This HITT highlights key cybersecurity trends and actionable strategies for organizations facing challenges in this domain. It features insights from Telarus’ VP of cybersecurity and a team of certified professionals, including Samera Riaz, who brings a unique perspective as a former CISO. The discussion emphasizes the growing reliance on AI, the need for holistic security solutions, and the importance of user training to mitigate human error. As companies increasingly consider outsourcing cybersecurity, the role of CISOs is evolving to encompass broader responsibilities beyond IT. The video also addresses compliance issues and the necessity for continuous monitoring and risk management.
Transcript is auto-generated.
It is time for today’s high intensity tech training. Cybersecurity is our focus today and today’s presenters will uncover crucial cybersecurity trends including cybersecurity for AI, GRC, automated threat detection, and securing remote work environments. We’ll hear about the key factors shaping cybersecurity investments and provide actionable strategies to tackle today’s pressing challenges. You’ll leave here today knowing how to navigate this evolving landscape with confidence.
Look at this lineup. I couldn’t be happier to welcome back to the Teleris Tuesday call and hit training, Telarus VP of cybersecurity, Jason Stein, along with solution engineer, Trevor Burnside, and solution architects, Sumera Riaz, and Jason Kaufman. Hi, everybody. Glad to have you all here.
Hey, Doug. Thank you. Great job, Kobe. Great information.
We have so what I thought we’d do is a little bit of a fireside chat, a little different than what we’ve done in the past. We’ve definitely PowerPointed to death, given a lot of stats. What I wanted to do was really pick the brains of each of the engineers and architects that are focused on cyber and talk about what’s resonating this year so far so that you could get an idea of what to position to your clients from now until the end of the year and then how to position them. So, you know, what’s great about this incredible team is that, on the weekends, they’re bored because, first off, Jason Kaufman, literally is the most certified man in the entire industry, and he just spends his weekends getting certified.
Trevor decided to go he was bored on the weekends with, all the things that he has going on and decided to get his master’s degree in cybersecurity. And I think Samara, you know, not only serves on boards like Forbes, but she studies quantum computing. And, you know, they they all have too much time on their weekends, which is pretty impressive. So, Samara, let’s start with you.
We are chatting, and and I think this is your first hit call, which is exciting to have you on. So welcome to the team. I’m sure everyone’s gonna be very excited to start working with you.
She is out of the Dallas market, and so you’ll see Samara start to work on a lot of cybersecurity opportunities with you. She’s already heavily embedded in a bunch of opportunities. But, Samara, you one of the great things that I think you bring to the table is being a former CISO, you have a different perspective because you’ve actually been in the trenches rolling up your sleeves. We were just talking about how we were reading some articles, and there’s a bunch of things that have said that there’s gonna be huge uptick in people purchasing cybersecurity in q four and heading into q one of next year. Why is that? And what do you think that people are gonna be focused on? If you were a CISO right now in that role, what would you be focused on?
I would be focused on getting funding from my board, which, with all the spend and all the hype around q four of twenty twenty five, you know, there’s different bills being passed that there’s funding available for companies in certain industries to tap into that for security. So, obviously, from that trend and that all these articles that we’ve been seeing, people are gonna companies are gonna start buying more security, especially around AI, how to contain shadow AI, getting a solution that’s holistic. Because if you can’t see it, you can’t secure it. So Caesars are always looking for solutions that could give them a single pane of glass where they can see their entire digital environment right in front of them to see where what is most vulnerable, what needs to be patched, what could be the minor attack path into my environment today. So those are things that are within my peer groups, those are the conversations we’re having is how do we prepare for what’s coming next.
I love it. And, you know, to your point, eighty percent of organizations are looking to outsource some of their cybersecurity this year. So it makes a lot of sense, and you’re hearing it straight from a CISO. And we’ll come back to I have a couple of things I wanted to to ask.
