Selena

You're listening to the Cyberwire Network, powered by N2K, follow signs for i95South.

Keith

You realize we're late again, right? Selena's gonna kill us.

Dave

I told you I had to do a dip check. You can't show up to the Fishy Awards without the proper dip representation.

Keith

You brought, like, half the grocery stor.

Dave

Keith, preparation is key. Nobody likes a dry chip.

Keith

Dude. Can I. Can I. Can I have a chip?

Dave

Absolutely not.

Selena

Turn left onto Diagon Alley. Your destination will be on your left. You two are unbelievable. I told you to leave early. Now we're gonna be late. And we're nominated.

Keith

We did leave early. Then Dave decided to run a full audit on condiments.

Dave

Qual quality assurance is everyone's responsibility.

Selena

If we win tonight and I can't give my acceptance speech, I'm blaming you two.

Keith

Dave, check to see if they're covering the awards pre show on the radio.

Dave

Hey, this is pretty catchy.

Selena

I mean, it is, but it's not what we're looking for. Keep scrolling. Three of the zero days are actively being exploited. If you like keen.

Sponsor/Announcer

Well, hello there and welcome back to American top 40.

Keith

It doesn't sound like it's on yet. Dave, can I please have a chip? No.

Dave

Stop asking me. I had a temp job out of college. I don't think they're covering the red carpet yet. Maybe we'll make it after all.

Selena

Dave, the clock literally says we're 20 minutes late.

Keith

But in cybersecurity time, that's basically on schedule.

Dave

Exactly. Besides, we've got great tunes, solid company, and six dips in the backseat. What could go wrong?

Selena

You know, when I agreed to come tonight, I didn't think we'd be driving your antique mobile, Dave.

Dave

Antique? I will have you know this is vintage classic. Timeless.

Selena

Timeless. Like a typewriter in an office full of laptops.

Dave

Hey, this typewriter has gotten us through a lot of traffic safely.

Selena

Hopefully, that's true for tonight, too.

Keith

Dave, if you're going to be eating while driving, at least you could give me one chip. No.

Dave

These are ratioed. One chip per dip swirl system integrity.

Selena

Dave, both hands on the wheel.

Sponsor/Announcer

Relax.

Dave

It's a controlled dip environment.

Keith

You're actually gatekeeping the dip?

Dave

Yes. Chain of custody.

Keith

Just one?

Dave

Kate, let go of the chip.

Keith

Then give me one.

Selena

You two are gonna make us late and headline the traffic report.

Dave

You owe me. Guac.

Keith

Worth it.

Selena

All right, no more fighting, you two. Let's just ride the rest of the way in silence. Next year, I'm taking an U. Hello? Everyone, and welcome to Only Malware in the Building. Today, with my co hosts, Dave and Keith, we are going to be diving into information sharing and public private partnerships. It is November. We're giving thanks. We're thinking about the ways that we are thankful for our different partnerships and different information that we're able to share back and forth with the wonderful, wonderful cybersecurity community. So why don't we go ahead and kick us off? And part of the reason why we're inspired to do this episode is because, Keith, I just recently saw you. This is very exciting.

Keith

Yeah, it was amazing. So we're halfway around the world. Were at Europol in the Netherlands, and all of a sudden we're at a conference, and I'm looking across the room and I'm like, hey, there's Selena.

Selena

Exactly. Hey, there's Keith. And I had no idea that you were going to be there. It's one of these lovely little kismet moments that are happening all the time at conferences. And one of the topics that you were talking about and speaking about at the conference was how public private partnerships work and how they can actually contribute to doing things like takedowns or impacting operations or sharing with the private sector to be more resilient and secure.

Keith

Yeah. And everybody's always talking about sharing public private alliances, sharing threat information. And so, you know, when we were getting together, Dave, we were like, you know, we should talk about this on some of the obstacles, good ways to be able to share information, some of the concerns that people have, and really kind of the right way to do it, because if you don't do it right, it's just kind of worthless. So Selena and I, we got to together and we're like, hey, this. This sounds like a good topic. And I'm sure, Dave, you probably have a lot of people that come on Cyberwire that talk about public private alliances and sharing information as well.

Dave

We do. I'm. I'm curious, though. Like, my take is that public private partnerships are kind of like karaoke. Everybody's enthusiastic until it's their turn.

Selena

I will have you know I am enthusiastic even when it is my turn for karaoke.

