1
00:00:00,000 --> 00:00:07,040
Welcome to the Quick 10 Podcast brought to you by Quick Track, focusing on all things

2
00:00:07,040 --> 00:00:12,920
FedCon and cyber defense from different perspectives and different personalities, all in 10-ish

3
00:00:12,920 --> 00:00:13,920
minutes.

4
00:00:13,920 --> 00:00:21,920
Here's your host, Derek White.

5
00:00:21,920 --> 00:00:22,920
All right.

6
00:00:22,920 --> 00:00:27,720
Welcome back everyone to another episode of the Quick 10 Podcast.

7
00:00:27,720 --> 00:00:33,480
As always, if you're listening on your favorite podcast platform, make sure to like or subscribe.

8
00:00:33,480 --> 00:00:37,880
And if you're watching over on YouTube, please do the same so you don't miss out on any of

9
00:00:37,880 --> 00:00:41,040
the new episodes as they come out.

10
00:00:41,040 --> 00:00:46,360
Today, my special guest is Mark Berman, CEO of Future Feed.

11
00:00:46,360 --> 00:00:49,320
Mark, thank you for joining.

12
00:00:49,320 --> 00:00:51,480
Very happy to be here and thanks for inviting me.

13
00:00:51,480 --> 00:00:52,480
You bet.

14
00:00:52,480 --> 00:00:53,480
You bet.

15
00:00:53,480 --> 00:00:58,720
Today, we're going to get into talking about governance risk and compliance, also known

16
00:00:58,720 --> 00:00:59,720
as GRC.

17
00:00:59,720 --> 00:01:01,320
So we're going to say GRC a lot.

18
00:01:01,320 --> 00:01:02,320
So that's what it stands for.

19
00:01:02,320 --> 00:01:07,600
If that's a new term to you, and there are many terms to understand in the world of federal

20
00:01:07,600 --> 00:01:08,600
government.

21
00:01:08,600 --> 00:01:11,580
So if that's a new term to you, look that up, Google that.

22
00:01:11,580 --> 00:01:15,560
But today we're going to talk about what GRC means to you and what to do.

23
00:01:15,560 --> 00:01:21,240
So the first thing I think that would really be helpful, Mark, is can you give the listeners

24
00:01:21,240 --> 00:01:27,840
and our watchers a checklist of what a GRC tool should do for them?

25
00:01:27,840 --> 00:01:28,840
Sure.

26
00:01:28,840 --> 00:01:31,080
I'm happy to do so.

27
00:01:31,080 --> 00:01:36,040
So what a GRC tool needs to do and rather than a checklist, we'll just kind of talk

28
00:01:36,040 --> 00:01:37,960
the picture a little bit.

29
00:01:37,960 --> 00:01:44,540
But what it really needs to do is take all of the minutia that we have to track in order

30
00:01:44,540 --> 00:01:51,680
to be assessed by a complete stranger who's going to walk into our business or really

31
00:01:51,680 --> 00:01:55,440
a team of them, because it's usually two to five people, who will come in in a two week

32
00:01:55,440 --> 00:01:56,440
period.

33
00:01:56,440 --> 00:01:58,440
They maybe have never heard of your company.

34
00:01:58,440 --> 00:02:02,400
They don't know whether you make hydraulics or you make computers or you do services.

35
00:02:02,400 --> 00:02:05,200
They have to understand how you're using IT.

36
00:02:05,200 --> 00:02:10,200
And then they have to understand everything about your IT to know if it's secure or not

37
00:02:10,200 --> 00:02:11,200
secure.

38
00:02:11,200 --> 00:02:13,640
That's a lot of detail.

39
00:02:13,640 --> 00:02:18,760
And not only do they have to understand it, but then they have to look for proof that

40
00:02:18,760 --> 00:02:21,000
you follow your policies and procedures.

41
00:02:21,000 --> 00:02:25,160
So in order to find proof that you follow your policies and procedures, they're probably

42
00:02:25,160 --> 00:02:28,920
going to need to read them or at least read some of them.

