“If you want to catch a cybercrook, you need to think like one.” But how do you actually go about thinking like a cybercriminal? What’s the actual process?
Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.
Our guest is Brian Brushwood (@shwood), creator of Scam School and World’s Greatest Con. Plus he’s launched multiple channels with millions of subscribers and multiple number one comedy albums. Plus, he’s a touring magician. He’s our first non-cyber professional guest, but he is so perfect for this episode.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Varonis
Full transcript
[David Spark] If you want to catch a cyber crook, you need to think like one. But how do you actually go about thinking like a cybercriminal? What’s the actual process?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark. I am the producer of the CISO Series. And joining me for this very episode is Geoff Belknap. You may also know him as the CISO of LinkedIn. Geoff, what do you sound like?
[Geoff Belknap] This is generally what I sound like as the number one host of the Defense in Depth Podcast episode that you are listening to.
[David Spark] Yes, there is no better host than you. Although I am your cohost.
[Geoff Belknap] Of this episode.
[David Spark] There you go. Our sponsor for today’s episode I should also mention, is Varonis, who has been a spectacular sponsor of the CISO Series and this very podcast as well. You’ll hear more what Varonis has to say. And by the way, they do a lot of stuff in sort of data first security. So, you’ll want to hear what they have to say later in the show. But first, Geoff, I know you’ve heard this line before many times – if you want to catch a cybercriminal, you need to think like a cybercriminal. How much does actively thinking like a crook help build your cyber defenses?
[Geoff Belknap] There is a technical practice called threat modeling, or some people call it risk modeling where it is actually an important part of building a mature program where you think about what are we building, what are the risks, and how might people come and attack us. And you have to think like a crook – how would a crook see this. And I think where we’re usually at a company like LinkedIn we might be going like, “Okay, we might be looking at state actors and maybe financially motivated actors, and then maybe actors of opportunity,” and a bunch of things that are all in between. Please don’t at me later that I left some out. I’m paraphrasing. But I think the one that we can never spend enough time on is what about the actor that just attacks a human. And I think the guest that we have today is going to be a great way to have that conversation.
[David Spark] Yeah, I’m very, very excited about our guest today because this is a detour of what we normally do. This is our first non-cyber guest. This person does not have a background in cyber, but he very much has a background in social engineering, conning. And he produces shows on this very topic teaching others many of these techniques, and hopefully teach us as well. It is Brian Brushwood. He is the creator of Scam School and World’s Greatest Con. He has actually been very successful building YouTube channels. Multiple million subscription channels and also multiple number one comedy albums. He’s also a touring magician. Brian, thank you so much for joining us today.
[Brian Brushwood] Dude, I am so excited. It is such a rare and awesome gift when I get to do something like this because I don’t know that I’ve shared this, but I actually started off in the tech world with… That was the only day job I ever had was designing high end systems for people who were building ISPs and stuff. And then I moved… I had this decision gate [Phonetic 00:03:05], and I realized I could handle not being good at magic, but I couldn’t handle not wondering if I could have made it. So, I quit my day job and got into magic. What I love about magic is it takes advantage of the flawed wetware that we’re all made out of. And as a result, I think kind of those hacker instincts ended up permeating their way into the onstage show, the touring, the live performances, all of the…even the social engineering that goes into all kinds of these psychological backdoors that people take advantage of.
How do I start?
3:35.842
[David Spark] Bob Henderson of the Intelligence Services Group said pretty much the obvious here. “Place yourself in their mindset. Understand their motivation and ask, ‘What would I do if I were them?’ Don’t overthink.” And that’s kind of the key part of that quote I like. The “don’t overthink” like. And Jerich Beason, CISO of Epiq said, “Ask yourself, ‘How would I break into our systems knowing what I know?’ Now I assume if I know it, the attackers will eventually, too, as well.” So, two things I want to point out there in those quotes, Geoff. The “don’t overthink” and the, “Will the attackers eventually know what you know,” or don’t assume that?
