Modern Cyber with Jeremy Snyder - Episode

Stuart Seymour of VirginMedia O2

In this episode of Modern Cyber, Jeremy sits down with Stuart Seymour of VirginMedia O2 for an in-person chat about crisis management. Recorded live at Infosecurity Europe 2024, Stuart joins us fresh from a panel discussion on the Keynote stage about 'Responding to the Unimaginable'.

Stuart Seymour of VirginMedia O2

Podcast Transcript

Jeremy Snyder  0:09  
Awesome. Welcome to another episode of the modern cyber podcast brought to you by Firetail. I'm your host, Jeremy, I am really excited to be coming to I think for only the fourth or fifth time live and in person with a guest. We're coming to you today from info security, Europe 2024. And I am delighted to be joined by Stuart Seymour, who's Chief Information Security Officer and Chief Security Officer of Virgin Media. Oh to Stuart, thank you for taking time out of your schedule to join us

Stuart Seymour  0:32  
Not at all. Jeremy, thank you so much for having me. I'm delighted.

Jeremy Snyder  0:37  
Awesome, awesome. Well, we'rehere at the event. I know you just I think literally minutes before coming into recording, which again, appreciate it just finished up a panel discussion around a very important topic. And that is crisis management in cybersecurity today. So maybe just give us a summary of kind of what the discussion threads were and some of the high points. Yeah,

Stuart Seymour  0:55  
no, of course, Jeremy. So the discussion topics were all about preparation. Okay, so how do you prepare? Yep. And exercising and I think the major thread there was to do with ensuring that people know, their roles know their jobs that they do, so that nobody goes off piste. And that, you know, things are kept orderly, there's a singular source of truth, single source of communication, and everybody knows what's going on. But and that is encompassed through exercising and preparation. The next was a discussion about, you know, you know, plans and how do you write your plans? And I think the salient point about writing a crisis management plan is understanding the business. Okay, understanding the materiality of certain events to the business. So you'll be familiar with the CIA triad, of course. Yeah. So for some companies, integrity is king, or queen. And, for example, a bank? Yep. Because the data that you have, can either and if you've got the wrong data, in my account, they might plus or minus me a couple of 1000 bucks. Yeah. So integrity for banks is key. For me. It's availability, okay. Because we have mobile telephony, we have broadband, we have television, in the UK, and our customers need to be connected.

Jeremy Snyder  2:22  
And you've probably got, you know, emergency responders and critical services that rely on rely on getting to. So availability is key. Make sense?

Stuart Seymour  2:29  
So so for us availability, is is key. And then there's confidentiality. And you're thinking about government entities and sensitive documentation? Yeah, have you? So in putting together a crisis management plan, the focus needs to be different, because, for example, a government entity might not reach a crisis threshold. If it has an availability incident, I say what we'll do if it has a confidentiality, I might not have reached a crisis threshold there. It isn't an availability issue. I might Yeah, but there's different companies, industries that rely on Yeah, aspects of the CIA triad. Makes sense. You need to know kind of where you are, what's material to your business? Yep. And then write the plan. But then be very cognizant that no plan survives contact. We've talked about our favourite philosopher who's Mike Tyson. Okay, who says everyone has a plan until they get punched in the face? And being flexible enough to be able to react? Yes. changing circumstances?

Jeremy Snyder  3:45  
Let me ask you a question about that in particular, right. Because, look, I prepared run books, I prepared Dr. Plans, I've executed Dr. Plans. Only in simulation, never actually in real life. I've never thankfully, not never had to go through that exercise. But one of the things I've always kind of wondered about is, you know, when you think about that flexibility, there's kind of a trade off that I see. And I'd be curious to get your feedback, because in a moment of crisis, you've got people acting under stress. Yes, you may have limited resources you may have, you know, crisis never comes at the opportune moment. Like, Monday, Friday afternoon. Exactly. Everybody's knocking off. Some people might have already been to the pub. Who knows? Right? Yeah. So there's an argument to be made that actually flexibility is bad in that situation, because what you need is a set of very prescriptive actions that can guide people through what could be a difficult decision making environment that's like men or no, you don't need to think right now. You need to act on this plan. Yeah.

