We have a hard enough time managing the flow and security of data with humans. How are we supposed to address the speed and scale of data flows as we operationalize agentic AI?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest Mokhtar Bacha, founder and CEO, Formal.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Formal
Full Transcript
[David Spark] Before we begin this episode, I do want to let you know that we just published a great episode of the CISO Series Podcast entitled, “We’re all for a responsible AI rollout, just as long as it goes as fast as possible.” We’ve got talk about AI governance and enterprise risk, building security leadership presence, and open-source security and supply chain trust.
Make sure you listen to it over on ciso-dev.davidspark.dcgws.com. It’s called the CISO Series Podcast.
We have had a hard enough time managing the flow and security of data, when it was just humans generating it. How are we supposed to address the speed and scale of data flows as we are operationalizing agentic AI?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And joining me as my guest for this very episode, you love him, you’ve known him for many years. It’s none other than child actor star, Geoff Belknap.
Geoff, say hello to the audience.
[Geoff Belknap] Hey, everybody. And remember, the EULA of this podcast is, if you continue, you agree that you do love me.
[David Spark] We do love you. Our sponsor for today’s episode is Formal. Now, Formal is a protocol-aware reverse proxy for data stores and APIs that helps security teams understand and control their data, essentially enforce least privilege on autopilot.
We’re actually going to be talking a little bit about that on today’s show. So, let’s bring up today’s topic, Geoff. Most of our current data flow management tools were built with human scale in mind, and as a result, they tend to be based on binary decision-making, either yes or no.
We’re going to let this person onto whatever the thing is or we’re not. But with agentic AI, we need the ability to share just enough information without losing productivity by undersharing or leaking sensitive data with oversharing. I mean, you don’t want to just go on or off with agentic AI.
So, this seems like another case of you’re going to have to use AI to solve a problem that AI is creating. What do you [Laughter] think, Geoff, yes?
[Geoff Belknap] Well, is it a problem AI is creating? I think it’s a problem that we have because it’s really essential we share data. We designed our sharing controls with the current paradigm in mind, and now we’re switching to AI, which turns that all upside down.
Frankly, we’re not entirely sure where it goes, but we do know the path to wherever it goes is not through the current generation of control.
[David Spark] We need a new generation.
[Geoff Belknap] That’s right.
[David Spark] I think we’re in agreement on that. And that’s what we’re going to discuss on today’s show. And the person to help us with this very discussion is our sponsor guest, who’s the founder and CEO of Formal, our sponsor for this very episode, none other than Mokhtar Bacha.
Mokhtar, thank you so much for joining us today.
[Mokhtar Bacha] Thank you for inviting me. Very excited to discuss about data and AI security today.
Where do we begin?
3:05.190
[David Spark] Justin Pagano of Klaviyo said, “I don’t think anyone is prepared for how radically different across management governance is going to need to look like in two to three years.” I think we’re all in agreement and fearful of just that. And Jens Schubert of Puls Security said, “My choice for the future is SADAC.” I haven’t heard this acronym, “Security Attributes Based Dynamic Access Control.
Classic tools are now too narrow or too broad to their approach. So, if everything becomes a security attribute based transaction, choices can be made individually based on the target of a transaction and its individual risk footprint, including AI tools, of course.” So, this all sounds great from what Jens said, but this has got kind of the smell of the S-bomb to me.
Like it sounds great in theory, but it sounds probably impossible to implement. What do you think?
[Geoff Belknap] Well, I think the bottom line is nobody really knows exactly what we need yet. I think when we started having this conversation, we weren’t even talking about agents yet. We were talking about, okay, I’m going to have this AI. Broadly, it should have access to basically everything in my enterprise so that it can help me with what I do.
And then we quickly figured out, wait a minute, that sounds like super administrative access to everything so that my AI has access to like performance reviews and customer data, maybe not ideal. Now I think we’re talking about agents where we’re thinking about maybe we’re going to treat individual models like they’re individual employees, and I think the reality is we need to be able to adapt to all of these different use cases.
The reality is we’re going to have to just try a couple of things, and we’re going to get it wrong to some extent. But I think understanding the core problem, which is we need to understand the data that’s being accessed and why, is sort of where we need to go.
And today’s controls don’t really provide that as much.
