A

From the CISO series, it's cybersecurity headlines. Velociraptor used by lock bit crew. Acting NSA chief. Nomination falls through and Sotheby's hacked Despite defense up the wazoo. These are some of the stories that we've selected from this past week's cybersecurity headlines. And boy, was it a doozy. And we are now looking forward to some insight, opinion and expertise from our guests. First up, we have Tom Hollingsworth, the networking technology advisor at the Futurum Group and international man of mystery, Bret Conlon and CISO over at American Century Investments. Gentlemen, I cannot wait to get into the news. Thrilled to have you both here. Let's have a good time today, right?

B

Sounds great. This has been a great week.

A

All right. Thanks to our sponsor for today, Vanta Compliance. That doesn't sock too much. If you're listening to show as a podcast, remember that next week you too can join us and our loyal band of vocal experts on YouTube live. To do so, go to CISO series.com hit the events dropdown and look for the cybersecurity headlines Week in review image. If you click on it, you will indeed join us. No suspense, no surprises there. And for those of you that are here with us right now, be sure to contribute your comments in our chat. We'll do our best to address them during the show. And hey, if all of this real time communication seems very upsetting to you, feedbacksoseries.com, you can send us some good.

C

Old.

A

We'Ll call it snail electronic mail. Maybe we can have an address we can mail a postcard to at some point in the future. All the options are available to you. Just a quick reminder that all of our guest opinions are in fact their own and not necessarily those of any employers, nonprofits, staff, clergy, or any other affiliation that they may have. We got about 20 minutes, so let's jump into the news. I gotta start out, Tom, I gotta start out with you here. A lot of big, big news here this week. Was there any story for you that was just kind of stood head and shoulders above the rest here?

C

Honestly, I think the F5 hack is the one that's gonna be the long lasting one. Everybody remembers how much money we got out of the solar hearing the news, right? That, that was, that was a gift that kept on giving And I think F5 is going to be that again.

A

Yeah, I mean, well, and it, you know, sales loft was in the running, right, for a really long time. They get, they had a good run here. But I don't know, your, your F5. That is some, that is some big IP to fill. Brett, I'm going to go with you here. What, what for you was the biggest story in cybersecurity this past week.

B

I'm. I'm going to do two things here, so I'm going to agree with Tom. F5 is obviously a big story, but I think there's a lot of upside to that story. So I can't wait to get into that when we talk about the Sotheby's article. Yes. And then also I just want to do a shout out to Mike Gordon, the CISO at McDonald's. I don't know if anyone's been following him on LinkedIn, but he is showing how to make October Cyber Security Awareness Month fun. And he's got the Hamburglar all over it. So it's pretty cool to watch and pretty cool to see. So if you haven't looked it up and haven't seen what he's been posting, he's been doing a fantastic job in giving a masterclass in cybersecurity awareness.

A

Usually Cybersecurity Awareness Month is something I grimace at, so that sounds very pleasant indeed. All right, our first story here. Velociraptor forensics tool becomes Lock Bit Ransomware weapon the Velociraptor open source digital forensics and incident response tool or defer, is being used in connection with ransomware attacks, this time likely orchestrated by the group Storm 2603, which is known for deploying the Warlock and Lockbit ransomware. Researchers at SOFO suggest that the attackers weaponized the on premises SharePoint vulnerabilities known as tool shell to obtain initial access and deliver an outdated version of the Velociraptor susceptible to a privilege escalation vulnerability. So, Brett, this is the second case of Velociraptor being co opted this year. Much like a Flipper Zero or something like Cobalt Strike, it must be cause for concern when the tools we use to keep things safe get co opted by the bad guys. I'm curious, what are your thoughts on this?

B

Yeah, I think this underscores one of our biggest long standing challenges, right? Any tool that empowers defenders can also be turned against us. So in this case, the threat actors are weaponizing Velociraptor, but by dropping a vulnerable version and exploiting privilege escalation so that they can pivot, move laterally, disable protections and deploy ransomware. I think we have to remember that tools are neutral, but intent isn't so every defensive tool can be turned into an offensive one. The difference isn't the code, it's the controls and the oversight that we put around it. You've got to trust your tooling, but verify it relentlessly. You can't whitelist trust anymore. So our admin tools have to have behavioral monitoring and version integrity checking and then assume your playback is going to be used against you. So if you assume your own process and tools can be weaponized, you can design resilience around that, and then you're not really baking in that blind trust.

