1
00:00:00,000 --> 00:00:07,040
Welcome to the Quick 10 Podcast brought to you by Quick Track, focusing on all things

2
00:00:07,040 --> 00:00:12,920
FedCon and cyber defense from different perspectives and different personalities, all in 10 ish

3
00:00:12,920 --> 00:00:13,920
minutes.

4
00:00:13,920 --> 00:00:18,360
Here's your host, Derek White.

5
00:00:18,360 --> 00:00:22,480
All right.

6
00:00:22,480 --> 00:00:27,360
Thank you, Alex, for joining us today on episode two of the Quick 10 Podcast.

7
00:00:27,360 --> 00:00:28,360
How you doing?

8
00:00:28,360 --> 00:00:29,360
Good, great.

9
00:00:29,360 --> 00:00:30,360
Thanks for having me.

10
00:00:30,360 --> 00:00:31,360
Good, man.

11
00:00:31,360 --> 00:00:32,360
Good seeing you again.

12
00:00:32,360 --> 00:00:34,640
Hope all is well.

13
00:00:34,640 --> 00:00:39,680
As we kick this podcast series off, it's exactly what it is.

14
00:00:39,680 --> 00:00:44,280
It's 10 ish minutes talking about a specific topic that we dive right into.

15
00:00:44,280 --> 00:00:50,440
And today we're going to get into the world of ITAR and CMMC, which is what your specialty

16
00:00:50,440 --> 00:00:51,440
is.

17
00:00:51,440 --> 00:00:54,360
And we have today's Alex Trafton from Ankura.

18
00:00:54,360 --> 00:01:01,520
So one of the best, I believe, on the LinkedIn side of the world, if you're a LinkedIn user,

19
00:01:01,520 --> 00:01:05,120
first thing you need to do when you're done with this podcast is go follow Alex.

20
00:01:05,120 --> 00:01:09,480
Alex has great digestible content that he puts out on a regular basis.

21
00:01:09,480 --> 00:01:13,800
I highly recommend that people go do that.

22
00:01:13,800 --> 00:01:16,400
But from your experience, we're going to get right into it.

23
00:01:16,400 --> 00:01:26,840
And there's a large misconception that, quote, because we're compliant with A, we're therefore

24
00:01:26,840 --> 00:01:29,520
pretty good with B. I know you guys hear that a lot.

25
00:01:29,520 --> 00:01:31,460
We hear that a lot.

26
00:01:31,460 --> 00:01:37,840
Talk about ITAR regulations and the misconceptions that come with that when people also have

27
00:01:37,840 --> 00:01:45,520
requirements and regulations like CUI protection around the CMMC side, NIST 800 171.

28
00:01:45,520 --> 00:01:48,480
And where you see that from your guys' side.

29
00:01:48,480 --> 00:01:52,600
And share what people should know about that a little bit.

30
00:01:52,600 --> 00:01:53,600
Yeah.

31
00:01:53,600 --> 00:01:56,240
I mean, I do think that's a very common misconception.

32
00:01:56,240 --> 00:02:02,720
And I think it comes down to a conceptual issue in companies that they view ITAR as

33
00:02:02,720 --> 00:02:03,720
a regulatory issue.

34
00:02:03,720 --> 00:02:05,440
And so it sits with a legal function.

35
00:02:05,440 --> 00:02:10,840
And they view CMMC and CUI as a cybersecurity function, which typically sits in the technology

36
00:02:10,840 --> 00:02:16,200
focus, like with the IT or cybersecurity, and that they don't speak well to each other.

37
00:02:16,200 --> 00:02:18,360
But yeah, that's a common misconception.

38
00:02:18,360 --> 00:02:28,760
And for defense contractors, certainly if they have defense contracts, if they're producing

39
00:02:28,760 --> 00:02:33,600
manufacturing items that are controlled under the ITAR, and they're providing that to the

40
00:02:33,600 --> 00:02:39,000
US Department of Defense, that ITAR data will also be CUI.