[David Spark] Mokhtar, I’m going to throw it to you. The big thing here is two things. What Justin said is we’re not prepared, and I think it’s just because of the shift from human to machines, of which we’ve had machine information, and we still do, but this is at a kind of a different level and it’s sort of a different decision making than we’ve expected in the past.
Can this sort of static model that Jens puts out actually work? What’s your take?
[Mokhtar Bacha] I think what’s interesting with the advance of AI is directly we had two type of identities that were consuming data in an organization. You had human, which were very non-deterministic, right? Like people always change of job. They move from a team to another team.
They might be moving in like locations and different places, etc. So, historically, it was quite hard to do anomaly detections and understand if people are accessing more than what they need to actually do their job. Then on the application side, so like the machine side, it was actually very easy to know what your application is supposed to access to, right?
You had your code, it’s very deterministic, and it’s basically more like application security and making sure that your code doesn’t have bugs. That’s where the focus was.
I think what’s interesting with AI agents is that we basically fall right in between where you have those identities that are somewhat deterministic, but that are still non-deterministic in their behavior. It’s between a human and a machine, where you have a predefined job and task that needs to be done by an agent, right?
If you have your customer support agent, it’s probably not supposed to start writing code in your code base. But at the same time, it has a broad type of action that it can execute, and you want to make sure that it’s not doing the wrong thing at the wrong time or accessing the wrong data.
And so, I think the way we’re looking at it is you need a solution that can dynamically understand those access patterns and understand if the agent is allowed to take an action or not and then apply those very granular controls in real time. And we believe that today on the market, there is a lack of granularity in those controls.
It’s either you have access to everything, or you don’t have access to anything, right? And you need to be a lot more granular.
Would this work?
7:11.377
[David Spark] Khash Kiani of ASAPP said, “Today’s AI agents typically perform tasks on behalf of a user. The system should only have access to APIs that the current user is authorized to use. This can be accomplished via a custom header, authentication, API keys, OAuth 2.0, authorization code and client credentials flows and/or custom authorization flows.”
Dutch Schwartz of SideChannel said, “Classic DLP was a good concept, but less than 9% of enterprises ever deployed it in full blocking mode everywhere, so it was dead on arrival. So, if you start with, where is the data that I’m trying to protect? Your answers may differ.
One, your employees are almost definitely using GenAI chatbots and making mistakes of effort to try to be fast and efficient, find an approach and tools to provide visibility and control of those interactions. Now train your employees. Better yet, give them a safe playground with a corporate license and champion new products.
Two, are using RAG, Retrieval Augmented Generation, to call a vector database. You’ll need policies and controls for the northbound call as well as enriched prompt. Three, do you have a fine-tuned model and are you allowing good ongoing learning? If so, you’ll need to protect that east-west enriched prompt as well as model responses.”
So, Dutch kind of points out a lot of different things here with regards to where traffic is flowing. He goes on to say, “Look at your attack surface, IAM, and security controls. There’s a burgeoning space with new vendors for this very challenge.” So, I want to lean more here on this, what Dutch said here, Mokhtar.
He’s just sort of pointing out like traffic’s moving in a lot of directions, and you have to have different sort of policies and plans for the direction that it’s moving in. Your take?
[Mokhtar Bacha] Yeah, I think implementing like DLP and blocking mode is very challenging for an organization. The reason why is because it’s very hard to determine what should be blocked and what shouldn’t be blocked in real time. And so, if you set static policies right, you will have to manually fine-tune because someone needs the data or there’s some edge cases where they shouldn’t have and it’s just very hard to do that at scale.
And at the same time, the business feels the pressure of like letting their employees use the latest AI tools. And so, security teams are set in that position where they feel that they cannot really block the things and they’re taking on more risk than they should.
We believe that there’s a lack of tooling on the market to enable security teams to have that visibility and that level of control at a more granular level.
[David Spark] I throw this to you, Geoff. I mean, this is kind of the job of a security professional. We got to think, where’s the data coming from? Where does it want to go to? What do we have to control it? What levels? Where? Is this just the same problem just amplified?
[Geoff Belknap] Well, yes and no. I think today, this is a massive problem that really gets no love in most of the organizations that have to deal with this AI side. If you take AI out of the organization, you have this problem today where you’re making static grants, and I think we just talked about this.