A

Can I just say, you can't whitelist trust. I'm like putting that. That needs to be on a T shirt somewhere, and we're going to distribute that at RSA or something like that. Tom. I mean, you know, tools are not intent or, you know, tools are neutral. Intent is not. I'm kind of like where Brett's going with this. I'm curious, what are your thoughts on this?

C

I think this is the age old saga, right? Is that we develop a cool new technology, but then we forget to put guardrails on it to prevent it from being used for nefarious means. Anyone who has a V recorder in their house, if you still do, knows exactly what that means. Everyone started freaking out. Oh, my God. Why are they using it to record movies? How could they have ever done this? I don't know. You built a system that can record things. Who knew? I agree with Brett. What you need to do is one, you need to put in controls. Right. If you want this tool to truly be secure, you have to find a way to make it phone home before it's used. And you need to make it integral so that if that phone home check is disabled for some reason, that the tool is basically neutralized at that point. Right. Like, it's funny that a lot of the people that build these kinds of protections into the software, you don't hear about their stuff getting leaked. But the second thing, just like any Final Fantasy boss, you should be immune to your attacks. Right? And so if you are using this thing, somebody on your blue team should look around and go, hey, what would happen if somebody turned that on us? How do we prevent that from happening? Because that's just good thought process. Right? And we've seen this, you know, with the CIA, and we've seen this with pretty much every tool that security researchers develop. Man, this would be a great way to, you know, it's like a kitchen knife. This would be a great way to carve something up. Yeah. But It'd be a great way to stab somebody in the face. Like, you've got to be thinking like these attackers. And that's what a lot of these incident response companies are starting to realize is you can't just play defense all the time. You have to anticipate where the attackers are going to be coming from. And trust me, if you have a good tool, they're going to find a way to use it.

A

Brett, now, something Tom said, I need to know as a ciso, is there someone on your team that you haven't, you have an open source tool like this that is asking, that is empowered to ask that question? Or what happens when someone comes to you and says, I don't know if this tool can, you know, if it's Cobalt strike or something, you know, five, 10 years ago, what does that process look like on the organizational side to get the ball rolling on that?

B

Yeah, I mean, so everyone on our team is empowered to say something. And typically when you bring these tools in, the first thing that you'll hear from the security experts are this is asking for a lot of access. And so right away they're thinking already about do we need that access to be granted and what level of access is it going to have and what happens if someone gains control of that account. And so what are we going to be doing and what are we going to be looking at to make sure that that account doesn't go left field on us or get taken over? And what does that, what are the, you know, how quick can we contain the damage that could be caused by it? So I think every one of our, our operational teams are thought or taught to thought that, think that way. And you know, they always keep that at the forefront of their mind of the amount of access that someone has.

A

I love this comment from Maxtronic. Also in our chat. Hopefully most EDR tools will pick this up. Maxtronic, from your text to the years of EDR tool makers, I guess. All right, our next story here, acting US Cyber Command NSA chief loses nomination for the job is kind of a story. We've been, we've been following the pendulum swing of this for quite a while now. Army Lieutenant General William Hartman will not be nominated to be the next leader of US Cyber Command and the National Security Agency. According to four people familiar with the matter. Hartman has been leading both entities in an acting capacity since April. The reasons for the non nomination include a lack of desire within the current administration to continue the dual hat leadership arrangement at Cyber Command and the nsa. And we have seen this at the start of the administration. They said they were going to break it up. Then they kind of rolled that back. I think that was about a month ago. So, Tom, politics aside, do you feel the dual approach was working? And what does this, I guess, instability do for. I mean, it's the National Security Agency for National Cybersecurity.