41
00:02:39,000 --> 00:02:44,120
And so in that case, those are co-terminates.

42
00:02:44,120 --> 00:02:49,120
But companies can make products, and a lot of larger companies do this, where they have

43
00:02:49,120 --> 00:02:52,040
both commercial and defense businesses.

44
00:02:52,040 --> 00:02:56,800
And the technology can originate with or without defense funding, could be ITAR, and they could

45
00:02:56,800 --> 00:02:57,800
be selling it commercially.

46
00:02:57,800 --> 00:03:04,840
And then it could also be part of an acquisition contract for the DoD and the CUI.

47
00:03:04,840 --> 00:03:08,920
They could also have CUI that's controlled under the Commerce Department's Export Administration

48
00:03:08,920 --> 00:03:13,760
regulations, this dual use that the government might be acquiring, which is a separate regulatory

49
00:03:13,760 --> 00:03:14,760
regime.

50
00:03:14,760 --> 00:03:21,360
So those aren't necessarily the same thing, and they don't have all of the same requirements.

51
00:03:21,360 --> 00:03:30,160
And so I think that the ITAR data is definitely ITAR.

52
00:03:30,160 --> 00:03:34,080
It is something that is controlled under the ITAR by its very nature.

53
00:03:34,080 --> 00:03:37,640
The existence of that thing as that thing is making it ITAR.

54
00:03:37,640 --> 00:03:41,920
But a CUI is really driven by whether the Department of Defense has technical rights

55
00:03:41,920 --> 00:03:47,200
to the data that it paid for under an acquisition contract, which is the DFAR's language.

56
00:03:47,200 --> 00:03:51,440
And so that's really where you can start to kind of see those roads divide.

57
00:03:51,440 --> 00:03:56,200
If this is proprietary data we developed, then the DOD doesn't have rights to it.

58
00:03:56,200 --> 00:04:00,160
We could even be providing it to the government, but if it doesn't have rights to it, it's

59
00:04:00,160 --> 00:04:02,720
not CUI, but it could well be ITAR.

60
00:04:02,720 --> 00:04:06,120
And the requirements are very similar in some ways.

61
00:04:06,120 --> 00:04:10,680
They're both data protection requirements, but the ITAR is really focused on its origination

62
00:04:10,680 --> 00:04:12,640
was a nonproliferation regulation.

63
00:04:12,640 --> 00:04:16,440
And it's evolved and they update it.

64
00:04:16,440 --> 00:04:21,040
But for the most part, it's focused on sovereignty of data and making sure that foreign persons

65
00:04:21,040 --> 00:04:25,760
don't access data without a license so that the US government can control who has access

66
00:04:25,760 --> 00:04:31,760
to items which are covered under the US munitions list that they're in use military items.

67
00:04:31,760 --> 00:04:35,840
And that's a regulatory regime, where a CUI is contract-driven.

68
00:04:35,840 --> 00:04:39,520
So there's a diverse sense of requirements, right?

69
00:04:39,520 --> 00:04:41,720
And it relates to a number of factors.

70
00:04:41,720 --> 00:04:44,240
You can have CUI programs.

71
00:04:44,240 --> 00:04:49,120
There's no sovereignty requirement or no foreign person access restrictions on CUI.

72
00:04:49,120 --> 00:04:53,160
Now the Department of Defense can mark it as no foreign persons access, and they can

73
00:04:53,160 --> 00:04:56,100
mark it as what functionally makes it export control.

74
00:04:56,100 --> 00:04:57,960
But it's very nature is an export control, right?

75
00:04:57,960 --> 00:05:02,120
And there's many of the defense acquisition programs that have global supply chains where

76
00:05:02,120 --> 00:05:03,520
CUI data flows globally.

77
00:05:03,520 --> 00:05:09,000
It might be ITAR data, but those companies have to manage ITAR requirements, right?

