Week in Review: Hegseth orders stand down, ransomware by snailmail, Mark Cuban's lifeline - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines: Week in Review – Hegseth Orders Stand Down, Ransomware by Snail Mail, Mark Cuban’s Lifeline

Hosted by CISO Series | Released on March 7, 2025

In the latest episode of Cyber Security Headlines from the CISO Series, host and guest Brett Perry, the Chief Information Security Officer (CISO) of Dot Foods, delve into the most pressing cybersecurity stories of the week. This episode covers significant developments, including Defense Secretary Pete Hegseth's directive to Cyber Command, innovative ransomware tactics involving traditional mail, and a surprising offer from billionaire Mark Cuban to support a government tech unit. Below is a comprehensive summary of the discussions, insights, and expert opinions shared during the episode.

1. Defense Secretary Hegseth Orders Cyber Command Stand Down on Russian Planning

Summary: The episode opens with a discussion on Defense Secretary Pete Hegseth's recent order directing U.S. Cyber Command to halt all planning against Russia, including offensive cyber operations. This decision does not affect the National Security Agency (NSA) or its signals intelligence efforts. The change aligns with the White House's attempts to normalize relations with Moscow following the Kremlin's 2022 invasion of Ukraine. While the full implications remain unclear, concerns arise that this stand-down could increase risks for private sector entities by reducing Cyber Command's ability to counteract Russian intelligence and hacker groups.

Key Discussion Points:

Shift in U.S. Cyber Strategy: Hegseth's order signifies a potential pivot towards diplomacy despite ongoing geopolitical tensions.
Impact on Private Sector: CISOs may face heightened risks as Cyber Command reduces its offensive posture against Russian threats.

Notable Quotes:

Brett Perry [03:33]: “I think as far as this Hegseth thing is concerned, that, you know, we're moving towards peace, right? So we're not, we're not constantly on Russia. We're hoping that they're doing the same.”

Insights: Brett Perry views the stand-down as a positive move towards de-escalation. He emphasizes the need for a dedicated cyber force within the military, akin to existing branches like the Marines and Navy, to effectively manage cyber threats.

2. Ransomware by Snail Mail: Fake Attack Claims Target U.S. Executives

Summary: The podcast then shifts focus to a novel ransomware tactic where U.S. executives, particularly in the healthcare sector, receive physical letters claiming to be from the Beyond Leon Ransomware Group. These letters threaten to publish sensitive data unless a ransom between $250,000 and $500,000 is paid via a Bitcoin-linked QR code. Notably, there is no verified connection to Beyond Leon, and cybersecurity firm Arctic Wolf reports no evidence of actual ransomware attacks on the targeted organizations.

Key Discussion Points:

Traditional Mail as a Vector: The use of physical letters represents a blend of old and new attack methods aimed at intimidating executives.
Effectiveness of the Scam: While alarming, the effectiveness hinges on the organization's cybersecurity awareness and training.

Notable Quotes:

Brett Perry [06:03]: “If your company doesn't do a lot of, you know, education on this type of stuff, especially QR... Our executives know not to do that.”

Insights: Perry highlights the importance of continuous cybersecurity training and awareness, noting that informed executives can mitigate the fear and uncertainty such scams aim to instill. He underscores the necessity of educating employees about the risks associated with unsolicited communications, whether digital or physical.

3. Mark Cuban’s Lifeline: Funding for Government Tech Unit

Summary: Mark Cuban has publicly offered to fund and support the 18F Technology Unit of the General Services Administration (GSA), which has recently faced cuts. Cuban's initiative encourages displaced engineers and designers to form consulting companies, proposing that their expertise will be essential for future government tech projects.

Key Discussion Points:

Support for Displaced Tech Professionals: Cuban's offer provides a lifeline for those affected by government downsizing, promoting entrepreneurship and continuity in governmental tech expertise.
Implications for CISOs: Organizations can benefit from this influx of talent to address complex cybersecurity challenges, especially in legacy systems.