Jason Kaufman, you know, so, obviously, this is the year of AI. It feels like the last two years a year of AI. Are we still getting a huge uptick in AI? What are customers asking you for advice for? What are people buying from Teleris most?
Yeah. A lot of it goes to exactly what Samara was saying. The visibility and knowing what users are using, what tools, what information are they putting in there. They wanna know the inherent risks that nonmalicious users are adding to the business by just trying to be more efficient with a lot of these AI tools.
You know, the architecture term of them that says, hey. You could boost your productivity three to five x and all that stuff. Everybody wants to do that. Nobody wants to write a three hundred word email anymore or a document.
They wanted to have something do it on their behalf with just a couple sentences really quick. So everybody is interested in using it, so the demand is there. So the the CTOs and CTOs that we are talking to or a lot of them I’m talking to are trying to figure out how do I get in front of that. And exactly what Samara was saying, the visibility and then the protecting of it, and also training the employees on how much risk they’re adding to the business and what they should and should not do.
So it leads to a lot of conversation on, hey. What is your AI strategy and road map? Do you need to follow the forty two o forty two thousand one framework? You know, how in-depth do you need to get in with this stuff?
And then what policies, procedures, and technical controls do you need to have in order to do this. But a lot of the times, it’s just either a strategy conversation and then and picking out individual milestones and figuring out, hey. Which controls are necessary for this individual component? Or a lot of those quick go to market strategies where we just throw a gateway in front of it and give them the visibility and protections by some SaaS based subscription tool that we have access to.
So a lot of different ways that we can navigate the conversation, but it’s the same thing of, hey. How do I get in front of this, and how do I protect the business so I’m not being held liable?
One of the interesting things that you just touched on was the fact that, you know, historically, we’ve helped smaller organizations that maybe had one to five on their IT staff, and they only had one person dabbling in security. But now you’re saying, everybody on this call, I think, is saying that we’re helping CSOs even more than ever. And, you know, CSOs need help. Right? You know, there it’s not just an IT director anymore. These CSOs are actually relying on Teleris, the TSDs, for that guidance. Is that correct?
Yeah. Because because their their, you know, other c level executives in those business are getting hounded to use AI. So it’s it’s like that, catch twenty two on they’re getting hounded from the business to utilize AI to make themselves more efficient, give competitive advantage, but then the CISO is responsible on protecting the business from AI. So it’s it’s that never that never ending offense and defense of the business just saying, hey.
We need to use something. Figure out how to use it figure out how to use it safely. And that’s not even all the malicious AI attacks that we’re that we’re seeing as well as part of that other conversation. So, yeah, it’s just that revolving door on, hey.
How do I stay in front of the business trying to implement AI, and how do I protect it?
Yeah. There’s a lot of gotchas with AI, which is interesting. So, typically, nontechnical people are saying, hey. We need AI for a lot of different reasons.
IT figured it out, and it’s it’s, you know, tough. So, Trevor, we just went to RSA, you know, a couple months ago, and, you know, what? There were forty thousand people there, six hundred and some boost. You know, was AI anywhere around?
Is AI going away? It’s a fad. Right? And then no. What’s the thing that stood out to you most while you were there?
Yeah. Yeah. The funny thing was, you know, driving around San Jose and and San Francisco, like, every billboard has AI. Like, you know, it’s it’s you can’t you can’t.
You’d have to be blind to miss it. Right? It it’s, like, just everywhere in your face. And especially at RSA, everybody’s booth, all the vendors, it’s all about how they’re adding AI or protecting AI or protecting you from AI. Right? It it that was the whole narrative. So some of that was a little bit of having to read between the lines and figure out, you know, what’s actually valuable, what’s, you know, proprietary, what’s innovative, what’s kind of jumping on, you know, the bandwagon with the me too.
So it’s a little bit of sifting through that and figuring out what’s actually gonna provide value to an organization because that’s obviously what we’re we’re trying to do, right, is understand where where suppliers position themselves and then what that means to the consumer and how, you know, how they should be using it.