[Geoff Belknap] It’s very safe to assume the attackers will eventually know what you know. And I think the really important part of this discussion is, look, Bob and Jerich are exactly right. Put yourself in their mindset. But where we as technologists get lost sometimes is put ourselves in their mindset, and we start thinking about, “Oh, what kind of cryptography are we running? And what’s vulnerable? And where are they going to find a very specific flaw in this very intricate web and depth of technology that we’ve built to defend ourselves?” But what we forget is there is still a criminal and a financially motivated actor out there that’s going to go, “Huh, humans run this thing, and humans that are running this thing might not know anything about the technology. But they might have access to the thing that the technology is protecting. How do I get through them?” And I’m really curious to hear Brian’s take on how do we add thinking about how the humans should think about these systems and how we should prepare the humans so that we can think about how people attack the human element in the chain.
[Brian Brushwood] I’ll skip to my end thesis, and then I’ll try to justify it after the fact. But if there’s a gift I have for anybody out there, it’s to right now decide that you definitely have a bunch of psychological blind spots and commit yourself to going to work on finding out what they are. For example, there is these… The work of Elizabeth Loftus when it comes to false memories, memories that are created after the fact, leading questions, creating false memories is exception. I used to believe maybe I don’t remember everything, but the stuff I do remember did happen. Yet her research has proven time and time again that by asking leading questions you can create false memories. For example, she would AB test her own students at university, showing them footage, and then asking them questions. Group A was asked about how fast were the cars going when they collided. Group B was asked about how fast were the cars going when they smashed into each other. That tiny difference in language caused a statistically significant portion of group B to estimate higher speeds. Once you understand that our brains are not VCRs you begin to relax and realize that almost certainly however you remember it is wrong. That is just one of many, many, many fixed action patterns that can be manipulated after the fact, and that’s part of what I love almost as a civic responsibility. There’s a number of magicians who are…
[David Spark] Hold it. Can I pause you on just that a little bit? Because knowing that, that thing between they ran into each other and they crashed, how do you train to understand that people will react sort of more viscerally in certain cases?
[Brian Brushwood] The biggest thing… Here is the crazy part is it doesn’t matter… Here’s a trick magicians use is they will expose multiple methods to you and then use either not one of those methods or even use that method right in front of your face later, thanks to time delay and you will be fooled. But because they exposed it earlier, your brain, again… Water goes downhill. Everybody wants to take the easiest solution. Your brain wants to collapse as I think of it this super position of uncomfortable thoughts. You want to simplify things. So, instead when you see a fake explanation given you collapse and say, “Haha, I’ll never be fooled by that.” Not realizing you certainly will be fooled with that. And when it’s not a loaded puzzle… For example, optical illusions. We know that depending on whether the arrows point in or point out something looks bigger or smaller. We know that thing edges make us perceive a laptop as skinnier or whatever. We don’t fight those because those are not emotionally loaded. Our pride is not on the line in those cases. Meanwhile later those same illusions, once they’re loaded, once you put yourself out there, once your reputation is on the line, all of a sudden you don’t have time to be dispassionate about it. And you collapse on those heuristics to insist that you must be right.
What are the best ways to take advantage of this?
8:37.235
[David Spark] Hadas Cassorla, a CISO at M1 Finance, said, “You need to think from the perspective of what can I get out of this? If it’s a state-actor criminal it would be from the perspective of long-term gains and intelligence. From a civilian criminal it would be, ‘How do I monetize this?’” Jesse Lyon of Fuel Cells Works said, “Break down the hackers into tiers. Not all hackers are capable of the same feats, so understanding who can do what helps a person think like a cybercriminal. Many hackers are able to hit above their weight class because of their ability to wield human psychology.” Let me go to you, Brian, first on this one. This is literally everything you’ve been talking about up until now. What is this hitting above your weight class? Because obviously you’re trying to get to someone very, very powerful in some cases or just someone who has access to information that’s valuable.
[Brian Brushwood] So, there’s two players in…I’m going to use the word con here, but understand it’s the same thing in a magic trick. That’s one of the things I love about magic is it’s essentially an innocuous playground to use the exact same techniques as criminals. But you have two players. You have the con man and the mark. The con man, his advantage is that he or she has an asymmetry of time. He gets to prepare for months in advance to set up the tableau, the first impression. All the effort into the first impression. Whether that’s the trappings of authority, whether that’s… And I’m guilty of this. First thing you did was brag about how many subscribers I have on my YouTube channel. That was not by accident. It’s because I know that’s a very affective heuristic that immediately says, “This guy is no joke.” What the mark gets is that gut instinct. What Gavin de Becker calls the gift of fear. Humans don’t have long claws. We don’t have hard bones. We don’t have sharp teeth. We have one thing. We have an unbelievably well-honed sense of intuition. Which is why when we hear a twig snap, we freeze. The entire tribe stops. We get tense because we don’t know if it’s a saber-tooth tiger. And the moment we see a deer gallop, we all release that tension through laughter. And so pay attention to your gut is basically what that boils down to. That’s what allows you to protect yourself from the con man’s advantage.