43
00:02:28,920 --> 00:02:34,960
So what you're looking for with governance with GRC or GRC tool is a place where you

44
00:02:34,960 --> 00:02:37,200
can take all of that detail.

45
00:02:37,200 --> 00:02:40,080
And this really comes down to three lists, Derek.

46
00:02:40,080 --> 00:02:44,640
There's a list of the people that you have and the roles that they perform for your company,

47
00:02:44,640 --> 00:02:45,640
right?

48
00:02:45,640 --> 00:02:46,640
Every company.

49
00:02:46,640 --> 00:02:48,480
We don't just have people, we have people of jobs.

50
00:02:48,480 --> 00:02:50,600
So we have the people and their roles.

51
00:02:50,600 --> 00:02:53,640
We have the tools and services that make up the IT.

52
00:02:53,640 --> 00:02:57,200
So when I say tools, it's not just the tools that are installed on your computer because

53
00:02:57,200 --> 00:02:58,920
it's 2024.

54
00:02:58,920 --> 00:03:03,280
Last time I checked, we're using the internet an awful lot.

55
00:03:03,280 --> 00:03:06,040
So a lot of our data may not be anywhere on our network.

56
00:03:06,040 --> 00:03:08,020
It could be out there in the world.

57
00:03:08,020 --> 00:03:12,040
So we have our people who are using tools and services.

58
00:03:12,040 --> 00:03:13,160
And what do our documents do?

59
00:03:13,160 --> 00:03:17,720
They tell the people what the rules, boundaries and limitations, if you like, sees them or

60
00:03:17,720 --> 00:03:18,720
are.

61
00:03:18,720 --> 00:03:19,720
That's what he says all the time.

62
00:03:19,720 --> 00:03:23,800
What are the rules, boundaries and limitations for using our tools and services?

63
00:03:23,800 --> 00:03:27,000
And exactly what are the instructions as to how to use them?

64
00:03:27,000 --> 00:03:33,480
So what we need with the GRC tool is a place where we can take all of that data and organize

65
00:03:33,480 --> 00:03:39,080
it in a way that complete strangers in a very short period of time can consume it, evaluate

66
00:03:39,080 --> 00:03:45,120
it and give you hopefully a score of 110 and let you keep doing business with the government.

67
00:03:45,120 --> 00:03:46,120
Yeah.

68
00:03:46,120 --> 00:03:52,520
And that's thank you for clarifying that there's, you know, GRC governance, risk and compliance

69
00:03:52,520 --> 00:03:59,240
is a huge aspect of the word compliance to a lot of people, right?

70
00:03:59,240 --> 00:04:02,280
They hear that, but they don't really understand exactly what that means.

71
00:04:02,280 --> 00:04:05,240
And it depends on the framework, it depends on what you're applying that to.

72
00:04:05,240 --> 00:04:11,220
But when it comes specific to the CMMC world and the day is coming where you're right,

73
00:04:11,220 --> 00:04:15,720
it is a scary thing to think about no matter what kind of third party assessment you're

74
00:04:15,720 --> 00:04:21,320
going through, whether it's OSHA or anything related to things that you're required to

75
00:04:21,320 --> 00:04:22,320
do.

76
00:04:22,320 --> 00:04:23,640
Organization is a huge thing.

77
00:04:23,640 --> 00:04:29,960
I think a lot of people jumped into evidence collection, you know, trying to self assess

78
00:04:29,960 --> 00:04:34,520
and throw stuff somewhere and the first thing that you heard feedback from third party assessments

79
00:04:34,520 --> 00:04:38,120
on that stuff is where is it and who answered it, who is responsible for it.

80
00:04:38,120 --> 00:04:41,800
And you're right, having that organization is very, very key.

81
00:04:41,800 --> 00:04:46,920
What also is important is I think you hit on too, is the assessments are essentially

82
00:04:46,920 --> 00:04:52,840
moment in time, but the expectation and requesting to expectation, the requirement is that you

83
00:04:52,840 --> 00:04:53,960
keep it there.

