Dave (3:03)

Keith. Preparation is key. Nobody likes a dry chip, dude.

Keith (3:10)

Can I, can I, can I have a chip?

Dave (3:12)

Absolutely not.

Selena (3:14)

Turn left onto Diagon Alley. Your destination will be on your left. You two are unbelievable. I told you to leave early. Now we're going to be late. And we're nominated.

Keith (3:30)

We did leave early. Then Dave decided to run a full audit on condiments.

Dave (3:35)

Quality assurance is everyone's responsibility.

Selena (3:39)

If we win tonight and I can't give my acceptance speech, I'm blaming you two.

Keith (3:43)

Dave, check to see if they're covering the wards pre show on the radio.

Dave (3:50)

Hey, this is pretty catchy.

Selena (3:53)

I mean, it is, but it's not what we're looking for. Keep scrolling. Three of the zero days are actively being exploited.

Keith (4:01)

If you like Keen.

Dave (4:03)

Well, hello there and welcome back to American top 40.

Keith (4:07)

Doesn't sound like it's on yet. Dave, can I please have a chip?

Dave (4:11)

No. Stop asking me. I had a temp job out of college. I don't think they're covering the red carpet yet. Maybe we'll make it after all.

Selena (4:23)

Dave, the clock literally says we're 20 minutes late.

Keith (4:27)

But in cyber security time, that's basically on schedule.

Dave (4:31)

Exactly. Besides, we've got great tunes, solid company and sick dips in the back seat. What could go wrong?

Selena (4:39)

You know, when I agreed to come tonight, I didn't think we'd be driving your antique mobile, Dave.

Dave (4:45)

Antique? I will have you know this is vintage. Classic. Timeless.

Selena (4:50)

Timeless. Like a typewriter in an office full of laptops.

Dave (4:54)

Hey, this typewriter has gotten us through a lot of traffic safely.

Selena (4:59)

Hopefully that's true for tonight too.

Keith (5:01)

Dave, if you're going to be eating while driving, at least you could give me a one chip.

Dave (5:06)

No, these are ratioed. One chip per dip. Swirl system integrity.

Selena (5:13)

Dave, both hands on the wheel.

Dave (5:15)

Relax. It's a controlled dip environment.

Keith (5:18)

You're actually gatekeeping the dip.

Dave (5:21)

Yes. Chain of custody.

Keith (5:23)

Just one gate.

Dave (5:25)

Let go of the chip.

Keith (5:26)

Then give me one.

Selena (5:28)

Guys, you two are gonna make us late and headline the traffic report.

Dave (5:32)

You owe me guac.

Keith (5:34)

Worth it.

Selena (5:35)

Alright, no more fighting you to. Let's just ride the rest of the way in silence. Next year I'm taking an Uber. Hello everyone and welcome to Only Malware in the Building. Today, with my co hosts Dave and Keith, we are going to be diving into to information sharing and public private partnerships. It is November. We're giving thanks. We're thinking about the ways that we are thankful for our different partnerships and different information that we're able to share back and forth with the wonderful, wonderful cybersecurity community. So why don't we go ahead and kick us off and part of the reason why we're inspired to do this Episode is because, Keith, I just recently saw you. This is very exciting.

Keith (6:32)

Yeah, it was amazing. So we're halfway around the world, were at Europol in the Netherlands, and all of a sudden we're at a conference, and I'm looking across the room and I'm like, hey, there's Selena.

Selena (6:42)

Exactly. Hey, there's Keith. And I had no idea that you were going to be there. It's one of these lovely little kismet moments that are happening all the time at conferences. And one of the topics that you were talking about and speaking about at the conference was how public private partnerships work and how they can actually contribute to doing things like takedowns or impacting operations, sharing with the private sector to be more resilient and secure.

Keith (7:11)

Yeah. And everybody's always talking about sharing public private alliances, sharing threat information. And so, you know, when we were getting together, Dave, we were like, you know, we should talk about this on some of the obstacles, good ways to be able to share information, some of the concerns that people have, and really kind of the right way to do it, because if you don't do it right, it's just kind of worthless. So Selena and I, we got together and we're like, hey, this. This sounds like a good topic. And I'm sure, Dave, you probably have a lot of people that come on Cyberwire that talk about public private alliances and sharing information as well.

Dave (7:45)

We do. I'm curious, though, like, my take is that public private partnerships are kind of like karaoke. Everybody's enthusiastic until it's their turn.

