If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don’t care about.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Tom Doughty, CISO, Generate:Biomedicines.
Join the conversation on LinkedIn
Huge thanks to our sponsor, Alteryx
Full Transcript
Intro
0:00.000
[David Spark] If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don’t care about.
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And joining me as my co-host, it’s none other than the wonderful Steve Zalewski. Steve, say hello to the audience.
[Steve Zalewski] Hellooo, audience!
[David Spark] That is his Johnny Carson golf swing right there. You just heard it.
[Steve Zalewski] [Laughter]
[David Spark] Our sponsor for today’s episode, Steve, is Alteryx, brand-new sponsor of the CISO Series, thrilled that they’re on board, where analytics, automation, and AI come together. You’re going to learn all about just that a little bit later in the show, all about Alteryx.
But first, let’s get to our topic. Look at the marketing for any number of cybersecurity vendors, and you’ll see how they’re touting “automated agentic AI.” It’s the first and industry-leading – I don’t know if you know this, but it is, whoever you’re talking to, it’s a first and industry-leading.
And making it to market first or winning awards doesn’t answer the question of, “Can your product work in my environment for what I need it to do?” Patrick Garrity of VulnCheck pointed out on LinkedIn that buyers only care “about what problem you solve and if you solve the problem well.” It seems kind of straightforward, Steve, but there’s really a disconnect, isn’t there?
[Steve Zalewski] Yes. And here’s why I would recharacterize is vendors solve a problem. That was great five years ago. What we need now is you need to own a problem that I care about. And when you make that transition, now we’re having a today conversation.
[David Spark] Well, helping us with today’s conversation about this very topic is a gentleman I got to meet in person. We’ve had him on the show before, thrilled he’s joining us. He is the CISO over at Generate:Biomedicines, none other than Tom Doughty.
Tom, thank you so much for joining us.
[Tom Doughty] Thanks for having me today. Glad to be here.
I didn’t think of these options.
2:16.350
[David Spark] Faruk Ulutas of CyberSkillsHub said, “You note buyers care about how well a vendor can solve the problem. For tight product and market fit, use the three M’s. Moment – where is it in the kill chain? Metric – MTTR, which is mean time to remediate, false positive rate, exposure.
Motion – first click to value. And if any of these M’s are fuzzy, sharpen your product or your story.”
Marcel Velica of Eventbrite said, “Every new startup or board and founder looks like they’re just sprinkling some LLM fairy dust on top [Laughter] of their app and pitching it like it’s magic. Implementation isn’t just about adding AI to your roadmap and thinking your product is done,” like you said, Steve, “It’s about owning the complexity that comes with putting it in front of real users with real expectations in real time.” So, I think both of these quotes are very interesting in that they focus on how to do your marketing right and how to hit your buyer, which is kind of what you want to do, right, Steve?
[Steve Zalewski] So, I like the two quotes because they approach the problem from two very different perspectives. The first one I like because what is the metrics? How are you going to be measured for success? It doesn’t make any difference what you’re doing if the people that you’re doing it for don’t appreciate it.
So, I really like that one. The second one really comes back to, hey, there’s 5,000 people now telling me that they can solve world hunger, but none of them are actually explaining what facet of the world hunger problem they own. And one way I look at it is when you go to Home Depot, you can hire all the temporary talent that’s sitting out there, but how do I know which one is good at drywall because they’ll all say they’re great at drywall.
And that’s the agentic AI problem is we’re creating virtual identities, but we really don’t know if they can do the jobs that I need to have done.
[David Spark] Tom, I’m sure you’ve been on the receiving end of these kinds of targeted and mistargeted pitches. What’s your advice here?
[Tom Doughty] Constantly, day to day. And I think it really is true. The idea of if you look at those three M’s, it’s a rare pitch where all of them are cogent stories. So, I think one lens that I use to try to peel back the onion across all three of those M’s is what’s really changed in your solution set that you attribute to your AI marketing?
So, is this really proprietary modeling? Is this really a new solution to an old problem? Or is it the new generation of buzzword? Like you’ve heard us talk before about how I hated the term SASE or ZTNA because what did they really mean? AI and agentification are levers, they’re multipliers, they’re not objectives in and of themselves.