84
00:04:53,960 --> 00:04:59,680
And if you're thinking that, hey, got it done, I'll pay attention to this down the road.

85
00:04:59,680 --> 00:05:03,040
That's, that's where I think a lot of people are going to fall short is that they have

86
00:05:03,040 --> 00:05:04,480
the right to ask you at any time.

87
00:05:04,480 --> 00:05:12,880
So some of the hidden benefits then, if we want to get into that topic on, you know,

88
00:05:12,880 --> 00:05:18,400
the hidden benefits of compliance, kind of, you know, going beyond just the assessment,

89
00:05:18,400 --> 00:05:22,480
talk a little bit about that if you can on on what that means and how a tool like, you

90
00:05:22,480 --> 00:05:26,360
know, what Future Feed does, for example, can be something you can't just put your fingers

91
00:05:26,360 --> 00:05:28,120
on what those benefits look like.

92
00:05:28,120 --> 00:05:29,800
I'd love to address that.

93
00:05:29,800 --> 00:05:34,440
So my background was not actually doing this kind of work.

94
00:05:34,440 --> 00:05:39,120
For 20 plus years, I ran a chocolate factory.

95
00:05:39,120 --> 00:05:45,760
And one of the things that I learned about quality is that when you deliver quality consistency,

96
00:05:45,760 --> 00:05:51,920
consistently, you deliver profits to the ownership of the company.

97
00:05:51,920 --> 00:05:57,560
And so quality is driven by by doing things in a repeatable way.

98
00:05:57,560 --> 00:06:00,400
What is what is compliance really about?

99
00:06:00,400 --> 00:06:02,120
You have to have a list of controls.

100
00:06:02,120 --> 00:06:08,880
In the case of CMMC or NIST 800 171, you have 110 controls and 320 objectives.

101
00:06:08,880 --> 00:06:14,600
So for each one of those objectives, basically have to write down somewhere how you do that.

102
00:06:14,600 --> 00:06:16,880
And then the proof is in the pudding.

103
00:06:16,880 --> 00:06:21,440
So the proof is, do you have some evidence that you're repeatedly doing those things

104
00:06:21,440 --> 00:06:23,320
that you've written down?

105
00:06:23,320 --> 00:06:29,000
Well, those in another world, we don't really use the term SOP, standard operating procedure,

106
00:06:29,000 --> 00:06:30,960
very often in the compliance world.

107
00:06:30,960 --> 00:06:32,400
But really, that's what we're doing.

108
00:06:32,400 --> 00:06:37,000
We're saying when we do backups, we're going to follow this checklist of how to do a backup.

109
00:06:37,000 --> 00:06:40,800
When we review a change, we're not going to review the change randomly.

110
00:06:40,800 --> 00:06:44,040
We're not going to ad hoc have a different change management meeting every single time

111
00:06:44,040 --> 00:06:45,560
we look at a change.

112
00:06:45,560 --> 00:06:48,740
We're going to look at what are the security implications?

113
00:06:48,740 --> 00:06:51,000
How are they going to help our company move forward?

114
00:06:51,000 --> 00:06:52,520
We're going to evaluate the change.

115
00:06:52,520 --> 00:06:54,080
We're going to then send it to approval.

116
00:06:54,080 --> 00:06:56,200
Somebody is going to approve so that we have good communication.

117
00:06:56,200 --> 00:06:58,580
We're following these steps in the process.

118
00:06:58,580 --> 00:07:00,480
That's a standard operating procedure.

119
00:07:00,480 --> 00:07:06,040
When a company follows standard operating procedures, if you're a candy manufacturer,

120
00:07:06,040 --> 00:07:10,860
your candies come out with the same taste and experience for every single customer.

121
00:07:10,860 --> 00:07:16,480
If you're a car manufacturer or a tank manufacturer or something that you're doing for the government,

122
00:07:16,480 --> 00:07:20,800
some product that you build, you're going to have doors that close with the same gap

123
00:07:20,800 --> 00:07:21,800
every time.