Keith

Yeah.

Selena

So.

Dave

Well, truth be told, me to. In fact, they have a hard time pulling the mic away from me.

Selena

I know. We got it. Vaudeville. You, Kainoff.

Dave

Seems like everybody wants everyone else to go first when it comes to information sharing. Is that an accurate assessment?

Keith

Yeah, I think so. And then, you know, sometimes the government is. They're a little too broad on what does information sharing actually look like, you know, nobody wants, you know, when somebody comes in and goes, hey, we're the government. We're here to help. Now give us all your information. You know, people like, whoa, wait a second, backtrack a little bit. How are we going to do this properly? So, so. So we thought we can kind of COVID maybe some of the genesis of how this started and where things are going and kind of how, if you want to get involved in information sharing, maybe how you could start with your company or just you as a researcher.

Dave

Yeah. Can we start with some of the history here? I mean, Keith, your time back with the FBI, were you with the agency at the outset of some of these programs?

Keith

From an FBI perspective, one of the main information sharing places that they set up was called the National Cyber Forensic and Training alliance in my hometown of Pittsburgh. Of course, my boss at the time named Dan Larkin, he was kind of a visionary, and he was the national white collar crime and cyber supervisor at the Pittsburgh field office. And he was looking at Pittsburgh at the time and said, well, you know, we have some good banks like PNC and Mellon Bank. We had the cert at that time. It was the. That was the cert. The main cert in the United States there. At Carnegie Mellon, you had great universities at, at the University of Pittsburgh, Carnegie Mellon, Penn State. And then down the, down the road, you had the Internet Crime Complaint center, which was receiving all these fraud complaints. And so he was saying, well, how could we kind of bring all those things together and kind of tackle this emerging thing, you know, of cybercrime? So what he was able to do was set up a nonprofit which became the ncfta and kind of had to be like this neutral space. So it wasn't owned by government, it wasn't owned by any company or any academic institution. And then this way you can kind of come together and share cyber threat intelligence.

Dave

What was the response to that? Were people. Did people embrace it or was there a certain degree of skepticism?

Keith

Well, naturally, there's always skepticism from sharing with the government and you know, how. What are the controls? Because most companies are thinking, well, I don't want to. I can't disclose my customer information or the PII or I don't want to talk about a intrusion that we had and be on the front page of the New York Times, you know, saying, hey, we have bad security control. So. So there is a lot of animosity or concern, really, at. At the beginning of doing that and to make sure that you kind of do it right. And Selena you want to kind of like talk about like some of the concerns, you know, that, that, that you would have of sharing things with, with the government as well.

Selena

Yeah. So I think when it comes to information sharing, there are a few ways that you can think about it from both of an independent contributor and threat researcher perspective, as well as a company and private company perspective. And I think a lot of times people are definitely concerned with sharing information because they don't want any PII to be leaked and they don't necessarily want to get involved in, in a case or something like that where, where it kind of gets big. And then also too, people kind of just want to deal with it themselves. Right. Like we just, we want to, we want to keep this in house. We want it, we don't really want to talk about it. We don't want anyone knowing our business. Right. Like, no one wants to be a center of gossip, whether it's about a cyber attack or, you know, how many dips you ate at, at a party, Dave. So, so that's, that's part of it. And also too, I think that the question of, of, of what is actionable and how is this information being used, I think historically there hasn't, and a broad understanding of okay, what, what is happening with this information and what's going on with it. What is happening with this information? If I give it to you, what, what is it doing? But what I think has been really cool over the last few years is there has been a lot more visible public private partnership and collaboration. And one of the things that I like point to is Operation Endgame, for example, where there was a lot of private sector companies, like security companies who collaborated with international law enforcement to do some very major take of some of the most prominent botnets and loaders that would lead to ransomware. That would not have happened without everyone coming together and sharing their information. In the private sector, every company has unique visibility. No one is looking at all of the same information. And that goes the same thing for the private sector. Right. The U.S. government sees a lot of different things than what the private sector does at proofpoint. We see tons of initial access. That's where we live and breathe and email. And my team in particular is email specific. And so, you know, we're seeing initial access access and then we go dark. So we don't have any, you know, post exploitation visibility. And that's why it's important for us to collaborate with other threat researchers, for example, and other companies. Like, for example, we've collaborated with the defer report where they see the full attack chain and they can say like, okay, you guys saw this initial access piece. Here's what we saw as, you know, follow on compromises and here's what it led to. And I think that, you know, oftentimes when we think about information sharing, we think about it behind closed doors. But one of the most important and useful ways of information sharing is making stuff public and saying, you know, here's my research on this, here's all this information. I'm, you know, putting it up on GitHub or I'm putting it up in a blog. I'm sharing this information to the broader community. So it can be like, okay, I can take action on this regardless of whether I am in law enforcement or if I'm a private sector person or if I'm just an independent researcher that wants to learn more about this particular threat.