78
00:05:09,000 --> 00:05:11,800
But the CUI doesn't make it so.

79
00:05:11,800 --> 00:05:18,680
And I think one of the big items where there's divergence and it's worth understanding is

80
00:05:18,680 --> 00:05:20,920
protection of the data with encryption, right?

81
00:05:20,920 --> 00:05:25,600
So if you look at CUI requirements in this 800.171, this is a requirement for any federal

82
00:05:25,600 --> 00:05:30,320
agency encryption standard, is that there's a requirement to use FIPS validated encryption,

83
00:05:30,320 --> 00:05:31,320
right?

84
00:05:31,320 --> 00:05:34,000
And the language in the ITAR is FIPS compliant encryption, right?

85
00:05:34,000 --> 00:05:39,440
And that's the difference between the CAVP, the cryptographic algorithm validation program,

86
00:05:39,440 --> 00:05:43,880
and the CMVP at NIST, which is the cryptographic module validation program, right?

87
00:05:43,880 --> 00:05:47,760
And I tend to think that there was a mistake when they wrote the ITAR regulation and they

88
00:05:47,760 --> 00:05:50,680
met validated, but they used compliant.

89
00:05:50,680 --> 00:05:53,480
But that's here and there.

90
00:05:53,480 --> 00:05:57,680
So that's a remarkably different standard, right?

91
00:05:57,680 --> 00:06:02,280
Whether or not you have to maintain validated, FIPS validated modules versus algorithms, right?

92
00:06:02,280 --> 00:06:03,720
Which is much lower standard, right?

93
00:06:03,720 --> 00:06:08,280
Because most strong algorithms are going to be approved for use in cryptographic module

94
00:06:08,280 --> 00:06:10,240
validation programs, right?

95
00:06:10,240 --> 00:06:13,280
And FIPS modules.

96
00:06:13,280 --> 00:06:14,800
So those are differing requirements.

97
00:06:14,800 --> 00:06:16,520
One is far more onerous, right?

98
00:06:16,520 --> 00:06:23,800
So the other thing is the degree to which encryption is a protection under the regulation

99
00:06:23,800 --> 00:06:24,800
or under the contract.

100
00:06:24,800 --> 00:06:29,800
I hear in the CMVP world a lot, people saying, well, if I just encrypt with FIPS validated

101
00:06:29,800 --> 00:06:31,760
modules, my data is fine.

102
00:06:31,760 --> 00:06:33,520
I can send it out.

103
00:06:33,520 --> 00:06:35,160
That's not true under the ITAR, right?

104
00:06:35,160 --> 00:06:43,680
So in the ITAR, there's a section of the 22 CFR, part 126.1, which is a restriction on

105
00:06:43,680 --> 00:06:46,480
export of even encrypted data to certain countries.

106
00:06:46,480 --> 00:06:51,160
And so those countries include Russia, they include North Korea, China, and a few others

107
00:06:51,160 --> 00:06:56,320
that exist on the sanctions list, right?

108
00:06:56,320 --> 00:07:01,560
That data, even if it's encrypted with FIPS validated or compliant encryption, data can't

109
00:07:01,560 --> 00:07:02,640
go there, right?

110
00:07:02,640 --> 00:07:10,360
So the notion that I think a lot of CMVP thought leaders have taken is that if I just use encryption

111
00:07:10,360 --> 00:07:14,120
to the standard FIPS validated, so I can just send ITAR where I want, sorry, I can send

112
00:07:14,120 --> 00:07:15,120
CUI where I want.

113
00:07:15,120 --> 00:07:18,960
Well, if that data is also CUI, you have to have some controls over where it goes with

114
00:07:18,960 --> 00:07:19,960
both.

115
00:07:19,960 --> 00:07:21,880
And that's a big one.

116
00:07:21,880 --> 00:07:30,760
And I think the other thing is, like most companies are struggling with cloud services

117
00:07:30,760 --> 00:07:32,520
and sovereign cloud services, right?

