.

What aspects haven’t been considered?

19:38.463

[David Spark] Michael Bauer of Malwarebytes said, “Most importantly, the things that seem like they should be easy change every day so ‘knowing’ the answer usually means you knew the answer.” And Shakira Kelly, formerly of Expedia Group, said, “It’s also through the exploration, info searching, and research that we learn and can expose ourselves to diversity of thought.” So, the eagerness to learn that way, to learn different concepts is great here. And Tyler Robertson of SHI International Corp. said, “The wall of information when you step into this career field is Game of Thrones-sized! Acknowledging we don’t have to retain all of that in our heads is a big burden off the shoulders of those just entering.” That’s good advice for everyone coming in. Jerich, you’re nodding your head?

[Jerich Beason] Absolutely. So, I really like what Tyler’s saying here. The reason why I wrote the post was to provide some encouragement for everyone out there that is looking to enter or recently entered the field. It can be overwhelming to learn all the ports, get up to speed on all the frameworks, develop expert knowledge on all the cyber tools, memorize acronyms, the list goes on and on. News flash – I’m going to go out on a limb here and say this – all CISOs use Google, maybe Bing in Geoff’s case, and I can’t tell you how many times I hear a term said mid-meeting, and I’m quickly looking it up. And I believe the example I gave in the post was that I still use subnet calculators when I need to roll up my sleeves. I have no shame in that. Some information is use it or lose it, and I lost it. And I want anyone else that’s out there to not feel that shame, and I was hoping that that post would unload that shame for them.

[Geoff Belknap] Yeah. Look – I feel like at this point my brain, the parts that have not been reduced to mush are just reference pointers. I remember key words that I can go search for, I’m like, “I’m pretty sure I can go find the answer. I remember what this is.” I feel zero shame about that. If I learn one more thing, I’m going to forget my kids’ birthdays. So, I feel really comfortable knowing that I have this entirety of the world’s knowledge at my fingertips. Now, that’s not to say I’m walking – much to the chagrin of many of my close direct reports – I’m not walking through the world completely absent of information and knowledge, but I don’t need to have that detailed knowledge of every aspect of every technology anymore. A lot of times, it’s just not relevant to what we’re doing day to day.

[David Spark] I – again, going back to what I said earlier – I am always fascinated by that person who’s the connector, the person who knows the people who know. That’s the thing that I’m most fascinated by. My guess is all three of us are on different Slack communities. I see this happening on Slack communities. I mean, I’m assuming that’s one of the quickest ways, if you can’t find it within your own internal team, yes?

[Geoff Belknap] I think so. One of my favorite parts about some of these security Slack communities is just the like, “Hey, I’m solving this problem this way. Anybody else solving it a different way?” And they’re not saying it inherently, but that’s like you’re looking for diversity of thought, you’re looking for diversity of perspective, and based on the amount that I see people asking for it, it’s desperately needed and highly valued.

[David Spark] Jerich?

[Jerich Beason] Absolutely. I always say that the comments section on LinkedIn is more powerful than the posts because that’s where you get all of the input from everybody else. We’re crowdsourcing information and we’re drowning in knowledge, and we’re just hoping for tidbits of wisdom, and we get that from those people that we’re around.

[David Spark] And I will say this – if you’re not following Jerich on LinkedIn, I highly recommend it. And by the way, he will be linked to on this post. He always poses some really thoughtful discussions, like the one we’re having right now, and there’s lots of great commentary in it as well. By the way, for those of you don’t know, this whole entire show is built on 98% of the time LinkedIn posts because of all the great thoughtful commentary.

Closing

23:32.895

[David Spark] All right. We’re at the end of the show, and I want to know your favorite quote, but I’m going to add an extra thing here. Not only do I want you to tell me your favorite quote here but give me a learning resource you use that maybe our audience doesn’t know about. So, don’t suggest LinkedIn and Google, which is what the majority of our listeners do. Just a learning resource that could all enlighten us. Jerich, you’re up first. What was your favorite quote and why, and a learning resource?

