CISOs are familiar with dealing with stress, making high-stakes decisions, and operating in an industry of unknown unknowns. But there are some things that still get under their skin and make their blood boil.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Sherron Burgess, CISO, BCD Travel.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Scrut Automation
Full Transcript
Intro
0:00.000
[David Spark] CISOs are familiar with dealing with stress, making high stakes decisions, and operating in an industry of unknown unknowns. But there are some things that still get under their skin and make their blood boil.
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark. I am the producer of the CISO Series. And joining me for this very episode… You love him. You can’t do without him. It’s Steve Zalewski. Steve, say hello to the audience.
[Steve Zalewski] Hello, audience.
[David Spark] That is Steve’s voice, so you can identify it later in the show. Our sponsor for today’s episode is Scrut Automation. Huge thanks to Scrut Automation for sponsoring. Being a brand new sponsor for the CISO Series. Stay aware. Stay ahead. Stay complaint. More about all of that a little bit later in the show.
But first, Steve, let’s talk about today’s episode. What are the things that trigger a CISO? From underhanded vendor tactics to impossible mandates from their own organization. There’s a lot of things out there that irk a CISO. Misha Sobolev of Aphinia listed a few in a recent LinkedIn post, including organizations not respecting your vacation, misguided advice from the board, and vendor demos that are completely off the mark.
So, he then reached out to the LinkedIn community to add their own, and they delivered. So, Steve, what does this list look like now that’s different from what irked CISOs I’m going to say five years ago? Or is it more things that annoy you or a lot of the same? Like things aren’t changing? What’s going on?
[Steve Zalewski] So, I have to say…and this is probably bad…which was I was laughing as I reading through some of the responses. I found it…
[David Spark] Yeah, there’s a lot of humor in this. Yes.
[Steve Zalewski] …actually enjoyable to find all the ways that potential vendors, or analysts, or whatever have created what I want to say are some pretty unique ways of frustrating us.
[David Spark] And many of them, your own employees. Like they’re your own staff, yes.
[Steve Zalewski] Own staff, too. And what I would say to this is compared to five years ago, there’s more creativity in annoying us, but what I really observed is the velocity of the annoyance has gotten much higher, more than anything else. Because we’ve got 4,000 companies now trying to find ways to get our attention, and our own employees and our executive teams.
And so overall, it’s the velocity, not so much the change in type.
[David Spark] You know what? I think this is honestly just going hand in hand with the cyber security industry. I mean the cyber security industry is growing because the threats are growing, and the annoyances are growing alongside all of this. And we’re going to get to a lot of these throughout the show.
The person that’s going to join us in this… And the interesting thing… Actually, it just dawned on me that this is a perfect guest because, Steve, you met this woman on a night that both of you were annoyed, right?
[Laughter]
[David Spark] Annoyed by somebody else’s behavior and that you bonded through annoyance. So, we’re going to bond together on…
[Steve Zalewski] There you go.
[David Spark] …an episode of annoyances. We are not annoyed to have her on the show. We’re excited to have her on the show. She is the CISO for BCD Travel. Sherron Burgess. Sherron, thank you so much for joining us.
[Sherron Burgess] Thank you for having me. Happy to be here.
What are they doing wrong?
3:39.612
[David Spark] Okay, so a lot of these quotes that I’m going to mention are going to actually be the annoyance themselves. Okay? So, when I read the quote, it’s not like this person is validating, and this is what they want to say.
[Laughter]
[David Spark] They are actually just quoting [Inaudible 00:04:02] annoying. So, here we go. Here are some of them. Jeremy Wheatman of Black Kite said, “We have a simple, new, and novel approach to solve the problem that has remained an issue for the last 30 years.” Gerald Auger of Simply Cyber said he, “was told by a vendor a couple of years back federated authentication was a $17,000 custom add.
It was a feature they had. Just an upcharge to add it to your version of their cloud solution I was already buying.” And Robert Tremonti of the University of British Columbia said, “Trust us, our application is 100% secure.” So, Steve, this is just a sampling. It’s like it’s a Whitman’s sampler platter of annoyances.
What do you think of these three takes here?”
[Steve Zalewski] I would say the used car dealership industry could learn a lot from us at this point.
[Laughter]
[Steve Zalewski] And what you see in this is a continued effort to want to help us by giving us something that we don’t necessarily want as opposed to owning the problem. I think that’s the big shift that we’re understanding if you’re not selling sneakers to us where if we don’t like them we’re going to put them on the side.