C

I happen to think that it's a bad idea to have the top person on both of those organizations be the same person, because you really have to think about what the mission of the NSA is and what the mission of CISA and Cyber Command is. NSA is a collection agency. Right. They're looking for signals intelligence, and they're collecting all that information. And CISA is very much focused on the cybersecurity aspect of things. I don't think that that should be the same person. I think that there need to be two different people who are very focused on it. And I have hope, because if you're not going to give the job to the same person, maybe that means you're going to give somebody else the job, which means they can actually focus on it. I don't know where the esteemed Lieutenant General is going to end up. My guess is probably the nsa, because it's the more prestigious of the two. But I would hope that by the time it's all said and done that everybody out there realizes that you can't keep putting these CEOs in multiple different roles. And you're saying to yourself, but he's a general. Yeah, but he is the CEO of those organizations. When you think about it, imagine if your CEO came up and said, I'm actually CEO at four other companies that are completely different than what we do here. But don't worry, I have plenty of time to focus on this and also level my Diablo character in the background. Allegedly.

A

Well, Brett, I'm curious, from your perspective, is it more about clarifying those roles? I do think that's a completely fair point. In terms of separate missions, in terms of focus, is the more damaging thing. Maybe the ambiguity of this, of acting since April, kind of sending mixed messages about where we're going with this nomination, you know, kind of long term for this, for this, for two very vital roles.

B

Yeah. I think the fact that he was passed over and he's still in an acting capacity, to me would say that there's some internal unease about the structure and how it exists today. So, you know, I. I could see where you could do both and there could be benefits to that. But if I look at sort of where we stand today and what, what's going on. I would think that, you know, that leadership vacuum, the dual hat uncertainty that seems to be happening, it doesn't just affect the politics piece. It slows down decision making and it creates risk. And so in cyber indecision is its own vulnerability. And then if you look at the integration, it only works if there's alignment. And when, when we're seeing, what we're seeing right now is it doesn't look like there's alignment there and it can work brilliantly if there is, but I don't know if it's there. So therefore it's going to amplify the confusion. And then when you have such a high visibility position and you see sort of it's not as stable and there doesn't seem to be a lot of clarity around it, you have to think that the adversaries are looking at that and they're going to see where they can take advantage of it. They don't care that the org charts aren't settled. They're going to see if they can look at that leadership turbulence and see if they can take a take advantage of it.

A

Yeah. And we're going to get into what happens when you have a concerted threat actor going after regardless of what you have in place that, when you have that kind of ambiguity again that opens up to organizational dislogic. Right. Like attack. The business logic is like either login or check. The business logic is like the two most successful ways for threat actors to do anything. And so anytime you have, yeah, I guess a lack of clarity there one way or the other, even if it's the wrong direction or, you know, or if it's a more clarifying direction, I think probably is not all of that great. I just want to say a quick hi to Amish Runaway and Scott Dewar that are just waving in our chat. They're not, they're not saying much but hey, we're waving at you. We're glad you're joining us. And we're going to get into this next story and kind of digging into that theme a little bit more. Sotheby's suffers a cyber attack. And it's, it's, it's not pretty. For the world famous auction house. They said a breach occurred on July 24th resulting in the theft of an unspecified amount of data, but it includes Social Security numbers and financial account information. Spokespeople said the company is not or spokespersons at the company said they're not aware of who was behind the attack, but added that the attackers broke in despite the company having layered defenses, strict access control, secure connections and advanced threat protections along with regularly patched systems, testing of internal incident respons, backups, critical services. All of the, all of the, don't blame me, we tried in the books and this comes on the heels of one of the stories we've talked about earlier is the big F5 hack that's impact that where nation state threat actors gained long term access that included access to source code and customer files for their big ip like an industry standard piece of appsec and app monitoring tech here, just a big list of things. Both companies I'm assuming trying to do their, their best. There's no signs of, you know, of lack of effort here. I'm curious for you Brett. Does this kind of story cast a pall over CISOs, maybe giving them the message that nothing is enough to keep crime at bay? Or I guess where, where can I take a learning opportunity from this? Where can we get better going forward from these kind of two incidents?

