The Evolving Frontline: Cybersecurity Strategy with Mark Sangster

Show Notes

Mark Sangster, cybersecurity expert and Chief of Strategy at Adlumin, brings his rich experience from BlackBerry, Intel, and Cisco, and delves into the intricacies of cybersecurity strategies that can empower MSPs. 

Mark and N-able's Chris Massey explore valuable perspectives for owners and leaders of MSP, highlighting effective practices in risk management, the importance of a robust security posture, and insights into the MSP market's evolving challenges. Tune in for an in-depth conversation that equips leaders with the knowledge and strategies to navigate the dynamic landscape of cybersecurity.

Get an in-person rundown on what N-able has to offer including products, insights, networking and more.

The N-able Roadshow is visiting more cities than ever before in 2024. Take a look at our first group of locations; we may be in a city near you! -> http://spr.ly/6000RsTOq

'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today.

Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.

This podcast provides educational information about issues that may be relevant to information technology service providers.

Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice.

The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent.

Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors.

The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe.

All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.

Chapters

• 0:00: Cybersecurity Strategies and Success Stories
• 4:45: Cybersecurity Challenges and Leadership Insights
• 9:51: Importance of Cybersecurity in Business
• 16:03: Cybersecurity Partnership and Industry Discussion
• 23:14: Accelerating Growth in Cybersecurity

Transcript

Speaker 1: 0:20

One, two, three, four, Give us a fighting chance, Give yourself a fighting chance. If you have multi-factor authentication, if you have Endpoint, a VPN to encrypt your connections. You're backing up, you're patching well, it might not stop it, but what it does it's like another hurdle or another lock. They gotta pick and when you combine those, you get that opportunity to go hang on a second. I've seen a few things occur. Maybe there's something and then you can dive in. But if you don't have those, there are no alarm bells, there are no tripwires. Unfortunately, it's like the big bang happens right. That's when you wake up one day and all your data's gone or your money's been emptied out of an account and it's too late. Welcome to Now. That's it stories of MSP success, where we dive into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn managed services into the thriving sector it is today.

Speaker 2: 1:11

Mark Sangster, cybersecurity author, expert, evangelist and industry security strategist currently the chief of strategy at Adlumen. Mark, welcome to the Now that's it. Podcast.

Speaker 1: 1:22

Oh, this is fabulous. Thanks for having me on the show.

Speaker 2: 1:25

So it's always an honor to the Now that's it podcast. Oh, this is fabulous. Thanks for having me on the show. So it's always an honor to have industry leaders join the podcast. You have a ton of stories. We'll talk a little bit about your book and I'm really looking forward to some of the stories today.

Speaker 1: 1:35

This is gonna be a lot of fun and you know some just the conversations we've had beforehand planning. Yeah, it's great.

Speaker 2: 1:40

So you've had an extensive career probably more extensive than most of my guests and we'll talk about some of those honorable things that you've been part of. But has security always been a North Star for you, mark?

Speaker 1: 1:53

You know it has. I don't think I'd have actually recognized that, but as you say it, you're absolutely right. So you know, back in the day I worked for a company called BlackBerry. Do you remember those, those mobile devices that were keypads? I worked for a company called BlackBerry. Do you remember those, those mobile devices that were keypads? And I worked on the first encrypted device, which at the time was for the Congress and for the DOD.

Speaker 1: 2:11

But you know, the tech wasn't there, right. So like you would, you know, send a message and encrypt it and you could go for a coffee and maybe it had gone, and then when you got the response, you went for lunch to wait till it decrypted so you could actually read the thing right. But that's, you know, that's the early kind of heady days in this and of course it's changed so dramatically now. But yeah, and then working with Intel and Cisco and then of course Adlumen, you know that's it right and it's become, I think in the last decade it's now a household kind of term, right, and it's a whole new category. You know, we look at it in investment, we look at it from a risk strategy perspective, and that's made a difference.