Selena (7:57)

I will have you know I am enthusiastic even when it is my turn for karaoke. Yeah. So.

Dave (8:03)

Well, truth be told, me too. In fact, they have a hard time pulling the mic away from me.

Selena (8:10)

I know. We got it. Vaudeville. You, Kane off.

Dave (8:14)

Seems like everybody wants everyone else to go first when it comes to information sharing. Is that an accurate assessment?

Keith (8:21)

Yeah, I think so. And then, you know, sometimes the government is. They're a little too broad on what does information sharing actually look like? You know, nobody wants, you know, when somebody comes in and goes, hey, we're the government. We're here to help. Now give us all your information. You know, people like, whoa, wait a second. Backtrack a little bit. How are we going to do this properly? So. So. So we thought we can kind of COVID maybe some of the genesis of how this started and where things are going and kind of how if you want to get involved in information sharing, maybe how you could start with your company or just you as a researcher.

Dave (8:55)

Yeah. Can we start with some of the history here? I mean, Keith, your time back with the FBI, were you with the agency at the outset of some of these programs?

Keith (9:11)

From an FBI perspective, one of the main information sharing places that they set up was called the National Cyber Forensic and Training alliance in my hometown of Pittsburgh. Of course, my boss at the time named Dan Larkin, he was kind of a visionary, and he was the national white collar crime and cyber supervisor at the Pittsburgh field office. And he was looking at Pittsburgh at the time and said, well, you know, we have some good banks like PNC and Mellon Bank. We had the cert at that time. It was the, that was the cert, the main cert in the United States there. At Carnegie Mellon you had great universities at, at the University of Pittsburgh, Carnegie Mellon, Penn State. And then down the, down the road you had the Internet Crime Complaint center, which was receiving all these fraud complaints. And so he was saying, well, how could we kind of bring all those things together and kind of tackle this emerging thing, you know, of cybercrime? So what he was able to do was set up a nonprofit, which became the NCFTA and kind of had to be like this neutral space. So it wasn't owned by the government, it wasn't owned by any company or any academic institution. And then this way you can kind of come together and share cyber threat intelligence.

Dave (10:38)

What was the response to that? Were people, did people embrace it or was there a certain degree of skepticism?

Keith (10:46)

Well, naturally, there's always skepticism from sharing with, with the government and you know, how. What are the controls? Because most companies are thinking, well, I don't want to, I can't disclose my customer information or the PII or I don't want to talk about a intrusion that we had and be on the front page of the New York Times, you know, saying, hey, we have bad security control. So, so there is a lot of animosity or concern really at, at, at the beginning of doing that and to make sure that you kind of do it right. And Selena, you want to kind of like talk about, like, some of the concerns that you would. Sharing things with the government as well.

Selena (11:27)

Yeah. So I think when it comes to information sharing, there are a few ways that you can think about it from both of an independent contributor and threat researcher perspective, as well as like a company and private company perspective. And I think, you know, a lot of times people are definitely concerned with sharing information because they don't want any PII to be leaked and they don't necessarily want to get involved in, in A case or something like that where, where it kind of gets big. And then also too, people kind of just want to deal with it themselves, right? Like we just, we want to, we want to keep this in house. We want it, we don't really want to talk about it. We don't want anyone knowing our business. Right? Like, no one wants to be a center of gossip, whether it's about a cyber attack or, you know, how many dips you ate at, at a party, Dave. So, so that's, that's part of it. And also too, I think that the question of, of, of what is actionable and how is this information being used. I think historically there hasn' been a broad understanding of okay, what, what is happening with this information and what's going on with it. What is happening with this information? If I give it to you, what, what is it doing? But what I think has been really cool over the last few years is there has been a lot more visible public private partnership and collaboration. And one of the things that I like point to is Operation Endgame, for example, where there was a lot of private sector companies, like security companies, who collaborated with international law enforcement to do some very major take of some of the most prominent botnets and loaders that would lead to ransomware that would not have happened without everyone coming together and sharing their information. In the private sector. Every company has unique visibility. No one is looking at all of the same information. And that goes the same thing for the private sector. Right? The US Government sees a lot of different things than what the private sector does at proofpoint. We see tons of initial access. That's where we live and breathe and email and my team in particular is email specific. And so, you know, we're seeing initial access access and then we go dark. So we don't have any, you know, post exploitation visibility. And that's why it's important for us to collaborate with other threat researchers, for example, and other companies like for example, we've collaborated with the DEFA report where they see the full attack chain and they can say like, okay, you guys saw this initial access piece. Here's what we saw as you know, follow on compromises and here's what it led to. And I think that, you know, oftentimes when we think about information sharing, we think about it behind closed doors. But one of the most important and useful ways of information sharing is making stuff public and saying, you know, here's my research on this, here's all this information, I'm, you know, putting it up on GitHub or I'm putting it up in a blog and I'm sharing this information to the broader community. So it can be like, okay, I can take action on this regardless of whether I am in law enforcement or if I'm a private sector person, or if I'm just an independent researcher that wants to learn more about this particular threat.