Keith

It. Yeah, I think it's really important, like you had mentioned Operation Endgame, that you really focus on something specific that you want to share on. Because it's not like, hey, we want all your data. Nobody has the time to go through all the data anyways. But it's like, if you know that this particular piece of malware is going to affect a number of people, then you can pull those teams together and share that specific information. If somebody has that initial access, maybe somebody knows how to reverse engineer the malware and come up with a solution to bring it down. I got to share one of my favorite stories since you had talked about with Operation Endgame. When we did the core flood takedown, which we brought a whole bunch of people to do that, it was so funny. We were practicing on how we were going to do this takedown and eliminate it, and we were going to send a stop command from One of the C2s that we took took over. We were testing it, testing it and testing it, and we had to make sure there weren't going to be blue screens of death all, you know, all around. So we had to go to the Attorney General and present our solution. And he's like, okay, well, sounds really good. But just remember, guys, if you break it, you bought it. And that was the last thing. And then he signed off on our board to be able to do it. So I'll never forget that.

Dave

Oh, wow.

Selena

If you break it, you bought it.

Dave

So what are the practical implications of this? If I am an organization, let's start with the private sector. I'm in a private organization and I recognize as, let's say, a security professional within that organization, that this is worthwhile? How do I make that case to the powers that be, to my board, to my boss, that us putting time and effort into this sort of collaboration is going to pay dividends for us as an organization?

Keith

Yeah. So I think first is if you were going to be messaging your board or trying to get the lawyers on board, you need to talk about why it's a problem to your company and why being part of the greater good will actually help impact and actually make your company safer. Everybody only has so many cycles in a day, and now you're telling me you want to spend extra cycles now working overtime to kind of help the government or help this team, you know, so what does it really mean to the company? Why is it a problem? And also, if you're part of the takedown, you know, you may get your name on, you know, the takedown press release that you helped. So that could be good publicity on that. Your company is part of the greater good of policing the Internet out there. So I think that's kind of where I would start first. And then you can start talking about what types of information that you could share. And I think the government looks at it, you know, from a standpoint is share whatever makes you comfortable and then, you know, let's build that relationship, that trust, and then share more whenever you. You feel more comfortable. But really just kind of start out sharing what you can as part of this project and lend your expertise. And let's see if we can't make, you know, a collective win.

Selena

Well, I think so, too. There's other options, right? Like, I think a lot of times we think about information sharing as, oh, I'm going to share with the government. There's also, for example, like nonprofits, like the Cyber Threat alliance is like a collective for information sharing can be very beneficial. Right. Because like, you're sharing and then you're also getting information back before it gets public, often in many cases. And so you can, you know, be prepared and so you can add that additional layer of preparation within your own product and services. Or, you know, from a researcher perspective, like, this is. This is what I had to be focusing on or know that's coming up from more of like a public private partnership. There's also ways to do, like, notifications if it, you know, if it's like really open and collaborative, be like, oh, have you seen this? Or, like, it's a way to kind of see, like, is this unique to me and my organization or is this a broader problem that's affecting all of the industry and it can help kind of be a way for collective defense where we have a better understanding. Certainly all of the ISACs, information sharing, ISAC that are set up for different industries, that is a very, very useful way for organizations to get involved in information sharing and getting to know their peers within the industry. As a researcher and from an, from that perspective, one of the best things about information sharing is it helps me get to know other people within the community and like what they sort of specialize in and like what do you know about that could potentially help with my research or with community development and how, you know, how can we share this information? How, how can I operationalize it within my organization or with you? Or you know, we stumble across something and it's like, hey, do you know anyone that might be able to help me with this or that might find this very beneficial? Even when things are made public, there can be a big lack of awareness. So even having that avenue for saying, hey, I just want to make sure that everyone is aware of this as a way to communicate and have a, like a central repository of information. An example of like, from like a tactical intelligence perspective, like mitre, ATT and CK having an existing framework where intelligence is shared, really condensed down into actionable pieces that all of the community can access. With mitre, ATT and ck, it's like we see this technique, we're adding it to our database, we have defenses that are available and it's really like a one stop shop. For you to be like, okay, I see this happening, I need to know how to take next steps and next actions. I'm going to consult this database or I'm going to consult this group that I'm in as a way to get more information about this and how to protect myself.