Speaker 2: 2:48

So it's in the forefront now. So before your time at Adlumen, you were a principal evangelist and vice president of industry security strategies at eSentire Right. While you were there, you did a number of pretty cool things, and I wanted to talk about a couple of them. All righty the first. You wrote a book called no Safe Harbor the inside truth about cybercrime and how to protect your business. Bought it online. Fantastic. You did that back in 2020, right.

Speaker 1: 3:11

That's right. Right in the pandemic, yeah, perfect timing.

Speaker 2: 3:13

You tell some stories about some of these breaches and some of the things that filled sort of the headlines, and there were several takeaways from the book that I got, but one that really struck me was that, as you mentioned a little bit ago, organizations really need to shift those security discussions away from the technology. Right, like we're here, we're talking about a technology stack and what should be in there, but focus on leadership. Why is that so important?

Speaker 1: 3:39

Because at the end of the day, they have to set the objectives right. So I'll give you a good example here of a manufacturing firm that we did some work with and that firm, about three, four years ago, was hit by Conti at the time, was a very active ransomware gang and pretty prolific at the time, and you know they were doing things like when they were shut down, the CFO was working with tech people, so to say look, you need to get these people up and running first. You know, if you can get our design engineers up and running and their systems are working well, then they can sort of be doing the design work and then those plans, you know, go down to the floor and then you can get the factory guys going. So they really set the objectives for the organization. And that's sort of post-attack. But pre-attack, how do you figure out where to spend your resources right? How do you prioritize? And that is going to be down to the leadership to be able to say here's the critical things right, whether it might not be data, but it could be systems, this matters to our business, this is our lifeblood. So you know, for every you know $1 you spend on protecting something else, I want $9 to go to protecting that, because if this gets affected we're gone. So you know, helping sort of set that and then also understanding and listening to the IT people.

Speaker 1: 4:45

The one thing I talk about with executives and I learned this from a good friend of mine. He was actually. He flew Marine One for three presidents. He was in the White House during the attacks on 9-11. He ended up in the president's bunker because he was kind of the highest ranking military officer at the time who was there. And he talks all the time about the what, not the how. An executive or a leader's role is to say here's what I want to see, or you know what my objective should be. You're the expert, you do the how, and I think that is a critical difference because a lot of time in leadership right, you have to be strong, you're supposed to know everything. You always have to have an answer and that's not true. You've got to surround yourself with smart people who they have the answers. You just have to guide them.

Speaker 2: 5:25

So what is it about the security industry that excites you the most and, conversely, terrifies you the most?

Speaker 1: 5:31

Well. So I think the first thing is like I joke that about a year in cybersecurity is like working for a decade. So it's constantly changing. There's always something going on. You go to vacation, you can't really vacation. You come back and things have radically changed, right. Every day you roll out of bed, you walk in the office and somebody says did you hear about such and such event? So it is both terrifying and exciting. I love the excitement of it because it is constantly changing, it is dynamic and you're kind of playing chess with these guys, right, and when I say that I don't mean to make it a game because it's not right.

Speaker 1: 6:01

The victims, that's significant. That's people's jobs, that's you know. That's businesses going out, you know, going under, that's hospitals that can't treat patients, and you know. And of course we know where that sort of thing leads. You know, on the terror side, that's exactly it. There's a lot at stake here, you know. I recognize that some of the decisions and recommendations we're making are kind of on that nice edge, right, and if something goes well it's great. But you know, there's a lot of times. I often use analogies and visuals in my presentations around things like mountain climbing and that's it right and showing the guy hanging off the edge of the cliff, because that's what it feels like a lot of the time. And I certainly sympathize with the companies that end up in this position, particularly where they've had a big incident and they're making some tough decisions. You know, against the clock right and you know, and trying to get that to whatever, get that field goal with the last second or two left on the clock, it's, it's a tough. Yeah, that's a good analogy.