So I love that.
So, Samara, I see, John asked a really good question. But, you know, we we had added this conversation a couple months ago. When you were in the CSO role, did you know that the TSD channel existed?
Yeah.
And, you know, if you knew now what you what you did back then, would you have leaned on on this side of the channel to help you? You know, you know because think about a lot of partners are sitting here saying, how do I, maybe as maybe not a technical person who maybe is newer to cybersecurity, still be a value to a CISO? Is is are you open to that kind of conversation as a CISO?
Definitely. Yes. I wish when I joined the channel about a year and a half ago, within four months after realizing what what I’m really doing, I I you know, in my mind, I’m like, where have you guys been my whole life? I could have leveraged the TAs, the TSEs for it would have made my life so much easier.
Because as a CSO and the c two guys sit in now too, you’re you know, we’re bombarded with great vendors wanting to showcase their products, which is great. But for a CISO, our whole practice is driving a security solutions, protecting our companies, protecting our employees. We don’t have a whole lot of time to research on what what solutions will be the best for us. There’s just no time because you’re firefighting every day.
So the the the wealth of knowledge and the value that TAs and TSDs bring to CSOs is unmatched. Like, if I I wish I knew somebody like Kaufman, like Burnside, when Jason and Trevor, when I was when I was a CISO. I mean, that would’ve I would’ve advanced in my career really quickly. I would’ve had world class solutions in place for my company.
We actually went through a ransomware event, and that wouldn’t have happened if I had the right TAs and the right, CSDs in place.
So I I love that perspective, and and we’ll get into more about funding and how you position that.
You know, Trevor, let’s talk about the user behaviors. You know, obviously, still ninety ish percent of all breaches are caused by humans. There’s a lot of bad actors going on. How do we utilize that? What are some of the products that you’re positioning to help with that user challenge that any organization has? And then if you’re talking to a supplier, what are the questions that you’re asking clients so they can ask clients to open up those doors in those conversations?
Yeah. It’s a good question. And I think from a user perspective, that, you know, we you know, when you talk about security and that defense in-depth, there’s a lot of ways you tackle it, obviously, from, you know, IAM practices or or identity management.
Lately, what’s been kind of rising or what we’ve been talking about a lot of zero trust remote access, replacing VPN, you know, because there’s been a lot of compromises with with VPNs lately. It’s been an attack vector that, you know, has been kind of highlighted recently. So, you know, transitioning from VPN to to Zero Trust where you’re actually doing that continuous monitoring of the the person of, not just their credentials, but how their, you know, their behavior, things like that.
And then also something that’s been on the rise really around users, but it’s it’s about how the organization works is, the data labeling and data classification as far as, If I’m a user and and I want to use AI within, you know, generative AI in a business application, and, potentially, the organization is allowing for that or even maybe even creating, like, a Copilot or a private instance to do that, how are we letting the users with their policies and the access maintaining, you know, the the normal policies through that generative AI, LLM, or large language model so that, you know, the right people have the access to the right stuff, they don’t have, you know, access to all HR data that maybe they shouldn’t. So it is a layered approach. Right? And then it really depends on what the outcome that the business is trying to do or the initiative that they’re working on, but it’s certainly been on the rise.
I love it. Jason Coffin, so we’ve been focused a lot this year on product versus solution selling. How many times does a partner bring you just a product specific, and then how many times does it expand into more holistic cybersecurity? And then how do you pivot that? And so for the partners on this call, are you comfortable with them just getting a point solution and then bringing you in? How how could they best benefit by asking a few more questions?
Yeah. No. It’s a it’s a great question. It’s always it’s probably probably part of every conversation that we have to where somebody already has some form of solution that they’ve already invested in.
So whether that’s, like, CrowdStrike on the endpoint, SentinelOne, or, hey. We started dipping into Microsoft, but we don’t know how to use it. But they’re generally bringing something to the table where it’s not a complete greenfield, you know, opportunity. So the the initial conversation is, hey.