118
00:07:32,520 --> 00:07:38,080
Using GCC versus GCC-HI and Microsoft, you have to pay close attention to who's accessing

119
00:07:38,080 --> 00:07:40,520
that data under service contracts, right?

120
00:07:40,520 --> 00:07:48,320
So dumping your data into a federate authorized cloud environment, it's not necessarily sufficient,

121
00:07:48,320 --> 00:07:49,320
right?

122
00:07:49,320 --> 00:07:52,440
You have to follow the CUI rules, but you have to ensure that that company, if that

123
00:07:52,440 --> 00:07:57,200
data is also ITAR data, which a lot of defense data, especially in aerospace and defense

124
00:07:57,200 --> 00:07:58,200
manufacturing, right?

125
00:07:58,200 --> 00:07:59,200
Yeah.

126
00:07:59,200 --> 00:08:02,720
Typically, most of it's going to be ITAR.

127
00:08:02,720 --> 00:08:07,400
That the cloud service provider is ensuring not only that your federate authorized controls

128
00:08:07,400 --> 00:08:11,360
are implemented, but also that anyone who may access it, right?

129
00:08:11,360 --> 00:08:16,960
Or the sovereignty of that data itself resides within the US and is only accessed by US persons,

130
00:08:16,960 --> 00:08:17,960
right?

131
00:08:17,960 --> 00:08:20,320
So those are things that you want to consider, right?

132
00:08:20,320 --> 00:08:24,240
And again, companies tend to kind of view those things in silos.

133
00:08:24,240 --> 00:08:27,960
And I really encourage them to, if you have in-house counsel or an external counsel who

134
00:08:27,960 --> 00:08:32,280
specializes in international trade controls, that you engage with them when you're going

135
00:08:32,280 --> 00:08:34,280
through these CUI processes, right?

136
00:08:34,280 --> 00:08:37,840
Your self-assessments, DIPTAC assessments, CMC assessments, right?

137
00:08:37,840 --> 00:08:41,160
Policy design and how you scope your policies, right?

138
00:08:41,160 --> 00:08:44,400
Because a lot of companies will say, well, I'm going to apply your policies enterprise

139
00:08:44,400 --> 00:08:47,680
scale or I'm going to apply them at an enclave, a CUI enclave scale.

140
00:08:47,680 --> 00:08:50,320
Your policies need to account for all of your regulatory requirements.

141
00:08:50,320 --> 00:08:51,880
That could extend beyond ITAR as well.

142
00:08:51,880 --> 00:08:52,880
It could extend into privacy.

143
00:08:52,880 --> 00:08:57,520
You could have EAR data, dual-use commerce control data.

144
00:08:57,520 --> 00:09:01,640
And so those policies need to be appropriately scoped and include the appropriate requirements,

145
00:09:01,640 --> 00:09:02,640
right?

146
00:09:02,640 --> 00:09:05,480
And a lot of that's on how you screen individuals, right?

147
00:09:05,480 --> 00:09:08,640
How you screen your visitors.

148
00:09:08,640 --> 00:09:13,680
One issue we've run into is that companies will build their visitor management system

149
00:09:13,680 --> 00:09:18,000
around the ITAR requirements, which is like, hey, if they're a US person, I don't need

150
00:09:18,000 --> 00:09:19,000
to escort them.

151
00:09:19,000 --> 00:09:20,000
They can access the facility.

152
00:09:20,000 --> 00:09:23,840
But under CUI requirements, they need to be escorted at all times, right?

153
00:09:23,840 --> 00:09:30,160
So an ITAR program, typically companies will be, ITAR has been around since the 80s, right?

154
00:09:30,160 --> 00:09:33,240
And they'll have built an entire compliance program around the ITAR.

155
00:09:33,240 --> 00:09:34,600
So it's been there for a long time.