Keith (14:28)

Yeah, I think it's really important, like you had mentioned Operation Endgame, that you really focus on something specific that you want to share on. Because it's not like, hey, we want all your data. Nobody has the time to go through all the data anyways. But if, like, if you know that, you know that this particular piece of malware is going to affect a number of people, then you can pull those teams together and share that specific information. You know, like, so somebody has that initial access. Maybe somebody knows how to reverse engineer the malware and come up with a solution to bring it down. I got to share one of my favorite stories since you had talk about with Operation Endgame. When we did the core flood takedown, which we brought a whole bunch of people to do that, it was so funny. We were practicing on how we were going to do this takedown and eliminate it, and we were going to send a stop command from One of the C2s that we took over. We were testing it, testing it and testing it, and we had to make sure there weren't going to be blue screens of death all around. So we had to go to the Attorney General and present our solution. And he's like, okay, well, sounds really good. But just remember, guys, if you break it, you bought it. And that was the last thing that he signed off on a warrant to be able to do it. So I'll never forget that.

Dave (15:47)

Oh, wow.

Selena (15:49)

If you break it, you bought it.

Dave (15:57)

So what are the practical implications of this? If I am an organization, let's start with the private sector. I'm in a private organization and I recognize as, let's say, a security professional within that organization that this is worthwhile. How do I make that case to the powers that be, to my board, to my boss, that us putting time and effort into this sort of collaboration is going to pay dividends for us as an organization. Yeah.

Keith (16:26)

So I think first is if you were going to be messaging your board or trying to get the lawyers on board, you need to talk about why it's a problem to your company and why being part of the greater good will actually help impact and actually make your company safer. Everybody only has so many cycles in a day. And now you're telling me you want to spend extra cycles now working overtime to kind of help the government or help this team, you know, so what does it really mean to the company? Why is it a problem? And also if you're part of the takedown, you may get your name on the takedown press release that you helped. So that could be good publicity on that. Your company is part of the greater good of policing the Internet out there. So I think that's kind of where I would start first. And then you can start talking about what types of information that you could share. And, and I think the government looks at it from a standpoint as share whatever makes you comfortable and then let's build that relationship, that trust and then share more whenever you feel more comfortable. But really just kind of start out sharing what you can as part of this project and lend your expertise and let's see if we can't make a collective win.

Selena (17:41)

Well, I think so too. There's other options, right? I think a lot of times we think about information sharing as oh, I'm going to share with the government. There's also, for example, like non profits, like the Cyber Threat alliance is like a collective for information sharing can be very beneficial, right, because like you're sharing and then you're also getting information back before it gets public often in many cases. And so you can, you know, be prepared and so you can add that additional layer of preparation within your own product and services. Or you know, from a researcher perspective, like this is this is what I have to be focusing on or like know that's coming up up from more of like a public private partnership. There's also ways to do like notifications if it, you know, if it's like really open and collaborative, be like, oh, have you seen this? Or like it's a way to kind of say like, is this unique to me and my organization or is this a broader problem that's affecting all of the industry and it can help kind of be a way for collective defense where we have a better understanding. Certainly all of the ISACs, information sharing ISACs that are set up for different industries, that is a very, very useful way for organizations to get involved in information sharing and getting to know their peers within the industry. As a researcher and from an, from that perspective, one of the best things about information sharing is it helps me get to know other people within the community and like what they sort of specialize in and like what do you know about that could potentially help with my research or with community development. And how, you know, how can we share this information? How, how can I operationalize it within my organization or with you or you know, we stumble across something and it's like, hey, do you know anyone that might be able to help me with this or that might find this very beneficial? Even when things are made public, there can be a big lack of awareness. So even having that avenue for saying, hey, I just want to make sure that everyone is aware of this as a way to communicate and have like a central repository of information. An example of like, from like a tactical intelligence perspective, like mitre, ATT and CK having a, an existing framework where intelligence is shared, really condensed down into actionable pieces that all of the community can access. With Mitre, ATT and ck, it's like we see this technique, we're adding it to our database, we have defenses that are available and it's a really like a one stop shop for you to be like, okay, I see this happening, I need to know how to, to take next steps and next actions. I'm going to consult this database or I'm going to consult this group that I'm in as a way to get more information about this and how to protect myself.