You know, we wanna renew our CrowdStrike licensing. How do we do that? So it’s a conversation on, hey. We have multiple avenues from VARs that could just renew the licensing as it fits, your Falcon complete, and use their MDR package.
But, you know, have you what are you doing for your firewalls? What are you doing for your cloud resources? What are you doing for other things? Like, what are other pieces of business that CrowdStrike can’t physically see, and how are you monitoring that?
You’re not getting all the correlation and and threat vectors that are possible out there, and you’re not getting all that visibility that you that you really need to secure the environment. You’re only doing a piece of it. So it’s it’s half of a consult and half of trying to figure out, hey. What all what all else do they need to protect?
And that’s where their initial assessment on what they need is not gonna be, you know, fully reliable to them. So a lot of the conversation is just digging in and figuring out what other resources are they using, what users are where the users are accessing from, what are they accessing, and what is everything in between that we need to protect. So a lot of times, it’s just a misnomer on, hey. CrowdStrike or SentinelOne is gonna do everything for us.
So I I think a lot of the conversations are just expanding on that.
Okay. So let’s talk about GRC. Let’s have each of you take one of the letters. Let’s start, Jason Kaufman, with the g.
Governance. So what is governance? How does a partner position governance? Are we getting asked for it a lot?
And, yeah, I think I saw stat stat still that twelve percent of organizations are even following an AI governance or framework. Why is governance important, and are we getting asked for a decent amount?
We’re not specifically getting asked for it. Like, so we don’t get a request for, hey. I wanna work on my cybersecurity governance. It but it works into the conversation because it’s the the ever changing and ever updating and monitoring all the different pieces of your cybersecurity maturity. So it’s looking at the policies, procedures, the technical controls, but just continuously monitoring it to make sure that you’re govern you know, not to use the word and definition, but you’re governing everything continuously. And it’s not just a one point in time check that you can just do it and then forget about it.
So none of the none of the opportunities actually come in for governance, but they need a tool that’s gonna continuously monitor them. So that’s part of, like, vulnerability management. It’s part of policy procedures updating. It’s part of, you know, user awareness and training. It’s part of everything that goes into frameworks and compliance, but it’s just just an idea more of, you know, a culture of cybersecurity maturity. So that’s part of every conversation, but it’s never really truly asked.
Love it. So okay. So then let’s get into the r. Samara, risk. First off, you reported to the board.
Was risk important to the board? Is it being pushed down to the security team to the IT decision makers? Then we can talk about funding. How do you get funding for that cybersecurity conversation?
But when you think about risk, you know, were you trying to identify your risks and then put dollar amounts to the risks and then get the board to then fund those risks so that, you know, we prioritize what’s most detrimental? How important was risk to you as a CISO?
Very much. So for CISOs, we walk a tightrope with budget and risk in our hands.
So it’s you know, if you can picture that, that’s kinda our world. And risk is definitely one of the top.
Risk is what drives a company and limits a company. Right? So, getting funding for the risks that were prevalent.
Luckily, one of my boards that I, served on, they were they were tech savvy. They understood the risks. They were like, oh, yeah. We should we should give our funding for that.
Other boards, not so much. But either way, to your point, Jason, having a dollar amount associated with that risk seals a deal. If for any board board conversations that you are a part of today, if you have a dollar amount listed with whatever your risk is or your ask is, you will get funding for it. It’s because it’s it’s a numbers game, unfortunately, at that level.
I love it. And, you know, forty two percent of organizations are looking to outsource their risk or and put together cybersecurity committee to help advise the board. So there’s a lot of opportunity there that you probably heard me talk about. So, Trevor, let’s talk about the c.
I wanna talk about two aspects of compliance. First off, do we feel like compliance kinda took a backseat during, you know, COVID? Maybe we didn’t see compliance as prevalent. Maybe there weren’t fines.
And is it coming back? Is there more compliance in place?