There’s a consequence to this, and we’re getting very frustrated with that kind of consumer view of selling us enterprise security products.
[David Spark] That is an extraordinarily good point, because there is a certain level of commitment that affects the business, unlike, “Well, I didn’t like this shirt. Let’s put it away,” for that matter. Sherron, what do you think of these three ones here, of which one says, “We’ve solved a problem that’s always been around.” The other person claiming 100% security.
And the other saying a custom add for something simple that’s way too expensive.
[Sherron Burgess] Yeah, I like that idea, what Steve said around the consumerism. Like you’re buying a pair of sneakers. Often times as CISOs, we have to work hard to get those budgets, and so you see these kind of point solutions that solve a minute of the problems that we have but cost the majority of our budgets, it really becomes a problem.
I think the thing that this points out for me also is that a lot of the sales teams that we interact with, they really don’t understand the problems. They know the talk track. They know what to say. If I get on one more call… There was a time where if I didn’t sit through a vendor presentation, and they didn’t mention advanced persistent threat then they didn’t do their job.
Like they got so many points by saying advanced persistent threat. And so I find that they don’t know the issues, and they think as CISOs that we’re so far detached from the problems, too. So, they sell us these kinds of things as if we don’t really understand our own environments or that we forgot that we were practitioners at some point.
And so I think it just becomes more of an issue. I love that idea of consumerism – that we’ve just got millions of dollars sitting in the back, waiting for this very special unicorn product that they’re going to pitch in front of us. That is definitely an annoyance.
This isn’t just a security issue.
7:18.200
[David Spark] Christian Haller said, “Can you look at this vendor? We already signed the contract.” So, obviously somebody at your own company said a quote like that. And Michael F.S. of KPMG said, “I accept the risk.” And that’s the product owner who never understands the impact nor the likelihood of the exploit.
And Drew Simonis, CISO over at Juniper Networks, said, “Can we do this faster – accompanied by a budget cut?” So, these are people within your own organization saying things that just make your life more difficult, unnecessarily so. Yes, Sherron?
[Sherron Burgess] Absolutely. Speed to market is really important, and we get that. And often times our business partners think that security is a hinderance to them going fast, and so I find often that they’re really truly missing this idea of what security risks specifically…that Michael mentioned, what it really means.
And so how do we talk about that? How do we lay it out in layman’s terms and say, “If you do this, here’s what you are potentially affecting,” versus talking about control this or framework that. You know, really starting to break that down is something that we need to do. But having the business not see us as partners walking alongside what we do is just as important or a contributor to what they do is really annoying.
And I think what’s also interesting, here recently in an internal meeting I had, I… We have this tagline within our department that, “Security is everyone’s responsibility,” but I changed that to, “Security is my responsibility.” And having that audience say, “Security is my responsibility…” Like it’s me that’s also contributing to security.
Not security is Sherron’s responsibility, or security is the security department’s responsibility. It’s my job, too. And so trying to shift some of that ownership is going to be helpful. But, yeah, for sure when the business tries to go ahead of you, thinking it’s faster, it can definitely be a challenge.
[David Spark] Steve, I’ll also throw out that these are unnecessary. Like you could have come to me before you signed the contract. You could let me explain the risk to you. And we can do it faster. But when you do a budget cut on top of it, now you’re creating an impossibility. Like these seem like not all these need to actually happen.
[Steve Zalewski] I was laughing again. Sherron is answering, and they’re my own… I mean they cut the track, but I’m laughing because in my mind, here’s what I saw. I saw, “Hey, look, our lines of business are acting like children, not like adults.” And so these are all the ways that children have decided that they’re an adult.
And until they touch the stove and realize it’s hot or until they go out and play in traffic and get hurt, then they’re going to come back and listen to us and realize, “Well, maybe I’m not so smart.” And these are all examples of where the business is basically acting like a child and not like the mature adult that they have to to be able to understand the relationship of security to being able to sell more jeans.
And so that’s why I found this so much fun, this episode, and just laughing about all the ways that people are trying to go around security where at this point what we’re simply saying is, “Sure. You want to go play in traffic? Go for it.” Okay? Because then when you come back, it’s not going to be a good conversation because it’s a trip to the emergency room, and it’s going to cost you pain and money.
