Skip to main content
Right of Boom
January 30, 2025

August 3rd, 2020

In this video, Wes, Kyle, and Jim discuss the challenges and strategies for fostering a strong security culture within organizations. They explore the importance of executive buy-in, the role of cybersecurity awareness training, and practical steps companies can take to enhance their security posture. Throughout the discussion, the speakers emphasize the need for continuous reinforcement of security practices and the integration of simple, effective tools to mitigate common vulnerabilities. The video also highlights the significance of aligning security initiatives with business objectives to ensure a cohesive and successful implementation.<ul><li>The importance of creating and maintaining a security culture within organizations, highlighting that executive buy-in is essential for its success.</li><li>The challenge of changing company culture, emphasizing the necessity of consistent reinforcement and communication to align employee behavior with organizational goals.</li><li>The role of small businesses and MSPs in cybersecurity, stressing the need for simple, actionable steps and tools to enhance security posture effectively.</li></ul>

Guests

Andrew Morgan

Video Transcript

All right. Week 13. Can you guys believe it? Wes, Kyle, week 13. We started this journey, um, gosh, almost three months ago now. So, You know, some people have like a, a, a bit of a thing about the number 13, like, no, no. 13 row in a plane. No. 13th floor on a, uh, a hotel. But I'm feeling nothing but good about this episode, so I Know, I know. Yeah. Andrew, why you gotta do that to us? Well, we should.

No, look, I, you know, I, I always said when we got this thing started, we were gonna give it the old college try. And, uh, I think it's worked out into something. I mean, look at this. We're at 1932 now. Uh, this thing's blowing up. It's been tons of fun. Let's keep it going. Yeah, absolutely. Well, wanted to do, we'll, we, we've got people. I can see people, you know, still coming in, numbers counting, clicking up. But, uh, wanted to introduce Jim Smith, um, uh, SVP of Sales from Networks.

Jim, welcome. Thanks so much for coming on with us today. It's a pleasure to have you. Thanks. Appreciate it. Yeah. Um, so, um, as people are coming in, um, I have a survey that I'm gonna put up because it's kind of relevant, it's kind of interesting. Uh, I'm gonna put up a survey and then I'll share out the, um, publication, um, later. But, uh, there's a survey up in terms of you get four choices. Uh, you can only select one.

But, uh, what industry do you feel is most likely to click on phishing campaigns? So, you know, Wes, we have some Jeopardy music, uh, that you could share with us. And if I started singing, uh, I might not stop, so why not? Oh, actually, I'm watching the votes go backwards with my music. I better stop, Man. Everyone hating on the bankers here. What's going on? Hey Wes, Man, Wes.

Um, so, um, I think a lot of people are, are probably wanting to know, is that a real, or is that a, uh, zoom background that you have there? This here? Yeah. Uh, you know, why don't we, uh, why don't we pull the audience? Is it real or fake? Gimme a real or fake on the chat. Oh, Okay. I gonna have to create another one for this, Wes. No, no, no. We can just do it right in chat. In chat. Fake. Is it real? Is that real or is that fake?

And this is when We back up in a minute, will he hit a green screen? Jennifer goes with fake. Alright. Hey Jennifer. Good to see you, Juan. Yeah. Getting the fakes lots hard to, uh, oh, Ali, that thinks it's, uh, real. Oh man, whoever said that about the, uh, Atlas office, Nathan, I just saw that, uh, Nathan, you're not allowed to answer this question. Yeah, so, uh, it's, uh, it's, it's either augmented reality or, uh, it is real. Yes, It is very real. Okay.

So, um, as those, uh, poll results come in, um, let me kick things off for us. Um, I'm gonna put the, um, article, the, or the report that, um, I think you guys all should be able to get. Maybe you guys can just click, I checked it in a different browser. Again, stay with us. I just want to share this with you. If you guys can just, someone just click on it, make sure you can access the whole report. It's a really nice PDF done looking report. Is that, can everybody get it?

I was able to without the issue. Yeah. Okay, great. Alright, fantastic. Alright, we'll get right. Let's get on into this today. Alright, so today's topic is, you know, security culture. We heard a lot last time. Thanks, bill. We heard a lot last time about, hey, let's do something on security culture. And so, you know, I am one of these people that is just a, a nerd when it comes to this, everything cyber, right?

So I'm gonna start reading and, and digging into articles and research and, um, what, what struck me is, and I'm gonna share some of the highlights from this article called, um, the psychology of, of, um, this report, the Psychology of Human Under of Human Error. Understand the mistakes that compromise your Company security. The reason I wanted to share some of these vignettes is, you know, we've, we all know, you know, the, the, the data, right?

You know, I all, everybody on this call specifically has heard all the, you know, the, you know, massive, you know, this sta this stat that, et cetera. But what I'd like to, to pose to today's audience is that I think it's beyond just, you can create a security culture. Wes, you and I spoke a lot about this offline and that, hey, you know, we just gonna build a security culture. We're gonna implement security awareness training and everything. You know, we're gonna see results.

And, and that's really what I wanted to pose to you and, and, and Kyle and Jim today. And then we're gonna bring on a gentleman named Phil Redinger, who's gonna tell a little bit about his background. I think you guys are be really thrilled to, to hear about that. So let me just kind of frame out, Jim, before I get to you to start things off here. Here's, you know, what this, um, the, some of the highlights of the stats of this said, and by the way, I just wanna make it really clear.

I'm not saying don't do security awareness training. Let me, let me just be really straight up and clear. That control is critical. If you are in a regulated industry, you obviously need that control. What I am here is to kind of pose something a little bit deeper and, and getting some traction into this. So, again, so, you know, with Verizon data breach report, um, 88% of all breaches are initiated. You know, it's, it's, it's a human error. Okay? So that's stat number one.

Um, let's see what our results were here, gents. Um, people thought you, you know, folks like you, us are the big culprits, um, messing up everybody's day, and then they thought it's healthcare, then media, then it, Kyle, let me throw it to you. You want to take a stab at who are the biggest culprits in clicking? Do you, do you want me to, so I didn't know you were gonna use Verizon, DBIR or your source, but I did pregame some pictures and you know, this answer. Um, you know what?

I'm gonna play the audience. I'm gonna Fair, Fair enough. Well, so, we'll, we'll give it a second here for that answer, but it's really surprising. Actually, I'll tell you right now. It's not financial services and not healthcare. And interestingly, the reason probably isn't, and it's what we're gonna be talk, be talking about today that Jim's gonna hit on is, you know, these are regulated industries that have been doing this for a long time. They have been clubbed over the head.

