3. If You Don't Have a CISO, You ARE the CISO

Justin: I don't know, Joe. You think I've you think I managed to pull it off this time? Let's see. Joe: I mean. I mean, that's on me. That's on me. Oh. No. Justin: I mean, asked for it, though. This is guys, so welcome back to cut three, take three of episode three of UnHacked. This is the third attempt in recording this, and I'll just own it up own up to it. The first time we tried to do this, I forgot to turn the mics on in the recording software. And then, Joe, you and I just got about halfway through the recording and, noticed that my computer had gone to sleep and killed the recording again. Joe: But, you know, if you were a doctor in an in a hospital and left your laptop sitting there, it would lock up just like that. So you'd know you'd be secure and somebody passerby could, collect. Justin: I know. We do this on purpose. Isn't this the trade off though? And this is always the issue with security is with every protection we put in place, it comes at a penalty Joe: in productivity. I mean, it's been, you you got one end of the spectrum of security and the other is ease of use. Right. Just gotta find that happy medium. Justin: And it's a struggle. It is. Most conversations I have with clients are regarding that balance. And usually it's around money, but I try to get the conversation more towards like what outcome are you looking for? Let's look at productivity. Okay, we can save a few bucks on security tools, but really what we're trying to do is how much can we make by using technology? How much can we leverage this stuff to actually put money in your pocket? Save $10 make 10,000. You choose. Right. All right. Well, Joe, let's try this again. We are, like I said, episode three, we're gonna talk about the life of a CISO. CISO. Which stands for? Joe: Cybersecurity information. Chief information. Security officer. Sorry. Been playing the acronym game Oh, all Justin: there's so many acronyms. Joe: I'm so sick of it. I know. It's like we use these to save time, really it's like, let's just add an ellipsis another five minute tangent to every conversation we have in life. Justin: Do you watch The Office? I did. Yeah. Was it Kevin that he shortened up all of his words to save time? And then they spent twenty minutes talking about how much time he or how nobody could understand him. That was the end. Look how much time we wasted by trying to save time. All right. And yeah, we spend a lot of time trying to save money. We spend a lot of money trying to save money too. That's a different subject, but all right, let's get into the life of a chief information security officer. And I feel like I've talked about this so much that I'm bored with the subject. I'm gonna try to keep it going. What got me going on this one is like, okay, so you and I live in the world of security. I mean, do a lot of things, our jobs, we have a lot of hats, but I'll tell you personally, the one that keeps me up at night is, am I protected number one from a cybersecurity threat of any sort? And number two, am I properly protecting my clients? That's the stuff that haunts me. What about you? Is similar? I know you've got even more on your mind than me probably. Joe: Well, yeah. I mean, it's just what I live in. It's just what I, is life. Justin: Probably some version of that along with, did you get everybody taken care of? Did you get all the projects done that may not even be security related? Yeah. So it's a busy world that we live in and it's a stressful world. And there's a lot of burnout in this industry. Joe: Yeah. Justin: It's just, it's a lot of stress. Mental health is an issue that we have to look at. I don't remember if I've told this on one of a previous episode or one that we just didn't record, but one thing we try to do around here is give you guys a day off every month, which usually works out. Know sometimes it doesn't, but we do try to step on that. So with all of the things that weigh upon us in the world of technology and security, this caught my attention. This dude named Andrew Smetan, who works for DataRobot out of Boston, which is a cloud provider and not what what do you keep talking about? Joe: Boston Dynamics. I couldn't think of that name earlier. Justin: Oh, okay. Joe: So those are the like the guys that have their robot dogs and like Justin: Like, are they even real? Are they real? Joe: Oh, yeah. Okay. Definitely. Justin: Yeah. I always wonder if it's computer animation or if it's Joe: Oh, yeah. Yeah. They've got they've got a few different animatronics that are just, I mean, really, really cool. And no telling what they're not working, you know, showing us Yeah. Kind of stuff. Justin: Yeah. Yeah. Interesting. Not