And then let’s talk about CMMC. Why is it important? Why should customers be focused on? Who needs CMMC? You know, what are some of the the suppliers that they can leverage, and how do they position that conversation?
Yeah. I think I think to your point, there was kind of this relaxed feeling towards some compliance, you know, depending on the framework during COVID and coming out of it.
We know that this year, you know, from a HIPAA perspective, the policy have become more stringent. Actually, the controls, any policy or penalties have gone up per infraction as well. And and, we are hearing that, hey. They’re gonna start cracking down for per infraction.
So and you look at, you know, potentially how many infractions have you had. Is the cost of mitigation less than the infraction or the penalties than the the apps you know? The answer is usually certainly. So there’s there’s budget there to start shoring up some of that compliance.
When it comes to I think from a, you know, a trusted adviser perspective, the better we know compliance or what our customers are regulated by, the better we can speak to them about, the things that they are purchasing or what the what they’re thinking of. Because any regulated industry is governed by their compliance framework, and that’s what they’re working within at a very minimum, at least. And so understanding what the compliance that they’re governed by is gonna help us from a sales cycle, but also understand their mentality and where they need to allocate their budget on that regard.
As far as CMMC goes, so that’s the cybersecurity maturity model, certification. It’s from the government. It’s really based on you know, we’re gonna get, you know, into the weeds, but NIST eight hundred one seven one, the frame you know, security framework from a controls perspective. CMMC, though, is unique to the government working with federal DOD.
Anyone it’s a you can think of it as, like, a third party or third party vendor risk management strategy by the government of, hey. If you wanna work with the government, you have to meet a certain baseline of cybersecurity, and that is, unfortunately, NIST eight hundred one seven one, which is a hundred and ten security controls that you’d have to implement. So for small business that you know, working with government contractors, that’s a that can be a heavy burden. And, luckily, we do have vendors that can help with that from a consultation, gap assessments, all the way up to attest attestation with the c three PAO, which is required to to, you know, get CMMC level two.
So there’s a whole conversation that we can have about that. It’s very relevant right now. We are seeing government contracts from primes and subs requiring CMMC compliance currently or by the end of the year. So, you know, we we have CMMC discussions quite frequently right now.
Hey, Jason. Quick, do you mind me adding on that? One thing I’ve I’ve found highly successful in the CMMC conversations and and great great stuff, Trevor. That’s spot on is, the question of, hey.
How how much how many con how much of your contracts you would lose out on if you don’t get CMMC compliant? Because it’s not like, you know, on the other frameworks and compliances that people that customers are requiring to get the business. Now they’re being threatened to lose out on business that they already had. So I had a twenty five user company that had a twenty three million dollar government contract that they were gonna lose out on if they didn’t get CMMC compliant within a certain time frame.
So multiple avenues for depending on what that time frame is, less than less than ninety days all the way up to eighteen months is kinda like the typical c three PAO scheduling. So I just wanted to add in that tidbit add that ask that question. Anything CMMC is how much would you lose out on if you don’t get this compliance? Because that’s a media ROI that we can recognize.
I love all those. Thank you. Okay. So let’s talk about I’m gonna give you guys topics and have each of you tackle one.
If you were a partner and you can’t choose the same one. So sorry. We’ll let Trevor go first. Alright.
So if you were a partner today, what would you focus on for q three and q four when you’re talking to your customers? What’s an easy simple one? Are we talking email security? Are we talking passwordless identity and access management?
Are we talking help desk support? Are we talking physical security, or endpoint detection response, MDR? What would you focus on? Pick one.
And then what is it? How do you position it to a customer in a simple form?
I think, when you look at risk management as a practice, right, of, like, let’s identify our biggest assets to the organization as well as our you know, some of our biggest, you know, threat areas. Email and endpoint is always gonna be one of the biggest threat areas for any organization, especially ones that are like, oh, we’re all in the cloud. We don’t have any physical infrastructure. We don’t have firewalls. You know, we’re all, you know, in the cloud. We’re secure.