And if we really peel back the how are we adding simplicity, how are we adding focus, how are we moving further left in the kill chain, there are some answers to that. And I think the moment M is probably the best answers out of those three, but it’s a rare solution where we’re really talking about is it a point solution where your security product that is AI pixie-dusted is really a better play than, “Okay, we’re really still in some of the pillars of the fundamental tooling.” And maybe we need some LLM modeling across the top of it to integrate them and connect them.
There’s not a lot of connective tissue in terms of how some of these outputs work. The tools that I see are really good in terms of the data source integration to try to use big data modeling in LLMs. What do we do to action them to help us do something about detecting further left in the kill chain is still a want, I believe, that is glassed over by the pixie dust.
[Steve Zalewski] Well, and let me riff on that for a second too because I really like the LLM fairy dust and here’s why. The LLM fairy dust says, “Hey, what’s the easiest thing I can do?” I can try to make you more efficient. So, I can try to make you work faster.
But what we’re trying to do is have security be more effective at stopping the attack, and all of a sudden, you kind of hit the wall when we try to ask it to do that because we’re trying to pick the low-hanging fruit.
What would a successful engagement look like?
6:35.510
[David Spark] Nick Carroll with Zscaler said, “Disagree. Almost always, the people with the purchasing power are uninformed and easily swayed by buzzwords, which is why they work.” Ooh, these are fighting words, [Laughter] Nick. “Moreover, they work in most cases than selling an actual capability.
See, for example, every company racing to adopt agentic AI for everything,” like we said. “It’s a non-intuitive truth that selling on actual capability is less effective, but not everyone has internalized that you’re usually not selling to the people who truly understand the problem space.
Rather, you’re selling to people who think they know far more than they do,” to some of this, I’m going to agree here, “And those are the people for whom buzzwords are impressive. This is doubly true at conferences like Black Hat, in my experience, where most of the people attending are executives, not actual engineers.” Black Hat actually gets a good share of it engineers.
And let me close here with Paolo Di Prodi of Priam Cyber AI who says, “When we started, we didn’t call ourselves any of those names and we didn’t advert ourselves as such. But now, the first thing they ask is, ‘Are you agentic based?’ etc. I think this meme misses some powerful confounding factors in the industry.” So, Tom, Nick comes out and says, “I know you say you don’t like it, but this is how it sells,” and my feeling is I’m sure you can sell something like that, yes?
What’s your response?
[Tom Doughty] You can sell something like that, but I always come back to the why and so what, all right? So, it’s not unlike a handful of years ago, everyone said, “We’ve got to get to the cloud.” Okay, you probably do need to get to the cloud, why?
Now we don’t even call it cloud, it’s just infrastructure. It’s what we do. So, when you look at that why and so what, what’s your near to midterm outcome? Are you doing more with the same resource? Are you doing the same with less resource? Are you focusing your intellectual power of your smartest and most highly compensated people better?
What is it? Are your SOC analysts able to focus on things they otherwise would have missed? In other words, are there threats or outcomes that are addressable this way with this tool, whether it’s LLM-enabled, agentic, or AI pixie-dusted or not? And if the answer is yes, then that’s a path to be chased.
If the answer is, “Well, we’re not sure,” then those three M’s that we talked about before haven’t been articulated.
It’s not unlike, I think, a parallel problem where you’ve got quantum computing capability, and if you look at high-velocity trading or invention of molecules, for instance, you’re still at an inflection point where throwing a bunch of classic compute power at it might be just as effective.
So, AI without question is a hockey stick in terms of capability, but I think so many people are chasing it because they think they have to have it without really rationalizing what workflows and processes are they going to try to optimize. And just as importantly, which ones they’re trying to eliminate and what steps they’re trying to get rid of all together, as opposed to automating or AI enabling that process to begin with.
[David Spark] Steve, I throw it to you now. I’ll just say what’s your response to Nick at the very beginning here?
[Steve Zalewski] I love Nick, okay?
[David Spark] [Laughter]
[Steve Zalewski] That man knows how to stir the mud.
[David Spark] Yeah, he does. [Laughter]
[Steve Zalewski] And I love this. But I think there’s a lot of truth here, and here’s how I think about that as a truthful statement is if I look strategically for a minute, tone from the top. Fear, uncertainty, and doubt was how we pitched to the executive team security for years.