This has been part of their industry for some period of time, and it's become a cadence for them. It's part of their culture, right? That's one of the things we're gonna start to, to learn about. Um, since nobody's sticking their neck out on, it's not media. You're correct. It is the number one actually. So, and, and, and by financial services is number two.

And the reason they stated the reason it is Ed, almost like you're saying trigger, you know, it trigger it's based on speed that people in, you know, like stressful, um, you know, need to respond type industries. It being the top one, Hey, I gotta help this person. I gotta get back to this person and therefore are the number one culprit. Financial services, again, high demand, high, you know, get back, you know, high net worth clients. Get back to 'em asap.

So, um, and, and that, that was really the expectation to respond quickly. 85% was, uh, it 77% financial. Um, and then men or women, Jim, what do you think men or women more likely to click on? I think it's men for sure. Yep. Absolute, hands down men, um, by the twice as many. So it's 34 to 17%, um, men. And, um, uh, uh, uh, uh, let's see.

And here, the kicker right over into my segue into asking Jim, the first thing is what percent west, you know, again, if it's a third, two thirds or you know, 80%, what percent do you think? Don't ever even think about cybersecurity. I mean, you gotta go at the highest number, right? Yeah, I set you up for that. It's actually, they, they, they, in this survey, Wes, they said it was 33%, don't even Yeah. About it.

And, and, and again, you know, so again, if you think about it, these are big companies. They're surveying where this is part of the whole, you know, governance, culture, et cetera. So a little bit of background. All right, let's get into this, Jim. So research by John Hopkins shows that people following heart surgery, right? Um, it's so hard to change for one person. 90% of them will risk premature death, post a heart incident, then change habits.

So, um, knowing it's hard enough to change one person, Jim, you come into, and the reason I have you on here is I've, I've been fortunate enough to watch you in action. Um, I think you're amazing and dynamic in terms of being able to motivate and, and have a, a culture change.

And that's why you're, you know, I wanted you to, you know, everybody to hear you and see you, but how do you, how do you number one, assess a company culture when you come in and, and how do you, um, you know, take steps to, to start to change things? Well, I'm gonna give you a quote. You know, if you focus on the results, you're never gonna get change. You focus on change, you're gonna get results. That's the first thing, right? Pretty simple stuff.

Um, we as a company, uh, obviously are in the data security space, and we've grown over the last 13 years from being, you know, an audit only change audit company to now being a data security company. And I can tell you, it has not been easy, right? Changing culture in an organization is something that takes constant reinforcement. You gotta constantly remind them, first of all, set the goals, get the buy-in. What is the behavior that you're trying to achieve?

And then it's constant reinforcement. I mean, we have huddles, we have meetings. It's, it's documentation. It's, you know, every Tuesday morning when we do our tmms, which you've shared with us, right? We've been on our tmms where we have over a hundred people dial into those meetings. They're consistent. Every Tuesday morning, we're constantly talking about change. You know, change of, let's say SDR is not being evaluated on KPIs, but being evaluated on revenue, right?

Who cares about your KPIs if you don't have revenue, right? 'cause they're, they're worthless. Um, or, you know, trying to transition my AEs from a perpetual based license to subscription based license, or, you know, trying to go more channel than direct or, you know, MSP being a consumption based model, and it's not a traditional sell. So, and even internally, you know, we force our, our folks, we do, uh, fake phishing emails to see which ones we can suck in.

We let you know we're gonna do it, but then you don't know when it comes in. And, you know, we're, we're mandatory, uh, uh, security, uh, training. You have to take it, right? And so it's constant, and we constantly remind you. So, you know, the only way that you achieve change is you've gotta continue to reinforce it. It's gotta be from the top down. You gotta get buy-in. And if you don't get the buy-in and you can't create the outcome of the behavior, it's not gonna happen.

So, and from an MSP perspective, you know, it's about the data. Everybody's going after the data. You know, you've done a great job of, you know, managing, you know, and outsourcing people's it. But now with regulatory, all the privacy, you've got 23 states now that have instituted privacy laws, right? And it's just a matter of time before the entire country does it. And it's in a mandate like A-G-D-P-R. So it's not about the regulatory. If you're secure, you'll pass the regulatory, right?

So you gotta constantly reinforce it. It's not easy. And, you know, quite frankly, I think the hardest thing for anybody to do is to change. And so you gotta assess the culture. What do I need to do? What's the outcome? What are the things that we need to do? And if we need to evolve, let's evolve as an organization. And that's the only way it's gonna happen. Cool. Thanks. Thanks for that, Jim. Kyle, you know, over to you.

You, um, this, this is, uh, something you posted and I, and I, I wrote it down about your mission statement, which is elevating SMBs through education and community one hacker at a time. But now you're a hundred percent remote. You guys have been able to build, you know, what I think is a, you know, really what I would consider very optimistic culture. Um, but, you know, share with us how you've been able to do that in a hundred percent remote environment.

Now, you guys are hiring like crazy after being, you know, receiving your funding round. Take us through how you, you know, build culture and, and, and success in that area. Yeah, so I mean, if you want to put it just very bluntly, I have six employees starting today, first day, right?

And we are gonna spend the next to three days with them, a hundred percent culture driven, meaning like, it's cool when we talk about what we do, but it's more important to talk about why we do it, because those give them the kind of the North star that even when they're lost, they know like, hey, where, where, you know, guides me the rest of the way. And I picked that up from my time in the, uh, the service. I was in the, the US Air Force. And one of our core values was integrity first.

Uh, another one was service before self. And if you think about what that means, like at any time I had a question whether this deployment was right for me or whether I was doing the right thing, those two core values are pretty simple. Like, at the end of the day, if I put integrity above everything, I'm going to get my way out of no matter what the trouble was. And there was a pilot who actually ejected. And this was, uh, I'll see if I can find maybe the white paper.

Uh, but there's surely a news article on this that ejected from a, a multimillion dollar aircraft, and they were doing the investigation. If anybody is aware of, you know, when you eject from an airplane, it's a pretty serious business. And ironically, this gentleman ended up using the, his Air Force core value of service before self and integrity first on why he actually did the, made his decision. And most of the time, when you eject, you might not get rated to go back and fly again.

You might become a, a pilot in name only, uh, operating a squadron from a desk. And so where I'm going with all this is whether you're in the service flying planes, you know me on the security side of the house, by giving your team that North star to chase, that's way more important. And it's not just about security. Like most people are shocked to hear. There wasn't the word security or product or anything in our, our motto.