Each application really only understands allow or don’t allow. It doesn’t understand conditions or determinism about how the data’s being used. It just knows yes or no. You can get a little bit better than that, but I think the positive sign that I see coming with agentic AI being a main driver for data access is if I can treat my agents like individual employees, I can further scope, “Here is what that employee should need access to.” I shouldn’t just have to open up everything to them.
And then even more so, I can sort of narrow where I’m looking for problems.
Like today with DLP, I got to be looking on the server side, on the network side, at the endpoint. I’ve got to look in various different modes of transit between different kinds of clouds or email or etc. If I’m monitoring what my agents do, I should just be able to look in one place, either with like a proxy or one kind of control plane that agents are using to access that data.
And I should be able to assign sort of permissions to personas and understand how they’re using things in a much more straightforward way. Then theoretically, I can even get agentic AI involved in helping make decisions real time. So, I think it’s going to get a little sticky before it gets better, but I think the technology that’s coming that’s causing the problem might be the way that we solve it as well.
[David Spark] This goes back to what I said at the very beginning. Are we going to use AI to solve AI? So, are you coming around, Geoff?
[Geoff Belknap] That’s where I’m coming around to.
[Mokhtar Bacha] I think so too. I think you definitely can leverage AI to secure AI, but at Formal we’re working on other approach where you could almost formally verify that your agent is operating in the bounds that you’ve predetermined, and I think there’s some creative way to make that happen, right?
Because I think, again, one of the big problems today is authorization and authentication is very limited by the granularity provided by native system in general is quite limited.
And so, imagine that you have an agent that opens a peer. Sure, you can create permissions on GitHub, but you cannot create a token that separates the approval versus can I access the peer, right? You can configure your org on GitHub to have a peer review, but imagine now that you have an AI agent that also does peer review, right?
So, now you have two agents that are working on the same peer and approving each other. And so, you want to have that level of granularity. I do believe that with AI models, you can actually help understand the context of what agents are supposed to do, and if there’s multiple agents involved, do we want to bring a human in the loop?
I think that’s a very fascinating space to be in where a lot is still to be built and to be learned.
[Geoff Belknap] I really like the idea of making it a cooperative effort. I think where people go off the rails is they think AI will just solve it. The reality is AI will make it easier for us to make smart decisions, but we can’t just turn our back and hope that we can flip a switch, and it’ll all get better.
[David Spark] It’s definitely not set it and forget it.
[Geoff Belknap] It is not.
[David Spark] A question that I asked a long time ago, there is nothing in cyber that is set it and forget it.
[Geoff Belknap] Nothing good.
Sponsor – Formal
13:23.282
[David Spark] So, today’s sponsor, well, it’s Mokhtar’s company. It’s Formal and they’re awesome. If you don’t understand what they do, which my guess is you don’t because they’re brand new on the market and you’re going to want to know about them, pay attention to what I’m about to say.
If you’re a CISO or, heck, any security leader trying to get ahead of AI risks before they explode into incidents, you’re going to want to pay attention to this. Let’s be honest, the security model for data access hasn’t kept pace with how data is actually used today.
So, AI agents, internal services, and ephemeral compute are making calls to your most sensitive systems, and the legacy perimeter is nowhere near these requests. Formal gives you visibility and control where you need it most – at the point of data access.
It sits between your AI agents, services, and data stores, Snowflake, APIs, whatever, and inspects every request in real time. So, you get deep protocol-level context, who made the call, what was requested, whether it involved PII or customer secrets, and what policy should apply.
Now, here’s what’s critical for AI governance. Formal secures the model context protocol layer – the model context protocol layer, the MCP server – that feeds data to AI agents. You’re not trusting a black box, you’re governing exactly what goes in and out of it.
You define and enforce policy, log access, stop leaks, and stay audit ready, all without slowing down engineering. This is how security leads in the AI era, not with red tape, but with infrastructure-aware enforcement. If you want to get out of reactive mode and take control of AI and data flows before your board starts asking questions, go to Formal’s website, and here it is, it’s joinformal.com.
Go there. That’s where modern security starts. And when you go there, let them know that the CISO Series sent you there.
How do we determine what’s most important?