Speaker 2: 6:51

You've had the opportunity to speak with businesses of all shapes and sizes, sometimes giving them advice, but oftentimes just listening to their stories. Sometimes they're not. They're not pretty stories. What were some of the of those common themes that you've uncovered with some of this conversation?

Speaker 1: 7:07

Yeah, it's great that you lead in with that, because it's right. Sometimes, you know, people want you to help solve the problem and other times they just want you to listen. But when it comes to these stories first, I think there's this kind of undertone of misconceptions. So people think you know, we're too small, we have nothing worth stealing. You know we're too small, we have nothing worth stealing. You know, if big bad guys like nation states or a ransomware gang come a calling, how are we possibly going to defend ourselves? And then, ultimately, there's also this kind of cavalier attitude where it's like well, you know, even if something happens, we have insurance and backups and we'll be fine.

Speaker 1: 7:40

And the problem is, I think it's like a get out of jail free card. Right, they think that there's some kind of magic button they can press or whatever it is, you know, an Uno, like a reverse card that's going to fix it. And the reality is there isn't. It is far more complicated than that. So a lot of it is down to executive leadership. Seeing this as I talk about all the time. Cybersecurity is not an IT problem to solve. It's a business risk to manage, just like any other risk that they might face, whether that's economic headwinds or a natural disaster or something along those lines, and so it's shifting the narrative until they see that. Then you can start to have meaningful conversations about all right. Now that we understand it, what are we going to do to solve this problem?

Speaker 2: 8:18

Excellent, you don't have to name names, but I'm just curious have you ever heard a story that is maybe just so gut-wrenching or horrible that maybe provoked some deep thought about maybe the state of the industry and where some of these businesses were at?

Speaker 1: 9:24

no-transcript. Trauma with car accidents, you know we, unfortunately we see fatalities go up after ransomware and that to me is I feel like we could have avoided that. Right, that's, it's unnecessary. In other cases it's businesses. You know people that those companies go under and you know the executives. You know one case where an executive took his own life because the company went under and that's, you know that's tragic.

Speaker 2: 9:48

Yeah, there's definitely been a shift to more sophisticated attacks. Agreed, is this a wake-up call? Or should it be a wake-up call for businesses to treat security really as a foundational policy, rather than sort of a nice to have insurance policy? I don't think this is going to happen.

Speaker 1: 10:05

Yeah, you know what I love the term. That sort of foundational policy is exactly what it needs to be. So, like you said, just like any other form of risk whether it's economic, it's, you know, legal strife or whatever it might be they have to look at it like that. And those assets at the end of the you know whether you know whether it's bad deals or whether it's a cyber criminal stealing that money, they have to. It has to be primary, and we're seeing that as well, as evidenced in things like investment banking, mergers and acquisition, where this is an area where they're really focusing on on making sure there isn't gonna be a loss of value.

Speaker 1: 10:36

And then insurance is the other one where you know insurers are saying, if you're not doing these things, you know effectively, if you don't drive the speed limit, you know, wear your seatbelt, you know all that kind of thing then you know we're going to invalidate your coverage if something does happen. And you know I think that's the real lesson here is, if we were to use that auto insurance analogy, we've got companies driving around with blindfolds on their seatbelts off and their airbags disabled, running red lights and thinking like, whatever it's, you know, my car is too small, no one's going to hit my car, all that kind of like I said, those misconceptions, and of course when it happens then it's the reality check because they realize you know it isn't like well, it won't happen to me, it happens to somebody else.

Speaker 2: 11:14

Excellent. As I mentioned earlier, your current role is the chief of strategy at AdLumen, a cloud native managed detection and response platform. I come from the MSP industry. I used to try to sell security. We're doing our best, as MSPs and our customers, really to sell security and sell the value and the importance of security. They run assessments to identify gaps, they perform training. They're doing a number of different things, but in the end it's always trying to sell security as a must-have versus a nice-to-have. What advice do you give to some of the MSPs and service providers that are out there on pitching the security narrative to make security that baseline instead of an add-on?