B

So this is, this is actually a great story and I think you're seeing a lot of the similarities also with the F5 scenario, right? They did all of the right things. And there's been chatter recently where CEOs are sort of coming back and saying well if I'm going to get breached, why do I need a ciso? Why do I need to go get these positions? And I think you have to look at these stories and it's galvanizing, right? Use it to reset ambition, assume breach stress, test your controls and demand stronger detection and build resilience. A breach at a marquee brand is a warning bell. It's not, doesn't have to be your obituary. And you are seeing now with Sotheby's and F5 where building in resilience instead of going after perfection is the real goal. Even mature organizations get breached. So what separates us is going to be how fast we can detect, contain and communicate. And then breaches. Look at that as a mirror, not a verdict. Every breach is a mirror showing where the assumptions failed. And then the right question is how did they get in? And what do we need to learn from it once we're inside and then shift that fear to readiness. Executives shouldn't see stories like this as proof that nothing works. But what they should see is that what works today doesn't necessarily work tomorrow. So the winning posture is constant adaptation, not static compliance. I really think the Sotheby's and the F5, these are really Wake up calls and Learning points for CEOs to say, this is why the CISO is here and this is why it's important to have this resilience built in. And when you're. You're constantly hearing about how they want to evolve the security pieces in their organization, this is exactly why our adversaries are getting better and we need to evolve with that.

A

I love that you hit on the communication piece because so often that's where the response could be identical, but if you are not communicating it in a responsible way, I realize they can only be so transparent depending on what customers are impacted and stuff like that. But Tom, is anything in the F5 breach specifically or the Sotheby's breach, two marquee brands. Brett, as you were saying, kind of stood out for you in this initial kind of phase of that, of that response and communication process.

C

Yeah, it illustrates to me old school thinking, right? If we just build the wall high enough, the barbarians can't climb over it. Well, what happens when they do because they built a bigger ladder or they figured out how to tunnel under the wall or, or whatever it is. And the fact of the matter is, is that once they get inside of your perimeter, all bets are off, right? Like, why do we leave the data just laying around? Why are they able to collect this information? Why is it not encrypted at rest? And when you look at the way that things have been going, look at Zero Trust. I know we beat the Zero Trust horse to death a lot, but the concept is fairly sound, right? All we've got to do is make it so that even though they got through the gates, they can't navigate, they can't get through the alleyways and the corridors, and they can't find anything to steal before we detect them. Think about just any kind of simple web application firewall that tar pits attackers. It's not trying to keep them out forever. It's just trying to make certain things look a lot more juicy than others. And I love that we're talking about this right now, by the way, if you read through the Sotheby's thing, all of that language is designed to say cyber insurance, please pay. Because we took out a big policy and we'd really love for you to pay so that we can go buy more firewalls and more VPN concentrators and whatever, and they won't address the major problem. And Sotheby's is just like any other bank. It's just like any other organization that handles financial transactions. You're a target. And if you are a target, you are going to go down. Rather than building taller walls or thicker moats. What you really need to do is, as Brett said, work on the other side of that. Assume that you're going to be breached. How do we get back up and running? What is our plan to restore functionality for our users while also doing DFIR to make sure that we know that, how they get in and how can we plug those holes? Because if you don't do that, they're going to come back in a month and they're going to do it all over again because you didn't learn your lesson the last time.

A

Tom, I have a feeling that this is something that you are passionate about just a little bit. Steve, help us bring us home. Where's your mind at with this?

C

There's two things. One is if you study history, the.

A

Maginot line was something that was exactly this.

C

You build a big wall and nobody can possibly go around it unless they.

A

Go around where it ends.

C

But I do like what has just.

A

Been said about assume you're going to get breached. You know, as opposed to just simply setting up the fortifications and having huge confidence in them. That mindset of assuming you're going to.

C

Get breached keeps the defenses mentally a lot stronger. So I love that point. Thank you.