So, tone from the top is, “We can’t be breached.” And so, therefore we’re selling fear, uncertainty, and doubt, and that got us a certain amount of space. Well, if I look now, tone from the top with AI is fear of missing out. It’s FOMO. And so, therefore, everybody has to have a story to tell because they’re trying to hide in the herd.
They’re afraid that everybody else are going to get ahead even though nobody understands how it’s actually useful.
And that’s where we are now when we were talking through what Tom said is, but when it gets down to the people that are actually trying to protect the company, they’re asking for practical examples. And the tone from the top is, “We don’t really care about that.
We just need to be able to tell a compelling story.” So, I think that’s why I really appreciate Nick. And then when you get to Paolo and others, which is, “Okay, guys, but what can you really do for me?” That’s where we’ve got a lot of mismatch still.
[David Spark] I’ll just say this. Cyber marketing is not easy. I agree. It’s very difficult in a single pitch line to tell your compelling story. And one of the games we’ve started to play on our show, Super Cyber Friday, is the game called Slogans Run, where we put the slogan out, and you have to tell me which vendor has the slogan.
It’s very difficult, I must say, because honestly, you could interchange many of these slogans with a lot of different vendors. So, I get there’s the frustration of the buyer to want to know what it is right away, but then there’s the frustration of the marketer saying, “Well, how do I write in just a handful of words something compelling that you’re going to want to care about?” Tom, I mean, you recognize this, yes?
[Tom Doughty] Yeah. And I think a lot of this is also a refresher to the question of who is the marketing geared toward? Are we pitching these products or are we on the receiving end of these products as CISOs or CIOs or CTOs or as business process owners or business risk owners?
Now, that should be a continuum, but I think that it is more so than usual focused on the technical aspects of this is a tool that’s taking advantage of these buzzwords and not really articulating the business problems they’re trying to solve. To a degree, of course, that translation falls upon us as CXX technology people to translate for our stakeholders, but if anything, I’m seeing a decrease in the marketing toward the people who should actually care about the business process as opposed to the technicians helping them deliver the infrastructure and workflows to do it.
[Steve Zalewski] See, and the bar’s been raised too because the way we did pixie dust is we did chatbots, “Oh, we got LLM chatbots, so you can ask it any number of interesting questions.” But that as the quick solution has kind of run its course. Now we’re asking it for productivity around effectiveness and that’s much harder both to be able to characterize and to do.
Sponsor – Alteryx
13:16.583
[David Spark] Who’s our sponsor this week? That would be Alteryx. Organizations are moving fast to adopt AI, but most still struggle with a fundamental problem. They cannot explain how these systems make decisions. As AI agents begin acting inside business processes, CISOs must ensure not just security, but governance.
The How to Trust AI eBook from Alteryx makes the issue clear. Without explainability, lineage, and visibility into the data powering AI models, teams cannot verify or audit outputs, and this stalls adoption and introduces risk. Now that risk grows with agentic AI.
These systems perceive, decide, act, and learn inside enterprise environments. If you cannot trace which data an agent accessed, how it was transformed, or why it took a specific action, you cannot put it anywhere near compliance workflows, customer-facing decisions, or operational controls.
Alteryx solves this problem with its AI Data Clearinghouse. It turns raw siloed inputs into governed AI-ready data and provides complete transparency across the entire pipeline. You can see where data came from, how it was prepared, and what logic was applied.
You can even inspect an agent’s reasoning after the fact and enforce guardrails to keep actions within approved boundaries. That’s pretty powerful. For CISOs, this transforms AI from an opaque risk into a controllable, traceable, auditable capability.
This sounds pretty awesome. So, to learn how an AI Data Clearinghouse helps you govern the machines, visit Alteryx. Their website is alteryx.com. And when you go, let them know you heard about them from the CISO Series.
What else are we missing?
15:13.984
[David Spark] Thomas Griffiths of Trend Micro said, “I’d extend the parody to any cybersecurity company with external financial pressures, not just startups. It’s a sad reality when blind investor-pleasing strategies dictate messaging and customer engagement.” I get the sense that this also goes to sales as well, marketing and sales get this pressure.
“This reckless approach undermines authenticity and poorly reflects the principles most cybersecurity professionals uphold.” And Steve Berkholz of Hirotec America said, “We also don’t care how much funding you raised in series one, two, etc. We are buying products, not stocks.