156
00:09:34,600 --> 00:09:40,600
And then when they get the CUI contract requirements, after all the DFAR saga was complete, then

157
00:09:40,600 --> 00:09:43,560
they're saying, well, we already have a visitor management program that addresses ITAR.

158
00:09:43,560 --> 00:09:44,560
So we're fine.

159
00:09:44,560 --> 00:09:49,400
Well, no, there are those nuanced differences between ITAR and CUI, which is really in the

160
00:09:49,400 --> 00:09:50,400
ITAR.

161
00:09:50,400 --> 00:09:53,560
Once you're a US person, they're like, State Department is kind of hands off about that,

162
00:09:53,560 --> 00:09:56,320
whereas the CUI requirements are not.

163
00:09:56,320 --> 00:10:00,320
So that's really some of the things to think about when you're dealing with data that's

164
00:10:00,320 --> 00:10:02,320
covered under both requirements, right?

165
00:10:02,320 --> 00:10:08,760
One, the beauty contract requirement, and the other is the ITAR regulation, right?

166
00:10:08,760 --> 00:10:11,080
And then establishing controls around end use.

167
00:10:11,080 --> 00:10:13,680
If you're an exporter of that technology, I think it's a little more nuanced than we'd

168
00:10:13,680 --> 00:10:14,680
want to discuss today.

169
00:10:14,680 --> 00:10:20,720
But those are some of the big ones that I see commonly with respect to test contractors.

170
00:10:20,720 --> 00:10:21,720
Yeah.

171
00:10:21,720 --> 00:10:23,320
And that's well said.

172
00:10:23,320 --> 00:10:27,080
And I think with that misconception side too, you nailed it.

173
00:10:27,080 --> 00:10:33,360
When you get into defense manufacturing, aerospace, the companies that have really put their emphasis

174
00:10:33,360 --> 00:10:39,320
either internally or with external resources on ITAR and export control data, they tend

175
00:10:39,320 --> 00:10:44,040
to do better for sure on when it comes to data protections and control information because

176
00:10:44,040 --> 00:10:49,000
they understand origin of data, where it's flowing, who's got access to it, who do I

177
00:10:49,000 --> 00:10:53,120
need to be authorizing and paying attention to, how we authorize, et cetera.

178
00:10:53,120 --> 00:11:01,400
So the unfortunate side, obviously for most of the defense industrial base when CUI and

179
00:11:01,400 --> 00:11:05,480
ITAR and different regulations are coming around is they do tend to have a lack of internal

180
00:11:05,480 --> 00:11:06,480
resources.

181
00:11:06,480 --> 00:11:09,080
And if they do have it, it's a smaller team.

182
00:11:09,080 --> 00:11:14,620
So obviously highly recommended that external resources like yourself that are experts and

183
00:11:14,620 --> 00:11:16,840
stuff is to engage with that.

184
00:11:16,840 --> 00:11:21,040
And that kind of rolls into kind of my other question I wanted to ask you is we can kind

185
00:11:21,040 --> 00:11:28,240
of wrap up with this is if someone wanted to learn one thing from you like today, like

186
00:11:28,240 --> 00:11:33,600
short term, maybe it's been off the radar, maybe it's been something that just hasn't

187
00:11:33,600 --> 00:11:37,200
been because of lack of resources, something that they've been able to grasp.

188
00:11:37,200 --> 00:11:42,960
If they hear one thing from you today on what they can do right now in the short term to

189
00:11:42,960 --> 00:11:48,480
help them get down a path where this is going to end well for them, what would that be from

190
00:11:48,480 --> 00:11:49,480
Alex's standpoint?

191
00:11:49,480 --> 00:11:52,480
Yeah, I think know where your data is.

192
00:11:52,480 --> 00:11:55,920
That sounds always cliche.

193
00:11:55,920 --> 00:12:00,120
And you can leverage these programs to work together to do that.