A

All right, well, before I move on to our next story, just a quick moment to thank our sponsor for today. Vanta. What's your 2am Security worry? Is it, do I have the right controls in place or are my vendors secure? Or the really scary one, how do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and get back to sleep. Get started@vanta.com headlines. All right, next up here, Microsoft revokes more than 200 certificates to disrupt ransomware Campaign A campaign is being run by Vanilla Tempest, also known as Vice Spider and Vice Society. The names get better the more alternates there are with the goal of deploying Resider ransomware. The group has been in operation since 2021 and chiefly performs ransomware attacks on the education and healthcare sectors. Microsoft Says it disrupted the group's campaign in early October by revoking more than 200 certificates that the group used to sign their malware. So, Brett, maybe people are not aware, help us out here. Why do threat actors need to sign their malware when they seem capable of breaking every other rule law to do whatever they want to do? Can you just help me understand this real quick?

B

Yeah. It's actually a strategic move for them that enhances the effectiveness of their attacks. So signed malware is a stealth tactic. Right. They use it to create legitimate certificates, to make their malicious code peer trustworthy and then evade detection by the security systems. And certificate management is critical. Organizations have to monitor it, manage code signing certificates to prevent misuse by the threat actors. And your defense in depth is essential at this point. So relying solely on certificate validation is insufficient. You have to employ multiple layers of security to detect and mitigate against signed malware. When they don't sign it, that's a big red flag for most of the tools and they'll stop the certificate and they'll find out that it's not real. So signing it actually helps obfuscate that it's a fake certificate. And then that is why you need other layers in that cycle.

A

Tom, it brings up that Microsoft is always at this very interesting nexus, right? Of when it comes to any. I mean, obviously they're the ones making, you know, the operating system that a lot of these attacks are running on. They're the ones that are, you know, that are managing these certificates. They have the power to revoke them. I'm curious, or what are, what are your, what does this story bring to mind for you?

C

Hold on, I've got to install this, this program real quick. Next. Next. Next. Next. Next. Done. Everything popped up green. I don't have a problem. Right. That's the problem is that we have conditioned our users to just blindly accept anything that looks green on their screen. Right. As long as the lock icons there, it doesn't matter. And that's not the way to look at it. Right. When the certificate pops up, you should check it. You should look to see if it's valid. That's another thing too. We have an infrastructure in place to do that. They're called certificate revocation lists. Nobody uses them. Why? Because it takes too long to query a CRL when you're doing regular day to day work. The problem is that when you get the right certificate in your hands, like, I don't know, a device signing certificate or a secure boot certificate, you can do all kinds of nasty things. I remember talking about this last year. The secure boot certificate would allow you to install a persistent rootkit that never goes away. That's dangerous on a level you can't even begin to understand, because Windows can't avoid that. If you're in the UEFI firmware, you're outside of the operating system's control at that point. And that's what they want. They want that kind of persistence. What was the line in Predators dug in like an Alabama tick. That's what they want. And Microsoft has done a lot of to get to a point where that's not a problem anymore. But then you have to compare it against macOS and Linux, which are a lot more functional from a privileged perspective. Right? Like they, they just don't let everything go in and muck around in the system. And yeah, Windows is better than it used to be, but now we're talking about the fact that Windows 10 is going out of support, and there's a lot of people who don't have computers that are new enough to install Windows 11 because they're missing a TPM 2.0 chip. Well, now if the attackers have the ability to start installing certificates on Windows 10 machines and using it to bypass all of checks, and those checks aren't being updated because we don't write software for that OS anymore, now we're getting to the point where it's going to become a problem. And if we don't put those robust protections in place, we're going to face even bigger issues. Because one of the things that we're starting to rely more and more on certificates for is user authentication. Think about passkeys. Yes, Inherently they rely on certificates. And if you do something wrong, not only have you given up control of your system and installed persistent malware on it, they could compromise your user ID and you would not know the difference.

A

Tom, you found a new way to terrify me about the story. Thank you so much, David. Get in there.

C

So, Tom, I mean, that is amazing detail on this, but it's like the, the horse is out of the barn already in that. There are two conflicting issues here. The desire to get you to use software more and actually install it. And in your, your example of click, click, click, and the user experience of, I think this is all okay. What they're presented as being okay, and the desire to push you to just get through it is essentially stronger, sadly, than the security concerns that you put forth.