Stuart Seymour  4:48  
And I think that's valid up to an extent. Okay. Um, my counter argument to that would be, I think, in all the crisis that I've dealt with the the start has be nowhere near the what the end was what we anticipated the end to be okay. And crises are dynamic in nature, and it is how you react to the crisis that might make it better or worse. Okay, so when you have a crisis, it's like a Hydra. The hydra starts off with one head. Yep. Which is the event? Yep. Yeah. But then depending on how you react, yeah, and what you say to the media advertently to another crisis or another Firestorm? Yeah. Just by what you see. Don't say yeah. And therefore, because there is that dynamism within a crisis, you need to have that element of flexibility. And the plan cannot be that rigid. Yeah. Because you give people a plan. And and if it says, don't do anything until you hear from me, or until you get EVP sign off to the system. Yeah. Then there's a couple of things that happen there, for example, empowerment, you know, people, people don't, you know, don't react and you know, a reaction at that time at that place might save the day, right? If they're, if the plan is very rigid, and says you cannot do that, then there might be issues with it. So yep, no, it's good to have a plan. And, and I get in things like disaster recovery, or when you more in, in BAU mode. Yep. Like, changes within it, or implementation of upgrades or patches, what have you, that needs to be a very logical sequence and a follows B follows D. So yeah, and advertently. Yeah, misstep. But certainly, in my experience, you know, a crisis takes some very unexpected twists and turns to one of the panellists today, she was describing the, you know, the major crisis that she's dealt with. We're we're, at one point descended into utter farce and pantomime that you just just couldn't make it off. What has just happened? Yeah. And that really resonated with me, because like I said, you that there's a dynamism and unpredictability that yeah, that you need to be able to gauge. Yeah.

Jeremy Snyder  7:22  
And I think that's a fair point. I mean, that's the biggest disaster I've ever dealt with in my career. The biggest sorry, the biggest it disaster, I dealt with a cyber disaster. That was another story. But the biggest it disaster to your point, almost everything kind of went wrong. It was a series of kinds of things, you know, there's a mail server that crash and the backup server that failed, and a tape that was I think magnetically compromises dating myself a little bit. And a robot that didn't swap out that defective tape for the next tape in the array and all kinds of right, so we lost three days of email for the entire corporation, which was a bit of a disaster, considering email was our only communication really, we did almost nothing over the phone, so I can kind of relate to what you're saying. So okay, so the importance of Runbooks, the personality, the importance of planning, the importance of kind of simulating those plans? Yes. How do you recommend people go about simulating those plans? I've seen, you know, I hear a lot of arguments for tabletop exercises, and we do them ourselves quarterly basis. I do wonder, though, from your experience and your perspective, is it enough? Or is that like a good starting point that you need?

Stuart Seymour  8:28  
I think that is a really good starting point. Okay. And I think that table tops, kind of people lose their way I think we were chatting. Earlier in the panel where, you know, you have some vendors, or some people that just make the crisis, just so difficult and extreme that, you know, you'll decide to go to the pub and just call it a day. Yes, you all do. And yeah, and I've actually sat in one of those in, in in one of my previous employments, where we had, you know, a big room and everyone in the corporation came came in and we had this vendor come in and, you know, go bad, then it got really bad. Then the date, then there was a hurricane that went through the data centre. And then that same hurricane came and rip through HQ. Five of us died, and then all of this and it gets to a point. I think my point is realism, right? You just so backed into a corner, you're like, Yeah, you know what the value of this has been drastically diminished. But in exercising and in Table topping, What is crucial is, for me is the understanding of people's roles and responsibilities. So if you think about a sports team, and if you think about football or soccer Yeah, you know, the defendant To know that they stay here, or they come up for corners, or they don't come up for foreigners, and everyone knows what their role is. Because, like I said, with the Hydra, lots of heads get grown or suddenly decide to, you know, to go off piste. Yeah, and it's very tempting because, you know, there's a sort of a hero, I suppose I want to be the one that solves it, or I want to be the one that as the CEO, or I want to be, and it's very hard to tell a senior leader to sit on your hands and trust the process. Yeah. So so the, the exercising is really good. But for me, what's even better is when you have an event, yeah, is that you really learn the lessons, and you have a culture of psychological safety, where you can say, you know, what went well? what didn't go so? Yeah. And why didn't it go so well? And yeah, and, and, you know, we're human. And humans make mistakes. And humans make more mistakes when they've been burning Midnight Oil getting one hour sleep in, you know, 70 to a right, and not eating and yeah, you know, so having the psychological safety to learn and said, Yeah, I think is really, really important as a key point.