Keith

You're right on key on that, what you were just saying, because as an FBI agent, what I wanted is I want industry to tell me what I should be working on. You know, there are so many different things that you could be working on out there and you only have so many cases that you could work. So if you're telling me that, you know that this botnet or this ransomware group is the worst of the worst and that's where I should be focusing on, that really helps me with my targeting and then to be able to leverage the expertise from the industry working groups because everybody has that different layers of visibility that could help me to focus on where I need to do search warrants or where I need to send legal process or just to really understand the threat and get victim notification out. So really, as an agent, the industry is really the eyes and ears of where I want to focus.

Sponsor/Announcer

And now a word from our sponsor, ThreatLocker, the powerful Zero trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on Endpoint security, designed to prevent unauthorized software from running, control how applications interact, and manage access to storage devices. Its building blocks are allowlisting, Ring fencing, and Network control. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class Endpoint protection from Threat Locker. And we thank threatlocker for sponsoring only malware in the building.

Dave

How much of this goes on behind the scenes? The back channels, the, you know, the group chats on signal? How important are those in this whole effort?

Keith

Oh, it goes on all the time and it's all built on trust, you know, so it's really building these personal relationships and understand who does what in what company. You know, there's like, when we were at Europol, it was like a high school reunion, you know, we're just going through and it's just like, hey, I haven't seen you in ages. You know, we haven't caught up in real life in a long time. It's such a small community. Even though you think like all the security researchers are out there, there's thousands of them, but like, everybody knows everybody. And so it was just really good to get together and you hear what people working on and you may say, well, hey, I may have something that could help you out. And so it's just like this, you know, build on personal relationships.

Selena

Well, and I think too it can be a catalyst for furthering an understanding of cybersecurity in general. And Dave, I don't know if you hear this from guests on your podcast, but I think a lot of times people in our industry are a little bit frustrated with the sort of lack of understanding of cybersecurity issues from law enforcement or policy or like decision makers or even within companies, Right? Like, is that something that you hear a lot where it's still kind of this like, little bit of a black box where there's a, there's a gap between the people that are doing the work and like knowledgeable about things and then the people that are making the decisions, whether it's policy or, you know, business decision making. And I think that that's where information sharing can really help close that gap.

Dave

Yeah, for sure. I tend to refer to it as a translation layer, you know, like between the folks who are talking tech and the folks who are talking business risks. And there has to be somebody who speaks both of those languages, which is like the old joke about the UK and the US that is two nations separated by a common language. And I feel like somehow I'm experiencing.

Keith

That right now over in London. Dave.

Selena

Quite quite right.

Dave

Belt or braces. So there's those kinds of things. I'm curious how much of a responsibility we think the government has to enable these things because, you know, as we're recording this, we are still in the midst of a government shutdown. And as part of that, the CISA 2025 legislation, which provided coverage for protection for organizations who are sharing from liability, is in limbo right now. It's technically expired. And I think a lot of of organizations are still in good faith sharing, hoping that it will be reinstated retroactively. But I think it points to the fact that organizations need these reinsurances from the government that they can share without risk of repercussions.

Keith

Yeah, that's important because when I was at the FBI, I thought everybody shared with the government willingly. And then I went to EY and it was just like every time we were doing an incident response or whatever, it was like, nope, nope, we're not giving this, we're not calling the FBI, we're not calling the Secret Service. You know, so, so those.

Dave

Keith, put down that phone.

Keith

Yeah, so it is, you know, those protections in place are just vital because without them, probably 90% of legal counsel is going to say no. Hey, yeah, we want to do the greater good bit. At the same time, we have to protect our company. We need to make sure that we're not liable for anything. You know, once those protections are in place, we'll, we'll continue to do it, but it's really essential that that gets taken care of.