Speaker 1: 12:00

Yeah. So there's a term in the security industry called FUD fear, uncertainty and doubt and everybody kind of sells this scary right, the big and scary. And you know I did a little bit earlier when I told you those hospital stories. But I think the other thing that a lot of people, when they try to you know, when they go to market, when they're working with these types of companies, is you know, we live in a corporate, you know a world of corporate statistics, right, and metrics, and so the problem is we throw out all these you know crime kind of statistics.

Speaker 1: 12:26

The problem with crime statistics is that they're abstract. But if I tell you that your neighbor got robbed at gunpoint, now it's a different story. Now you get an alarm system right, you get a bigger dog, better locks or you move, because it's personal and it's relevant and I think that's what you got to do. So less of, I think, the stats and the kind of the overarching things, because when you say, well, the average cost of ransomware is four and a half million dollars and so on, they just kind of gloss over. It's something that's not tangible and they can't really understand it.

Speaker 1: 13:01

But when you tell a story and you you know the spouse of one of the executives. Their account got hacked and they were able to see what she was doing and they were able to, you know, defraud the company of like a million dollars Suddenly. That matters to them and so, when they understand those things as I joke about it, there is no ROI as in return on investment in cybersecurity. But I kind of kid around that there's ROI which is risk of incarceration, which is that little bit of you know in larger companies is that there is a liability here, right, there's a fiduciary obligation and you're getting held to it, whether it's courts, class action suits, your clients or regulators.

Speaker 2: 13:31

Yeah, so let's talk tech for a few minutes here. So, as MSPs are building their security stack, most have endpoint protection as a priority. Msps are building their security stack. Most have endpoint protection as a priority right. They might have EDR or next-gen AV or something like that they might be patching, backing up. Is that enough, Mark?

Speaker 1: 13:48

Those are fundamentals, right. In some way I talk about it's like brushing and flossing you got to do it. Is it going to stop all the cavities? No, but you still have to do it and I think that's important and I don't want to diminish those.

Speaker 1: 14:01

Things like endpoint has become critical because we see a lot of activity on the endpoint and so it's moved the front line from the firewall to there. That's important. Things like backing up and patching. Unfortunately, when we look at even sophisticated attacks, the sort of the basic tools and techniques they use aren't necessarily that sophisticated. They're still fishing, right, they're still getting you to click on a link, and so that's not new. That's very low tech.

Speaker 1: 14:27

The problem is when you can combine all these things. That's when you can see it happen. So that's what I always say is give us a fighting chance, give yourself a fighting chance. If you have multi-factor authentication, if you have endpoints, you know a VPN to encrypt your connections, you're backing up, you're patching, well, it might not stop it, but what it does it's like another hurdle or another lock they got to pick and when you combine those, you get that opportunity to go. Hang on a second.

Speaker 1: 14:52

I've seen a few things occur. Maybe there's something you know. There's suspicious activity here and then you can dive in. But if you don't have those there activity here and then you can dive in, but if you don't have those, there are no alarm bells, there are no tripwires. Unfortunately, it's like the big bang happens, right. That's when you wake up one day and all your data's gone or your money's been emptied out of an account and it's too late. Those, I think, give you the. I call them the. They're precursors, right. That's a better opportunity to figure out what something's happened. And it's like the earlier you catch it, the earlier you catch it, the less it's going to cost you. It's cleaning up spilled milk. I would rather clean up spilled milk all day long than I would let it metastasize in an organization. And now you have a crippling event that's going to cost this business millions of dollars.

Speaker 2: 15:29

It's all about reducing that attack surface 100%. Your book was obviously very successful, so much so that it inspired you to write a second you want to share with everybody about the second book.