[David Spark] Let me throw this to Geoff right now. If you’ve ever taken martial arts, you know that one of the techniques in martial arts is just readiness. In your most relaxed state, you’re ready. Is that something you can teach a cyber team as well? Or not just cyber team, all your staff for that matter.
[Geoff Belknap] Yeah, I think that’s the important part is really I don’t need to teach the cyber people. They’re already paranoid. Probably too paranoid. The thing we need to reach and probably the place where we spend the most time is reaching the individual employees – the people that aren’t cyber people that are just trying to do their job. They’re trying to sell something, trying to build something. They’re trying to… We’ve got people that work in cafes and things like that that have different access to different systems. You worry about all of those things, but those people can’t be taught… You can’t just go to them and say, “Hey, this scary foreign country might use secret spies to try to steal your information. Be careful.” And I’m sort of being hyperbolic here, but that’s affectively what some of the training is that people propose that we give people. So, instead what you have to tell them is…exactly right. And I can’t endorse Gavin de Becker’s thinking on this enough. Trust your instincts. Believe that first instinct that your gut tells you. And it’s okay if it’s wrong. You’re human. But trust that instinct. If it feels weird, don’t do it. Ask for help.
[David Spark] And also you said something on a previous show. I told a story about someone was in my mom’s house, and the alarm was going off. And you said, “Well, think about what the worst would happen if you didn’t give them the code to get in. The cops would show up, realize it was a false alarm, end of story.” And I like that angle of what’s the worst that would happen if I don’t give this information. How bad could it conceivably be?
[Geoff Belknap] Yeah, and I use that a lot when I talk to people, especially when I talk to people outside of security about that is first of all, give people some comfort and safety in their thinking here and let them know that if they make a wrong choice, in most cases this is true, you’re not going to get fired. The company is not going to go out of business. You’re not going to embarrass anybody. Just trust your instinct and make the right choice there. But then engage somebody to help. Tell somebody what happened so that they can take a fuller picture of what might have happened or not there and make sure that we’re learning from it. But the important thing is to break through that.
[Brian Brushwood] If I could double down on this idea. This is part of the reason I think it’s so important that there’s a difference between performing magic versus academically understanding that you can be deceived. When you perform magic, you get a sense of the rhythm and pacing of taking charge of the situation. Of this almost lyrical way, “And now we’re going to do blank. And now we’re going to do blank.” And now you’ve been fooled by the end of the trick. When I was 17 years old, I worked at a movie theater. Somebody came in. It was a two-person combo. Between features. That was important because there was nobody there. One of the team walks immediately all the way to the farthest end and said, “Tell me about these candies.” The other member of the team talked to me and said, “Oh my goodness, just give me a small soda. I’ve got this big poker game. I’ve got to get some change.” And he goes, “Oh, wait. Sorry. This is too many fives. I need more ones.” And there was something about on a visceral level, not at a cognitive level… Because the cognitive was completely engaged with giving good customer service. It was the gut level that made me recognize, “This feels like a magic trick.” And it was only after they left that I was able to say, “I think we just got robbed.” And sure enough, we counted the till, and it was $50 short. I don’t know… It’s only by practicing deceiving other people that you begin to admit that we all can be deceived.
Sponsor – Varonis
14:47.769
[Steve Prentice] Varonis monitors every single time any human, or application, or system account touches any file. Whether on a laptop, on active directory. Even through a VPN. Why do they do this? Brian Vecci, field CTO at Varonis explain.
[Brian Vecci] The company was founded very specifically because enterprises struggled with protecting and really managing access to file systems. Organizations really, really struggled with ensuring that the right people have access to just what they’re supposed to have access to.
[Steve Prentice] They monitor the blast radius, maintain compliance controls, track if an inside or an outsider attacker is causing trouble, and protecting against ransomware attacks.