[David Spark] But hold it. So, I’m going to your playing in traffic analogy. But the whole thing is they play in traffic, and you both get hit, and then you get blamed. Does that happen here?
[Steve Zalewski] So, that’s what they hope. And in the past, we used to do that because as security we felt obligated to protect the child, and we felt bad. Well, what you heard from Sherron and I is if you’re going to go out and play in traffic now and you get hurt, and we go to the emergency room we’re going to remind everyone that you decided to go play in traffic.
And while I feel sorry for you, I’m not accepting responsibility for you.
[David Spark] Let me go to the quote of the…Michael’s comment about, “I accept the risk,” which I have noticed in the last two to three years that we’ve been doing this show, this conversation of getting the C suite, getting people…the business owners to accept the risk is more and more of a conversation.
Correct me if I’m wrong here, but did this conversation happen five years ago? Steve or Sherron.
[Sherron Burgess] I think the conversation around risk and risk acceptance is growing. Especially security practitioners being a part of the business. Kind of the business operations, business planning. I also find that you’ll have people who will say, “I accept the risk,” and I’m like, “Well, you’re not high enough to accept this risk.”
[David Spark] [Laughs]
[Sherron Burgess] Right? And so I think some of those kinds of conversations and having that structure within your business that says, “Hey, if it’s at this level, you need to have someone who really can make those decisions.” But, yeah, I think risk is a growing…continues to be a part of a growing dialogue.
I see more demand around GRC related resources and expertise than some of the technical areas. For sure it’s still important. But you know, being able to talk about the risk and explain it is absolutely a growing part of the discourse within security.
[Steve Zalewski] The way I would say this is five years ago they were children. And so we told them what to do, and they felt obligated to do it. And so we own control. In the last five years, they’ve become teenagers, and now they’re rebelling because they’re simply saying too much friction, too much cost, and they feel like they can push back now.
And we’re now in that conversation of the teenage years.
Sponsor – Scrut Automation
13:35.205
[David Spark] Before I go on any further, I do have to tell you about our spanking new sponsor, and that is Scrut Automation, a leading GRC platform that helps you stay aware, stay ahead, and stay compliant. Scrut Automation liberates growing enterprises from the growing morass of compliance debt to proactively manage their strategic risk, enabling organizations to build sustainable GRC strategies that affectively govern and monitor their security programs.
It’s just the basics. And we talk about fundamentals or the basics, however you want to describe it, all the time on the show. Although, nothing is basic in cyber security. So, with Scrut’s super flexible GRC platform, security and risk professionals can gain visibility into their risk posture, monitor controls in real time, and showcase proof of compliance with the industry frameworks without stretching the security budget and in alignment with the organization’s business goals.
Couldn’t have lined it up more plainly for you than that. That’s what we all want to do, so why not check out what they’re doing over at Scrut? Their website is easy to find. Scrut.io. Go check them out. Scrut.io.
I didn’t think of these options.
13:35.205
[David Spark] Don Boian, CISO over at Hound Labs, had two quotes that annoys him. One is, “Our product guarantees security.” We heard a version of that earlier. And, “If you use our tool you won’t need any other security tools.” That’s an ouch. Douglas Brush of Accel Consulting said, “Hey, I know you’re busy, so I reached out to your CIO.” Mike C., Defiant Networks, “I do feel for the three-person startup trying to get a call.
Cold calling, hustling to get someone to just look at their damn slides and go through a demo. It’s hard work.” So, Mike of Defiant Networks recognizes how hard this job is of security sales that they find people saying things like this that trigger a CISO. So, Sherron, I do want to talk about the two comments of, “You won’t need any other security tool.” This is a common thing, not realizing that you’re entering an environment of other security tools.
Then the other one of, “I know you’re busy, so I went over your head.” [Laughs] Those are guaranteed triggers, yes?
[Sherron Burgess] Oh, for sure. So, let me first start with the one. Well, first on the guaranteed security, I don’t know if any CISO is going to say, “If you do this…if you give me this money or give me this tool, I guarantee that we’re going to be secure.” Anybody who tells you that, yeah, you should be really…
[Crosstalk 00:16:32]
[David Spark] No, but let’s see. Saying, “I guarantee you security,” and then putting down a contract that says, “Okay…” There was a vendor a while ago that was actually offering it for a period of time, that like, “If you get breached, we’ll pay.” I don’t think that lasted long.