that company. So not that company, but this guy, he's a CISO, Chief Information Security Officer, tons of things on his mind right now. But he finds out he's got these coworkers over in Ukraine in this literal war zone. A lot of what we do is I'll call it a figurative war, even though it's kind of, I don't know, whatever. So he embarks on this 4,500 mile trek to go save somebody, a coworker from a war zone in Ukraine. And I'm just like, dude, like you don't have enough to worry about. Number one, guys, I'm not advocating this. I personally don't think I would walk into a war zone to try to save somebody. Don't know though, honestly, because so our number one company core value is we take care of our own. Joe: Yeah. Justin: So I don't know, that's tough. This is challenging for me to like, all right, Joe, you're stuck in Ukraine. Am I coming to save your ass or not? Probably if it was you, probably would. Joe: I'd appreciate it. Justin: Somebody that was just a coworker in a company of hundreds and hundreds of maybe thousands of employees. Joe: Maybe maybe Venmo Venmo dings or something like Yeah. You're buy a Starbucks on us. Right. I don't know, guys. I I like I said, what Justin: I would or wouldn't do, what you should or shouldn't do is not the point of this, but it did catch my attention because we already live in this really stressful world. And now you've got a guy walking into a war zone. So we're gonna talk about the life of a CISO today. And first up, let's dig into what not to do. So I think Joe, as we've practiced this podcast a few times, you probably have heard this story before, but I'm gonna get through it again. My wife is a school teacher at one of the local districts here in the great state of Texas, And her workstation, it's a MacBook, whatever. School issued. School issued, which means they should be protecting it, keeping it safe from any prying eyes, whether they be foreign or domestic enemies. Turns out she had a domestic enemy in her classroom. Do they know that? So they're not being very upfront with her. Joe: Sorry, didn't mean to interrupt. Justin: No, that's fine. It's a good question. Part of the issue is they've been pretty vague with her and pretty like casual, just, you know, so this is what we keep digging into, right? If we had a client who called up and said, Hey, my workstation was breached. Well calm down, what does that mean? Or hacked, that's what we'll hear. And then they clarify that somebody, unknown user, gained full access, took control of the mouse and keyboard. I, the user, am not able to shut it down. I have no control over it anymore. They start playing music in the overhead speaker system from my computer. Joe: And that's what's happened here. Justin: That's what happened to her. Yeah. So she's teaching the class in the middle of teaching and her computer gets taken over and they start blasting music over the you know, because it's tied into the sound system in the classroom, you know, for their audio visual system starts blasting this vulgar music. And it just really freaks her out. No, yeah. And so she just hit the power button, held it down until the computer shut off and of course had a little bit of an emotional outburst as we expected. Didn't you say Joe: it was on her birthday? Justin: It was on her birthday. Yeah. Joe: She's just like, happy to me. Justin: Really frustrated with these kids. And, you know, and she made the assumption that it was a student. Yeah. It turns out, at least as far as we know, that it was in fact a student. But what this is- Joe: That's based on her assumption and the lack. Justin: So some administrator confirmed it to her. Okay. It was not the principal because I found out like it was a week or two later that the principal said, wait a minute, what happened? Joe: Yeah. Oh, really? Justin: I didn't know about that. Oh, really? So I don't know what their chain of command is. It's disturbing on so many levels how this was happening. Joe: Let's back up. I know. I know. There's so many things wrong with what happened here. So she's in the middle of class. She's doing a presentation and all of a sudden, loses control to her laptop. Yep. Music starts blaring out of the speakers. She can't move or do anything on her on her book. Correct. MacBook. So she turns it off. Justin: Yeah, then what? Then she told everybody to put their heads down and don't touch anything, go cock. That's then what? That's not what you're asking. So she starts rolling this up the chain of command. She talked to the local technician, told him what happened. And that technician said, I'll help you reset your password for AirPlay. That's crazy. Now, to my knowledge, there was no investigation whatsoever. It