Speaker 1: 15:38

Yeah, second, you want to share with everybody about the second book. Yeah, so I'm working on a second book right now and again, it's going to be cybersecurity you know, shocking and I am going to focus on the sort of right of boom, right. So more of the incident response sort of stuff and what's happened. And I've been interviewing about 30, 40 people now, so it's executives and leaders from companies that have been affected, right and healthcare and manufacturing and others. I'm also talking to industry leaders, so, you know, security veterans.

Speaker 1: 16:03

I've talked to people in the, in the government and, most interesting, actually, I've been talking to a handful of people who have been with various agencies. You can decide. They call them civilians attached to the military. I'll let you pick a few letters that you can slap and you know, in parentheses behind their name, and so they've been doing things like working in Afghanistan. Right now there's a group of them working in the Ukraine and the reason I wanted to talk to them was, like you know, to really understand what's the ideology behind these criminals, right?

Speaker 1: 16:29

Why is it we see so many attacks come from Russia and there's lots of interesting political, ideological issues and, of course, you know, at the end of the day. It's a lot of economic ones, and so it's just to sort of understand, because I think you know there's a whole lot of you know know your enemy right. If you understand their motivations and what they're trying to achieve and think like them, that helps you figure out how to defeat them right, sort of Sun Tzu or whatever. So that's the idea anyway. So we're going to put that together and come up with a very light framework, because that's the other issue we see is there's, you know, all these big security frameworks with hundreds of controls in them and everybody looks at it and goes. I didn't even know where to start, so I just want to go. If there's five things you could do today, you know, do this this week, do this the next thing the next week, and so on. That's just going to improve the resiliency of their business.

Speaker 2: 17:14

Anyway, I can help, that'm looking forward to it, mark, I am definitely going to pick it up, and I'm sure some of our listeners will as well. The second thing that I thought was pretty cool is that CNN asked for your input on the rise of ransomware attacks against the US critical infrastructure. This was at a time during I remember this right during the GBS meat supplier the pipeline that's right line attacks yeah, first off, what was that experience like?

Speaker 1: 17:43

okay. So probably the most terrifying thing I've had and it happens quick. So I had one of the people I worked with. She called on like a friday around lunch and said, hey, cnn wants to interview you. You're willing to do this. We had to, you know, send a bunch of stuff like other videos we'd recorded, you know like public speaking, and they wanted to make sure you weren't going to, you know, fall over or freeze on camera right when the red light goes on. And then it was sort of like I don't know, is this going to happen? Is this not going to happen? And the next thing, you know it's like it's going to happen. You know, 10 am the next day I get myself all pre. Is they Skype you in or WebEx you in, right?

Speaker 1: 18:18

So you're on a remote tool, you're staring at a black screen, you can't see anything, and every so often the director would come on just on audio and say, okay, so we're going to run a story about this topic, then we're going to go to commercial, and then they're going to come back and you're going to hit the lead in and the reporter will start talking and then they'll introduce you and I'm like, okay, and that just got dragged and dragged so I'm sitting there for like an hour. Of course my neighbors, they start doing construction on their deck. So I walked over there with a case of beer and said hey guys, could you take a break? You know, do that for me. You know I'm on CNN and they're like come on, I'm like no adrenaline.

Speaker 1: 18:57

And I will tell you, I think the big thing I was afraid of was you know, are they going to ask some kind of political type of question? Right, and I'm like I'm not here to answer those kinds of questions, I'm here to talk about security. But you know, big, big takeaway for me is is this sort of scary and as challenging it is, as it is speaking into a black screen? I will say that you know, news hour, you know, at 10 am on a Saturday, tells you the state of cybersecurity and the fact that it is, you know, like I said, you know, ransomware is a household term now. Everybody knows what it means.

Speaker 2: 19:26

Yeah, it was a big deal. I remember those two sort of infrastructure attacks and anytime pipelines are shut down and meat centers and things like that. That's incredibly scary. Oh, there's another one. What's?