[Sherron Burgess] Yeah, I mean creative marketing for sure, but pretty sure that that wouldn’t be in a contract. I don’t know any legal person who would…of that vendor who would agree to a guarantee of security for their products, but great marketing tactic.
[David Spark] When you’re a salesperson trying to close a sale, you’ll say whatever, obviously.
[Sherron Burgess] But I really want to key in on this, “I know you’re busy, so I reached out to your CIO.” I kind of want to come from the perspective of the very few women CISOs that exist. Often times there is this perspective that, “Well, yeah, you know, I’m just going to go talk to your engineering team because you don’t know what you’re talking about.” Or, “Hey, you must not know what’s going on in your remit, so let me go find somebody else because obviously they know more than you do in this space.” And so this escalation or going around as if as a CISO that you’re not a practitioner, you’re not a professional, that you’re not the highest ranking security person in your department is a really big irk.
And especially as a woman in cyber security, it’s a huge one for sure. And so any time I get that and even with my manager who’s essentially our CTO…and he gets those, he’s like, “What do you want me to do with this?” I’m like, “I don’t know. Don’t bring them to me because they obviously wanted to talk to you more about security than they wanted to speak to me.” So, I think that’s a sure fire way to get eliminated.
[David Spark] Here’s the interesting thing… I love the fact that you identified the thing that annoyed you about the comment about going to the CIO, or CEO, or whomever is it annoys you because the way you feel being treated as a female CISO. I’m annoyed for a completely different reason for a line like that.
And this is what I love about this, is that you can be annoyed for multiple reasons.
[Laughter]
[David Spark] My annoyance is how do you know I’m busy? It’s kind of creepy. I get these messages all the time. “I know you’re busy, but…” First of all, let me ask you, Steve, do you know anyone who’s not busy? Seriously. Anyone go, “Hey, I got an extra two to three hours every day, and I don’t know what to do with my time.” Everyone is busy, right, Steve?
[Steve Zalewski] Well, there is busy and busy work. Okay? And I will acknowledge that some security practitioners, and it’s true of any domain… Not everybody is focused on the most important stuff to find the time for what they need to do. But as a general rule, all of us that care – like Sherron, like myself, like you, and others – we are really trying to balance our time, and we do want to give the vendors time to talk to us.
But in return, the vendors only get 15 minutes. This is not our life revolves around you. They’re not understanding the pressures of what we have. And so, again, five years ago, there was more tolerance for this behavior. Now it’s just becoming less and less of a tolerance factor for us because we just don’t have the time.
And my comment on that one is, “I don’t like your answer, dad, so I’m going to go talk to mom.” Okay? And that’s in essence why we all get triggered.
And so I’m kind of staying with this child, teenagers. Because in essence, it’s a good way of looking at how the industry is maturing, and some of the tactics that they’re using, and how it’s triggering us all, right? And that’s what they’re basically saying is, “Oh, you’re not giving us the time of day.” Or, “We didn’t get the answer we wanted, so we’re going to go around you.” I always say, “Go for it.
Go talk to mom. Just be careful what you ask for because often times I might be the more lenient of the two that you’re talking to.” And so, again, “Go play in traffic. Give it a shot.” You know what I mean? But just realize for many of us, our CIOs, our CFOs, or executives are just as busy, and they respect us.
And so you’re actually doing more damage because they’re just going to shut you down and realize what the play is.
[David Spark] And by the way, I think there is sort of a chain of trigger mechanisms that are causing all this to happen. And I’ve said this before multiple times, is the problem is how the salespeople are being measured. And, again, we have different kinds of triggers. We have the vendor triggers, and we also have employes within an organization.
But it’s a salespeople being measured and also employees within your own organization being measured…being pressured to do something, and then things start happening out of desperation, and then that falls onto your lap for that matter. And if there was something that was more organized…
Like, for example, one of the things that Allan Alford, who used to be the cohost of this show, used to do…he used to do a thing where he’d say, “All right, I want to have conversations with vendors. Here’s what you do if you want to have a conversation with me. You’re going to send me a short description of your product in just less than 50 words and then three ways that you’re differentiated in the market.
And then I’ll determine… I’m going to set aside an hour each Friday to talk to some vendors, and I’ll do that.” And the vendors loved it because someone gave them direction on how to communicate with them. And if they didn’t win, they didn’t win. But that’s just Allen responding. There is no universal way to do this, is there, Sherron?
Then this is why we just ran into this trap constantly.