Notable Quotes:

Brett Perry [09:47]: “I think this is a good, good thing for the 18 folks. I, I hope, you know, they land on their feet.”

Insights: Perry views Cuban's support as a positive development, potentially easing the transition for affected professionals and ensuring that critical cybersecurity knowledge remains accessible to the government. He also touches on the broader trend of outsourcing and the reliance on contractors to maintain and secure legacy systems.

4. Ransomware Gang Bypasses EDR via a Webcam

Summary: The episode covers an innovative attack by the Akira ransomware group, which successfully bypassed Endpoint Detection and Response (EDR) systems by exploiting vulnerable webcams within corporate networks. The attackers accessed the network through exposed remote access solutions, deploying Linux-based encryptors that were compatible with the compromised webcams, which lacked EDR agents.

Key Discussion Points:

Exploitation of IoT Devices: The attack underscores the vulnerabilities inherent in Internet of Things (IoT) devices, which can serve as entry points for sophisticated ransomware attacks.
Strategies for Prevention: Emphasizes the importance of restricting remote access and ensuring rigorous vetting of external vendors.

Notable Quotes:

Brett Perry [16:15]: “Stop allowing people to remote into your environment is, is the biggest step you can take to stop in this type of attack.”

Insights: Perry advises CISOs to limit remote desktop access and enforce strict controls over external vendor interactions. He highlights the challenges of patching IoT devices and the necessity of network segmentation to prevent lateral movement within corporate environments.

5. 1Password Introduces Location-Based Passwords

Summary: The discussion moves to 1Password's new feature allowing users to associate specific physical locations with password items. This enables passwords to automatically appear in a designated "nearby" section of the app, streamlining access to location-specific credentials like health card information or travel documents.

Key Discussion Points:

Enhancing User Experience: The feature aims to simplify password management by reducing the need for manual searching.
Security Implications: While convenient, there are concerns about potential vulnerabilities, such as unauthorized access based on geographic location.

Notable Quotes:

Brett Perry [12:28]: “Biometrics is one of those things that if you get it stolen you can't, you can't change it like a password. Right.”

Insights: Perry appreciates the convenience factor but expresses skepticism about the security robustness of location-based triggers. He suggests that additional safeguards, such as blocking access from unexpected locations, could enhance the feature's security posture.

Conclusion

In this episode, Brett Perry provides valuable insights into the evolving landscape of cybersecurity, emphasizing the importance of proactive strategies, continuous education, and the integration of advanced security measures. From strategic shifts in cyber command policies to innovative ransomware tactics and advancements in password management, the discussions offer CISOs and security professionals actionable takeaways to bolster their defenses against emerging threats.

Final Thoughts: Perry remains optimistic about the potential for improved cyber relations and the evolving tools available for cybersecurity management. He encourages networking and continuous learning, urging professionals to stay connected and informed to navigate the complexities of today's cyber threats effectively.

Connect with Brett Perry: For further insights and professional networking, Brett Perry can be reached on LinkedIn (send a personalized connection request).

Thank you for tuning into this episode of Cyber Security Headlines. Stay informed and secure by following CISO Series for your daily dose of cybersecurity news and expert analysis.