was just the assumption made that somebody, a student had taken over her workstation via Apple AirPlay. So if that's all it was, first of all, that sounds fishy, but if that's all it was, are you shitting me right now? This is so set up so insecurely that a student can take over a workstation of a teacher through Apple AirPlay. Yeah. And then let's assume that really is what happened. The only resolution was, I'll help you change your password. No worries. Joe: That's like, Justin: what the hell? So she's telling me and she's mostly just trying to cry on my shoulder and probably just wants emotional support. Me, I go into work mode and I'm ranting at this point. I'm like, are you kidding me? And I go into the laws that this kid's broken. Again, assuming it's a kid, it could be anybody. Joe: Yeah, the other thing. As far as you know, nobody remoted into her computer. Nobody actually, if any kind of investigation was done, it was on the back end, if it happened at all. Justin: Correct. No authorized user remoted into her computer, an unauthorized one did. But no technical resource or security resource checked her computer in out to my any way, shape or form. So sure, did they pull remote logs? Maybe. Joe: But Justin: when this finally climbed the ladder to get to the district wide security, like the top of the chain of command for security, the response was something to the effect of, I asked the lower technician about the details and based on their feedback, I'm not worried about this. You, teacher, end user are worried about it because you have so much experience in the world of cybersecurity, I will instruct this lower end technician to reformat your hard drive. But you decide. Joe: Which is basically a big middle finger because who wants to just wipe all their data? Right. Start over fresh. He's basically like, here's what you can do. Know, let me put it on your shoulders you most likely will not want to follow through. And then I can just close this ticket, not have to think about it ever again. Right. Except let's just say, know, hey, what if it's not? What if it's actually somebody else that's doing something? And probably if I were a hacker, that's exactly what I do is do something that a little kid would do while I'm accessing the network back end and doing the actual big boys stuff. Justin: Look at my hand over here. Don't look at what I'm doing down here. Exactly. So many things wrong with this. Joe: Policy wise. Yeah, culture. Justin: And it really for me, this comes down to the, what I try to drive home all the time when I'm preaching cybersecurity is it is culture. We can set up security measures, we can put antivirus in place, we can put firewalls in place, we can monitor the hell out of it, but when we have a culture like this, you'll always lose to bad guys. Because the good guy who tried to raise a flag and say, hey, here's a problem, was shut down and told to sit down and shut up. Yeah. In effect, that's what she was told. Yeah. Joe: If you buy the top of the line safe, know, spend all kinds of money on it, but you leave the door open, what's Right. The Justin: So this was really, really troubling to me. But I will add that so I Joe: will, let me point out that, you know, your face is a little red, but since, you know, we, like we mentioned, we've recorded this now three times, at least this particular story. And you've actually de escalated. So this is the least excited Justin you're getting here. It's kind of a shame. He was very he's very pumped up. And this is I mean, and rightly so. Justin: Mean Dude, I've been ranting about this for, three weeks. My wife is so sick of hearing it happened to her, and I'm more emotional than she is about it. She's sick of me talking about this. Damn. Yeah. Anyway, so let's yeah. Did I miss anything? I've told it so many times. I don't know. Yeah. We'll move on, but I point this out guys as what not to do. And it's about bedside manner, it's about not handling the situation with the end user, you know, like to support them, to instill trust in them. And it's also just, like I said, it's a culture thing. So she has been taught that if something bad happens to her computer, to shut up. Like don't even bother reporting it because they're not gonna do anything. They're just gonna say, hey, well, we're not worried about it. Are you worried about it, teacher? Joe: Right. Justin: All right, so they're not worried. Why the hell should I be worried? I'm just gonna shut off my computer and teach with a pencil and paper. And this is a district who has pushed everything away from paper and onto electronic. It's Google Classroom, Google everything, all the kids have iPads, nobody has textbooks, everything's electronic, and