Well, everyone’s got workstations, and we’re all working remotely, and we all have email. And these are you know, if you look at how many, breaches occur from, email compromise or, you know, phishing attempts, things like that, it there’s no reason not to start with error and and make sure that clients are addressing email security and that they’re happy with it and it’s working for them. So, you know, just because you have something in place, are you actually looking and seeing you know, doing phishing tests? Are you looking to see what the trend is?
Are your are your people getting better? Are they staying the same? If they’re staying the same, that if you gotta put in a a practice to start increasing their their awareness and, ability to recognize some of these threats in their emails. So that that’s really relevant to everybody and where I’d start.
It’s super easy too. Hey. Thank you so much for trusting us with your voice and your data, your CX. A lot of customers also relied on us for their email security because it’s still the number one attack vector.
Ninety five percent of all breaches are still caused by humans, all that. Oh, great. Samira, alright. You don’t get to use email security.
What would you do as a partner? What’s the number one conversation you would have with security and IT decision makers? It’s easy. How would you do that?
Sure. So I know that this is we’re almost into q three, starting q four. Most companies are doing their p and l’s now, budgeting for twenty twenty six. Now is the time I’d start having conversations with CSO on a holistic view of their, security posture. So I would, what I would do is I would ask a CSO or a security director in a company, hey. Do you want an assessment of your MSSP and how well they’re doing today?
Most hundred percent of the time, your CSO is gonna say, oh, they’re crappy. I wish I had somebody else. Nobody’s ever happy with the MSSP they have. It’s a perfect in.
Right? So at that point, then you would say, well, great. We have people we have resources that can help you go like for like and make sure you get the biggest bang for your buck. Make sure all your endpoints are captured, your IoT devices.
Anything that’s connected on your network. Oh, and by the way, we can also do a network assessment for you to make sure it’s segmented properly. So you can you know, there’s so many ways to go with security. I always, like to say security is like a diamond.
It has so many facets to it, but it’s the one thing. Right? And it’s it’s beautiful. And so if you approach your CSOs and just ask, hey.
What solutions do you have in place today? And how can we optimize to make sure you get more for your money with all these great providers? I think that’s a win win conversation.
See, Trevor and Jason, you guys never mentioned diamonds. We needed Samira on the team to be able to and weave diamonds into a cybersecurity conversation. Okay. So I agree.
So assessments can be, you know, just a security assessment. It could be a gap assessment, where are your gaps, a vulnerability assessment, penetration testing. All of those are great ins. And a lot of times, somebody may say, oh, I already have somebody, but they need to rotate through.
Alright, Kaufman. You’re sitting there talking to a partner, and, you know, you wanna advise them as to what they should be talking to their customer about. What’s the number one thing that you get asked for the most? What’s the simplest thing that you would position from now until the end of the year?
The people. So the the customers and the users. So, really, you know, when you’re looking at the defense in-depth or the zero trust strategies, the most exterior perimeter is that layer eight, the the actual user themselves and protecting the user from themselves and also protecting the user from external threat actors.
Establishing the policies, the accountability, and all that stuff, so you’re looking at the administration controls. But we’re getting a lot of requests for insider threat management and how to effectively do that. So a lot of it is telemetry that’s already there from the MFSPs that are that are within the umbrella. But there are dedicated solutions now that people are are asking for. And it’s and it’s just that, you know, going back to the governance of identity, you know, making sure that people only have access to the things that they need to, that that least privilege principle, and continuously monitoring for conditional access Are they accessing it where they normally do, how they normally do? But then also do should they have this level of access continually to make sure that they have the the resources that they need to do their job and nothing else? So it’s establishing all those principles on that identity of that user and make sure that they are who they say they are.
That’s that’s probably the biggest one, and then also training those users. If somebody came to me and said, hey. I have minimal cybersecurity budget, but I wanna protect the business as much as possible, I start talking about user awareness training as the first dip in the toe because you’re talk you’re just first dip in the fan, dip in the water. I said dip in the toe.