Speaker 1: 19:38

here at Fort Worth Just a couple of the utilities just got shut down they were announcing today All right.

Speaker 2: 19:42

So over the past year, Enable has announced the partnership with Adlumen to bring MDR to the masses, the MSB masses, if you will. What excites you so much about that, Mark?

Speaker 1: 19:54

You know it's a bit like writing the book, right. So you know, I used about how I'm standing in boardroom after boardroom saying the same things over and over and I don't feel like I'm getting anywhere. I'm on a hamster wheel and you know. You know AdLumen has done such a great job. You know we have I think we have like 1500 customers. You know, several hundred thousand devices being managed here and it's great, right. But coming in with Enable, I think you have such a large access to market. You also have a trust brand with the customers.

Speaker 1: 20:19

In cybersecurity, the biggest currency is trust. So having them say you know what, we want you to talk to AdLumen because we've done the vetting and we believe they're the right solution for you. That just accelerates what we can do, so the more work we can do. I love doing the roadshows that you have, getting in front of those people telling stories, but most importantly, it's like hearing their stories and that just helps us refine what we can do. But you know, do a better job again of. You know, keep sharpening the knives as we go to market. And you know and I think that's that's where you know you do this at an economy of scale that you know effective, like I said it's, it just accelerates what we're doing, and I think together you have a visibility into the technology that they're using. You understand their world, you understand their business and we're the specific player when it comes to how to secure that. And so it's a great marriage, really.

Speaker 2: 21:12

We're definitely proud of that trust that we built that partnership we built with our partners, and it's great to be able to partner with a brand like AdLumen that has an amazing product and to be able to share that with the customers and see what they can do with it. We saw one of those on the main stage today talk about the value. So I want to ask you what are some of the ways you hope that the Enable partners develop their managed security offering on top of AdLumen technology?

Speaker 1: 21:38

So one of the things I think is there's again a notion out there that you know, even if they realize they have the risks, they don't know where to start or they can't afford it. You know it's like, well, this is way too complicated. And so when I say afford, I don't just mean sort of a financial perspective, I mean, you know, can they manage it? Do they have the expertise? And I think that's what we can do together right, so we can move into those markets and really bring security, the kind of security that larger you know, big banks, government defense have. We're doing the same thing. We're just together.

Speaker 1: 22:09

I think we can do this at an economy of scale that allows us to get it down to that market. And you know, when you look at it, right, it's a, you know it's a pyramid. You know you've only got a handful of those small Fortune 500s in government, but you've got a plethora of all these little businesses, and those are the guys that bear the brunt of these attacks. So the more we can do to help them, the better.

Speaker 2: 22:30

So you mentioned the roadshows and obviously you're here this week at our big conference, the Empower Conference. Talk about some of the interactions you've had with some of the partners and what those conversations have been like.

Speaker 1: 22:41

Yeah, I can tell you, after the keynote this morning fabulous, right, we had lineups at the booth. I, in fact, you know, at one point I was like I need to go. You know, I need to go sit outside here and, like you know, come up for air for a minute. I mean, it felt like I was, I was donating blood, right, you're sort of you. But yeah, we've had really good conversations where people I think they got the message right, they realized, okay, we had these, you know, basic security things in play. You're right, we really didn't know how to aggregate that, pull that together and start doing that other kind of defense that I was talking about earlier, and so that's that you know.

Speaker 1: 23:14

Very quickly, those conversations went from a so what do you do? How does this work To you know? The next thing, I know I felt like I was being interrogated on speeds and feeds and it was like, okay, so you guys are already doing due diligence effectively, right, and I had one conversation with a partner who, the CIO, walked out of our meeting room. I was with one of their head technical people and he just walked up and said, yeah, we're doing this. So, you know, work with Mark and figure out. You know what it is, you know get all the info you need to like, check your boxes and feel good, but this is happening, so you know that's again. This is back to that acceleration and getting to market quicker. I go to a lot of conferences, I do a lot of speaking, but this one, this one, you know, I set it apart because I think it's not only having really good, meaningful conversations, but you can see the traction.