194
00:12:00,120 --> 00:12:08,280
So if you look at the guidance from the DOD, that's the 5230-24, which is the distribution

195
00:12:08,280 --> 00:12:13,520
statement markings, that's a document that's been revised year in, year out since ITAR

196
00:12:13,520 --> 00:12:16,240
and DOD contracts were around.

197
00:12:16,240 --> 00:12:20,720
And so if you go back to the first document from 1984, if you look at the first type of

198
00:12:20,720 --> 00:12:24,720
sensitive data that the DOD is talking about, it is really they're talking about export

199
00:12:24,720 --> 00:12:25,720
control data.

200
00:12:25,720 --> 00:12:29,200
Like they're saying we're really worried about ITAR data.

201
00:12:29,200 --> 00:12:32,960
And so a lot of that data is going to be similar.

202
00:12:32,960 --> 00:12:34,880
It's going to be technical documents.

203
00:12:34,880 --> 00:12:39,280
So understanding that, what they mean, if you look at control technical information,

204
00:12:39,280 --> 00:12:47,320
that type of CUI that constitutes covered defense information in DFAR 712, that's application

205
00:12:47,320 --> 00:12:48,800
and military and space technology.

206
00:12:48,800 --> 00:12:50,880
That's the ITAR definition.

207
00:12:50,880 --> 00:12:59,120
So what I would say is one way to kind of to not have this be a problematic issue is

208
00:12:59,120 --> 00:13:00,120
you can start to look at it.

209
00:13:00,120 --> 00:13:04,320
You have like a robust ITAR program and typically people have one because they've been doing

210
00:13:04,320 --> 00:13:05,320
it for a long time.

211
00:13:05,320 --> 00:13:08,880
You have a training program and you have an identification and marking program.

212
00:13:08,880 --> 00:13:12,520
If you can start using that and associating those, like if you have ITAR category 11,

213
00:13:12,520 --> 00:13:18,120
you're a satellite, just like that.

214
00:13:18,120 --> 00:13:23,440
And you know that you have space contracts with Space Force DOD, right, identifying your

215
00:13:23,440 --> 00:13:26,480
ITAR and then finding out which programs are associated with it.

216
00:13:26,480 --> 00:13:27,480
Right.

217
00:13:27,480 --> 00:13:29,840
So is that a government defense program?

218
00:13:29,840 --> 00:13:33,680
You can start to leverage your ITAR program, which a lot of companies have to your point

219
00:13:33,680 --> 00:13:36,600
in better form than they do their CUI programs.

220
00:13:36,600 --> 00:13:40,200
And so they can start to use that to help identify where their CUI is.

221
00:13:40,200 --> 00:13:41,200
Right.

222
00:13:41,200 --> 00:13:44,600
And getting it marked and controlled and then looking at those policies and saying, okay,

223
00:13:44,600 --> 00:13:48,800
well, do we have enough governance in place to kind of effectively control this data to

224
00:13:48,800 --> 00:13:49,800
both standards?

225
00:13:49,800 --> 00:13:53,200
And typically you're going to end up taking the higher watermark standard, right, which

226
00:13:53,200 --> 00:13:56,360
is validated encryption, your CUI standards.

227
00:13:56,360 --> 00:14:00,800
But never neglecting some of those nuanced ITAR requirements.

228
00:14:00,800 --> 00:14:06,160
So I would encourage trade controls, international trade controls experts to get in and read

229
00:14:06,160 --> 00:14:10,480
DFAR 7012, to get in and read the special publication 8171.

230
00:14:10,480 --> 00:14:16,560
And I would equally encourage cybersecurity experts who are focused on CUI and CMMC to

231
00:14:16,560 --> 00:14:20,880
go and read the ITAR and watch the webinars and read some articles on that and really

232
00:14:20,880 --> 00:14:26,320
start to understand how you can be a resource to your broader governance of enterprise data

233
00:14:26,320 --> 00:14:29,280
and find ways to commonly solve these problems.