15:25.869
[David Spark] Jonathan Waldrop, who’s CISO over at The Weather Channel, said, “I thought AI was supposed to solve problems, not create more complicated ones.” We brought that one up. “So, know the purpose and the goal of the system you’re building. Understand what you’re expecting to get out of it, and think to yourself, ‘What info or systems do I need to access to do this job?’ Then give it those permissions.
Is this oversimplified? Yes. Is it a place to start? Definitely. Start, then iterate.” I think, by the way, that last line – start, then iterate – is kind of the key here.
And lastly, Mike Van Orden of Emanate Security said, “With SaaS-to-SaaS integrations and API keys everywhere, there’s no single choke point for governance. AI systems just threw fuel on the fire. An overprivileged integration used to be constrained by code.
With AI workflows, you have to assume the full scope of access will be used. That’s why doubling down on integration key inventories and ownership tracking is crucial. But that alone doesn’t solve for scale or speed. Data classification can add context to help prioritize the integration reviews that matter most, and automation can help drive governance by contacting owners for sensitive reviews programmatically.
Or just block everything and see how that works out.” So, both Mike and Jonathan are just pretty much saying, “Look at where you’re integrating, start somewhere, and then iterate on that.” I mean, no one’s going to get it right the first try. So, when you do these kinds of things, Geoff, do you go, “I feel safe, I feel confident.
We can start with these 10 integrations at this level. Let’s see if I’m right,” kind of a thing, yes?
[Geoff Belknap] If you’re lucky, yes. But let me tell you how to manufacture your luck in this situation. Because what I would abstract these two great comments to is involve your security team early in your AI project, especially because right now, if you’re implementing some new SaaS tooling or some new HR infrastructure, the chances that your security team already has some tooling that will help in that situation that will cover you is high.
If you are bringing an AI feature in with those things or you’re bringing in a specific AI solution, chances are they have not addressed this problem yet, and the way they’re going to react if you bring this to them at the very end is to block it or to say, “No,” or to drag feet.
The reality is most security people know the biggest value they can add is to enable productivity. But you, the person doing the AI project, have to bring them in at the beginning, especially early now, so that A, they can understand what you’re trying to do so they can try to design controls to enable that.
And B, what problems they might need to solve or other vendors they might need to bring in along with this to make sure that you are successful at delivering this AI value.
[David Spark] I will point everyone to another episode we just released of Defense in Depth, and it had to do with the question of not asking can we do something, but how we do something. And essentially what you were just saying, this sort of logical, and this is how security got this moniker of Department of No.
If you were more the “How do we do this?” rather than “Can we?” then we come up with solutions here. All right. I throw it to you, Mokhtar, which Formal is trying to offer a solution in this respect. I want you to explain how Formal is helping in the very issue that we’re trying to deal with here.
[Mokhtar Bacha] I said that I agree a lot with the best security teams are not saying, “No,” they’re saying “Yes, but.” We are very fortunate to be working with incredible take-forward companies like Notion, Ramp, or like Gusto, for example. And if there’s one thing we learn from them is they’re always looking at enabling the business and really making the business be able to innovate faster, but in a safe way, right?
And providing the right guardrail. What we really bring with Formal is visibility and granularity in the controls of actions and data access by identities, whether they are human or AI. I think like really the main value proposition with Formal is that level of granularity that we bring in the controls.
Today, when you give permission, let’s say to an AI agent, permissions are often oversimplified. And so, the access you want to give the agent, is it write or read or is it something in between, right? In like a specific customer field or segment, right?
That’s really something that Formal brings is this ability to scale your access and controls. We believe that the proxy approach is the right way of doing it because we can look at egress and ingress, traffic for human and machine identities, and effectively learn over time, like which patterns should be acceptable in a given context and organization and which one are an anomaly, and effectively prevent them or at least put a human back in the loop, asking them is that action that’s being performed, again, by a human, but also AI identity, in these actions.
[David Spark] So, it essentially kind of feeds what both Jonathan and Mike are saying here, like the Formal tool sort of helps actually iterate and offer a lot of granular iteration opportunities too, as well.
[Mokhtar Bacha] Yeah, that’s exactly the premises. If we are able to understand AI protocols and see data at the packet level, can we help companies build policies that are dynamic over time, right?
[David Spark] And they have to be, they don’t have a choice.