Speaker 2: 24:00

That's great. Thanks, Mark, Really appreciate that. So let me ask you what are some goals going forward? Obviously, you've got a book on the horizon here. You're really excited about this partnership with Enable and what you can bring. What are some other things on the horizon for you?

Speaker 1: 24:14

Yeah, I think with security and focusing on the executive layer, right, as I've talked about. You know, one of the things I'd love to do with Enable is kind of brandish what we call like tabletops, right, tabletop exercises. The idea is, you know, we get the people, we get the leaders, we get the technical people in the room and we simulate these scenarios and it's the best way for them to learn, it's the best way for them to suddenly understand it's not a security issue, you know. Good example I have there is you know, there's a few firms now falling for this where, when they're attacked, you know someone, some clever person in IT, will put up a sign that says you know, don't connect to the network, don't connect your laptop, all that kind of stuff. Well, the next thing, you know, some irate customer takes a picture, sticks it on social media and then you got the news and so I like to kind of, you know, talk about that and show them.

Speaker 1: 24:59

Well, that was your call. Or you know you don't want the IT person to say, well, I'm going to take down the service because there's something bad going on and that's going to knock out a critic. You know, maybe that's online banking, right, or that's medical imaging in a hospital and now you can't treat patients, and that's where they understand that. So you know, I would love to be up on that stage. I love the big keynote. You know, I don't know what it is, it's somehow. You know, the bigger the stage, the more fun and interesting it gets right and you can kind of do a much different talk, which is, you know, a little less in the weeds, but it's more inspirational and that's where. So I think there's plenty of opportunity for us in the future.

Speaker 2: 25:37

You definitely bring a ton of energy, a ton of passion to the security space. You built an incredible career over the last 20 plus years. So I have to ask you when did you know?

Speaker 1: 25:47

now that's it In terms of like being in cybersecurity. You know, I would probably say you know, it was probably five years ago, and it's when you're sitting in a room, you know you're in a boardroom, you're with people and you're talking and you're kind of like, am I even getting through to you, Like I don't really know? And then all of a sudden you have somebody come up and they say, okay, I'm going to get you in with the CEO, I'm going to get you in front of our board, can you do this? And then it just sort of it goes from there and I realized you know what I finally you know it took me a long time, but I finally found the right vocabulary right, I'm pushing the right buttons and people are responding.

Speaker 1: 26:28

And it's not that your knowledge changed, I think. It's just it's kind of the way you go to market right, speak their language right, and as soon as you sort of figure that out, it all clicks and it just gets easy. And then you see the demand go up and so, yeah, it was probably. You know, it was like they said, it was at least a few years ago, and I had that moment of like this is where I'm supposed to be. You know, you're sitting on a stage somewhere giving a talk and you're watching people and they're taking pictures of your slides and they're kind of eating it all up and you're like, yeah, I, you know and ultimately hope you're helping them. I love that, Mark.

Speaker 2: 26:59

Mark, thank you so much for being with us today. You're an incredible evangelist. I am looking forward to the partners, the continued partnership with. Adlumen, and I wish you the absolute best in the future.

Speaker 1: 27:10

Oh, thanks so much for having us here and, yeah, I'm looking forward to the next one. When's the next one? It's next year in Berlin, is it?

Speaker 2: 27:16

Secrets.

Speaker 1: 27:16

Yeahoh, sorry, letting the secrets out of the bag, all right.

Speaker 2: 27:19

That's right. By the time we get this out, it'll be news.

Speaker 1: 27:22

So it won't matter. Well, there you go. Yeah, I broke confidentiality and security.

Speaker 2: 27:26

Love to have you there. We'll hopefully join you. Yeah, sounds great, thank you. Thanks, mark. Bye, bye, bye.