A

Well, and we always talk about security introducing friction, right? And it's, well, if I Just go faster over the speed bump. Then I'll be over the speed bump. Way faster. Sure. I may bottom up my car, something like that. But I, you know, the. I do. It's just a really fascinating dome. And Brett, you kind of started off the show talking about Security Awareness Month. Is, is this, you know, but the issue that Tom is bringing up is that maybe something we should, as much as we should talk about. Don't click the link in the email when, when it comes to security awareness or however we want to spend that. Is this like an, like an underappreciated thing we could highlight in this month?

B

Gosh. I mean, you could, but I would say that you got to take it a little bit higher and say what? Ultimately, when you look at cyber criminals, what are they targeting? And they target your trust, right. And they're using your trust against you. And so that becomes a, that becomes a very sticky situation when you, when you start looking at that and say, that's what we talk about, where you trust but verify and what are the steps that you can take. But unfortunately, we live off of our phone today and all these apps that you download, you have no idea what you're agreeing to. You just hit okay, because I want the app downloaded. And, and, and Tom's right. It's the same thing with the certificates you hit. Yes, yes, yes. Because you've trusted the process, that that's what you've been told to do and that's supposed to be secure.

C

Super quick story on that is I interviewed a guy who actually put in his eula. His EULA End User License Agreement. Like deep in, it says, if you're reading this and notify me, I will send you $1,000. It sat there for months before someone emailed me.

A

And David Cross in our chat cautioning that David Spark is taking control. Uh, he's the big boss man, David Spark. He's already well in control. We don't need to worry about that. We're going to get out of here. On our last story here, we're going to stick with Microsoft. And they are warning of a 32% surge in identity hacks from stolen passwords. And it's 85 page Digital Defense Report 2025. It's a banger. Read it if you can. Microsoft points to the continued success of password attacks that allow hackers to take over victim systems. It says that hackers are increasingly using stolen identities to breach organizations, impersonating employees or contractors before stealing data and launching ransomware. That's according to new research and also old research because they've been doing that for a while. The 32% surge means that the 97% of identity attacks are password attacks. Microsoft adds that attackers get username and passwords from these bulk attacks, by and large from credential leaks. HaveIBeenPwned.com Please, everyone Thanksgiving. Go make all your family do it anyway. Tom, do you find that data breaches are being taken seriously by the general public? For non security people, the story breezes through the news cycle pretty quick. Is this the consumer equivalent of alert fatigue with these kind of stories?

C

It is because I now have enough free credit monitoring to last my grandkids through the rest of their lives. Because every time I turn around somebody's like, no, no, no, they use your password to get in and do this. And I've actually gotten to the point now where I have started using passkeys for everything that I can. And it's made my life so much easier because it introduces the ability for me to use multifactor authentication inherently with a device that or some other kind of system. And even the things that don't support passkeys, like Strava is a good example. When you try to log into Strava now, they don't even ask for your password. They email you a one time code, right? Because what they're trying to do is they're trying to remove the onus of having to keep those passwords. They want to make sure that there is a secure communications channel there. Email's mostly secure. But what you're saying to yourself is we know that passwords are a problem. Look at NIST standards. They finally got rid of that whole 18 characters, four capital letters, a symbol and the blood of Seder from under the full moon. In order to be able to be secure, they just said, you know what, pick a password. Look at all the companies that are using password management systems now and the fact that 1Password or LastPass or KeePass or even the Passwords app on macOS, they're just saying anytime you do a login for a new site, we're just going to automatically generate a password. And you have to opt out of that in order to be able to put your own in. They realize that passwords are a weak point and we have become so reliant on them that we really have to find new ways to create logins so that all of these things that are floating around on the Internet from 5, 6, 7, 8 years ago are not being used against me to log into my Netflix account.

A

Brett Is this just a factor of. You know, I've heard the phrase identity. Is the new perimeter bandied about kind of with. With. With every talk here? Right. It's. It's just easier to log in. And it turns out one leaked credential is probably going to be good at a couple other sites for most consumers. Is. Is Tom on the right track here? We just need to move beyond the idea or everyone's motivated to move away from passwords because it's just a flawed system.