Loading summary

Transcript51 lines

[00:00]
Host
From the CISO series it's cybersecurity headlines. Access orders cyber command to stand down on Russian planning ransomware by snail mail and Mark Cuban offers to fund government tech unit that was cut. These are some of the stories that my colleagues and I have selected from this past week's cyber security headlines. And we are now looking forward to some insight opinion and expertise from our guest Brett Perry, the CISO of Dot Foods. Brad, so great to see you. Thanks for joining us. All right, first just a quickly a timely disclaimer. Now many of the stories that we at CISO Series and us CISO's encounter have some direct connection to the substantial changes being made by the current presidential administration here in the US now we cannot ignore these changes since they directly affect cybersecurity here and elsewhere in the world. It is however aimed to refrain from getting political and choosing sides but to always look at these developments in terms of how they impact CISOs and the companies they protect. So Brett, I will ask you a question. How was your week in cybersecurity?
[01:06]
Brett Perry
My week was fairly quiet. I did get to spend.
[01:09]
Host
That's a good week.
[01:10]
Brett Perry
Yes, well I'll knock on wood right now but I did get to spend an entire day at your alma mater, Washington. Washington University.
[01:18]
Host
Cool.
[01:19]
Brett Perry
The state of cyber that was put on by the local infra guard unit. So that was, that was good some.
[01:25]
Host
When I went to college give you an idea. There was no sense such thing as cybersecurity at all. Same didn't even exist by the way this was, you know we honestly we, we, we didn't really. We had a very sort of low grade communications platform. Wasn't full blown Internet by any stretch. Hey, our sponsor IS threat locker zero trust endpoint protection platform. Join us over on YouTube live. Go to cisoseries.com hit the events dropdown and look for the cybersecurity headlines. We can review image just click on it. Join us and be sure to contribute your comments in the chat. We will do our best to address them during the show. And I want to make a disclaimer for our guest Brett. Opinions are those of our guest, not of his employer. So we have just 20 minutes. Let's get started. Why don't we Hexes orders cyber command to stand down on Russian planning. Now according to an exclusive report from the record, Defense secretary Pete Hexis has ordered U S Cyber Command to halt quote all planning against Russia including offensive cyber actions. Now the order does not extend to the national security Agency or it signals intelligence efforts. Now the Full scope remains unclear, but it aligns with White House efforts to normalize relationships with Moscow following the Kremlin's 2022 invasion of Ukraine. The decision marks a shift in US cyber strategy amid ongoing geopolitical tensions. Now, Brett, this could be seen as simply a change in strategy for the Cyber command itself. But the report goes on to say, quote, the stand down order could expose private sector entities in the US and around the world to greater risk if the command is not keeping Moscow's intelligence and military services with both. Feature notorious hacker groups at bay. Keep those at bay. So what goes through a CISO's mind, your mind, too, when assessing this type of change? When you hear this does, do you get a little concerned? You say we got to shift strategy or situation normal? What goes on?
[03:34]
Brett Perry
No, I think it's business as usual for us. We're, we're constantly just fighting, you know, fighting the good fight. But it's interesting because I've never really thought of cyber security as being political. When I started, when I read this article, my first thought was, why doesn't the U.S. have a, its own branch of the military dedicated to cyber? You got the Marines, the Navy, all those. We, we need a cyber force that would be dedicated to this type of thing. But it, it is actually really, it's a positive thing. I think as far as this Hegseth thing is concerned, that, you know, we're moving towards peace, right? So we're not, we're not constantly on Russia. We're hoping that they're doing the same, right. As we kind of work out this stuff with, between Ukraine and Russia. So I think I look at it as a positive thing. Again, I don't want to get political, and I don't think cyber security should be political, but, you know, it's a weapon that they're using today. And my, my message to the, to the world here is that we need a cyber force. It'll be easier to, you know, to recruit these folks. I was in the Navy. Of course, there wasn't a whole lot of Internet back in the early 90s when I was in the Navy and that stuff didn't exist. You know, last time Trump was in office, he created the Space Force. So why not, you know, why not one more branch of the, of the DoD?
[04:59]
Host