124
00:07:21,800 --> 00:07:27,660
There are engines that run that have a reduced tolerance because even when you hire somebody

125
00:07:27,660 --> 00:07:30,960
on the first day, you're going to whip out this standard procedure.

126
00:07:30,960 --> 00:07:33,200
It could be an IT procedure.

127
00:07:33,200 --> 00:07:35,240
They're going to follow those steps.

128
00:07:35,240 --> 00:07:38,120
With compliance, they're going to sign off and you're going to keep a record that they

129
00:07:38,120 --> 00:07:39,200
followed the steps.

130
00:07:39,200 --> 00:07:44,240
When you do that consistently across your business, an interesting thing happens.

131
00:07:44,240 --> 00:07:46,320
The culture of the business changes.

132
00:07:46,320 --> 00:07:49,640
People then start to pay attention to process.

133
00:07:49,640 --> 00:07:53,280
When you pay attention to process, you pay attention to quality.

134
00:07:53,280 --> 00:07:56,760
Quality means repeat customers even if the government is your customer.

135
00:07:56,760 --> 00:08:01,760
You become the go-to contractor and you deliver profits.

136
00:08:01,760 --> 00:08:07,560
As the Willy Wonka of GRC, then you're saying the single point of failure could be a huge

137
00:08:07,560 --> 00:08:08,560
problem.

138
00:08:08,560 --> 00:08:09,560
No.

139
00:08:09,560 --> 00:08:10,920
There's free marketing things.

140
00:08:10,920 --> 00:08:14,720
If you haven't done that yet, then maybe the next time you're on, you should be dressed

141
00:08:14,720 --> 00:08:15,720
as Willy Wonka.

142
00:08:15,720 --> 00:08:16,720
It'd be great.

143
00:08:16,720 --> 00:08:17,720
We can do that.

144
00:08:17,720 --> 00:08:21,680
I think my Willy Wonka hat has been retired.

145
00:08:21,680 --> 00:08:22,680
Shoot.

146
00:08:22,680 --> 00:08:26,080
I could say I could think of some people that could be your Oompa Loompas.

147
00:08:26,080 --> 00:08:28,640
It'd be great.

148
00:08:28,640 --> 00:08:34,560
On that, I think the single point of failure quotation, that's one of the things that we

149
00:08:34,560 --> 00:08:41,520
see too and across this supply chain is a lot of small to medium size, most oftentimes

150
00:08:41,520 --> 00:08:46,560
disadvantaged when it comes to experience on cybersecurity and technology and stuff.

151
00:08:46,560 --> 00:08:49,640
We see a lot of that when you get into the future feed side of things.

152
00:08:49,640 --> 00:08:53,040
You get into the tools like you're talking about that responsibility, accountability,

153
00:08:53,040 --> 00:08:56,160
the racy side of who and what and where.

154
00:08:56,160 --> 00:09:00,160
There's a lot of times where the finger gets pointed back to the same person.

155
00:09:00,160 --> 00:09:01,160
That's Mark's job.

156
00:09:01,160 --> 00:09:02,160
Absolutely.

157
00:09:02,160 --> 00:09:04,600
What happens if Mark doesn't want to work here anymore?

158
00:09:04,600 --> 00:09:06,600
Mark wins the lottery, he takes off.

159
00:09:06,600 --> 00:09:08,200
What happens to your program?

160
00:09:08,200 --> 00:09:12,040
You can't have everything change just because there's a new person in the role.

161
00:09:12,040 --> 00:09:16,520
An important part of the GRC tool is it has to match the process that you're going to

162
00:09:16,520 --> 00:09:18,680
go through for the assessment.

163
00:09:18,680 --> 00:09:21,520
We understand that the whole process, I just spoke to the fact that that's going to help

164
00:09:21,520 --> 00:09:27,240
quality and profitability, but how's the tool going to take that process of actually going

165
00:09:27,240 --> 00:09:30,280
through an assessment and make it efficient?