Yet, every single person at the company knows our North stars about SMB education and leading in community leadership. That's simple. So I would encourage it. Uh, you know, I'll, I'll be sharing throughout today some of these graphs, uh, that I'll highlight and how this relates to culture. But, uh, I, I couldn't think I, or I don't think that this could be at a more timely time for us to talk about the company culture and then how that improves security long term. Yeah.

I, I couldn't agree more. Wes, um, over to you, you know, um, again, what we were talking about is that every company has a culture, whether it's set or, or it's just is, um, you have culture, um, and you know, uh, you know, in coming into, you know, mid-size organizations sitting in boardrooms, um, how were you able to influence, you know, it and security culture when maybe that wasn't there to start with?

And, you know, it's so, Yeah, I, so a couple things I wanna say, I've been chomping at the bit here to say a couple things. So one is, uh, culture doesn't happen, uh, without intentionality behind it. And it, it can happen with intentionality. It'll almost always be negative. Like, you have to work on it. You have to strive for it, you have to think about it. You have to. And not just cybersecurity culture, but even company culture.

There's one thing I've learned a lot from Aaron, my CEO is how much he spends building and spending time about culture. And, and, and I've seen this play out now, it comes with cybersecurity culture. Uh, it is a subset of your culture. And in my experience, while there may be some exceptions to this, in almost every single case, if you have a toxic or poor culture inside the organization, your cybersecurity culture will generally not be as good. And why is that?

Well, for those of you that follow me on LinkedIn, I mentioned this today, one of those reasons is cybersecurity culture is set at the top, right? That, that is something that the CEO ideally shows the buy-in talks about why it's important and really sets that tone and that, uh, that cadence. And the other reason too is it's just important for us as an organization to really understand where that buy-in comes from and how we generate it, right?

And so, uh, I can tell you I've worked in organizations that have had poor cybersecurity culture. I've worked on some, I've even had the opportunity to build it. I remember when I first came on board at the bank, um, I wouldn't say from a culture perspective, the company was, was poor. It was actually quite good. But from a cybersecurity perspective, I would just call it ignorant. I would call it, um, emerging.

They would have this, you know, this understanding from a regulatory perspective, kind of like what you were talking about as well, Jim, about, you know, hey, it's important because our examiners say it's important, but what's the take home from it?

And I remember one of the things that I did is I spent time, I might have mentioned this on the call before, but we spent time, every single steering committee I had with my executives, we would spend time on just a five minute, Hey, here's a cybersecurity issue going on outside the doors of our bank, and here's how it relates to us.

And I remember at one point he just, my CEO stopped the meeting and right in the middle of it, and he is like, look, he's like, I always harp on asset quality, which for a bank is like one of the most important things that's out there. But he's like, I really think now cybersecurity is of tantamount and importance. I pulled them aside after the meeting. I'm like, can you just continue all I need from you, Marty is just championing that message.

If you'll continue to say that, it goes so much further than I could ever do as the person leading IT strategy in the organization. And that really was the impetus in what built cybersecurity culture for us. And so it's really important to have that executive buy-in, and that's where we start. And if we're lacking that, if we're missing that, you know, we can, as the IT folks talk about why it's important and harp on it and address it and all of those kinds of things.

But until you have executive buy-in, that is where the rubber meets road to really get it going. Andrew, Great. Thank you, Wes. Um, so Jim, and just so Phil can hear me, we're running a touch behind Phil. Sorry about that. We're just one or two more questions and we're gonna bring you up. But Jim, biggest obstacles in changing company culture. Could you, could you share what some of them might be? And can you give us an example on how you go about changing?

Well, yeah, I, I think first and foremost to reinforce what both, both guys are saying is you, you, you, you create the policy for the culture that you want to evolve, and then you have to give them the why, right? Why are we doing it? Why is it important? Why do I need you buy-in right now? If they don't understand the why to them, it's just, it's kind of like, you know, the reason Pat Riley got fired from the Lakers is they only heard the tone of his voice, and they didn't hear the message.

The message needs to be consistent, right? It needs to be something that's meaningful, and they have to understand the why. What are the ramifications of the outcome If I don't do it right, you know, what are the things that I need you to do as individuals and as a team to strive for that culture, target, whatever that is. Whether it's security, whether it's, you know, selling subscription, whether it's channel, whether it's MSP or whatever.

So we try to get to the why, and then we constantly, constantly reinforce that. Now, for those people who don't change, I mean, I'll share with you a story from years ago when Hallmark had its retail stores, right? They were getting clobbered by all the online, uh, greeting card companies and a new CEO came in and he says, you know, we're going on a journey. We don't know what the end result is gonna be, but we're gonna carry the wounded and we're gonna shoot the stragglers.

And that's the biggest objective, right? If you don't get the people to buy into the y you've gotta either try to carry them and help them out. And if not, you've gotta make changes, right? I mean, at the end of the day, the company is a constant evolving thing. You can't sit still, especially now the economic conditions that we're dealing with, all of the data security issues, the bad guys weren't taking a vacation 'cause we're working from home, right?

In fact, it's like shooting fish in a barrel right now, right? For them it's pretty easy, right? So, you know, it's a constant, constant. Why are we doing it? What is the outcome we're trying to achieve? What do I need you to do? What's your part of it? 'cause we all own part of it as a team. Yeah. Yeah. Excellent. Um, so, um, you know what I'm gonna do, Kyle West, I'm gonna lead, I had a few questions for you, but I'm gonna give Jim one final one.

And that is, um, you know, you guys play at a really high level of competitiveness, right? Yeah. It's, you're a hero. You are a hero. A few days ago, closing out the quarter, closing out the month zero, um, you know, today how, you know, do you use that pressure, you know, to continually to motivate, you know, your team? Again, keeping it cultural centric versus just security centric. How do you, how do you keep people motivated and, and, and part of that culture?

It's, uh, delicate balance, right? It's kinda like being the, the angry parent and the good uncle right? There. There are days when you really have to, you know, push them hard. Um, there are days when you need to reward them. You gotta celebrate the early successes along the way. Um, you gotta get 'em to buy into what the overall goal is. I mean, you know, as you said, you know, the one thing that we all laugh about on the first day of every quarter is we're all equal.