[Brian Vecci] We’ll alert you when something goes wrong, and we make it very easy to answer the first and often last question that gets asked in any kind of security incident – “What any of our data touched?” I like to say maybe somewhat flippantly sometimes nobody breaks into a bank to steal the pens. When somebody breaks into a bank, they’re after money. When somebody breaks into a network, these days they’re after data. And what Varonis does is we help protect the data, and we watch it. So, we tell you when something goes wrong. The reason that we’ve become synonymous with ransomware is that ransomware attacks files. If you want to protect against ransomware, you need to monitor files, and you need to make sure that people don’t have access to files that they don’t need to have access to. That you minimize their blast radius, and that’s exactly what Varonis does. And we do it in a way that nobody else does.
[Steve Prentice] For more information visit Varonis.com/CISOseries.
What’s everyone obsessed about?
16:32.943
[David Spark] David Houchin of CohnReznick, LLP said, “I’d start with figuring out what the most valuable assets are, then who has access, then who knows them, and their process. Then whittle away at learning details over time that can allow for an impersonation or other social engineering. And Charles Chibueze of Deloitt said, “You’re actually at an advantage because you have inside information the attacker doesn’t have. I would simply consider what makes up the crown jewels of the organization and ask questions in line of how would I take it if I truly wanted it.” And do you play that game like, “Okay, I got inside information. How do I handle this?”
[Geoff Belknap] Absolutely you do. And I think the important thing to realize is to Charles’ point, that inside information has a shelf life. It’s a much shorter shelf life than most people believe. Because you either go to thanksgiving dinner and talk about it, or at least we used to two years ago. Or you have somebody that leaves the organization that knows that information and wants to monetize it in some way. Or just the reality is if you’re working for a really big company, a really big brand, that inside information is something exiting that YouTubers are gathering all the time and blabbing about. What you need to do is really recognize that there is no magic trick here that… [Laughs] No pun intended, Brian. Silver bullet that you can give to your employees that will magically…
[David Spark] Sorry, Lone Ranger. Go ahead.
[Laughter]
[Geoff Belknap] But what you can do is help employees in a couple of ways. You can help them recognize some of the things that Brian would teach you that somebody who is trying to run a trick on you or scam on you would use. And I think one of those things we talk to people about all the time is if you’re talking to somebody and something doesn’t feel right, and you can immediately recognize that you’re being pressured, there’s some urgency, somebody has come at you and they’re like, “I need this thing right now, and you do not have time to go call corporate. And you do not have time to do whatever…” It’s like, “Well, that’s urgency.” And all of that is sort of what Brian talked about earlier. They’re creating an emotion in you where you feel bad if you as a human don’t help this other human. And the story Brian told earlier was he was focused on giving good customer service. He was focused on doing his job.
[David Spark] And most people are like that, period. And that’s what is preyed upon, I understand.
[Geoff Belknap] Yeah, so I’m curious, Brian. We teach people to sort of be on the lookout for this, and then ask for help, and tell them like, “You’re not going to get fired if you have to tell somebody that comes and calls you or whatever and asks a question if you have to put them on a hold. No matter what they say.” What else can we teach them?
[Brian Brushwood] I’m so happy to hear pretty much what I was going to suggest come right out of your mouth because there are two things. First of all, number one, understand you can be fooled. As far as being insulated as a business, there is no greater thing you can do then create a culture where nobody is embarrassed to admit they’ve gotten fooled. Think about this, again, pulling from the world of magic. Everybody hates that…they hate/love that moment of amazement that comes from being fooled. And they’re reluctant to sit with, again, as I call it the super position of, “I got to decide. I know how this is done.” And they will easily collapse into a fake answer rather than sitting with the harsh reality that they literally don’t know how it was done. So, there is one group that has no problem being fooled. In fact it’s the highest compliment they can give, and that’s other magicians. That’s the reason you have Penn and Teller fool us, and they give the highest honors to someone by saying, “Oh, God, I’ve wanted my fix of being fooled for so long. And you gave it to me. Thank you.” There’s no shame. It’s an honor. And if you can create that kind of culture where you say, “Look, I’ve been to all the workshops. I understand only after the fact that this, this, this, and this is alarm bells. Probably should have seen them at the time.” But if you could create a… It is unreal what people will hide in order to avoid the pain of the shame of admitting that they didn’t see it at the time or what have you.