[Jerich Beason] At the top of it, Carlos had a quote on humility that really stood out to me. It’s the foundation for learning. A humble person is a seeker of knowledge, and a humble leader recognizes the greatest value and the source of knowledge is in their network, not in their heads. So, I think you can learn from anybody as long as you possess that teachable attitude. If I think about where I learn in an unconventional way, I would probably say Twitter. I’m a long-time consumer, never have contributed, but there are so many people that are not on LinkedIn that are on Twitter, and that’s that diversity of thought that we’re talking about.

[David Spark] It is a different conversation on Twitter, I must say.

[Jerich Beason] Absolutely.

[David Spark] All right. So, Geoff, what was your favorite quote and a good resource?

[Geoff Belknap] I think for me, my favorite quote’s probably Shakira here who said, “It’s through that exploration, information searching, and research we learn and expose ourselves to diversity of thought.” And I think not only is that true as I’m trying to learn, I think it’s true as I’m trying to hire and look for people that have had different life experiences, had different career experiences, maybe grew up different places. All of that especially [Inaudible 00:24:58] super, super-valuable.

I think for learning, since Jerich took my other favorite one and this podcast is practically co-sponsored by LinkedIn, I would say your informal networks of friends. I think friends and colleagues and people in the community, whether that be through Slack or whether it be through Twitter or in person, heaven forbid, I find that to be one of my favorite sources of information. Because I want to hear what other people are working on, I want to learn about that thing, I want to learn something that they learned about something that I’m working on that I didn’t know yet. And more importantly, I want to learn what I don’t know yet. And a lot of times I’ll find that pure CISOs, and I bet Jerich is working on something that I haven’t thought of yet, that is really high-bandwidth learning for me.

[David Spark] All right. That now brings us to the end of our conversation. Huge thanks to our sponsor – SlashNext. Thank you so much for sponsoring this episode, and we appreciate you as a brand-new sponsor of the CISO Series. Remember – they are phishing protection, pretty much wherever you can get a message to come in. So, check them out at slashnext.com. Jerich, we always let our guests have the last word, and I always ask are you hiring, and I’m going to assume yes, you are, because everyone’s still hiring, but you’ll speak to that specifically, and any last thoughts on this as well.

Geoff, for those of you don’t know, is always hiring, and if for some demented reason you wouldn’t want to work with Geoff, first go to a doctor, find out what’s wrong with you, then if they found out there is something wrong with you, you don’t want to work with Geoff, guess what? LinkedIn has lots of other jobs that you can work at, like possibly with Jerich, which would be a perfectly fine other person to be working with as well. Geoff, any last words?

[Geoff Belknap] I don’t know if Jerich is the inverse of me, but certainly if you don’t want to work with me, you don’t want to work with Jerich, there are lots of great opportunities in information security. Go find one. You’ll be very happy.

[David Spark] Yes. All right. Jerich, any last thoughts and are you hiring?

[Jerich Beason] Yeah, I’ll just end it with this. I’m of the belief that there’s really no finish line when it comes to learning in cybersecurity, and the moment you feel like you’ve arrived, complacency sets in. And look at the people that got their MCSC in Windows 2003. They were the highest-paid cream of the crop back then. Today, if they haven’t continued to grow, they’re obsolete. Don’t be that person. And yes, Capital One is hiring. We have about a hundred roles open from engineer to senior director. Go to our Careers page. A lot of opportunity.

[David Spark] Awesome. Well, thank you very much to our audience as well. We greatly appreciate your contributions as always, so keep them coming. We greatly appreciate it, and for listening to Defense in Depth.

[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe, so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please – write a review. Leave a comment on LinkedIn, or on our site CISOSeries.com, where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOSeries.com. Thank you for listening to Defense in Depth.