Jeremy Snyder  11:20  
I mean, you know, I've spent most of my career in smaller organisations where I think we tend to have as small organisations, you have a bit less hierarchy, you tend to have a little bit more of that kind of psychological openness. The time that I have spent at larger companies, I've noticed more of an attitude of okay, something went wrong. Who's to blame? Yes, as opposed to what's to blame? Yes. And then, you know, to a point where I think maybe to the point you're kind of implying here is like, you as an organisation don't learn, if the people in there feel like what they need to do is defend themselves in their own actions, and they can't own up to a mistake that they might have made, that everybody else would actually learn from.

Stuart Seymour  12:03  
Yeah. So that I, it's absolutely, I think you summarised it very elegantly. I think that is, that is a sort of a root of the of the issue. And, and it's, in many respects, is quite sad. And it's quite disappointing. Actually, you've gone through this pain. And what a shame that you can't prevent someone else going through this pain. You know, institutionalised and this and it's, it's, it's, it's almost like, you know, if you're a father, yeah. And you have your son and you say, you know, you're coaching. Yeah, you know, your son through through something that a mistake that that you made, you do that openly in love, because you know, that your son will be better for it. And it's a shame that in some companies, you can't do that. Because that psychological safety is Yeah, because people have seen that when someone's brave enough to say, look, Yep, that was my mistake. And I'm owning and yeah, and they see them with a cardboard box. Yeah,

Jeremy Snyder  13:14  
this is interesting. I mean, I've got a friend who is a shall remain nameless. He's a VP at one of the largest cloud companies in the world. And he made a point to me years ago, when we were talking about a challenge that an organisation I was with at the time was going through. And the way he said it, to me was an organisation really, is its culture. Yes. And, you know, I think that is a point that is, you don't think about as much in cybersecurity, I think, because we tend to be so focused on the technology aspect of it, that we sometimes forget, we kind of de personify, or dehumanise. Yeah, that, you know, the technical nature of the of the domain space that we're working in. Yeah,

Stuart Seymour  13:57  
I think I think your friend is incredibly sage. And yeah, that is why some people and typically people that have been around the block a bit we're working certainly, even though even if the, you know, the offer is, is stratospheric. And I would I would not work for some people that I've worked with historically. Yeah, but for all the tea in China. Yeah. You know, you kind of carry your scars and but you only go so far because you have a calico the scars and I didn't have regrets having those scars. It was really unpleasant. Yeah, you know, dealing with that individual. However, I've learned a lot and I've learned what to be what not to be. Yeah. But at the end of the day, at this point in my career, you know, I choose not to work in a company that has that cult, right that has that mindset that Has that lack of empowerment protectionism? Yeah. And all those sorts of things which, which, you know, start putting more heads on the hydro, or what have you, because I think without that psychological safety, you then start getting things like, well, I know that the platform's on fire. And I know that the fire extinguisher is there. But I'm not going to get this fire extinguisher until my boss approves me to get that, that fire extinguisher. But then my boss has to then say, well, that's wrong. has legal had a look at pirates. Yeah, for sure. Yeah. And etc, etc. And a culture that that brands as opposed to just do the right thing, bring the fire extinguisher. And then if someone wants to send you a bill for 20 bucks for the fire extinguisher, I'll gladly pay it. At least Yeah, building things on down. Yeah.