[David Spark] Correct me if I’m wrong. A good con, Brian, from beginning to end, the person thinks that they’re helping you, and they don’t realize anything when it’s over. They think they’ve done a good job from beginning to end. Yes or no?
[Brian Brushwood] Yes and no.
[David Spark] Okay.
[Brian Brushwood] There’s a famous story of somebody who was about to give a talk on negotiation. And at the back of the room he was standing there waiting to go on stage. Somebody looks at the program and says, “Oh, this guy is an expert on negotiation. Watch out. He’s going to get the gold out of your teeth.” And he leans over and says, “Well excuse me. Technically negotiation is when I get the gold out of your teeth, and you say thank you at the end.”
[Laughter]
[Brian Brushwood] So, you could be honest in that kind of scenario. Whereas a con, there’s a saying that magicians have – you can’t con an honest John. When I was 21 years old, there was a white van speaker scam that I fell for because a couple of dudes show up. They’ve got some kind of uniform. They’ve got a bunch of studio monitors. They said they were going to install it at a strip club. They had a couple of extra, and I guess they should send it back. And normally they’re $2,000 a piece, but they’d give them to me for, I don’t know, $300. And as they said it, I, thinking I was smart, thought, “There’s no way these are extra studio monitors. These are stolen speakers.” And it was because I thought I was getting away with something that I suddenly…all my morality… I was engaging in sweet class warfare without even thinking about it. I was getting ahead and proving a point at the same time. And then it was only, I don’t know, weeks later that I found out that they were garbage $50 speakers. So, instead… Again, that’s that tableau. That’s that… They were on the hunt for somebody who wanted to feel powerful. Like they would get one over on the man. I fit that demographic. They gave their pitch. They let me feel smart by feeling like I’m the one seeing through their BS and discovering that these are actually stolen speakers. And because of that, it’s the perfect con. Because what am I going to do? Call the cops and call the Better Business Bureau and complain about these guys in a van? “I thought I was buying legitimate high-end monitors that were stolen.”
[David Spark] I have a line that’s the complete opposite of that, but I always thought it was funny about taking advantage of someone else. I have a relative who’s a divorce attorney, and he said to me once. He goes, “When both sides think they’re getting screwed, that’s when I know we got a deal.”
[Laughter]
[Geoff Belknap] That is excellent.
Why are they behaving this way?
23:22.044
[David Spark] Mark Eggleston, CISO of CSC said, “I’d argue you need to think like a hacker, not a criminal, to keep it ethical.” Basically determining how you could use a technology or reverse engineer a process for an alternative means. And Brent Wilson of Extensha said, “How curious are you to just go threat hunting? Does your curiosity have you dig into a finding, curious what happens when you execute and see where it takes you? In a, “We are all hackers,” world, the difference between a security pro and a cyber crook is a line of ethics that you don’t cross to cause harm or monetize.” What do you think of Mark and Brent’s comments there? Do you think it’s really just an ethics line, or…? Because my feeling is cyber crook is really pushing on a different level, Geoff. Yes?
[Geoff Belknap] I have never run into a cyber criminal or even a state-level actor… And look, I have known and met state-level actors. They are… Even if you’re working for a government agency, you are trained it’s your job to break the law. Its your job to use questionable ethics to obtain these objectives that are important for national reasons. I think the biggest mistake you can make is assuming that there might be ethics involved here. Now, I want to be really careful because I think this is what Mark and Brent are alluding to is like I would never do something unethical to validate our security or something like that. I would never put somebody in a position where they are harmed emotionally or physically. But I think you have to consider that criminals and state actors would and prepare accordingly. I don’t know. What do you think, Brian?
[Brian Brushwood] I think that just like hiring secret shoppers to give honest accounts of what it’s like at your retail establishment, there’s a lot of value in having somebody try to poke around at your system. They don’t have to break it. They don’t have to upset your customers or whatever. But the vast majority of scams and cyber tricks are fairly low effort, “I’m going to find the easiest fish in this barrel.” And that’s why you get people from other countries who are very clearly reading from a script and not very nuanced or whatever. I do feel like all that kind of goes out the window if your business is one that theoretically could be up against a state actor. Because the state actor suddenly has the budget, the time, the wherewithal to train people who can play chess as good as you can. Now, I come from the world of magic where playing chess, when you checkmate the other person, you fool them, and everybody claps at the end. This is the same game.