'cause we're all at zero, right? Doesn't matter what we did last quarter. That rock is in front of my door right now, and it's bigger than it was the month before, right? Right. So, and we gotta roll it back up. So you gotta get their buy-in. Uh, you make them believe that, that they are all part of what the goal is. And, and, and we kind of make it build the momentum build over the quarter. We try to get things done early. You know, it always happens. I mean, you know, we had a $1.

2 million week, right? I mean, it was just, it was, we did a lot of our big deals in the last four or five days. I was just talking to Todd Weber at Optiv. He told me they closed over a hundred transactions, uh, more than that, 300 transactions on a hundred million dollars for Optiv in four days, I mean, for, uh, Palo Alto. So it's that, that building of that momentum, you get 'em to believe, you get 'em to buy into the why, and, and you, you gotta kind of kick 'em, but pat 'em at the same time.

It's a delicate balance. And then you get 'em to buy into that, that we, we like to call it, you know, it's the jazz at the end of the quarter. It's wonderful, and then it all ends, and then you have two days off, and then you come back in and guess what? We start all over again. And you gotta have a motivated team to weather that, those ups and downs. Right. Uh, success do you do, it's just what brings the future success of, you know, in this quarter, so I get it. Yeah.

It's, it's, it's constant motivation. We do it all the time. We do a lot of training, a lot of face to face now with the remote, uh, working from home. We haven't been in the office since what middle of March.

Um, you know, first quarter was a little difficult 'cause obviously March with the pandemic was difficult, but we're coming back and I think that, you know, we're learning how to deal with the difficulties of, you know, people being remote and, you know, we can't send the guy down to the buyer three floors down and say, Hey, get my deal out the door. You know, you've gotta find different ways to get around it.

And, you know, you evolve, you evolve like you do in culture, and you evolve and you learn and you get better at it. And, you know, it's just a matter of, you know, constantly reinforcing the positive, letting 'em know when they make a mistake and they're not doing things correctly. And you get 'em all the buy in and when they buy in, you know, everybody's having a good time and you get great results. Great. Jim, thank you so much. Um, really, really for, and look forward to having you back.

Have a, and I'll meet, I Come in on a TM M1 morning and you'll see how we do it. Fair enough. All right, I'm gonna grab Phil. And, um, So, so while we're bringing Phil up, um, obviously he's got a background. That's awesome. Um, he's been around the community for a darn long time. Yeah. Um, I think, uh, we will have tons of people that probably ask questions about Sony since his time around Sony was, I think right before things got wild.

Uh, but he's also like, the group that he's a part of right now is making some pretty significant strides and there he is. So I, I guess I don't have to do any more tap dancing, but Phil, I'm personally stoked brother to, to share the stage with you today. Nice to see you all. Yeah, yeah, absolutely. Phil, thank you so much for coming on.

Um, so again, a little background, Phil, you know, we've talked a lot and people have chimed in a lot about security culture and, you know, you've been around security, just a touch. So you are always very humble on calls I've been on with you. Could you share just a little bit about your background, where you've been, and guys and gals out there? I really love for questions to flow in today. Um, what he's doing today is gonna play.

You are gonna love, because there are some things that you can use that his organization has created right away for free, and they are awesome. So, Phil, let me let you take it away a little bit here in terms a little background. Sure. Thanks, Andrew. I, I, I've been doing stuff for a long time. I actually cut my teeth in cybersecurity back in around 1995. So I've been doing this about 25 years. I was the, the number six prosecutor at the US Department of Justice doing hacker cases.

Um, and so I did that for a while. Um, still when I, when I say we, I often think that I'm a still a Justice Department prosecutor because, you know, it's just such a really awesome feeling to always be able to wear the white hat and you get that opportunity if you're a good, if you're good in law enforcement, you get that opportunity. Um, I went from there to DOD where I ran the DOD Cyber Crime Center.

So we did things like forensics and training for all of the DOD law enforcement investigations. Um, spent about six years at Microsoft doing cybersecurity before I went back to the Department of Homeland Security where, um, I mean, it's kind of hard. I was the, I was the deputy under Secretary of the National Protection and Programs directorate, which means almost nothing to anybody who has a wife.

Um, but the, the, the real result of that is I was sort of in charge of coordinating cybersecurity for the civilian part, um, of the US government monitoring all of those kinds of pieces. And then I did spend, um, as Kyle was saying, three years as the CISO of Sony, um, before the first in, after the first incident and before the second incident.

Um, and since then I did a little consulting, but for five years now, um, I've been running, uh, a cybersecurity nonprofit called the Global Cyber Alliance, which is a sort of a unique player. I, I thank you for the kind words. I think we're doing some pretty interesting stuff. Yeah, Very cool. Very, very cool. I'm, I'm putting some links in here and, uh, let me, while I, let me stay on track.

Lemme start off with a question to you, um, Phil, and I'm gonna then put some stuff in there about the toolkits, and hopefully we'll have some time at the end. But, you know, working in Fortune 50 top CSO roles, uh, you know, government, um, you know, how do you go about implementing, you know, a cybersecurity or cyber culture?

Um, because today, you know, you've, you know, spent time in the biggest of big, and now what people are gonna learn is, um, what you've done in north, well, north of a hundred thousand small businesses in helping them with their cybersecurity. So how do you go about, you know, uh, implementing and how do you compare the two? Is there any relationship between the two? I, I, I'd say there's, there's not only a relationship, it's almost exactly the same, right?

So all of the comments that you heard before from, from Jim, from Kyle, and from West's, equally true about the largest businesses. So I'd tell people that, you know, the very most important thing is something that people talked about a lot, uh, particularly Wes, I think at the end, is really executive commitment. Executive buy-in, if you've got executive commitment, then you're gonna succeed. If you don't have it, you're gonna fail.

Um, now everything else can matter just a little bit, but that's by far the biggest deal. Um, so that is the, the be all and end all of building a culture. People look to the top. And that's super important. You know, I'd add to that, I think it does need to fit into culture. And for small businesses in particular, that means it's gotta line up with what the business objectives are.

So if you tell people, you know, even if it comes from the CEO, if it's, you need to do this stuff for compliance purposes, it's gonna matter a lot less than we need you to do this. So we can succeed as a business. Or if you're a mission driven organization, that's not a business to meet our mission. So those are the two big pieces to me. Executive commitment and align with culture and objectives.

The last thing I'd say, just to add one thing so I don't repeat solely what other people have already said better than I could, um, it's super important to keep things really, really simple. You know, no matter what you do, no matter what you do, 20% of people are gonna click on links. It's just gonna happen. You can never stop that. Um, but what you can do is get people to be sensors for you. They can help you out.