234
00:14:29,280 --> 00:14:32,560
Because while they're different, they're the same in a lot of ways, which is really that

235
00:14:32,560 --> 00:14:35,840
control of technical data.

236
00:14:35,840 --> 00:14:36,840
Yeah.

237
00:14:36,840 --> 00:14:37,840
That's great.

238
00:14:37,840 --> 00:14:43,320
Obviously, we could sit here and talk about this for a week if we wanted to.

239
00:14:43,320 --> 00:14:45,280
And hopefully people would listen.

240
00:14:45,280 --> 00:14:48,760
You're again, you're a great resource for this topic.

241
00:14:48,760 --> 00:14:52,520
This is not one of those topics you want to be wrong on.

242
00:14:52,520 --> 00:14:57,600
You can put a lot of focus on half of the conversation today on, let's say, CUI, CMMC,

243
00:14:57,600 --> 00:15:02,720
and the 171 and in with on the ITAR stuff down the road without even realizing it.

244
00:15:02,720 --> 00:15:04,600
So very, very important topic.

245
00:15:04,600 --> 00:15:07,840
Thank you, Alex, who is the senior managing director at Incura.

246
00:15:07,840 --> 00:15:10,080
I didn't even mention that at the beginning.

247
00:15:10,080 --> 00:15:12,080
So thanks for joining.

248
00:15:12,080 --> 00:15:16,880
Where can people find more information from you if they want to reach out and look at

249
00:15:16,880 --> 00:15:18,440
using you as a reference here?

250
00:15:18,440 --> 00:15:19,440
Yeah.

251
00:15:19,440 --> 00:15:23,160
I think you said already my LinkedIn is probably the place where that gets consolidated from

252
00:15:23,160 --> 00:15:24,160
all the different avenues.

253
00:15:24,160 --> 00:15:27,920
I'll publish our practice thought leadership there.

254
00:15:27,920 --> 00:15:33,280
I post there frequently on matters of national security, specifically ITAR to CUI, and also

255
00:15:33,280 --> 00:15:35,280
artificial intelligence and trade controls.

256
00:15:35,280 --> 00:15:40,640
So if those areas are interesting to your listeners, I think coming to my LinkedIn,

257
00:15:40,640 --> 00:15:41,640
you can always message me there.

258
00:15:41,640 --> 00:15:42,640
I respond quickly.

259
00:15:42,640 --> 00:15:45,640
So I think that's probably the best place to find me.

260
00:15:45,640 --> 00:15:46,640
Perfect.

261
00:15:46,640 --> 00:15:47,640
Well, perfect.

262
00:15:47,640 --> 00:15:48,640
Well, thank you, sir.

263
00:15:48,640 --> 00:15:52,480
I'm looking forward to next time we have you on because we'll probably want to tackle some

264
00:15:52,480 --> 00:15:55,360
of the stuff you just said in a little bit more detail.

265
00:15:55,360 --> 00:15:57,040
And thank you so much.

266
00:15:57,040 --> 00:16:01,740
And if anybody has any other questions or topics you want to submit, please subscribe

267
00:16:01,740 --> 00:16:03,080
to the podcast.

268
00:16:03,080 --> 00:16:08,880
Check out quicktrack.com for any information from the QuickTrack side and happy to connect

269
00:16:08,880 --> 00:16:11,100
you to whatever resources we can.

270
00:16:11,100 --> 00:16:14,840
But again, thank you, Alex, and we'll talk to you next time.

271
00:16:14,840 --> 00:16:18,320
Thank you.

272
00:16:18,320 --> 00:16:22,920
Thank you for listening to this episode and make sure to subscribe to the Quick 10 podcast

273
00:16:22,920 --> 00:16:27,800
wherever you get your podcasts and check us out on YouTube as well.

274
00:16:27,800 --> 00:16:34,600
For more information about QuickTrack, visit our website at www.quicktrack.com.

275
00:16:34,600 --> 00:16:48,800
It's C-U-I-C-K-T-R-A-C dot com.