Sure, why not? Fake ransomware attack claims sent to US executives via snail mail. So executives at A number of U.S. organizations, mostly in healthcare, are being targeted by someone claiming to be from the Beyond Leon Ransomware Group. The postal letter stamped, quote, time sensitive Read immediately informed the reader that their organization has become a victim, threatens to publish the data, and provides a QR code linked to a Bitcoin wallet to pay the ransomware of between 250 to $500,000. Now, not only has no connection to Beyond Leon actually been proven, but security company Arctic Wolf also says there is no evidence that the targeted organizations were victims of ransomware attacks. So sounds like they just got a letter. So, Brett, clearly this scam is intended to distract or frighten executives by going old school. I think it's kind of intriguing. It is not the first time we have seen this happen in the past year, but the fact alone makes us wonder whether this is an effective technique. Do you think this is effective?
[06:03]
Brett Perry
I do to some extent. If you're. If your company doesn't do a lot of, you know, education on this type of stuff, especially qr. We've. We've been kind of hitting the QR thing lately, and our executives know not to do that. Our. Our employees not to know not to, you know, to be very wary of QR codes make it from a trusted source. So, in fact, when I read this article, I immediately fired off an email to my executive saying, I, I know you do the right thing. You'd call me when. If you got something in snail mail about this, but please, this is just for visibility, just so I can say I said so whenever.
[06:41]
Host
Well, it's really just giving a heads up. And honestly, they just like to know what's latest, like, oh, oh, okay, I'll keep an eye out for this kind of thing. That's it, right?
[06:50]
Brett Perry
Yep, yep. And they're not surprised. They're always like, oh, another one. Oh, great. Okay. Thanks for, you know, scaring me again, Brett. So.
[06:57]
Host
Right. And like, for example, I've been seeing a flurry of these PayPal money requests coming in. You know, it just says, oh, so this is the flavor of the month. You know, don't you get the sense that we get another flavor every month of different kinds of attacks?
[07:13]
Brett Perry
Yeah, we're seeing a bunch of smishing stuff that's, you know, they're impersonating our executives and they're sending it. I don't know how they're getting these numbers and they're. They know the names and the numbers of these people. Sometimes they're. They're their spouses of our employees really getting an. Yeah, they're getting an SMS text saying, hey, this is so. And so please, you know, give me a call when you can or reply to this message. And we, it comes and goes in waves and, and I'll get email or, you know, emails and texts from my executive saying it's happening again. And there's really not much we can do.
[07:47]
Host
Besides, you have to alert their spouses of these things too. Like they're now in the. Caught in the trap. The. We've reported on this before that they sometimes purposely go after the greenest employees, hoping that they have not been trained on the cyber security awareness and that they're just hoping to do good by the company. Have you seen that happen to.
[08:10]
Brett Perry
No, they're not. It's just a spray attack for the most part.
[08:14]
Host
Really? Anybody can.
[08:15]
Brett Perry
Yeah, one of my security engineers got the same, you know, smishing text that everybody else did and. Well, not everybody else, but you can. It comes in groups of people and then it does dies down for a couple of days and then they'll hit another executive and then it'll die down for a month. So we're just, we do, we do provide your first day. We provide cyber security training. So. Okay.
[08:38]
Host
So. Yeah, so okay, that's good. That's great to know. All right. Mark Cuban offers to fund government tech unit that was cut. So this offer of support was posted by Cuban on the social network Blue sky and urged the displaced engineers and designers to turn the upheaval to their advantage. Referring to the 18F Technology Unit of the government's General Services Administration, he wrote, quote, if you worked for 18F and got fired, grouped together to start a consulting company, continuing, quote, it's just a matter of time before DOGE needs you to fix the mess they inevitably created. They will have to hire your company as a contractor to fix it, but on your terms. I'm happy to invest and to help. So this is a doozy. Brett, this could be viewed as a good news story in the face of CISOs and other IT people worried about cuts and layoffs. This longer term perspective might be light at the end of the tunnel. Even if Cuban himself is not involved. How can CISOs and security people best prepare themselves for the cleanup? And I, I mean, I've seen this happen before where people are let go and then they have to hire them as a, you know, contractor because they're the only ones who know the environment. Yes.
[09:48]
Brett Perry