Selena

Well, and I think right now we're in a time of a lot of success of public private partnerships and seeing some of the wins I think has been, has been really great, especially when it comes to cybercrime. So I think historically, you know, there's been a lot of focus on espionage and nation state activity and spying and that sort of thing from a collective defense perspective. But I think right now, over the last couple of years, it's been really heartening, I think, to see the information sharing and the collective defense and collaboration from a cybercrime perspective. And it's led to some really big wins, even if it's sort of like a temporary disruption. And if you look at, for example, like the Loomis Steeler takedown recently with Microsoft and law enforcement collaborating on that, it did have a really big impact. It was a little bit Ltd. And Loomasteeler kind of bounced back a little bit. But even those cases can have significant impact on the operators themselves, the ecosystem selling distrust. You know, having these questions in the threat actors minds of like, is this really worth it? To me, having to impose costs, like literal financial costs as well as the time cost and the reputation cost can be massive. So right now, public private partnership is essential in combating everything from cybercrime to, you know, this sort of nation state activity. And threat actors are not slowing down, they're not going anywhere. And, and it's really important for organizations to feel confident in sharing that critical threat intelligence because really, collective defense from both a national security perspective, but as well as a business risk and resilience perspective is really, really a cornerstone of that is in information sharing and making sure that everyone is aware of these threats.

Keith

Yeah. And it's important that nobody has complete visibility, so you have to share the information in order to get the complete picture. I know you had mentioned that there are a number of information sharing on the cybercrime side, but there is one called the National Defense Cyber alliance down in Huntsville that is really put together for those national security attacks as well. So it's not as widely known as maybe some of the other, like ISACs and the NCFTA and others, but it is kind of sprouting and growing as well.

Dave

Selena, I'm curious. You know, you and your colleagues at proofpoint publish a lot of research. How much do you find that that sparks conversations with other folks in the industry when you publish something, do you get a bunch of responses from that and say, hey, you know, I saw what you published and we think we might have something related here?

Selena

Oh, all the time. It happens all the time. It's great, great. And that's why I like publishing stuff. You know, we, we want more information. So, you know, publishing information begets more information. It's fantastic. It doesn't happen like with literally everything we publish, but almost everything we publish, I have to say. And in a lot of cases, you know, we'll, we'll reach out to our information sharing partners ahead of time, be like, do you guys have any visibility into this? What are you seeing? How are you responding to this? So recently, earlier this year, my colleague Ola and I published some details on remote monitoring and management abuse as being delivered as first stage payload. So we see, of course, a lot of the first stage email threats being, you know, RMMs being dropped that way, which was very unique. But we're like, okay, but what happens next? And then Also, are these RMMs that are being delivered as a first stage payload, are they different than the ones that are being used post compromise? So once a threat actor actually has access to an environment, are they using the same tools or different tools to move laterally? We reached out to our partners at the Defi report at Red Canary, you know, other folks in the industry to be like, hey, like, what are you seeing and how is that tying into the RMM narrative and the conversation? And so we ended up, you know, publishing some details and Red Canary has some, has some fantastic information about RMMs that they also have published and made available. And then certainly, you know, with default report, they do deep dives into the attack chains and say, okay, you know, looking at this and a lot of times when a company will publish information about a particular attack chain that's happened post compromise, we can go back to our data and be like, oh, we saw this activity. Like, this is related to this threat actor from, you know, this August 2025 campaign. So we know now that this RMM is dropping this particular malware because of information that was shared from the community. And so it's really important to not only, you know, be open to collaboration, but also, you know, if you can share what you can with people. And what I have found is that fellow researchers are so open. It's really great because I think, you know, most of us are in this industry because we care and because we want to do good and we want to have, you know, a safe world and contribute to collective defense. Whether that's, you know, we're, we work for the government or whether that's, we work for a business or whether that's, we run our own security consultancy. Right? Like, I think a lot of us are driven by that community idea of, you know, we, we want to protect each other. And so I think that that really shows how beneficial it can be when people do push stuff out there and be open with sharing back.

Dave

Keith, what about moderation? I mean, like, did you ever run into folks who were kind of oversharing and you had to ask them to dial it back or you Know, like, stop calling me.

Keith

No, no, I don't think that. I don't think that ever happened. Everything in moderation though, Dave. Just remember that's the key of life. Everything in moderation.

Dave

Except for dips. Except for dips.