[Sherron Burgess] Yeah. That is a fantastic way. I love that. I might steal it.
[Crosstalk 00:22:08]
[David Spark] Go right ahead. He offers it up to all.
[Sherron Burgess] A lot of times, I know a number of my CISO colleagues, we always say, “Hey, go through my team.” If my team thinks that your product is great and can help us, that they’re passionate about it, then, yeah, I want to hear what’s going on with it, too. But the pressure sales, that’s not going to work.
And not being able to articulate clearly the differentiators or what makes you competitive or in the marketspace, that’s almost a waste of time there. So, yeah, for sure I think that there is room. And to that last comment made by Mike, I know it’s hard for startups to get into the game. And a lot of times startups are disruptors, and they are doing something completely different.
But we want to make sure that our teams have checked it as well and help be a part of those solutions that we bring in.
Well, I guess that’s one way to solve it.
23:01.601
[David Spark] Laurence Dale, CISO over at Surveil, said, “This third party support engineer is having trouble in site X. Can you turn off some security so they can continue?” Ooh. Alan Berry of Verizon Cyber Security Customer Advisory Board said, “We chose to accept the risk and not patch it since we intend to decommission that app in Q4” Laura Whitt-Winyard, who is a CISO herself over at Hummingbird, said, “Are you interested in the security analyst position?” I’ve gotten that one.
Can I just say, it’s easy to read somebody’s LinkedIn post, but I got one where someone was offering me a job, to which I responded, “Oh, should I fire my staff and shut down my business?” And the woman didn’t realize it was a joke. She goes, “No, no, you don’t need to do that at all. This is a…”
[Steve Zalewski] David, you would be an awesome security analyst, okay?
[Laughter]
[Steve Zalewski] I think your true calling is finally… You’re ready, okay? This is it.
[David Spark] All right, I got one more quote for you. Robert Wagner of Strategic Security Advisors said, “Can you use your security tools to see if my employee is doing their work?” And this is from a mid-tier manager that doesn’t know how to manage, obviously. All right. Steve, this is a good mishmash.
Just give me your take on any of these.
[Steve Zalewski] All four are unique. And, again, in ways that we’re putting pressure on the security organization to be able to execute our job.
[David Spark] By the way, I should also mention these are all cases where people couldn’t do their job, and they’re leaning on you to fix it.
[Steve Zalewski] Yes, but the one that really… I’m not laughing on this one. This is the one that I’m just like, “This is danger,” and that’s the one by Robert Wagner. Okay? Which is security is not there to spy on people. Security is there to protect the company, and that is a very dangerous edge when you get into the HR aspects of people doing things that may not follow company policy, but it has nothing to do with the company’s security policies.
And yet we’re brought in because we have access to all that data. And so to me, that is a very dangerous edge here where I… Even in my own CISO roles where I told people, “Look, HR needs to have their own independent capability to do the analysis. I don’t want my security team focusing on HR issues when they need to be focusing on cyber security issues.”
[David Spark] By the way, have either of you gotten spying requests?
[Sherron Burgess] Oh, yeah.
[Steve Zalewski] Oh, yeah. And that’s the slipper slope. Because once you start getting into people’s personal lives because they’re observing something… A manager is like, “You know, my employee doesn’t seem to be delivering on time,” or they have some reason to believe that they’re doing something nefarious… Like they’ve hired somebody else to do the work for them, as an example, and then they pull us in.
I’m like, “That is not our job. You’ve got to have your own independent resources to go do those types of investigations because that sucks a lot of our time, and I don’t want my people involved in that stuff.” Right? That’s not what they’re paid for, and that’s not where their expertise is. Sorry. You can see already it triggered me just on that one.
[Sherron Burgess] Yeah, I agree with that. That’s a tough one. Especially as a company… We’re a global company. So, kind of the spy capabilities in Europe is different than spy capabilities in the US or even in Asia Pacific. And so security…I think for a long time, security had such a bad reputation.
The Doctor No or always the stonewall. And so when we’re put in these positions to use or leverage our technology for those kind of purposes, it creates a culture with your employees, with your users that they don’t want to cooperate or help someone snitch on you using security. And so that’s just bad culture all together.
So, yeah, I absolutely agree with you on that one, Steve, about the spy capabilities that we have as technology.