That doesn’t make sense. But, taking, you know, taking that methodology and saying, hey. The cheapest thing I could do is two to three, sometimes five bucks per user depending on which, you know, which application you use, but training those users how can they safe you know, do decrease risk within the company and then auditing them continuously with phishing simulations, vishing, smishing, all those different ishing to make sure validating that they’re watching this stuff and that they are not falling for it. That’s probably one of the biggest, threat mitigation techniques that I’ve seen used pre previously, and it’s a big what is it?
Dip in the toe? Dip in the toe that somebody could use to, you know, up their cybersecurity game.
Love it. Not confusing at all. Okay. So let’s talk about I’m gonna do the last question. Let’s start with Samara, and then we’ll go around.
First off, you know, we have two schools of thought with with security decision makers. First one is, do they do it themselves? Do they do an internal SOC?
Are they worried about their people leaving? Are they worried about, you know, a threat getting through that they have no idea on? And then versus outsourcing. Obviously, eighty percent are outsourcing more.
Some have already outsourced to an MSP. So one, are we seeing people getting more comfortable outsourcing? And two, what if they already have somebody like an MSP? How do you have that conversation?
We’ll start with Samara. We’ll go around Kaufman and then Trevor.
Sure. I think outsourcing is the best way to go for at having been a CSO and a CIO, having managed internal teams, you’re the you’re limited. Right? You’re limited to what your people know.
And there’s so much out there that they don’t know, and they frankly don’t have time to research it. So having a good MSSP aligned with you where you can leverage that bench, have an extension of your team so that they can bring in all the expertise from global threats right into your SOC, that’s that’s just a brilliant model to go. Plus, it’s OpEx cost instead of human cost, license cost, so it’s also easier on the budget. And CFO smiles on OpEx as instead of hitting your profit margins.
So it’s, you know, it’s it’s a good that’s a good conversation to have.
As far as seeing the uptick in outsourcing, yes. More companies are outsourcing now. I think we’re getting away from the good, I wanna be in control of of the security because now CSOs are actually they can go to jail. They go before the s e SEC hearing.
You know, companies can go after them individually. We you know, they have to have personal liability insurance now along with cybersecurity insurance for the company.
There’s so many gotchas now for CSOs that outsourcing that is this is a smart thing to do.
I love that. So one, the the liability is is scary. Two, you know, if you hire people, all you’re getting is tech. You’re not getting software.
You’re getting a body. You know, you still need to go buy the but if you go to an MSSP, which is would be a supplier in our portfolio, you’re getting technology licensing services and a whole team of experts. Doug, I see you on, so that means we’re running out of time. What kind of questions do you have for us before we end?
We are getting close to the end here, but great presentation from all of you. I did wanna highlight Angela Heffner’s comment. She works in, Telera supplier management group, does a fantastic job, and just mentions that, you know, yearly pen tests have become a thing for a lot of companies now. And as we get closer to the end of the year, those calendars fill up and they’re harder to do. As you’ve emphasized, what a great resource that can be for starting this conversation, maybe time to get those on the books now?
Yeah. Absolutely. I think you definitely need to be looking at doing those either we have a lot of companies who ended their fiscal year in June and are moving into July with new budgets, and we have a lot of people that are gonna wind down their year. But a lot of them are quarterly, some of them are biannually. Usually, the second half of the year, they gotta set up a new assessment, new pen test, something along those lines.
Phenomenal presentation. We are out of time, but we’ll keep the chat window open. If you have additional questions for any of our panelists, feel free to put those in the window, and they’ll be around here for a few more minutes and can answer those for you. Thanks.
Jason Stein, Trevor Birdsides, Samira Riaz, and Jason Kaufman, dipping his dipping in the toe. Yeah. That we’re gonna have to work that into next week’s presentation somehow. Thanks, guys.
Excellent presentation.