their security is so weak that a student can go in and take full control of a teacher's MacBook. Joe: Which by the way has access to the grades, Absolutely. Justin: People's grades. So so she knows the point when she was locked out of her computer by the student. She doesn't know how long they had access to things behind. Joe: Or if there's still access, right? Correct. Like as far as you know, they didn't do an actual investigation. Justin: I think they did. Joe: Unless it was on the back end and doing some logs. Justin: But even so if they did, I'll say the problem here is that none of that was communicated to the end user. Yeah. There was never any reassurance given her other than I'm not worried about this. If you are, I'll have somebody format your hard drive. Yeah, middle finger. Outrated. Middle finger. That's what not to do. And now, Joe, let's talk about some headlines that are Joe: out there. Yeah, so we were wanting to just do a quick rapid fire, the life of a CISO or, you know, you kind of got to stay thumb on the pulse all the time. That's kind of what we're getting at or leaning into. We have to stay on top of this kind of stuff. We got to know about all the new things that are going on. So this is like a, this is the thirty minutes in the morning of Hey, let's find out what's going on in the world. We got to, know, thumb on the pulse, we got to figure out what's going on. So we're gonna do a little rapid fire, some headlines. Yeah, well, for the week. Justin: If I quit hitting my microphone, we'll get through these pretty quick. So there was a botnet that has taken over ASUS routers. Now on the surface, so ASUS routers, they're a big name. Huge Joe: name. Mean, if you told me that they're the ones you go when you go walk in at Best Buy. If you told me they were the number one consumer router, you know, that's sold in America, I would not blink an eye. Justin: Okay. Now, that said, how many of our clients do you think use this for their primary source of security? Well, that's the thing Joe: is like, you know, they might have a commercial or enterprise firewall or, you know, super protection at the office. But today, you know, there's so many work from home people. Yeah, Justin: so that's it. Right? So we don't put these out anywhere. We don't manage ASUS routers anywhere to my knowledge. But now we've gone to this work from home model quickly. We all did this really fast in an emergency state. Man, how many of these ASUS routers are out there being taken over? Because I know this isn't new. Didn't you say that this was a little bit old? Joe: Yeah. It's a couple years. I mean, honestly, this is just like point of they're just digging up things that they Justin: True enough. But this is a problem that remains out there. So how many of our so the thing is, guys, you've gotta protect and monitor all of your network endpoint. If it touches the internet, somebody's gotta be protecting that thing. And you've got these consumer grade routers out there that for a couple years now have a vulnerability that unless they've been patched, that still exists. So your router at home could be part of a botnet that's launching attacks on it. Joe: Oh yeah. What was I gonna say? It reminds me, there's still thousands of Windows seven machines out there that are totally vulnerable to those And kinds of they're still up and running like commercials, commercial grade, Windows, know. Know, and one of common The common servers and Justin: stuff. The common objections I get when I'm trying to sell security services is, my data is not that important, or I don't have anything anybody wants to steal. Right. So my pushback always is if you have a device connected to the internet, you have something somebody wants to steal. Yeah. Even if it's just access to your resources that they then use to launch attacks on other people. Yeah. You then become part of criminal, you know, like these these crime rings, these thugs that are doing all kinds of illegal activity. Yeah. Joe: The the big thing right now is, you know, getting those spam emails saying, hey, you're click here to log into your Office 365 or, hey, you've got an IRS refund or whatever. Then you click a link and it takes you to a phony website where it's harvesting your credentials where it's it looks like Office three sixty five, you log in, it's really a fake website. That page that you went to, that's somebody's either website or it's being hosted somewhere. Justin: Could be hosted on somebody's A2 browser. Who knows? Joe: Exactly. That somebody breached and didn't care because there's nothing to hide, now they're accomplices essentially. Last week, and this is kind Justin: of a tangent, last week we talked