B

So, I mean, it is a flawed system, but I think if you look at it and say, well, why are we still having this conversation? I'm going to go back and say that people, executives, when the CISO or the CTO or the CIO cannot translate the cyber incidents into clear business impact to regain the attention, that's the problem. And so what you're seeing is they're seeing a lot of breaches in the news. They seem abstract to them, and therefore they're not thinking about how that can happen to them. And so you're seeing the same vectors being used over and over and over again. I mean, we're not even talking about a creative way of using passwords. We're talking about using compromised usernames and passwords. So I do think that, you know, while passwords are antiquated and there are better ways to authenticate nowadays, I really do think that this comes back to how can we refine our message and how can we do better about translating these incidents into clear business impact so the executives understand it? And I would flip that to the other side of. Think about when you're talking to your family or your kids or your teenagers who are driving or your kids who are walking busy streets, and you're trying to tell them, don't text and drive. Don't text and walk across the street. You know, be vigilant. It's very abstract to them. And so you're trying to use things that will resonate so that they will listen. And it's the same thing with executives. You've got to make sure that you're making it resonate and that they understand the business impact so that their attention is focused on it.

A

You know, I knew we were bringing the brain trust today with Brett and Tom on the show, but just phenomenal. Thank you both for just helping us break down these stories. Finding the hope, maybe also making it more scary. Tom, thank you. I appreciate that. We got it. We got to balance the scales here. I do. I almost did six, seven. Oh, my gosh. My kids were going to kill me. All right, so not we're not going to get on that. I want to thank also everyone that was having fun in our chat. We had Mr. Morton, we had Amish Runaway that was usually listened to us through the Simply Cyber Threat brief. We love Gerald and all the people over there. So if you're having fun, why don't you come on over here for the week in review too. We can have even some more fun. There's less die hard clips. I'm just going to warn you right now, less die hard clips still a ton of fun. But thanks to everybody who gets in our chat and has some fun there. And of course I see David Cross who will be joining us next week. So make sure you do that. He may be chatting during the show as well. So thanks to everybody that's getting involved here. And again, a huge thank you to Tom Hollingsworth, networking technology advisor and the networking nerd at the Futurum Group and Brett Conlan, CISO at American Century Investments. Brett, people can find you over on the LinkedIn. And Tom, you were saying LinkedIn or blue sky is the way to find you, correct?

C

That's correct.

A

Fantastic. At networking nerd, look for networking nerd. There is a Tom Hollingsworth that is not that Tom Hollingsworth. Don't be fooled. Accept no imitations for this Tom Hollingsworth, thank you both for making the time. Truly, truly, truly appreciate it. Thanks also to our sponsor for today, Vanta Compliance. That doesn't suck too much. And again, once again, thanks to our audience. If you're having fun, make sure you're letting people know that you're checking out the CISO series, that you're enjoying it, share it on social. It means a lot. And let us know what you enjoy about the show. Anything that we can that you would want to see. Maybe shift up a little bit. Feedbacksoseries.com is the way to get in contact with us. We love hearing from you. It always makes my day when I see my inbox light up. Remember to please join us. It's a sad, maybe potentially a sad day, at least a day of reflection because it's going to be our last episode of the week in review next week at 3:30pm Eastern. That's right. We're sunsetting this Friday show, but we are rebooting it as the Department of no know and that's going to air live on Mondays at 4pm Eastern starting October 27th. The format will be we're going to have the same great CISO and security leader guests. We're going to have great commentary from you. We're going to have our live audience there. The big boss man, David Spark and our glorious producer Steve Prentice will also be hopping in and joining us. It is going to be a ton of fun. So make sure you join us for our last week in review and get excited for the Department of no Coming up October 27th. To get all that information, head over to our events page@cisoseries.com it's a lot of plugs. We're doing all the plugs here. It's a fun time. In the meantime, you can still get your daily news fix every single day through cybersecurity headlines. It's the genesis for the Simply Cyber Threat brief. So if you only have six minutes, we can get you all caught up. Until the next time we meet. For myself, for Tom Hollingsworth, for Brett Conlon, for the big boss man David Spark and our glorious producer Steve Prentice. Indeed, for all of the CISO series, here's wishing you and yours to have a super Sparkly day.

C

Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.