And if you get somebody who plays it well enough… I guess if I’m going to summarize it into an easy bullet point – don’t assume that just because they’re on the other team they’re made of anything else from what you’re made of. They’re just another play in the same game. Assume they know everything you know and more, and make sure that, again, you recognize your own flaws, your own fixed psychological patterns. For example, there’s a hacker trick that we use to keep people engaged on a YouTube video. Something interesting happens in the first ten seconds, or we don’t post it. There has to be a gift because I’m requesting your attention for more and more time. The longer you spend with someone the more you’re going to trust them. As humans, we want to reciprocate when we’re given a gift of some variety. Be wary of all gifts. It’s a great way to get your foot in the door or to show initiative. It’s also something that bad actors will use.
Closing
27:02.080
[David Spark] And that’s where we’re going to close today’s conversation. That was fantastic, Brian. I normally ask for your favorite quote, but I’m going to pass the favorite quote segment here and just ask for one tip from both of you. I’ll start with you, Brian. One thing that our audience of cyber professionals that they normally don’t think about when they think about thinking like a cybercriminal. Just an idea to put in their head like, “Keep this in mind.” What would you suggest, Brian?”
[Brian Brushwood] The best advice I could give to people is the first tagline we give at the beginning of every episode of “World’s Greatest Con.” We say flatly, and I believe this… And I think it’s morally important to break this association. Tell everyone you know on your team that cons don’t fool us because we’re stupid. They fool us because we’re human.
[Geoff Belknap] That’s very deep and very appropriate here. I think the piece of advice that I would give that builds on this is understand that your objective as you’re protecting your organization is not to build teams of people that can never be fooled. Your objective is to build people that realize they can be fooled, and they will be fooled, and to teach them what to do about it. Not what to do about preventing being fooled. Like great. That story Brian told earlier. Like, “Hey, I think I was robbed.” Well, now what do you do about it? Do feel ashamed. Tell somebody what happened. There are not going to be any judgements. You’re not going to get fired. We just need to know, and then we need to act as quickly as possible. And frankly that’s the number one thing. If you can get there, you’re already doing better than most of your other competitors. If you can go even further than that, great. But just start there.
[Brian Brushwood] You can’t fix the human brain, but you can fix your culture.
[David Spark] But it is… And I was once conned. And again, for a minor amount of money – $20. And my reaction was, “Oh, God, how did I fall for that? I feel like such a jerk.” And you feel awful about yourself personally. Like I said, it’s human. I was a target. And again, it wasn’t… $20 I can part with. It was everything else attached to that that was the painful part. Well, huge thanks to you, Brian and Geoff. This was a great, great conversation. I’d love to repeat this down the line because I think this definitely needs a lot more dialogue. Our show is far too short for the depth that we wanted to go on this. Geoff, thank you so much. Brian, do you want to just sort of give me a nice string of plugs of the endless number of shows that you do? Because it’s a lot more than I listed at the beginning.
[Brian Brushwood] It really is. But to be honest, at this point there’s one show that draws on 25 years of touring experience. It draws on tall tales. It draws on demystifying the world of deception and cons. And you get to learn some good history to boot. Just give “World’s Greatest Con” a try. We’re about to launch our second season right now. I’m really, really proud of it, and I think there’s some important lessons in there.
[David Spark] It is a top 100 podcast overall. In fact what number are we at around?
[Brian Brushwood] Number 47 most subscribed of last year on PocketCasts. Yeah.
[David Spark] Wow. That’s not bad. And I am a Pocket Casts subscriber, too. And a subscriber to “World’s Greatest Con” as well. Both.
[Brian Brushwood] Right on.
[David Spark] So, you can thank me for one of your subscriber digits. Thank you very much to our audience. Thank you to our guest as well. And thank you all. Especially our audience. WE always greatly appreciate your contributions and for listening to Defense in Depth.
[Voiceover] That wraps up another episode. If you haven’t subscribed to the podcast, please do. We have lots more shows on our website CISOseries.com. Please join us on Fridays for our live shows, Super Cyber Friday, our virtual meetup, and Cyber Security Headlines – Week in Review. We’re always looking for fascinating discussions for Defense in Depth. If you’ve seen one or started one yourself, send us the link. We’d love to see it. And when any of our hosts posts a discussion on LinkedIn, participate. Your comment could be heard in a future episode. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thanks for listening to Defense in Depth.