about securing websites and how we don't always think about that, how important that is. So yeah, these phishing emails, when you click on it and it goes to a website to steal credentials, sometimes those pages that you go to are actually a subpage of a hacked website. Yeah, exactly. So it's a legitimate business running a legitimate website. Yeah. But they don't know that they have this page not linked to anything that people are getting redirected to for credentialing. Joe: And they're not gonna really know unless, you know, they've got an active web developer security at least Right, behind the you start seeing Justin: these pages pop up that they didn't build. Joe: If they even show, I mean, scripts that show, keep them hidden and stuff. So yeah, maintenance. Justin: A lot to think about. A lot to think about. Life in a CISO, right? This is the stuff we have to worry about day in and day out. And okay, so I thought this one was interesting. You've got people now, whether they're stealing ASUS routers and using, you know, marshaling those into an army or whatever, but you have what we call hacktivists. Hackers who are activists politically that are targeting, they're just taking sides in this war between Russia and Ukraine. You've got people launching attacks to make a statement against Russia, against Ukraine, Most of them are against Russia because Russia is the bad guy. Joe: Well, that's what designates a hacktivist versus a hacker, right? Yeah. Right. Your intentions. Well, not intentions, whose side are you on? Yeah. So like if a Russian was hacking, they're a hacker. They're a hacker. But if you're a US hacking Yeah. Russian Justin: you're a Yeah. Good bad guy. Which is why the federal law, I bring that up a lot, because if you gain access to somebody's network without their permission, or elevated access, any subset of access that you're not supposed to have. That's a federal crime. Yeah. I don't care if your intentions are good. I don't care if you're just a dumb kid playing a practical joke. This is big stuff. This is super illegal. I'm glad you're in federal penitentiary. So careful. Another another phishing. This this one only caught my attention because I'm tired of it. Like how many times do we get these phishing campaigns that are about bank or allegedly from your bank? Citibank is the most recent one or at least the article I'm holding in my hand. It's tiring. Well, there's Joe: They're just an active just saying, hey, Justin: your Citibank account is about to be locked. Do you need to log in and reactivate it or something like that. Right? That's usually what they say. Or there's been suspicious activity on your account, you need to click here and authorize it or deauthorize it. Joe: You know what I've been getting lately? It's text messages. Oh yeah, yeah. I'll get a text message and it'll say like, Hey, you just approved 150 to amazon.com. You know, is that you if it's not click here to dispute or whatever. And I you know, I've never clicked on the link, but I'm pretty sure that's a that's another fake website or, you know, a breach website that takes me to log in Justin: and Yeah, so I mean, like quickly, just kind of a pointer for people, what would you haven't clicked on the link, kudos, bravo. So what can you Joe: do though? Well, mean, anything that comes from a number, don't know, it's screened or, you know, I definitely You Justin: said it was from a bank? Did this, sorry. It's just a text message. That said what? Tell me again. Joe: You've all, you know, and there's so many of them. The one I was talking about was, you you made a purchase on Amazon. Okay. 100 and something bucks. Justin: Amazon. I still had banks in my brain, so I knew you hadn't said banks. So was Amazon. Irregardlessly, that's a fun word. It's not a word, guys. It is a word. Joe: They've added to the dictionary because stupid people. Justin: Because stupid people like me make podcasts and say irregardlessly. Okay, so you get a text message from Amazon air quotes, and it says click here to, you know, either verify or not this podcast. Joe: Yeah, if this was you, don't worry about it, but click here if it wasn't. Justin: So folks, please don't click the link. But what can you do? Go to Amazon, Like just grab a different computer, preferably a different device. Go to your Amazon account, log in the way you normally do and check. So there's an option. Same thing if it's a bank thing. Joe: Or your bank. Justin: Bank emails you, hey, warning. Unauthorized activity on your Click here. No, don't click there. Yeah. Go to your browser, preferably use a bookmark that you already have set up and a password saver, password manager, because all of those things, it's just one