They can, if you think of your employees as people who can help you in your cybersecurity mission as opposed to vulnerabilities, that makes a big difference. Mm-Hmm. So ask 'em to do reasonable things, you know, don't ask 'em to be able to understand A URL and track it out and figure out whether it's a phishing URL or not. They're not gonna be able to do that. You know, maybe 1% of the people in the world could do that, and they're gonna mess up sometimes.

So use technology the right way and give people really simple, basic things to do and reward them, as several people talked about, when they do those things, tell 'em you're helping the business. And that's the most important process for building a culture of cybersecurity. Very cool. Wes, turning it over to you with Phil. I don't wanna, you know, kind of the, the genre I'd love for you to talk about. You know, Phil works with just a few vendors.

Um, they are very benevolent and, you know, for his company for the right reasons, but he's worked with obviously, you know, the biggest, the big, what conversation might you have with regarding vendors, um, you know, with what advice he might give and, and things, you know, how you translate this through someone like yourself through a Kyle to an MSP, um, if that makes some sense.

But I'd love for your thoughts on this, Wes, and how you might frame it probably better than I, yeah, Well, let me, let me actually, so I think I follow you, and I'm gonna turn that into a question, question for Phil, who's over here for me? Yeah, please. So, you know, Phil, we were talking about this on Friday, is one of the problems I think we have in not the channel, not MSPs, but in those who we serve as MSPs, is working with primarily small businesses.

Now, there are some mediums and some larges that are exceptions here, but the vast majority of SMBs and even the medium parts of the S or the M and MSB, they struggle with cybersecurity concepts, right? They don't really understand everything. And then you compound that Phil, on top of adding something like the cybersecurity framework, which is awesome, or the NIST CSF, which is awesome, right? How do we, I'm, I'm sorry, the top 20, same, same thing.

How it, it's tough for us because oftentimes we approach those and we're like, ah, this is really hard. I, I don't understand it. We still need what I would call like some middleware that really helps bridge the gap between these controls that are really good, but also kind of verbose and intimidating in something the s and b decision makers can understand. And Phil, I wanna get your opinions on that because you've spent some, some really good time around that.

And I would love to hear what your thoughts are, uh, uh, why that's a problem, and how we can address that with the decision makers that aren't technical. Absolutely. So I'd say, you know, I I, I had a, an online discussion with a friend of mine, Paul Rosensweig recently, because, you know, he made the comment that incentives are enough and people don't really care about cybersecurity. And my response was, people do care about cybersecurity, they just don't have a clue what to do, right?

This is really, really hard. Um, and, and we spend way too much trying time trying to teach people to fish when we just need to give them food, right? We need to give them security embedded with the service or with connectivity, right? And so that actually for small businesses makes the MSPs the pointy end of the spear, right?

They're, they, I mean, I would say that, you know, something like 99% of businesses around the world are small businesses, and the massive amount of employment around the world is small business, right? So those people are never gonna be able to do really what they need to do. They're gonna need to look to their MSPs to help them. So it's the people listening to this call that are like my key audience, right?

And, and, and what I would love for all of these folks to do is to give small businesses food. Yeah, we can ask them to do some things, but it ought to be simple. A a small business, even most MSPs looking at the NIST cybersecurity framework, great document, you know, literally over a thousand controls and sub controls, you know, your your, your eyes are gonna fog off.

You're not gonna get past the first control before you go and, you know, do something else that actually matters to your business, right? So it's important, and this goes back to the last thing I said about a culture of cybersecurity to keep things simple. So that's kind of what we've tried to do with the cybersecurity toolkit, is boil down the NIST cybersecurity framework and boil down the critical controls. So you don't actually, I mean, it's not even giving small businesses a cookbook.

The Small Business toolkit is a, is a free set of tools which are designed, aligned in, say, six basic toolboxes. So you can go and you can do the basics, which will, well reduce about maybe 85% of your risk. And they're really, most of them are really, really simple to do. There are simple things you can do, like turn on a protective DNS service that'll cut your risk, maybe 33%, and it takes minutes. It literally takes minutes to do for each device you've got. And so, boil that down.

And for this, for the MSPs here, my, my, my ask to you guys, to all of y'all, I grew up in Jacksonville, Florida, so I can say y'all without any degree of, um, of, uh, of humor, um, my ask to y'all is to start to deliver these services embedded in what you've got. Because if you give people a little cybersecurity, they're gonna say, this is cool, right? And there's stuff that you can do that's almost free, and then they're gonna start to pay for more, right?

And so it, there's always gonna be value add. There's some stuff that can be free or embedded, and some is gonna be value added. So, you know, if, if you do this right, you know, you're gonna aid your customers. Increasingly we see compliance regimes like CMMC from, um, DOD, where you're actually gonna have to do a bunch of basic things, right? So MSPs that deliver services to small businesses that meet most of their criteria are gonna make their customers more successful in the market.

And there's a, there's a business prop around there. Not only is it good for America and good for the world and good for people everywhere, but it's good for business too. Yeah. Great, great, great points. Yeah. And, and I, I wanna say this, like, this is, this is why Phil, I am so excited to have you on. I'd love to have you back, because those of you that have never heard of what Phil is doing around that toolkit, go check it out today, Andrew.

I'm guessing at some point you're gonna drop a link. And if you haven't already, because I did, I promise you, you're gonna okay, because you're gonna, you're gonna open it, you're gonna look at it and be like, I, I understand this. I can do this. I can explain this. All of a sudden it's like, the cloud's clear a little bit, right? It's really, really, really good. And Phil, you, we, we were talking about on Friday, this is the beginning of what you're doing, right?

So there's more to come, and I'm sure you would love to hear more feedback from the members of, of cyber call as well. Absolutely. Yeah. I put, by the way, a call to action for everybody, right under, I don't know if you can see it, there's a green toolkit kind of highlighting up there. You can click right on it. The stuff they have out there is, it's, it's awesome. And Kyle, um, do, do you want me to just turn it over to you here in terms of your question for Phil?

And, and yeah, I, I've been a little bit quiet Trying to take it all in. Um, I think maybe just pulling a little bit of Gary Pika recap real quick, Phil, one of the things that you mentioned was essentially could be boiled down to the, you know, don't let perfect be the enemy of good, good enough sometimes is just giving someone to fish so they don't starve. You can't teach everyone to fish. So, you know, I'll, uh, I'll really reiterate that piece.