Keith (20:16)

You're right on key on that, what you were just saying, because as an FBI agent what I wanted is I want industry to tell me what I should be working on. You know, there are so many different things that you could be working on out there and you only have so many cases that you could work. So if you're telling me me that you know that, that this botnet or this ransomware group is the worst of the worst and that's where I should be focusing on, that really helps me with my targeting and then to be able to leverage the expertise from the industry working groups because you know, everybody has that different layers of visibility that could help me to focus on where I need to do search warrants or where I need to send legal process or just to really understand the threat and get victim notification out. So really as an agent, the industry is really the eyes and ears of where I want to focus.

Dave (21:21)

From phishing to ransomware, cyber threats are constant. But with NORD layer, your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single seamless platform. It helps your team spot suspicious activity before it becomes a problem. By blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale, and built on zero trust principles. So only the right people get Access to the right resources. Get 28% off on a yearly plan at nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com CyberWire Daily Code CYBERWIRE28 that's valid through December 10, 2025. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. How much of this goes on behind the scenes? The back channels, the, you know, the group chats on signal? How important are are those in, in this whole effort?

Keith (23:47)

Oh, it goes on all the time and it's all built on trust. So it's really building these personal relationships and understand who does what in what company. When we were at Europol, it was like a high school reunion. We're just going through this like, hey, I haven't seen you in ages. We haven't caught up in real life in a long time. It's such a small community. Even though you think of all the security researchers are out there, there's thousands of them, but everybody knows everybody. So it was just really good to get together and you hear what people working on and you may say, well, hey, I may have something that could help you out. And so it's just like this, you know, build on personal relationships.

Selena (24:27)

Well, and I think too it can be a catalyst for furthering an understanding of cybersecurity in general. And Dave, I don't know if you hear this from guests on your podcast, but I think a lot of times people in our industry are a little bit frustrated with the sort of lack of understanding of cybersecurity issues from law enforcement or policy or like decision makers or even within companies. Right. Like, is that something that you hear a lot where it's still kind of this like, little bit of a black box where there's A, there's a gap between the people that are doing the work and like knowledgeable about things and then the people that are making the decisions, whether it's policy or, you know, business decision making. And I think that that's where information sharing can really help close that gap.

Dave (25:10)

Yeah, for sure. I tend to refer to it as a translation layer, you know, like between the folks who are talking tech and the folks who are talking business risk. And there has to be somebody who speaks both of those languages, which is like the old joke about the UK and the US that is two nations separated by a common language. And I feel like somehow I'm experiencing.

Keith (25:34)

That right now over in London.

Selena (25:36)

Dave. Quite, quite right.

Dave (25:40)

Belt or braces. So there's those kinds of things. I'm curious how much of a responsibility we think the government has to enable these things because, you know, as we're recording this, we are still in the midst of a government shutdown. And as part of that, the CISA 2025 legislation, which provided coverage for protection for organizations who are sharing from liability, is in limbo right now. It's technically expired. And I think a lot of organizations are still in good faith sharing, hoping that it will be reinstated retroactively. But I think it points to the fact that organizations need these reinsurances from the government that they can share without risk of repercussions.

Keith (26:37)

Yeah, that's important because when I was at the FBI, I, I thought everybody shared with the government willingly. And then I went to EY and it was just like every time we were doing an incident response or whatever, it was like, nope, nope, we're not giving this, we're not calling the FBI, we're not calling the Secret Service.

Dave (26:54)

Keith, put down that phone.

Keith (27:00)

Yeah, so those protections in place are just vital because without them, probably 90% of legal counsel is going to say no. Hey, yeah, we want to do the greater good bit. At the same time we have to protect our company. We need to make sure that we're not liable for anything. You know, once those protections are in place, we'll, we'll continue to do it, but it's really essential that that gets taken care of.