more step that will prevent you from mistyping something or going to URL that's not valid. Yeah, just use a different way of accessing that and find out if it's real or not. Almost always they're not real. But the problem is sometimes they are. I do get fraud alerts via text message from my bank. Joe: Talk to your bank and you find out for real. Don't click the link. Justin: They won't have a link though, what they'll have is reply. One for yes, no, 2 for customer Joe: support or something like that. Right, or call, yeah. Justin: But if they give you a phone number, don't call it. Go get the number on your own. Joe: Yeah, that's, Justin: Get it off of their website, make sure. So, geez, so much to just be aware of. Joe: Bad guys are always trying to get one step ahead. And you know, Justin: Man, the more we talk about this, I know that the tendency is to get on overload, to get overwhelmed, and then just to think that it's hopeless. What can we really do? And the point I always wanna drive home to people is we can't be 100%, but we can be on. We can always be on. We can always be aware and we can always be watching. IRS, that's another one. There's campaigns right now, allegedly from the IRS telling you you forgot to fill out this form, right? Or you did something wrong. Joe: Oh, yeah, I've seen. Yeah, I've seen those. Justin: You've got those. Just be aware of it. That's all. Android malware. This is I always worry about Android because because the assumption is, well, no, because I don't hear about a lot of breaches on Android phones or iPhones, right? I know it's theoretically possible, but the world you and I live in, Joe, how many times just as a percentage of actual suspicious behavior, not suspicious, actual fraudulent behavior, what percentage of them do you personally deal with in the world of smartphones? Joe: I mean, that's a hard thing to answer. It's kind Justin: of like the website thing. I know, but like number of calls, calls in a month, anything that's legitimate. Joe: Here's the issue. Is that the call because somebody's phone has got breached? Not that many. Do I get a call as a result of their phone being breached? Or, you know, somebody sideloaded an app or they did something stupid, they jailbroke it and or they use the same password for on their phone for this this game that they play as they do for their Facebook and their bank account. How many of those? A lot more. A whole lot more. Really? Okay. Yeah. Justin: But so actual malware, this is what I like, we deal with, pull up the logs on a firewall, hundreds of attacks a minute, probably. Like this is deluge. We protect against all of them for the most part. Joe: Nope, all of them. Justin: Well, I'm trying to decide what I'm even asking here. I am personally aware of attacks almost nonstop against networks, workstations, against software. But I'm not personally aware of attacks that go on on my smartphone. Like I don't have a blind spot there. I'm always worried about it. I'm aware of it. I'm watching for permissions when I install something. Try not to install free programs because I understand full well that if the program's free, then I am the product being sold. Joe: But Justin: I still, I don't hear, this is one of the few times where I've seen a headline about actual Android malware doing bad things on a phone. Joe: And that's Escobar. So again, that's the rebranded. It's from sideloading. Aberbot? Yeah. That's a bacon Trojan. When you sideload an app, I mean Justin: So tell people what sideload is. Joe: It's when you use like a computer, like you're not using the Google Store to put an app Justin: on your Joe: phone, you're doing it through other means. And not to mention, have to jailbreak it. You have to jailbreak your Android phone to make that happen anyway. Justin: I've definitely downloaded apps from outside of the Play Store. Yeah, but they're still Google Store authorized. Joe: Okay, If they're not, then by default Android won't let you. Right. You got to silo them. First you got to jailbreak, Justin: then you got to silo them. So that's the tip on this one then. Like don't jailbreak your phone. Well, you do, you better know what you're doing. Correct. Most of the audience we're after probably shouldn't be doing this. Joe: Right. But who doesn't have a nephew or whatever that wants to throw their iTunes playlist over on there and Justin: they gotta figure out a way. Joe: Right, yeah. That kind of stuff. Justin: Yeah, so be careful, be careful. All right. And let's see, we're gonna kind of move to wrap this up. So I'm gonna fast track and we're gonna call that the end of the headline section. Now, again, the point I wanted to make is that you and I live in a world of