If you talk more about funding than you talk about what your product does, I’ll just pass you by.”
[Steve Zalewski] [Laughter] Oh.
[David Spark] The funniest line I ever heard about that was, I don’t care that you got a loan. Like, [Laughter] nobody cares. If you don’t mind listing for me, Steve, announcement about funding, patent pending, proprietary, agentic. Like, these are things that you hear, add any more that I’m missing there.
[Steve Zalewski] Well, you’ll hear their “moat,” right? Which was what is the moat against anybody else doing what they do? So, it’s kind of similar to patents, is here’s the moat of technology, or here is the moat of innovation that is going to make it very difficult for anybody else.
And then the other one that you’ll hear too is, “We’re fundamentally disrupting the market,” and that’s a VC term.
[David Spark] They want a vendor that disrupts it.
[Steve Zalewski] Yes.
[David Spark] And they think by saying it, that’s enough. [Laughter]
[Steve Zalewski] Well, that’s just it because somehow, we’re supposed to now want to buy that technology because we want to ride the disruptive service. Disruptive isn’t good. It is from a VC perspective because they’re looking at how is it a billion dollar company.
I get it. But just because you have a hundred million dollars in the bank doesn’t mean you know how to build a product. and I think there’s an awful lot of empirical evidence that shows giving a smart kid a lot of money does not result in a good product.
[David Spark] Tom, beyond what we’ve said or double down on anything, is there additional sort of marketing verbiage or pathways that go down that are just not of any value or importance to your interest as a buyer?
[Tom Doughty] Yeah, I think that the idea of if it’s not providing some kind of connective tissue between processes or thoughts that I’m already trying to weave together, then it’s just another point solution that might have an LLM on top of it. And if you’re talking about the investment piece, I could take a step back and say there’s almost inevitably, I would say absolutely inevitably, an AI bubble, if you will, if you look at the investment that’s gone into very like ideas that are not differentiated in a lot of cases.
Now there’s a glass half-full to that as well. If you look at the number of conversations I have with VCs and PE firms that even I don’t have any formal relationships with, that’ll reach out to have those colloquial conversations about, “Well, how is this tech positioned?
Are they marketing it against a problem that’s actually an itch that needs to be scratched?” And I’ll make up a number, but the ratio is probably a 2 out of 10 where I’ve seen it before and it’s not really a great idea, or it may be a little bit of a differentiated idea, but you’re just marketing it based upon the fact that it’s AI and a buzzword.
I think the ones that are most differentiating that probably can ride out that bubble better than others, and I’m generalizing, are the likes of not point solutions, but aggregators themselves. I’m thinking of things, and I don’t mean aggregating data, but aggregating use cases, not to call out individual examples, but think of something like a Glean that for enterprise search just provides a tableau for internal users to agentify thoughts and processes and searches across data and processes that they’re already struggling with internally today without saying, We’re here to do A, B, or C specifically.” That flexibility affords application across multiple point solutions, as opposed to trying to put the pixie dust down in one particular hole where the square peg might not fit.
[Steve Zalewski] So, I have said this phrase, or I’ve heard this phrase, and think it’s pretty good, which was, “We’re not selling sneakers to teenagers. We’re selling weapons to soldiers, okay?” And the VCs think of selling sneakers to teenagers because they want it to be sexy and cool, and it’s cool, and what Tom and I are, is we’re trying to buy a weapon for a soldier in a war.
And that is the dichotomy on one way, where I say at a very coarse level, you can see now what happens with these quotes about what the VCs are interested in versus what the practitioners are interested in.
[Tom Doughty] Yeah, we’re trying to invest in capability, not a predetermined end result looking through a straw.
What do most people think it is, and what’s the reality?
20:14.231
[David Spark] Jennifer E. Tisdale of Upstream Security says, “The hardest job in cybersecurity is marketing.” Well, I know some people would argue with you, but let’s hear Jennifer out.
[Laughter]
[David Spark] First, cyber/AI/data is a nonvisual abstract concept,” I will agree here, “With layers of meaning and audience variations that are near impossible to capture in a one-pager or sentence.” We talked about this, agreed, Jennifer. “Secondly, they’re often limited by NDAs or by what you should/shouldn’t say to avoid negative perception by desired customers.