Yep. Oh, we've got, we've got a lot of legacy stuff, you know, and this guy retires and nobody knows what's going on. So we do have to bring in somebody that, you know, just randomly knows, knows what's going on and it's Expensive stuff. So, But I, I think this is a good, good thing for the 18 folks. I, I hope, you know, they land on their feet. There's a lot of stuff going on in the federal government, as you guys know. And I, you know, when it, when it comes to cutting jobs or, you know, down, you know, downsizing the workforce, we're always looking to outsource stuff and contract. And I'll tell you not, this doesn't happen where I'm at right now, but this has happened in the past. You know, we look for contractors and I'm sure that's what's going to happen. You know, this coming from Mark Cuban though, we can probably wonder whether or not that's just a shot, you know, at a. Elon Musk, what's going on.
[10:39]
Host
But yeah, yeah, yeah, he, I mean, who, who knows what he's doing. But yeah, he may be blowing smoke here, but, you know, it sounds like, you know, one billionaire going after another billionaire, to tell you the honest truth. All right, now a word from our sponsor. That would be Threat Locker. You know, Threat Locker is a global leader in zero trust Endpoint security, offering cyber security controls to protect businesses from zero day attacks in ransomware. Threat Locker offers or Threat Locker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and you can start your free trial, you should go to their website. And that's threatlocker.com it's spelled exactly the way it sounds. If you're watching us on video, you can see how it's spelled. Threat locker.com Go check them out. Urencoder launched by FaceTech introduces new option for biometric ID issuers so Face Tech has issued Urencoder, a software that lets biometric ID issuers create UR codes. These are digitally signed face data stored on a user's device for secure identity verification. The system promises privacy while letting authorities like DMVs, passport offices and employers issue biometric credentials. UR codes use cryptographic signatures to prevent tampering and can be scanned on a mobile device or a webcam. So, Brett, this looks like a promising advance in biometrics as a trusted security technology. What are your thoughts about its feasibility? Any problems you see here? What do you think?
[12:19]
Brett Perry
Well, I had to look up what UR was and apparently they, this company made this up. So I'm glad that, that now I'm educated on that and I know what it is.
[12:28]
Host
It wasn't something that was going on that you were clueless about, is it?
[12:32]
Brett Perry
A play on words too, is it? You are. I was, I was hoping to see something a little different here and I know, you know, a lot of people out there aren't going to, to take part in this because they, their privacy is everything to them. Biometrics is one of those, you know, sensitive subjects with a lot of people. You know, biometrics is one of those things that if you get it stolen you can't, you can' it like a password. Right. You can't change it like a token or, or anything else. It's gone forever. So I, I was hoping this was more of a multi factor thing.
[13:04]
Host
Right.
[13:04]
Brett Perry
Because you always, you're going to need your face, you're going to need your fingerprint, but I was hoping this was a second factor to prove who you are. And I'm not sure exactly what this is but with you know, having to use this to fly or to, you know, to go to the dmv, I, maybe three or four years, you guys are going to prove me wrong. But it just seems a little weird and I think the, the general public buying into this is going to be a difficult thing.
[13:31]
Host
Yeah. You know, and CCL says is it open design? I mean anyone can review the design. If not. No. Thanks. So let me ask you, have you had any success with biometrics in any form in the past? I mean it could be as simple as, you know, thumb scan readers, things like that.
[13:47]
Brett Perry
Yes. So we've been wanting to use. Well, obviously we've got to move away from SMS as a second factor. That's. Yeah, those days are gone. We're killing that off.
[13:57]
Host
Well, they're the, I use like the Google authenticator which I've found very valuable. In fact I way prefer it over SMS personally.
[14:05]
Brett Perry
Yep. Well, it's one of those factors for users that's actually good news. Right. It's, it's less touch, it's less, it's less difficult. You just look at my face and you unlock my computer or unlock an app. It's great. We had, we, we were kind of held up on, on moving forward with biometrics because of some Illinois, Illinois state legislation needed to go on about, you know, privacy stuff. And so that was actually finally.
[14:33]
Host
Put.
[14:33]
Brett Perry
To rest I think late or mid last year. So we're moving forward in that space. I, I think biometrics is, is amazing as far as authentication and.
[14:45]
Host