Um, the other side of it is the motivation, right? Uh, the, the answers that we said before of how do you get people to buy in? And you're right, if you just tell them it's good for the company, nobody buys in. That's like saying you need to have a good culture. It's something you have to be able to relate to.

So a link that I promised that I would reference in here, and I'll, I'll throw it again in, in chat just because I promised, and then Phil, I'll hassle you, um, because not everybody watching this will get to see the chat. They might just watch the replay. Um, and so this is a link that I threw in it's two, uh, graphs from the Verizon DBIR report. And what was beautiful is they called out the difference in top, uh, breaches in large organizations and small organizations.

And amongst the top of course, phishing, that's the culture of people, whether it's security awareness and the people that just feel motivated regardless. You and I both know, and like you said, 20% of them are gonna get pinned no matter how many times you test them and tell 'em they're still gonna fall for it.

But what was really shocking to me, Phil, and this is where I'm looking for a little bit of your insight, there's a whole lot of these other things that are still kind of culture focused and some of the stuff that you're doing, what your toolkit can actually plug a lot of these gaps, whether you're a massive organization like the ones you've worked with and defended before in your government time, or the smaller businesses that a lot of our MSPs and MSPs watching this show are doing.

So, um, in case you're not seeing it amongst phishing in order, is phishing use of stolen creds password dumpers. What's crazy is misconfiguration is way higher up on the charts than it is in the, uh, large business. And then it goes on to all the, you know, specifics, exploits with hacking, skimmers, et cetera. You know, with you having this toolkit that's kind of solving a lot of this stuff, you got any major advice for someone who's like, alright, I gotta start today somewhere.

Where do I start? 'cause that's a question we get almost every episode. So, absolutely. Um, and, and Kyle, you're right. You know, I, i, the whole genesis, if you will, behind GCA behind the Global Cyber Alliance is that we believe the best cybersecurity strategy is to do something right? And if it doesn't work, do something else. But that's always the answer. Don't stand still do something, even if it's the most simple basic thing, right?

So when, when the pandemic hit, you know, we were getting a lot of questions, people were giving advice, and you were seeing these long checklists for business to go through, and we were like, nobody's gonna do that, right? They're trying to survive, you know, nobody's gonna do all of these different controls. So we built a coalition of 23 nonprofits that advised home workers or people working from home, um, and business to do three basic things. Start with three things.

And this is true whether you're in a pandemic or not. Um, and the three things I advise are, one, patch your systems, right? Get 'em updated, use, supported software. If you don't do that, nothing else matters, right? Because, you know, if you're running Windows 95, I can't help you. If you're running Windows xp, I can't help you. You know, all it's gonna take is a click on your own. Um, the second thing is use a protective DNS service.

Um, this is a DNS service that blocks, um, attempts to reach malicious sites. It, it's important because it can, it can cut, we said it can cut, uh, it can mitigate about 33% of attacks. Um, NSAs actually come out and said like, 92% of attacks. Um, but that's not what our data showed. So, uh, maybe they're looking more at APTs, but, you know, literally for a two minute investment to to, to get that kind of effectiveness, that's super important.

And then the last thing is use multifactor authentication. Um, again, it can be difficult in some things, but if you just, you know, if you're using Office 365 or G Suite, it's literally a click right? To get it done. And that massively increases your resistance against phishing. You know, as we know from Twitter, it's not perfect, right? You know, people can do sim swapping and all sorts of stuff that'll get you around that.

But if you do those three things, you're so much better off than you ever were before. That's where I would start. Yeah. But that, that's excellent. If I could just throw in, and then I'd love you three to talk about this, I'd, all I, I'd, again, I'd love the audience's thoughts, Phil. Again, you know, most of every, most companies in our space are MSPs, meaning there's an end result they're delivering. It's not an a la carte for the most part.

So gimme a little leeway out there, everybody, right? So you have this toolkit. How might they incorporate some of those things? Again, Wes, Kyle, I'd love your thoughts on this whole thing, but you know, if I'm an MSP and I all of a sudden came across your toolkit, I, man, number one, in terms of lunch and learns, in terms of getting an audience together, in terms of right now, you know, if you think about you being the leader, right? As, so picture yourself as an MSP.

You have a hundred companies under you. Pretend that's your numbers, 50, a hundred, whatever it is. Well, you are the leader top down, right? So you could set, for example, some webinars in motion, use the toolkit. By the way, we're gonna fill back to literally talk about how to deliver it.

We're gonna, we're gonna have a whole host of things, but am I making any sense, Wes, maybe you could just keep me straight here as I rambled here a little about, but am I making sense of what I'm trying to get at here? Uh, keeping you straight is, I think we're, uh, maybe an impossible task. Kyle, what do you think? Yeah, it definitely is. Um, but I, I will say, if, if nobody's clicked that little link at the bottom of the, the cyber call here, it says toolkit.

I mean, it literally takes you straight to the GCA Tools kit website. Obviously you'll see a handful, like I've poked around a little bit on these, I've seen some of the videos. They're well produced. Yeah. It's like, you know, uh, you know, we brought somebody on the show that actually understands the target audience here, right? They understand the difference of SMB and yes, sexy places like NSA will tell you this is what the top thread is.

And maybe they're just, you know, describing things that are, like you mentioned, nation state, a PT. But if you really wanna see data that's honed in on what you're truly protecting, give this a look. Yeah. And, uh, here's some things I want to say too. The reason I think like a checklist approach of like, the way you'll see this play out in, in, in, uh, what Phil's got is a lot of times if I'm a decision maker, I don't usually under, I certainly don't understand all the acronyms.

I don't understand why it's important. And you guys have heard us a lot on the cyber call, talk about things like, you know, the green, red, yellow, the high medium lows that you're in. You're doing these things that are best practice. You're at this level with your peers. You're this far behind your peers. Those are things that no matter who you are, you understand. And this is not an insult to anybody's intelligence.

It's simply those of you that are business owners that are on this call right now, you understand the same thing when you're talking about things like insurance coverage. You, I know what you're thinking, you're thinking, make sure I have enough. Tell me what that is. And I wanna walk away and know I'm comfortable with that. That is the exact same thing that most of your clients are interested in when it comes to cybersecurity.

Even those that are regulated of, how do I make sure I don't show up on hh s's breach list, right? How do I know that I'm not gonna have a fine, how do I know that I'm gonna be a lot more comfortable knowing that if I move my services to you, or if I'm having to come back and ask for more money to do additional things? How do I know I map into all of that? How do I know that this is gonna be, the investment is there?