[Geoff Belknap] Exactly. Yeah, you have to.
[David Spark] Yeah, as I said, there’s no set it and forget it in cyber. None.
[Mokhtar Bacha] Yeah. That’s our goal at some point, right? I think by leveraging AI, we could learn about the data access pattern.
[David Spark] And by the way, that’s the hope, I think of agentic AI in general, is that it could bring us to a set and forget it, but definitely we’re at beta version 1.0 right now with agentic AI. Nobody feels comfortable doing that.
[Mokhtar Bacha] For sure, for sure. There’s still a bit of time ahead of us before we can reach that level.
[David Spark] Jumping on it now and starting is definitely going to help.
What else are we missing?
21:25.282
[David Spark] Terry O’Daniel of Amplitude said, “I think the core focus of IAM has needed a kick in the pants to move away from RBAC, role-based access control, anyway. The key risk for most organizations is access to data anyway. So, identity needs to focus on that factor.
An over-reliance on input and/or output validation will miss the mark. We need to build up from true zero trust in a meaningful way.” I mean, this is just kind of summarizing everything we’re talking here is, is this effort and the fact that we’re taking advantage of agentic AI, Geoff, just sort of more complexity for zero trust here?
And I’m just going to kind of going back to what I said at the beginning, or we’re kind of moving in the same direction. It’s just more things to think about.
[Geoff Belknap] It’s a good way to think about it. I mean, the reality is, first of all, zero trust has lost all consistent meaning. So, I think if I go back to the first principles here of, “I just should not assume that because someone has access to this data, that their usage of this data is appropriate,” I think where we get is there’s no future in AI where AI is not a part of helping make decisions about whether usage of data is appropriate.
I’m not sure if data access is really the problem. Input/output validation is sort of where we went because where we started with compliance here is there’s certain very specific structured types of data you have to protect. But in today’s day and age, it is unstructured data, and it is sort of the intellectual property that’s contained within it.
Your customer’s privacy, in whatever form that takes, is really the problem for your brand and the trust with customers and the problem with regulators. That stuff is really hard to programmatically define.
AI has a much better shot at understanding when different configurations or usages of data exceed norms. And I think there is not a future here that A, doesn’t embrace RBAC of some kind, but I think you can really strictly enforce RBAC if you’re tying it to agents.
You can have a much more successful time of enforcing any kind of access control to data, if it is going through a single sort of place where you’re looking at all that, if all those requests are coming through like one AI platform, if you are applying controls to individual personas that are locked in.
People don’t fall into one persona permanently, and that’s sort of where things fall down, the way people use data. Computers using data as very discrete objects is a way to define that. So, I think there’s a future here where you can go, “Don’t trust this agent or this persona that’s exceeding the usage limits that I defined for that person,” and you don’t have to add the flexibility that a human’s sort of job might have to bring to that.
I actually think that the old methods that we defined are actually going to be very useful in the AI-centric context in the future.
[David Spark] All right. I throw this to you, Mokhtar. How is agentic AI going to help us today in the middle of 2025? And what are the iterations we’re going to see? I’m not going to say like what do you see two to three years from now, I’m not saying that.
What is the next iteration is my question.
[Mokhtar Bacha] I think the way that AI has been adopted until now was mostly like through like AI chats, right? So, enterprises started to deploy tools like ChatGPT, Cloud Desktop, maybe tools like Glean in the enterprise segments. There was a bit of LLM usage.
Let’s take the example of a fintech company. In our product, we’re going to send transaction data and leverage LLM to classify data. There has been a few startups that have popped up and that are building their product based on AI agents, but we haven’t seen yet many enterprises building internally AI agents, right?
We are just starting to see that.
And so, I think like 2025 and beyond is really going to be the year where AI agents take off and where a lot of enterprises just start to build their own agents. Like yesterday I was having dinner with the CEO of a fairly large fintech company, a well-known brand, and he was explaining to me how they just started building AI agents in a product and AI agents that are operation in the context of like SRE, etc.
And I think as we saw those use cases emerging and more enterprises try to build those products by themselves, they will need guardrails to make it safe, right? I think that’s really what’s going to happen and what’s actually happening, like where it’s going to accelerate.
[David Spark] Very good.