Damned if you do, damned if you don’t situation. Every tech company needs better storytellers to add to marketing and sales, in my opinion, but marketing on its own is a tough gig. Much respect to those tasked with the job.”
All right, so I will agree with Jennifer. It is tough, we acknowledge it’s tough. I don’t know if it’s the hardest job in cybersecurity, but it’s tough. Tom, I think you respect that it is hard to market this, given what Jennifer has said and what we have said as well, but maybe you can say what you’ve heard from a vendor that really resonated, that got to you quickly.
Is there anything?
[Tom Doughty] Well, I’ll put it this way. On one hand, marketing as it’s traditionally viewed I don’t think is the hardest job in cybersecurity, but of course, I’m biased, but the best marketing pitch is one that appeals to how it’s going to help me with my internal marketing.
And what do I mean by that? This is really accelerated by the AI pitch, for instance, because we’ve kind of been negative nannies here, but there are wild benefits to many of these tools for application developers, in our case, that generate for our scientists, etc., but with it comes some incremental risk and pragmatic view of those and helping us tell the story of not just, “Here’s how this is going to get you from zero to a 100 miles an hour in five minutes, and you’re not even going to know the difference,” which isn’t really reality, but let’s talk about the realistic incremental exposures or realities that you’re going to have to deal with.
In some cases, as a result of implementing my tool. That’s a really hard thing for marketers to get their arms around because it’s kind of like they’re stabbing themselves in the eye by doing that, but we’re going to get there anyway. So, the earlier we start talking about those things, the better off we’ll be.
So, a couple of practical examples. We already have agents in place. Let’s use the example of coding agents and there are some really good ones out there. Some of them are starting to do some really interesting things, like, “I’m going to write code for the person who’s using me as an agent,” or maybe even another agent is sponsoring me as an agent to do this.
And I’m going to do things like reconfigure or start or stop services or optimize my operating environment for my code. Other things running in the environment I don’t know about, be damned. Those are things a marketer will never tell you, but they’re things we need to control for when we use these tools.
So, that pragmatic view of, “Here’s how we can help you deal with the realities of or at least define the realities that that business stakeholder probably aren’t thinking about, but that CISO or CIO and CTO in the middle are thinking about.” That’s never in stage one of the marketing pitch, and it would really be helpful if it is so that we don’t have to pull it out in stage three or four.
[David Spark] All right, Steve, maybe if you could isolate to a moment you got sort of that marketing pitch that you thought actually hit it.
[Steve Zalewski] So, you’re going to hear me say this, right, all the time. How does it sell more jeans?
[David Spark] For those of you don’t know, Steve used to be the CISO over at Levi Strauss.
[Steve Zalewski] In looking at the specific pitch, I’ll answer your question, I’ll go, but here’s where I’m coming from. Security from an engineering standpoint is a non-functional requirement, non-functional. It doesn’t sell more jeans, okay? It doesn’t build something, it protects something.
So, it’s very hard to sell a non-functional requirement. I characterize it as it’s like brushing your teeth. It’s a hygiene thing that everybody argues it’s a good idea and you should brush your teeth, but we’re all very terrible at consistently doing it.
And then when we go to the dentist, the week before, we’re all brushing our teeth and flossing. There’s a very clear, I think, association of that’s the way we look at it.
The way I looked at it when I came in is I had a vendor say, “Okay, here’s how I’m going to protect the brand. Here is how this cybersecurity’s going to protect your brand, like your e-commerce site.” That was a very clear use case. The second one was, and I used to say, people are the weakest link, we make mistakes.
And so, the security awareness teams were coming in and simply saying, “Here is how we’re going to up the protection of your workforce against social engineering attack,” which is the hardest thing to stop because people are the weakest link. I was like, “Oh, you nailed it.” So, those are two examples.
Closing
25:04.404
[David Spark] That is an excellent close to this very discussion. Thank you very much, Mr. Steve Zalewski. And now I’m going to ask you, Tom, we come to the point in the show where I ask you, take a look at all these wonderful quotes I gave you, even the one of Nick’s, and tell me which quote was your favorite or why?