Biometric. Long, long time. And I'm always kind of stunned like so we're still talking about it, like we're still on board. So there's a lot. There's a lot that's holding people back. All right, let's go to the next story. Ransomware gang bypasses EDR via a webcam. So this is an IoT story. The cybersecurity firm SRM discovered this unusual attack method conducted by the Akira ransomware group in which the gang accessed the victim's corporate network by way of an exposed remote access solution. Their attempts to deploy encryptors on Windows were blocked by the victim's EDR solution. Akira then scanned the network for other devices that could be used to encrypt the files and found a webcam and fingerprint scanner. The webcam was vulnerable to remote shell access and unauthorized video feed viewing and ran on a Linux based operating system compatible with Akira's Linux encryptor and did not have EDR agent. So, Brett, this whole thing could have been avoided if the webcam vulnerability had been patched. But I just want to say this. In so many cases that they're break ins, it's like, oh, but they knew about this vulnerability and they knew about the other 12,000 had they known this one, you know, like, you can't get everything. But I just want to show that how even the most innocuous Device, just an IoT device, doesn't seem like a big deal, can be a tool for attack. I mean, this is just an Iot thing. Like what strategies can CISOs take from this?
[16:15]
Brett Perry
Well, I'd say the first strategy to stop this would be to stop utilizing remote desktop programs or allowing those in from the outside unless they're vetted. And one thing that we do is we'll have vendors that want to get access to our IoT environment or automation environment and we make them, we force them to use ours because then we control it. Right. So if we're allowing external vendors to install remote desktop software into our environment, it's just inviting trouble. So that's the first way to stop this. Right. Patching is hard, especially on IoT devices. We try, but you're going to miss it or you're going to be a week late or. This was a Linux platform too, I believe, and putting EDR on Linux is a different animal too. So stop allowing people to remote into your environment is, is the biggest step you can take to stop in this type of attack.
[17:17]
Host
And that's a good point. You know, we're, we're actually going to be recording an episode about whether you can create a good security program not having much or anything of a vulnerability management program like you harden your environment. You, you know, you just update your software and you don't worry about all the vulnerabilities. You just make it much harder. Like what you say, don't make it easy to, to remote in. Do you think, just give me, give me a headline here. Do you think it's possible to not have much of a vulnerability management program, but just hardening everything else in a very much zero trust philosophy? Do you think that's possible?
[17:56]
Brett Perry
Well, that's the first step into like creating a cyber security program, right? If, if you walk into a company and there's absolutely no security, what are you going to do? You're going to harden the outside because, you know, with a, with a hard exterior, you got a soft, chewy center. It's probably, you know, it's probably flat. There's not a lot of, you know, segmentation going on. That's another part that probably would have helped stop this is, is segmenting those, those cameras off of your normal attack, your, your, you know, your laptop network, your server network, that's got to be completely separate so those, those attackers can't, you know, move from one to the other so that it's, it's the first thing you got to do is to create that hard, hard outer shell and then start working on that soft, chewy Center.
[18:46]
Host
All right? 1Password introduces location based passwords. This new feature allows users to add a specific physical location to password items, allowing them to automatically appear in a new nearby section of the app's home tab. Now, the intention of this feature is to simplify the list of available passwords without searching, such as health card data at the doctor's office or travel documents at the airport. Locations can be added to new and existing items saved in One Password. So, Brett, this feature appears as a convenience feature first and, but do you see potential for location based security in other contexts? Or does this serve as a convenience factor to make personal security more attractive and easy? I mean, kind of. I like the idea of just what more can we do with security to make it, you know, through UI and ux, to just make it more friendly and not see it as slowing things down. Like, this is a perfect example of it not just slowing down, but making things more efficient.
[19:45]
Brett Perry
Yeah, this could possibly make your life, your personal life a little easier. I hope people aren't using 1Password in their enterprise. Nothing against 1Password, but there's better solutions out there that tie in with the organization a little bit better. But one thing that I would say on this is I wish 1 password. I get the convenience of opening something based on where you are, but what about blocking stuff based on where you shouldn't be? If you open 1Password and you're sitting in China, maybe that's not a maybe you don't want to allow that, you know, that password to be shown if your identity has been stolen or your 1Password account's been stolen. So where you shouldn't be, it would block that type of thing. Right.