Closing
26:11.973
[David Spark] Well, that brings us to the last section of our show, which is where I ask you, Mokhtar, look through all the quotes that I’ve read so far and tell me which quote was your favorite and why. Now you don’t have to read the whole quote, just say, “I like this person’s and for this reason.”
[Mokhtar Bacha] I like a lot the quote from Khash Kiani.
[David Spark] He’s the one who says, “Today’s AI agents typically perform tasks on behalf of the user,” and then he kind of goes through the different types of authorizations that they should have.
[Mokhtar Bacha] I think this quote is correct, but I will bring it even further thing that the AI agent shouldn’t inherit all the permissions of the user, and there should be a lot more granularity. I think it’s a good quote for understanding where we are today in terms of agents.
It’s basically mostly engineers running their cursor or cloud on their laptop. And as I was saying earlier, right, we’re going to move to all the world where the agents are directly running the product of enterprises. It really comes down to authorization and access and really making sure that in real time at the most granular level, identities and especially agents have access only to what they need to do the job that they need and nothing less and nothing more.
[David Spark] Geoff, same question for you. Your favorite quote and why?
[Geoff Belknap] I’m going to go with Jonathan Waldrop here from The Weather Channel who expressed something that I am often struggling with, that I thought AI was supposed to solve problems, not create more complicated ones. He goes on to sort of explain to continue to engage in these problems, you have to know the purpose and goal of the system you’re building.
And he goes on to give some really great advice, but I’m just going to use this as a reminder that your security teams now more than ever need to shift left or start from the beginning or partner better, whatever your favorite platitude or cliche here is, but now is the time for security teams to really be part of creating value.
When your teams are bringing these AI solutions in, saying, “No,” is not going to solve the problem. We’re going to create shadow IT all over again. Get engaged. Figure out what they’re trying to solve. Figure out what you need to do to solve that problem for the business and start there.
[David Spark] Exactly. Very, very good point. Well, that brings us to the end of the show. I do want to mention that our sponsor was Mokhtar’s company, that’s Formal. Remember, go to their website, joinformal.com. Get some granularity, understanding, and management of your data.
All your data, the personal data, the AI data, any data flowing into your environment. It’s essentially another level of privileged access management that you need, that you probably do not have. I’m going to ask you, Mokhtar, do you have any special offers for our audience or anything last you would like to say to our audience?
[Mokhtar Bacha] Yes, we do. So first of all, thank you so much for hosting me today on this podcast. It was awesome. It’s actually my first podcast ever.
[David Spark] Ah, you did great!
[Mokhtar Bacha] Thank you. And yes, for our audience today, we are giving two months of Formal for free, and we’d love to hear back from you.
[David Spark] Mention CISO Series, right?
[Mokhtar Bacha] Yeah, and see if we can help you better secure usage of AI and data at your organization.
[David Spark] Everyone listening is probably getting into this. I’m assuming since you’ve done this a lot, the people can kind of come to you like, “I don’t really know where to start, help me out,” I’m sure you’ve had that conversation a lot?
[Mokhtar Bacha] Yeah, 100%. And actually, I think something that’s very interesting about our company, that we are a company of security people. We’re an early-stage startup. We have a CISO, Paul Yoo. He was leading security at Ramp before for like three years.
Our early founding engineers, some of them come from the Stanford cybersecurity clubs. Others were on CTFs. Others came from Vanta. And so, we are really a team of security people. We love security. We do security all the time.
[David Spark] So, you speak the language of our audience?
[Mokhtar Bacha] We do speak the language of our audience, indeed.
[David Spark] Excellent. Well, thank you very much, Mokhtar. Thank you to Formal. Go to their website, joinformal.com. And thank you to Geoff Belknap. Where can people download and watch some of the television shows you were on when you were a child, Geoff?
[Geoff Belknap] I think BitTorrent, I think, probably. YouTube, I’m sure it’s on there.
[David Spark] [Laughter] BitTorrent. Is it?
[Geoff Belknap] They were really not even B-level. It was off-off-Broadway.
[David Spark] Has anyone believed me that you were a child actor?
[Geoff Belknap] No, absolutely not. I think double down is the way we go on this. Just keep doubling down.
[David Spark] We’re going to keep pushing it. We’re going to keep pushing it. Thank you very much, audience. We greatly appreciate your contributions and for listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show.
If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.