Selena (27:26)

Well, and I think right now we're in a time of a lot of success of public private partnerships and seeing some of the wins, I think has been really great, especially when it comes to cybercrime. So I think historically there's been a lot of focus on espionage and nation state activity and spying and that sort of thing from a collective defense perspective. But I think right now, over the last couple of years, it's been really heartening, I think, to see the information sharing and the collective defense and collaboration from a cybercrime perspective. And it's led to some really big wins, you know, even if it's sort of like a temporary disruption. And if you look at, for example, like the loomastealer takedown recently with Microsoft and law enforcement collaborating on that, it did have a really big impact. It was, you know, it was a little bit limited and you know, loomasteeler kind of bounced back a little bit. But even those cases can have significant impact on the operators themselves, the ecosystem selling distrust, you know, having these questions in the threat actors minds of like, is this really worth it? To me, having to impose costs like literal finance financial costs as well as the time cost and the reputation cost can be massive. So right now, public private partnership is, is essential in combating everything from cybercrime to, you know, this sort of nation state activity. And, and threat actors are not slowing down, they're not going anywhere. And it's really important for organizations to feel confident in sharing that, you know, critical threat intelligence because really, collective defense from both a national security perspective, but as well as like a business risk and resilience perspective is really, really a cornerstone of that, is in, you know, information sharing and making sure that everyone is aware of these threats.

Dave (29:10)

Yeah.

Keith (29:10)

And it's important, you know, that nobody has complete visibility, so you have to share the information in order to get the complete picture. I know you had mentioned, you know, that there are a number of information sharing on the cyber crime side, but there is one that called the National Defense Cyber alliance down in Huntsville that is really put together for those national security attacks as well. So it's not as widely known as maybe some of the other, like ISACs and the NCFTA and others, but it is kind of sprouting and growing as well.

Dave (29:49)

Selina, I'm curious. You know, you and your colleagues at proofpoint publish a lot of research. How much do you find that that sparks conversations with other folks in the industry? When you publish something, do you get a bunch of responses from that and say, hey, I saw what you published and we think we might have something related here?

Selena (30:09)

Oh, all the time. It happens all the time. It's great. And that's why I like publishing stuff. We want more information. So publishing information begets more information. It's fantastic. It doesn't happen with literally everything we publish, but almost everything we publish, I have to say, and in a lot of Cases, you know, we'll, we'll reach out to our information sharing partners ahead of time. Be like, do you guys have any visibility into this? What are you seeing? How are you responding to this? So recently, earlier this year, my colleague Ola and I published some details on remote monitoring and management abuse as being delivered as first stage payload. So we see of course, a lot of the first stage email threat being, you know, RMMs being dropped that way, which was very unique. But we're like, okay, but what happens next? And then Also, are these RMMs that are being delivered as a first stage payload, are they different than the ones that are being used post compromise? So once a threat actor actually has access to an environment, are they using the same tools or different tools to move laterally? We reached out to our partners at the Defi report at Red Canary, you know, other folks in the industry to be like, hey, like, what are you seeing and how is that tying into the RMM narrative and the conversation? And so we ended up, you know, publishing some details and Red Canary has some fantastic information about RMMs that they also have published and made available. And then certainly, you know, with DFA report, they do deep dives into the attack chains and say, okay, you know, looking at this and a lot of times when a company will publish information about a particular attack chain that's happened post compromise, we can go back to our data and oh, we saw this activity, like this is related to this threat actor from this August 2025 campaign. So we know now that this RMM is dropping this particular malware because of information that was shared from the community. And so it's really important to not only be open to collaboration, but also if you can share what you can with people. And what I have found is that fellow researchers are so open. It's really great because I think, you know, most of us are in this industry because we care and because we want to do good and we want to have, you know, a safe world and contribute to collective defense. Whether that's, you know, we work for the government or whether that's we work for a business or whether that's we run our own security consultancy. Right? Like, I think a lot of us are driven by that community idea of, you know, we want to protect each other. And so I think that that really shows how beneficial it can be when people do push stuff out there and be open with sharing.

Dave (32:49)

Keith, what about moderation? I mean, like, did you ever run into folks who were kind of over sharing and you had to ask them to to dial it back or, you know, like, like I. Stop calling me.

Keith (33:02)

No, no, no, I don't think that. I don't think that ever happened. Everything in moderation, though, Dave. Just remember that's the key of life. Everything in moderation.

Dave (33:10)

Except for dips. Except for dips.