[Steve Zalewski] And the other one I want to go after on this one so you can see they’re very different is the, “We’re going to decommission the app in Q4.” Five years ago, we fought, you’ve got to address the technical debt. You’ve got to replace your business infrastructure apps. You’ve got to do the upgrading.
Well, in this day and age, I often times say run to failure is a good tactic now for these companies because they’re never going to get rid of that technical debt until something bad happens because the technical debt replacement is so expensive. It’s not a security issue, and yet we feel obligated.
And so one of the things I coach is it’s okay to simply say, “We’re going to run to failure.” And understand when failure happens, what’s the likelihood that it’s going to be security that sees the failure as opposed to another type of IT outage. And go ahead and embrace that. And then when there’s an outage because there’s a breach, for example, versus an IT outage, you don’t care.
You just simply say, “Look, you accepted the risk, and I’m tired of pushing that rock uphill because I cannot get the business to change.” But when you talk about run to failure as opposed to decommissioning the app, that’s a more truthful way of acknowledging to the business you won’t do it until something really bad happens.
Closing
28:50.871
[David Spark] Very good. Well, we have come to the end of our show, and this is where I ask you what your favorite is. Now, this is kind of a different take on favorite quotes because you have to decide how exactly you want to answer this because most of these are annoyances. So, is it your favorite annoyance, the most irritating annoyance, the most creative annoyance, or…?
And in some cases, they were pointing out some issues. So, I’ll let you take it any way you would like, Sherron, but tell me which quote here was your favorite.
[Sherron Burgess] Yeah, my favorite quote was by Don Boian, “Our product guarantees security. If you use our tool, you won’t need any other security tools.” Security is an evolving, evolving space. New technology…even the people aspect is just growing off the charts in terms of social engineering types of tactics and techniques.
I don’t think there’s ever going to be one piece of technology that solves all the issues. I think there’s going to be a combination, of course, of the technology, the process, the people. All of it has to come together. So, I think it’s really important that we don’t think that there is a silver bullet that can solve all of our security issues.
If it could or that’s the AI generated CISO of the future, who knows. I don’t know. But security is just evolving, and technology is as well.
[David Spark] Steve, your favorite quote and why.
[Steve Zalewski] This is the hardest one I’ve ever had because every one of them is great. So, here is how I made my decision. I’m going with Drew Simonis, the CISO at Juniper Network that says, “Can we do this faster accompanied by a budget cut?” Then he’s kind of got a smiley face. The reason why I choose it is because actually that is reality for most of us now because that’s what the business is demanding.
And so we’re joking about all the ways to annoy us, but the reality is that annoyance is truth for us now. And so it’s like what are we doing to account for the fact that that actually is for many of us not an annoyance like it was three years ago or five years ago but it’s truth about how we run our security organizations and do less with less.
[David Spark] Let me also mention, security is not the only department that’s doing less with…or trying to go faster with less essentially. And it’s all in an effort to be more competitive, and many other divisions are doing the same thing. Well, we have come to the very end of the show. I want to thank our sponsor, Scrut Automation.
Remember, they will help you show proof of compliance while at the same time being in line with your organization’s business goals. Isn’t that the whole point of all our security programs and compliance programs as you try to work together. Well, check them out over at scrut.io. scrut.io. But I also want to thank Sherron for joining us today.
Sherron, we always ask, is there anything you want to say? If you’re hiring, do mention that. Anything else? Any last thoughts on today’s conversation?
[Sherron Burgess] Absolutely, we’re hiring here at BCD a number of positions across our team. I’m also sitting on the board of an organization called Cyversity. We’re working to bring more diversity into the cyber security space. We would love to have any of your listeners partner, join us in our journey to make security diverse and have diverse perspectives so that we can secure businesses and information better.
And so we’ll be at RSA. Looking forward to that. But, yeah, thank you for all the time. Excited for all the things to come in the security space.
[David Spark] Excellent. Well, thank you very much, Sherron. Thank you very much, Steve. And thank you to our audience. We greatly appreciate your contributions. And, by the way, if you see a great conversation on LinkedIn, send it my way. We can make it a whole episode of Defense in Depth. So, thanks again for the contributions and thank you for listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cyber security. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site, ciso-dev.davidspark.dcgws.com, where you’ll also see plenty of ways to participate, including recording a question or a comment for the show.
If you’re interested in sponsoring the podcast, contact David Spark directly at david@ciso-dev.davidspark.dcgws.com. Thank you for listening to Defense in Depth.