Keith

Except for dips. But no, no, I think, you know, again, just, you know, share. Share what you can. And I mean, I guess sometimes you got a little too much. And I would say back to somebody, I got enough right now. Just, you know, I'm good with what you got, you know, what you gave me, but I'm good right now. But I don't think that happens too frequently. You know, if you're sharing, especially when you're like, as part of, like, like, like the NCFTA or the CDA or, you know, those isac, if you're sharing that information, chances are, you know, like, let's say you're a financial institution and you're sharing threat information that you're seeing, chances are another financial institution is going to get hit in a month from now. So that could help them with their defense, you know, because maybe like, if you're like a, you know, a big top five bank, you're going to see the attacks first and then the smaller credit unions are going to see those in, you know, eight to 10 months. So if you're sharing that information, you're really helping the greater good, you know, down the line as well.

Dave

Where do you suppose we're headed here? What's the future look like when it comes to information sharing?

Keith

The one thing that I just want to say is, you know, we've been doing this a long time. You know, over 20 years, we've been sharing information. And my one pet peeve, Dave, is that I go to a lot of conferences and new people that have come that have just been around for one year or two years, they go, hey, we need to, we need to do information sharing. We need to. But it's like we've been doing this 20 years. We're not reinventing the wheel. So I am hoping that in the future, in these next couple years, that people will, will be talking about it, that this is just part of how we do business on the Internet and how we do business as the white hats in the greater good. And this isn't something new that we need to talk about all the time because it's just being like air. You're just breathing and you're doing it naturally. So that, that is my hope. I hope we get there.

Selena

Well, I think right now is a very interesting Time for information sharing, Dave, as you mentioned. So my hope is that people continue to realize the value of this and whether or not there are roadblocks in place from existing means of information sharing or whether we continue as we have been. Either way, I mean, I think, to Keith's point, just making it part of how we do business and also I think, to having a better understanding and seeing the outcomes, because I think oftentimes people are a little bit hesitant to be like, oh, well, what are we doing? Sharing information and not understanding some of the outcomes that can be. Be very, very beneficial. And so I think not just sharing information, but sharing what happens and how you have used it and how you took action on it and how it protected your organization can actually provide a lot more benefit and. And can, you know, make people more engaged with it. Because, you know, I actually always joke when I go to a conference or when I'm listening to a podcast or whatever. It's like if someone says public private partnerships, I'm like, drink, like, bingo. You know, like, it's like, okay, keyword, buzzword. Because oftentimes it's like, okay, well, so what? Like, it's a public private partnership is like, it exists, but if it's not leading to actionable information and actionable information sharing and you're not seeing the results of it, it can seem like this buzzword or this, like, okay, yeah, sure, whatever. Like, we're just gonna fill a panel to talk about it at a conference. So I think when it comes to, like, the future of information sharing, sharing, the outcome, outcomes, and I think, you know, some of the. Some of the big cybercrime takedowns that have happened that, you know, have all those logos and have all those names of the people that have been involved is huge. Because you're like, okay, this is the reality. This is what happens with. With the information that we share.

Keith

The communication is the key because people want to know that what they're sharing is actually being put to good use. And it's useful because then that will build that. That trust and say, hey, I want to do more. You know, I want to do this more. Nobody wants to just share information to a black hole. Just like, hey, it's just going in there. And I don't know whether my data is good or not, or what I'm providing is going to the greater good. So I think communication and messaging, that is really key going forward as well.

Selena

The greater good. The greater good. Every time I just have to say it like that.

Dave

Actionable intelligence is much better than all of the decorative intelligence that's lying around, right?

Selena

Absolutely, yes. You don't want to just have intelligence that you can hang in your office or on your mantelpiece.

Dave

Caring is sharing.

Keith

Are we going to talk about decorative intelligence for Christmas then on our next podcast?

Selena

Oh, there you go. Yeah. Deck the halls with threat intelligence.

Dave

Yeah.

Keith

F la la.

Selena

Well, this has been a lot of fun. This is one of. One of the things that I am very passionate about, Keith. I know you are as well. And Dave, you are basically an information sharing group yourself as the podcast host of Cyberwire. Yeah. I mean, you do intelligence distribution and communication that are very, very vital as well. So, you know, that's actually one part of information sharing is communicating out to a massive audience and hoping, you know, people. People take action on it. So, yeah. So thank you everybody for tuning in as always, and we hope you enjoyed this episode of Only Malware in the Building. And we will see. See you next time.

Dave

Thank you.

Sponsor/Announcer

To ThreatLocker, the powerful Zero Trust Enterprise solution that stops ransomware in its tracks. For sponsoring only Malware in the building, visit threatlocker.com.