[20:27]
Host
Well and we do have location based things that you know, that are true. This is like the most common trigger of identification. But you know, I think this is kind of a combination of that and, and also just how can the user experience be better and how security can enable it as well? I mean, are you at least buoyed by the prospects here for that matter? I mean just sort of triggering an idea in the sort of the security community's head?
[20:59]
Brett Perry
I don't think it's unique if that's, if that's the case. I mean we, you know, Okta has the same thing, right? You can, it's device trust. Right. It's location trust. You can get into apps based on those things. So, and I'm assuming one password and I don't have it guys is a consumer based thing, which is great.
[21:18]
Host
They both, they have a consumer in business.
[21:20]
Brett Perry
People need to do better about storing their passwords and not on their Chrome, you know, not on their, their post it notes and stuff like that or in their purse or wallet. So yeah, using 1Password and having that, that capability is great, but it's not unique.
[21:37]
Host
Now CCL said here, don't show me these items when I am not in my home country. But I, I should mention that, you know, we travel and we do want access to our account. So you know, I, maybe it's just like another verification. Maybe just when I'm outside of my home country. Let's create another verification level, you know.
[21:58]
Brett Perry
Well, maybe it's an impossible travel situation too. Right? So sitting in St. Louis, you know, one minute and then all of a sudden somebody's trying to open up an app or you know, use that password and in Russia that's probably a good indicator that I can.
[22:11]
Host
And that's, and by the way, that is the classic example right there.
[22:13]
Brett Perry
Yeah.
[22:14]
Host
You know, impossible time travel. I can't be in St. Louis, in Russia within 15 minutes. One day. I hope they want to thank our new members. We have here Justin Harrison and Schmooze. Thank you for joining us today. Tell all your friends to come on because it is fun to join us live. All right, here's my last question for you, Brett. Any thumbs up or eye roller story here of the ones that we discuss or maybe some other one that we didn't bring up?
[22:38]
Brett Perry
Well, the, the webcam one, the ransomware is a webcam. I mean a lot of these things have, have caused me to go back to my team and make sure that, you know, we're buttoned up. But the other one, the global stuff with, you know, with Russia, that gives you a little bit of hope that there's light at the end of the tunnel here that we're not, maybe we're going to become somewhat friendly with Russia and they're going to stop all these.
[23:02]
Host
You know what I appreciate you saying I saw it as a glass half empty, but you're seeing it's a glass half full. So I hope that there is an opportunity there as well. Hey, where can people find you, Brett? What's the best way?
[23:15]
Brett Perry
Look me up on LinkedIn. I'm happy to connect with you. One thing I do ask is that you actually send me a note and not just say click the connect button because I, you know, hey, I saw you on the, whatever, I'll absolutely connect with you. But I, I probably have, you know, three or 400, you know, requests that I don't know people.
[23:34]
Host
Let me, let me though couch that very, very briefly. So LinkedIn has a limitation to how many personal invite or personal comments you can say in that. Otherwise like after a certain number of only like four or five months you have to pay for LinkedIn. A lot of people don't have the money or not willing to pay like 5,$600. I paid, I honestly, I pay for LinkedIn solely so I can send private invites. I don't use it for anything else to tell you, just to send those. Hey, huge thanks to our guests that Brett Perry, CISO of Dot Foods. And thank you also to our sponsor, that'd be threat locker zero trust endpoint protection platform. Go to their website threatlocker.com and also a huge thank you to our audience today. We can't always get every comment on the screen and also I don't think you'd want every comment on the screen. But we deeply appreciate you being here and participating. Please join us next week first for Super Cyber Friday where our topic of discussion will be Hacking Competitive grc. An hour of critical thinking about how to get ahead of your competition with a well structured program. That's a GRC program that all starts at 1pm Eastern time. Then come back later in the day for another episode of Week in Review starting at 3:30pm Eastern. To register to join us on YouTube and add your comments live, just go to the events page on cisoseries.com and in the meantime, you can still get your daily news fix every day through CyberSecurity headlines. Just six minutes. Hey, thanks for joining us today. We hope to see you next week. Come back, see you. Cybersecurity headlines are available every weekday. Head to CISO series.com for the full stories behind the headlines.