And so I think this is a great approach for all of us to really think about, and I think we're always hungry for this, Andrew. I think these are things that we need. Um, and then once you have an understanding, I, like I, Phil, you, you're right about just starting somewhere, you can begin to wrap around all of this.

You can do things like you mentioned Andrew, like a lunch and learn and talk in non-technical ways that make sense of why this matters for your, for your clientele, and be involved in things like Chamber of Commerce meetups and things like that, where you're in the community and you're the voice of common sense cybersecurity. That's not intimidating, that's not fud, it's not fear driven, but does explain why it's important and what the value is that adds to it.

And, and I think even leave behinds of these check boxes, right? Like check, check, check. This is, these are things that they'll, like, they'll appreciate and they get value outta. Yeah, absolutely. Phil, thoughts? Just a quick thing. You know, just one example, right? I know we have, we're short on time, but an example is a protective DNS service, right?

So for those of you who don't know, a protective DNS service is just a DNS service, a domain name system service, which is the service on the internet that if you type in, um, perch.com, um, or huntress labs.com, I'm sorry, I got the A-A-U-R-L wrong for that. I know, um, it, it gives you the IP address back, right? But what a protective DNS service does is it puts threat data in. So if you get a bad URL, um, it says that site does not exist. It gives you what's called an NX domain, right?

So you don't get phished or if there's a command and control, um, if there's a piece of malware, um, command and control can be interrupted from your network. So it takes just a minute or two to install. Um, MSPs if they wanna do something really like, can just ask their customers to use one of those services. So we helped create one called Quad nine, which is great because it operates on 9.9 0.9 0.9, like, you know, cloud flare is 1.1, 0.1 0.1, and Google is 4.4 0.44, and 8.888, right?

So there's a whole series of these repetitive ones. Well, cloud, um, quad nine is Quad nine. It's, what's different about it from Google is it actually blocks malicious sites. So that'll just, I mean, customers can do that instantaneously, but MSPs can also create a value added service on top of that, right? So they can set up a DNS resolver really, really cheaply, um, and point it at something like Quad nine and then get all their customers to use that DNS server.

Now all of a sudden they're seeing among all their, um, customers who's clicking on phishing links and who's got malware command and control calling out the bone sites. And it's cheap to do and it's super effective. Um, so you can have it with visibility without visibility where your customers are just getting protected. Or you can have it with visibility if you set it up that way. We can't do that from quad nine 'cause we built Quad nine, so it doesn't collect any end user data.

So you don't have to worry about, you know, your, your data or your customer's data getting exposed, but you could set it up to run that way. Um, the other quick thing I wanted to point out, if it's okay, Andrew, is you're good, you're good for, for, for people, um, for, for making sure that we're building the toolkit in a way that AIDS MSPs. So what you see out there right now at GCA toolkit.org/small business is the first version of the toolkit, version 2.0 is going into beta today.

Um, hopefully to be launched in September, but we're having a month long, um, beta I'd welcome and I, I actually sent you, um, about an hour ago, Andrew, an open invitation to anybody on this call if they wanna participate in the beta. We'll be having two webinars on Wednesday for small businesses, one at 8:00 AM and one at 1:00 PM Eastern Time to get people started and, you know, just register and sign up and then take a look and advance look before it's made available to the public.

And if you got comments, say, this would be a lot easier for MSPs to use if you did this. Love that feedback because, you know, we're ha we, we wanna reach the end users. We want to help small businesses get basic stuff done, but if we can get to 'em through MSPs, gosh, you know, that's, that's real scale that matters, Right? And that that's exactly, you know, the conversation that, uh, so we'll make sure we get that to everybody. Phil, thank you for the offer.

You know, again, I'm, I'm just thinking, you know, if again, I'm an MSP, I wanna start to have, um, thought leadership, my, my community as you were saying, Wes, to think of me as somebody that's doing good. And again, this, the, the thing that's awesome is you've literally delivered a lunch and learn to go. And there's tools in there that you can embed into your offering that are free.

There are, you know, great ways to, um, you know, strike up conversations in terms of, there's a, a, a sales, uh, methodology called the Challenger Sale where you could just use some of what Phil gives the, the global cyber bonds gives to just challenge an organization that you're talking to. Like, Hey, even if you don't buy from me, you know, let me ask you something.

You know, everyone that we deal with has DNS multifactor if you, even if you don't buy from me, you know, look, here's where it is. So there's all sorts of ways that you guys could benefit from this. Phil, we have a few questions. I was wondering if I could bring them up. 'cause one of 'em was about Quad nine from Chris. Sure. Chris asked, how does Quad Nine cope with FF and Chrome DOH? Um, does that make sense? His question? That'd be Firefox.

Um, the only thing I could say is that Quad nine supports DOH. Um, so you can, you can, I, I forget what the instructions are, but there's instructions on the Quad nine website to use Quad nine with DOH. It's my recollection. Perfect. Sorry about not knowing what FF was, was, and thank you for the, the clarification there.

Um, there any plans for Quad nine to sort of, to, to bear with me, sort of a control to have, I think you're saying, to have sort of a control panel to manage customer slash whitelist fill? So I, I think the answer to that is no. Um, 'cause Quad Nine's designed to be a sort of a backline free to everybody. We don't collect user data. Um, and it's not gonna ever be built to specifically enable traceable services. It's just out there.

So you know, you can use it in the European Union and we don't have to worry or Quad nine 'cause we've spun it off. Doesn't have to worry about GDPR stuff 'cause it never gets user data. So it's fine for people to set up their own capabilities. It's relatively easy to do, but I don't see, I mean this may change, right? I don't see Quad nine going into a, a business prop and starting to compete with for-profit um, services. Because, you know, that's what for-profit services are for.

It's designed to be, it's designed for scale. Excellent. Um, Wes, we're gonna wrap things up here. You had a few things that I wrote down. Kyle probably has a few too in closing for Phil, but I just wanted to cue you in less because in wrapping things up with culture here, you mentioned to me, um, the Bill Gates story, uh, or not story, but his DAC line. And I was wondering if you could talk with Phil about Yeah. That, and the one other thing was the regions bank story.

'cause I love that that your interaction, uh, with the CISO there. So, uh, for sure I'm gonna pop into chat. Uh, how many of you guys in this, in this group have heard of Bill Gates's trusted computing memo? This is, this goes into the way back. This is a 2002 article that I hope Wired never removes. So this is in the heyday of Microsoft vulnerabilities that, if I can say this, it may sound eerily reminiscent to where we're at today in the MSP space of how we're, how do I say it?