Keith (33:11)

Except for dips. But no, no, I think, you know, again, just, you know, share. Share what you can. And I mean, I guess sometimes, you know, you got a little too much. And I would say back to somebody, I got enough right now. Just, you know, I'm good with what you got, you know, what you gave me, but I'm good right now. But I don't think that happens too frequently. You know, if, if you're sharing, especially when you're like, as part of, like, like, like the NCFTA or the CDA or, you know, those isac, if you're sharing that information, chances are, you know, like, let's say you're a financial institution and you're sharing threat information that you're seeing, chances are another financial institution is going to get hit in a month from now. So that could help them with their defense, you know, because maybe, like, if you're like a, you know, a big top five bank, you're going to see the attacks first and then the smaller credit unions are going to see those in, you know, eight to 10 months. So if you're sharing that information, you're really helping the greater good, you know, down the line as well.

Dave (34:11)

Where do you suppose we're headed here? What's the future look like when it comes to information sharing?

Keith (34:17)

The one thing that I just want to say is, you know, we've been doing this a long time. You know, over 20 years, we've been sharing information. And my one pet peeve, Dave, is that I go to a lot of conferences and new people that have come that have just been around for one year or two years, they go, hey, we need to. We need to do information sharing. We need to. But it's like, we've been doing this 20 years. We're not reinventing the wheel. So I am hoping that in the future, in these next couple years, that people will be talking about it, that this is just part of how we do business on the Internet and how we do business as the white hats and the greater good. And this isn't something new that we need to talk about all the time because it's just being like air. You're just breathing and you're doing it naturally. So that is my hope.

Selena (35:04)

Hope.

Keith (35:05)

I hope we get there.

Selena (35:06)

Well, I think right now is a very interesting time for information sharing, Dave, as you mentioned. So my hope is that people continue to realize the value of this and whether or not there are roadblocks in place from existing means of information sharing or whether we continue as we have been. Either way, I mean, I think, to Keith's point, just making it part of how we do business, and also I think, too, having a better understanding and seeing the outcomes, because I think oftentimes people are a little bit hesitant to be like, oh, well, what are we doing? Sharing information and not understanding some of the outcomes that can be. Be very, very beneficial. And so I think not just sharing information, but sharing what happens and how you have used it and how you took action on it and how it protected your organization can actually provide a lot more benefit and. And can, you know, make people more engaged with it. Because, you know, I actually always joke when I go to a conference or when I'm listening to a podcast or whatever. It's like if someone says public private partnerships, I'm like, drink, like, bingo. You know, like. Like, okay, keyword, buzzword. Because oftentimes it's like, okay, well, so what? Like. Like, it's. It's. It's a public private partnership is like, it exists, but if it's not leading to actionable information and actionable information sharing and you're not seeing the results of it, it can seem like this buzzword or this, like, okay, yeah, sure, whatever. Like, we're just gonna fill a panel to talk about it at a conference. So I think when it comes to, like, the future of information sharing, sharing the outcomes, and I think, you know, some of the. Some of the big cybercrime takedowns that have happened that, you know, have all those logos and have all those names of the people that have been involved is huge because you're like, okay, this is the reality. This is what happens with. With the information that we share.

Keith (37:00)

The communication is the key because people want to know that what they're sharing is actually being put to good use. And it's useful because then that will build that. That trust and say, hey, I want to do more. You know, I want to do this more. Nobody wants to just share information to a black hole. Just like, hey, it's just going in there. And I don't know whether my data is good or not, or what I'm providing is going to the greater good. So I think communication and messaging, that is really key going forward as well.

Selena (37:28)

The greater good.

Keith (37:30)

The greater good.

Selena (37:31)

The greater good. Every time. I just have to say it like that.

Dave (37:37)

Actionable intelligence is much better than all of the decorative intelligence. This line lying around, right?

Selena (37:43)

Absolutely, yes. You don't want to just have intelligence that you can hang in your office or on your mantelpiece.

Dave (37:50)

Caring is sharing.

Keith (37:51)

Are we going to talk about decorative intelligence for Christmas then, on our next podcast?

Selena (37:55)

Oh, there you go. Yeah. Deck the halls with threat intelligence.

Dave (38:01)

Yeah.

Selena (38:21)

Well, this has been a lot of fun. This is one of. One of the things that I am very passionate about, Keith, I know you are as well. And Dave, you are basically an information sharing group yourself as the podcast host of Cyberwarf. Yeah. I mean, you do intelligence, distribution and communication that are very, very vital as well. So, you know, that's actually one part of information sharing is communicating out to a massive audience and hoping, you know, people. People take action on it. So, yeah, so thank you everybody for tuning in, as always, and we hope you enjoyed this episode of Only Malware in the Building, and we will see you next time.