166
00:09:30,280 --> 00:09:33,080
The process is actually three components.

167
00:09:33,080 --> 00:09:35,840
It's interviewing your people.

168
00:09:35,840 --> 00:09:43,400
It's examining the documents that you provide for them that tell the people what to do.

169
00:09:43,400 --> 00:09:46,320
It's testing your systems.

170
00:09:46,320 --> 00:09:51,840
What we try to do in our product and hopefully other GRC tools do the same is for the interview

171
00:09:51,840 --> 00:09:56,680
part, for everything that they're going to look at, we happen to use the racy model.

172
00:09:56,680 --> 00:10:00,440
We're basically identifying a person in charge of that thing.

173
00:10:00,440 --> 00:10:04,720
Your assessor isn't wandering throughout your company saying, who do I talk to about this?

174
00:10:04,720 --> 00:10:06,080
Who do I talk to about that?

175
00:10:06,080 --> 00:10:09,960
If they randomly pick people, they're likely to get very helpful people who will give the

176
00:10:09,960 --> 00:10:12,720
wrong answers because it's not their area of expertise.

177
00:10:12,720 --> 00:10:16,280
We want to identify who to talk to for each thing.

178
00:10:16,280 --> 00:10:21,040
Because they're an assessor, they're not just a tourist, they're going to ask the same questions

179
00:10:21,040 --> 00:10:26,200
to the person in charge as they're going to ask to one of the people responsible for doing

180
00:10:26,200 --> 00:10:27,200
the work.

181
00:10:27,200 --> 00:10:30,460
Hopefully, the answers are going to match.

182
00:10:30,460 --> 00:10:34,640
If they don't match, they're going to dive deeper and you may get a finding.

183
00:10:34,640 --> 00:10:38,840
That's one of their tricks is just ask the same question to two different people, the

184
00:10:38,840 --> 00:10:43,100
one in charge and the one that does the work, and then compare that to the policy and see

185
00:10:43,100 --> 00:10:44,200
if it matches.

186
00:10:44,200 --> 00:10:49,600
The second thing that they will often do is look at your documents and then they want

187
00:10:49,600 --> 00:10:52,560
to see if your documents all match up with each other.

188
00:10:52,560 --> 00:10:57,160
If you have a policy that says that you do something every 30 days and then you have

189
00:10:57,160 --> 00:11:02,120
records of doing a procedure every three months, there's a finding.

190
00:11:02,120 --> 00:11:08,680
The requirement may have been to do it every six months, but you chose to make a document

191
00:11:08,680 --> 00:11:15,280
that said every 30 days and your records are showing every 60 days and the real requirement

192
00:11:15,280 --> 00:11:17,360
is every six months.

193
00:11:17,360 --> 00:11:21,880
The difference between what you do and what you say you're going to do is a finding regardless

194
00:11:21,880 --> 00:11:26,200
of whether what you do is actually over and above what's needed.

195
00:11:26,200 --> 00:11:33,200
You don't want to overly create your policies that direct your team to do something in a

196
00:11:33,200 --> 00:11:37,520
way that you can't actually sustain and support because that's going to create a problem with

197
00:11:37,520 --> 00:11:38,520
your assessment.

198
00:11:38,520 --> 00:11:44,640
So your tool should be able to capture all these documents to inspect for the assessor,

199
00:11:44,640 --> 00:11:48,560
but also the tasks or some evidence that you're actually doing those things.

200
00:11:48,560 --> 00:11:52,200
And certainly we try to do that in our product.

201
00:11:52,200 --> 00:11:55,600
The last part, the testing, is a little bit harder to capture in a GRC tool.

202
00:11:55,600 --> 00:11:57,280
It's a little bit more random.

203
00:11:57,280 --> 00:11:59,200
This is where the assessor is going to come in.

204
00:11:59,200 --> 00:12:03,280
They will not go in and log into your system and just explore it.