[Tom Doughty] I would gravitate toward the last around the hardest job in cybersecurity is marketing. But again, I’ll double down on the idea that I think of that as the internal marketing. We always say it’s easy to buy products. It’s easy to throw money at the problem.
But if you don’t understand really what you’re trying to make efficient and why, then articulating that to your stakeholders, the purse string holders, whether that be elsewhere in the C-suite or at the board, that’s hard.
So, the idea that we’re talking pragmatically about the downsides versus the upsides, that’s always there. But I think that even when many CISOs do that internal marketing, they are thinking about how to do better what they’re already doing. And the positive to all of this AI marketing is if you kind of blow the smoke out of the room and try to think about what those differentiated tools can do, it really becomes more of a discussion of how you can do what you wish last year you were able to do that maybe you can do next year.
I think that’s really hockey-sticking in a way that if we’re careful about this, we’re going to get great benefit out of.
[David Spark] So, a couple of things have come up. One is we’ve done episodes where we talk about what would get you to rip and replace and put a new solution in, and you realize it’s very painful to rip and replace. So, if you can literally test that as best as possible and literally have the guideline on how to rip and replace, that’d be great.
And the more that you can show how to implement and to show where the hiccups could be because not everything’s smooth, that would be great. And I’ve started to hear from vendors that they’re literally building teams to just do that. Steve, I’m going to throw it to you.
Your favorite quote and why.
[Steve Zalewski] Oh, this is like candy to the baby. It’s got to be Nick Carroll at Zscaler.
[David Spark] Nick, just to remind everybody, Nick is the one we taunted a little bit here because he starts with disagree. He says, “Mentioning AI, agentic AI, and all this kind of stuff, it works because people buying don’t know what the heck they’re talking about.”
[Steve Zalewski] And the reason why I took Nick’s because it said, “People with purchasing power are uninformed and easily swayed by buzzwords.” And that was what I got back to, which is right now, AI and the fear of missing out at the senior levels is a legitimate concern.
And so, what we have to do is acknowledge that while what we’re trying to do is show our executives why security is important, we need to step away from that. We need to appreciate what we have to do is show the business case where security has a role to play, and I think that is what he’s kind of leaning into and what I want to end my comment on.
[David Spark] A very good point. And by the way, we appreciate Nick’s comment a lot. We love that. We love it when we get comments that poke the bear and that totally did poke the bear. We appreciate it. I want to give a huge thanks to our sponsor and that’s Alteryx.
Remember, go to their website, alteryx.com, for their AI Data Clearinghouse. This is pretty darn cool, pretty darn powerful. Help you advance your AI initiatives much faster. Alteryx.com, go check them out. And by the way, when you do, let them know you heard about them on the CISO Series.
Tom, it was a pleasure to run into you in New York, we got to see each other in New York, and kudos on your fairly new gig, I think, at Generate:Biomedicines, yes? You haven’t been there that long, have you?
[Tom Doughty] Almost two years now. Time flies, yeah.
[David Spark] Well then, excuse me, I’m completely wrong.
[Tom Doughty] Just over two years, yeah.
[David Spark] So, congrats. Are you hiring over there at Generate:Biomedicines?
[Tom Doughty] We are. Generate is certainly growing and advancing new molecules and technologies into the trial space. And in particular, I am in the market for a principal security architect, a principal enterprise architect. So, an applied architectural, someone who is a designer, a visionary, but is also not afraid and is looking forward to getting their hands dirty and their fingers dirty on keyboards, I’d love to talk to him.
[David Spark] You cover all the keyboards with mud. Is that what you do?
[Tom Doughty] Yes, that’s what we do.
[David Spark] I’m assuming that job listing is up on the website on Generate:Biomedicines?
[Tom Doughty] It will be shortly. It will be shortly.
[David Spark] By the time this episode airs, I’m sure it will be up there.
[Tom Doughty] That’s probably safe, yes.
[David Spark] Yes. By the time this episode airs, it’ll be up there. And by the way, Tom’s LinkedIn profile will be linked to from this blog post episode. So, I’m assuming it’s okay for people who see the position to reach out, yes?
[Tom Doughty] Absolutely, yes. Thank you.
[David Spark] Awesome. Well, thank you very much, Tom. Thank you, Steve. Thank you to our audience as well. As I say, and I’ve said it many times before, we greatly appreciate your contributions and for listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show.
If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.