chaos, fair? Oh yeah. We're always worried about what's going on out there, if our clients are protected. On top of that, we have to make sure that they're being responded to quickly and that the projects are being finished on time. And there's just a lot going on in our world. To the extent that I lose sleep, I don't know if you lose sleep, Joe, I won't make you say that out publicly. It's just Joe: Well, this isn't makeup under my eyes. That's So Justin: what would you add? Like, what does a, just briefly, a day in your life look like? And talk specifically about the stress, the emotion of it, the challenge of it, as far as making sure that people stay safe. Any thoughts? Joe: Yeah, that's a pretty big one. It's just living this. This is my life, kind of just staying on the pulse and mitigating and staying on the pulse and mitigating. That'd actually be a fun You wanna do that? Let's save that for a podcast. That sounds like lot. Justin: Let's make a full Joe: episode about that Here's a day in Joe's Justin: life We'll kind of do that. I'm just gonna get to my point. So most of the time when we get on these, you know, each episode, we're gonna go through and we're gonna talk about breaches, we're gonna talk about what's out there. Mhmm. Because the point I constantly make is that these things are preventable. Yeah. 97% statistically could have been prevented with basic security measures. I'll never quit pounding that drum. Jesus, I can't even talk today. This is because this is take three. So I have to make the point that when I when I run into people who think that they either don't have data that needs to be protected, they don't have resources that need to be protected, or God forbid, they think that they can do it on their own. Now, I'm not calling people stupid. I'm just saying that unless you live this world and I non stop thinking about live in it and it terrifies me. And I'm constantly wondering where my blind spots are. Joe: Right. Justin: Because they're out there. And so if you think you can run your business and you can be good at your craft and you can do the accounting and you can do the sales and you can do the marketing and you can be a cybersecurity expert, good luck. And what that really translates to is like the title of this episode, if you don't have a CISO, you if don't have somebody that you lean on for security, a chief information security officer at your company, then from a legal or from a liability standpoint, you are that guy. And if your company gets breached and client records are lost or whatever, lawsuits come out of this, regulatory audits and fines come out of this, and they're coming after you. Nobody's gonna pat you on the back and say, you know, you're a victim of a crime here. They're gonna say, what the hell? Why didn't you do this? Why didn't you do that? Why didn't you hire somebody? Why didn't you do, you know? So it's just, it's a really risky thing to do. We are constantly evaluating our security posture. Daily. We're looking at, are we doing this right? What are the headlines? Where do we need to make improvements? And so my plea from a, sure, there's a little greed in it because I want to sell you something. But man, you better be watching this. So with that, go to mastercomputing.com/discovery and just book a ten minute web meeting with me. I'm going to stop saying phone call or call because people think it's happening over the phone. Book a ten minute web meeting with me and let me just run you through a few verbal checks. That's what we're gonna do. And I can, at the end of this ten minutes, I can show you, this is why we do a web meeting, a graphical representation of where your blind spots are. Now you're under no obligation. Take that information and run it right back to your IT guy and say, hey, what's going on here? And you watch them squirm. Watch them make all kinds of excuses on why we don't know what we're talking about, and they're fine, and you're fine. But then you decide if you're comfortable with the report and, go from there. But I'm telling you, like we always say, 97% of these things could have been prevented. But once you get hit, you can't get unhacked. Joe: Joe, any final words? Oh, man. You just got me thinking. I'll stop. I'll just say update. If you got an HP printer, go update it. LLM and R. Justin: See? And that's it. There's always something. Always something new. So yeah. Alright, guys. Just jump on there. Ten minute call. No obligation. Let web meeting. Not call. Ten minute web meeting. Joe: They can call it. Justin: Yeah. They can call it. We can call it but let us let us give you at least a second opinion. Yeah. Alright? That's all we got. Joe: Alright, guys. See you next week.