205
00:12:03,280 --> 00:12:05,280
In fact, they're not allowed to.

206
00:12:05,280 --> 00:12:10,920
But what they will do is stand over your shoulder and ask you to bring up an Active Directory

207
00:12:10,920 --> 00:12:14,120
report, bring up this report or that report.

208
00:12:14,120 --> 00:12:19,080
And then they will watch to make sure that whatever you're representing on the interview

209
00:12:19,080 --> 00:12:23,240
and examine actually has some reality in your systems.

210
00:12:23,240 --> 00:12:26,240
And for that part, you're pretty much going to just have to be there.

211
00:12:26,240 --> 00:12:28,840
What you do need is a list of your systems.

212
00:12:28,840 --> 00:12:33,800
And I think one of the great aspects of CMMC is they have you categorize all your tools

213
00:12:33,800 --> 00:12:35,080
and services.

214
00:12:35,080 --> 00:12:40,120
Which ones are CUI assets that store, process or transmit CUI?

215
00:12:40,120 --> 00:12:42,760
They're going to focus really hard on those.

216
00:12:42,760 --> 00:12:47,440
Then they're going to focus on the ones that protect those CUI assets.

217
00:12:47,440 --> 00:12:49,400
They're called security protection assets.

218
00:12:49,400 --> 00:12:54,600
And then there are a couple more categories of assets where you're basically saying, okay,

219
00:12:54,600 --> 00:12:59,600
this could be relevant, but it's not normally in the process of doing CUI or it's completely

220
00:12:59,600 --> 00:13:00,680
out of scope.

221
00:13:00,680 --> 00:13:06,000
So actually when you make a list of your stuff and you say, here's 10 things that are relevant

222
00:13:06,000 --> 00:13:10,760
to the assessment and here's 40 things that are not relevant, you're finding focus and

223
00:13:10,760 --> 00:13:12,360
you're going to go through that assessment more quickly.

224
00:13:12,360 --> 00:13:17,280
So you want to make sure your tool, if you're using a tool to organize all this information,

225
00:13:17,280 --> 00:13:21,800
imagine if all this information was just like randomly in SharePoint or in Excel, it'd be

226
00:13:21,800 --> 00:13:24,180
very hard to maintain and support.

227
00:13:24,180 --> 00:13:27,960
That's why we have tools to help with the problem.

228
00:13:27,960 --> 00:13:34,560
Well, that's well said and to kind of wrap this up then the golden ticket to the Wonka

229
00:13:34,560 --> 00:13:39,760
factory is a really good tool that organizes and traces everything back to what you need

230
00:13:39,760 --> 00:13:40,760
to make things efficient.

231
00:13:40,760 --> 00:13:44,880
And I thank you for hitting on the efficiency side because that is, think about five years

232
00:13:44,880 --> 00:13:51,520
ago when CMMC was first coming from behind the curtain.

233
00:13:51,520 --> 00:13:55,040
I think the number one feedback on any sort of consulting engagement or any sort of third

234
00:13:55,040 --> 00:14:00,840
party view of was I can see a lot and it's all over the place, but this is going to take

235
00:14:00,840 --> 00:14:03,920
forever until we figure out how to organize this.

236
00:14:03,920 --> 00:14:07,560
And in fact, organize it and then we'll come back because otherwise we're going to end

237
00:14:07,560 --> 00:14:09,880
up spending three times as much time and that's money.

238
00:14:09,880 --> 00:14:11,200
Money in time is money.

239
00:14:11,200 --> 00:14:13,680
So well, that's good.

240
00:14:13,680 --> 00:14:17,040
Thank you, Mark, again for being my guest today.

241
00:14:17,040 --> 00:14:22,100
But more importantly, where can people learn more about Future Feed and how it helps on

242
00:14:22,100 --> 00:14:24,560
everything that you were talking about today?

243
00:14:24,560 --> 00:14:28,280
It looks like it's right under my picture on the screen, futurefeed.co.