Learning how to handle vulnerabilities and respond to them. And I think most of us do an admiral job of, of getting better at all of this, right? And Microsoft was in no different category and, and back in these days, right? And so Bill Gates at one point said, you know, enough is enough. We care about cybersecurity. I'm going to force us to care about it. Like, I'm not just gonna say, Hey, we care about it. I'm gonna make sure my name is staked behind this.

And so we wrote this memo and if you think about where site, where Microsoft as a company is today compared to where they were in 2002, I mean, it's orders of magnitude different not just in the culture, but the things that, that culture kickoff that hey, we're drawing a line in the sand starting with Bill Gates. We are going to do things different. Look who they are today.

Not just look in terms of what they're doing around security, but look in terms of where they're at as a company and valuation and service revenue and where they've gone from it. I mean, they have truly used it as an early competitive differentiator into something they've become today. It's so powerful. And so I love that article. If you've never seen it before, check it out because it's, uh, really interesting. Phil, you may even have stories around it from your days at Microsoft.

Um, the other thing I'll say quickly, Andrew, just to answer your question on the, you said the bank, I was not gonna say the bank, it's a bank with a big green logo.

Uh, half of you probably use them or at least drive by their branches, but anyway, uh, they're probably not on this call and I'll disavow what you just said, Andrew, but I was at a conference, I was on a panel with this person in, in another, it was a big CISO panel and before it began, one of the topics we were gonna talk about was, uh, user awareness training. And he kind of looked at me and he said, I don't know why anyone cares. And I'm like, what are you talking about?

He's like, user awareness worthless. He's like, I, we, we don't even do it anymore. He's like, we say we do it to make the regulators happy. We have a couple little pap paperwork, check mark things, that's it. And I'm like, why? And he goes, because it's not effective. My users don't care. We have no buy-in. It's not getting us anywhere. I was just dumbfounded by the reaction and the thought and how he'd completely given up on it in the organization.

Now there's more to the story than that, but for time sake, I'll just shut it there. You're gonna have to hear the rest of it from like a bourbon when we meet in person. Uh, but uh, yeah, I mean these kind of things do happen and it's disheartening to hear all that Andrew. Sure, sure, sure, sure. Any, uh, thoughts from closing with you, Kyle and, um, prior? Uh, uh, yeah, please.

Yeah, I, I'll just end it with some simple words that obviously today's episode kicked off with a whole lot on security culture. Uh, if you think about all leaders, the traditional, you know, the ones that go down in history are the ones that lead from the front. Um, I saw plenty of people talk about, you know, it's the CEO or it's led from the top down.

But I would encourage leading from the front doesn't say a darn thing about, you know, what the rank of that person is or what position they hold in their company. So if you're watching, you can lead from the front. Uh, for those of you, you know, many times we've talked about, like my background in the intelligence community, I was an E six, that's a low on the totem pole. I was a nobody in my time in the service. But nowadays people wouldn't challenge.

So I would actually say that, you know, the actions of what you do and the opportunity here to be able to make a difference, to follow some of Phil's simple guidance of, hey, here's these top threes that can make a difference, you know, lead from the front, even if it is from the bottom up, would be my recommendation to everybody today. Yeah. Excellent. Excellent. So Phil, how about closing from you?

And, and, and what I will say is if everybody could stay on, I'll, I'll, I'll talk about where we're headed with both the Global Cyber Alliance and also and CIS 'cause we're gonna really start to bring you guys tools that can help your organization. So, Phil, closing comments and thoughts from you? The last message I'd have is something I said before, you know, you can do this.

Um, it's easy to get lost in the details and the scope and complexity, but you know, going back to what Kyle just said, you know, lead from where you are, you can do this. There are things that can be done by everyone.

And if you're, if you're, you know, the head of security at an MSP, even if you don't understand all the nooks and crannies of policy and a PT attacks and any other acronym you want, there are things that you can do today, today that will take you less than a day, that will make a significant difference for your business and your customers. So, you know, that's why things like the toolkit, why advice from people like Wes and Kyle and you Andrew, are so important.

You know, it, it, it doesn't take a whole lot of time. And if you get that first thing done, you're gonna be smarter and you're gonna be able to do that second slightly harder thing. So it's a virtuous circle. Just know you can do it and do something and you'll, you'll success will come. Excellent. So my question out to the group is, and just gimme yeses.

One, would you like to be part of the version two toolkit, give input and thoughts to fill in the global cyber alliance and then fill any hints of things that might be exciting that people should know out there about version two? Sure. Uh, well, version 2.0 is mostly designed to be easier to use. Um, it's got much more embedded video guidance and it's easier to follow through.

So, you know, we've included, it turns out that, you know, reading all of the different pieces was a challenge sometimes. And so we've put videos in, we've put people in. Navigation is easier and there's a, there's a clear, while you can go through and dive in particular, particular things, there's, there's gonna be opportunities to sort of follow through and on path. Excellent. And then I'll just as a teaser, I'll tell you later in the year probably or early next year, version 2.

5 is coming and that's gonna have an integrated learning management system. So you can actually teach yourself cybersecurity as you do cybersecurity. Um, so that's more good stuff coming in the future That's, that's In or getting a few yeses. Yeah. Yeah. You Landed yeses in four different Languages. Yeah. Have you backfill? And, and so what we are gonna do, we're beginning a journey here and please tell your friends and everything.

So we're gonna definitely have fill back, we're gonna bring the toolkit to you guys so that not only can you, we'll find creative ways that you can use it, embed it into your offerings, use it for thought leadership, use it for lunch and learn. Use it to be, you know, to do things that others can't. And then just flip the, the Yeah, no problem. Bill. Um, on, on center for internet security, CIS they are doing things. So if you think of maturity like Phil being at the front lines, right?

You know, the, you know, the SMB themselves that really need to understand this. We're gonna take it up a level with Center for Internet Security at a great call with them. They're coming on to show you what, um, they're doing to, um, simplify the tier, the 20 controls they were involved in founding with, uh, Phil and their organization. So there's a lot of, uh, and I'll say this in a good way, a lot of incestuous type things here from a positive perspective that we're gonna be bringing to you.

So with that, um, Kyle West, thank you, Phil, thank you so much for coming on. Jim Smith out in the audience from that Ricks thank you. Make it a great week, everybody. Appreciate it. Take care. Okay, Thanks everyone.

Related Videos