244
00:14:28,280 --> 00:14:30,560
You can check it out.

245
00:14:30,560 --> 00:14:33,720
QuickTrack is a fantastic partner of Future Feed.

246
00:14:33,720 --> 00:14:37,800
They can give you some implementation answers like how hard is it to do?

247
00:14:37,800 --> 00:14:38,800
How long does it take?

248
00:14:38,800 --> 00:14:41,120
All of those things and they'll help you walk through it.

249
00:14:41,120 --> 00:14:46,600
It is a lot of information, but at the end of the day, having all this information that

250
00:14:46,600 --> 00:14:50,720
you gather up about your network and about your people, just having the information isn't

251
00:14:50,720 --> 00:14:51,720
enough.

252
00:14:51,720 --> 00:14:55,840
So make sure that whatever your process is, you have a tool so that you can quickly and

253
00:14:55,840 --> 00:14:58,960
easily find that information and make it useful.

254
00:14:58,960 --> 00:15:03,800
And whether it's Future Feed or another tool, what you're really looking for is a place

255
00:15:03,800 --> 00:15:07,840
where you can quickly access the information because there's so much of it.

256
00:15:07,840 --> 00:15:11,360
I'm going to leave you with one last thing.

257
00:15:11,360 --> 00:15:14,560
All this information that you gather, which is really mostly summary form, this is your

258
00:15:14,560 --> 00:15:16,160
system security plan.

259
00:15:16,160 --> 00:15:18,520
This is the keys to your castle.

260
00:15:18,520 --> 00:15:24,040
Make sure that if you're putting all that data, you're putting into something that you're

261
00:15:24,040 --> 00:15:27,880
putting into something that you feel good about the security of.

262
00:15:27,880 --> 00:15:31,080
We use the AWS government cloud.

263
00:15:31,080 --> 00:15:33,640
So it's the Gov cloud.

264
00:15:33,640 --> 00:15:39,040
We are kind of almost at the end of our journey to be FedRAMP moderate equivalent.

265
00:15:39,040 --> 00:15:43,280
Make sure whatever product, no matter how wonderful it is, if it's insecure, you're

266
00:15:43,280 --> 00:15:49,480
really allowing the bad guys to come in and not just steal information from you, but steal

267
00:15:49,480 --> 00:15:53,280
the plan on how to get, where is all your information, how to get there and all that.

268
00:15:53,280 --> 00:16:00,320
So make sure that you're considering the security of your platform as you are looking at various

269
00:16:00,320 --> 00:16:01,720
products in the marketplace.

270
00:16:01,720 --> 00:16:06,360
Well, there's probably an everlasting Gobstopper reference to make there somewhere, but we'll

271
00:16:06,360 --> 00:16:07,680
save that for next time.

272
00:16:07,680 --> 00:16:08,760
Well, thank you, Mark.

273
00:16:08,760 --> 00:16:13,200
This is going to be a good episode for people to reference for quite a while still.

274
00:16:13,200 --> 00:16:17,200
We still have plenty of things to learn from how these assessments are going to go.

275
00:16:17,200 --> 00:16:19,240
So thank you for joining today.

276
00:16:19,240 --> 00:16:20,600
That's going to wrap our episode.

277
00:16:20,600 --> 00:16:25,160
And as a reminder, as always, make sure to pop that subscribe button on your podcast

278
00:16:25,160 --> 00:16:26,640
platform that you're listening on.

279
00:16:26,640 --> 00:16:30,380
And if you're on YouTube watching over there, you can hit the subscribe button and that

280
00:16:30,380 --> 00:16:34,240
fancy little bell too, if you want to get the notifications when new episodes come out

281
00:16:34,240 --> 00:16:35,520
in the future.

282
00:16:35,520 --> 00:16:36,520
So again, thank you, Mark.

283
00:16:36,520 --> 00:16:38,720
And thanks for everyone for listening and watching.

284
00:16:38,720 --> 00:17:03,320
But we will catch you next time.