Jeremy Snyder  15:57  
Want to come back to two things you said earlier, when we think about kind of tabletop exercises or planning, response plans, etc. You made a point that I think is very valid. And it's certainly something that I know for myself, you know, I think my videos about six months on the job. And we accidentally deleted 80% of our of the data in our CRM. Oops, yeah. Now, thankfully, we had a backup and we were able to restore and yeah, it was an annoying loss of four hours of my life or something like that. But I went through that learning exercise. You mentioned earlier that, you know, in crisis response, it's, you get a lot of exercise and experience from having gone through it a couple of times. And undoubtedly, the best Crisis Response Teams are the ones that have been through big blow ups or massive network outages, or, you know, when I don't know if this has ever happened, hopefully not. But when you know, every ot customer can't send a text for five minutes or something like that, like, you know, these types of big events, you learn so much from them their formative, you learn about yourself, you learn about the organisation, what stresses, et cetera. To that end, if you're thinking about putting together a plan, look at the roles and responsibilities. And you mentioned earlier that it's so key to figure out what everybody's role is in that response plan, etc. That does that impact or inform the way you think about assigning different people as like, okay, primary responder for, I don't know, network connectivity, is this secondary? Is that, how do you balance that out? Because then you also have this kind of secondary concern of, you know, I need coverage. I need the best people, but I can't have all the best people as the primary people and then just rely on those people being available. Because they might be on vacation, they might leave the organisation etc. Right.

Stuart Seymour  17:46  
So for me a really mature organisation that is that excels in crisis management. Yeah. It's kind of like an ice hockey team. Okay. And if you have if you watch an ice hockey match, yeah, see the first three and then let your frontline your backline? Yeah. And you see them swap in and out? Yeah. Yeah, it seems as the game doesn't stop. People don't come on today. Oh, it's and the second line, yep. knows all of their roles and responsibilities. And I think that's also really, really important. Because if you look at the final aspect of a crisis, which is, you know, people's welfare burnouts, yes. Yeah. You know, how many four minute miles or 50 kilos on your bike? Can you actually do? That was one of the questions that we dealt with as a panel and my thoughts on that. We actually are in control of some of that as security cybersecurity eaters. Because I can train and empower that second line. Yeah. And I can ensure that when that second line comes in, they have the experience, to know what to do, how to do it, how to move how not to move. Yeah, in a microcosm. Or at a much, much lower level, it's almost akin to when your boss goes on holiday, and says, I will not be turning on my phone. I will not be seeing I will not be turning on my emails. Because I know you got this. Yeah, yeah. And you also in turn, feel confident enough that you've got this, you know, you might make the best decision that you can at the time and yeah, it might not be the 100% Amazing decision, but it might be 80%. But yeah, you have that psychological safety again. Yeah. So I think if you sort of move it towards the the sort of the lateral latter aspects of the of the crisis and look at something which is supremely important, which is the people I think that Add ice hockey analogies. Yeah,

Jeremy Snyder  20:01  
it's a really good one. Yeah. And you know, and it kind of makes sense, right? You're, you're starting centre might be slightly better than your backup centre. But if they both know their roles, they both understand the task at hand, then yeah, you can get through that. I'm curious about one other aspect of kind of your views on on overall crisis management right now, because we're right now in a time when two things have happened to the broader cyber landscape, in particular to people like yourself. Number one is your now increasingly, I don't know if it's, it's been a thing over here in the UK as much. But in the US right now, there is statutory regulation around the timeline for reporting material events. And number two, is we're starting to see targeted legal action towards leaders, and in you know, of companies or organisations that have suffered massive breaches. I'm curious what the thinking is, from your perspective about either of those things, you know, either from your own perspective, or what you're hearing yours.

Stuart Seymour  21:00  
So it's interesting. So we we also in the UK have, you know, regulation and regulatory imperatives? And my, my thoughts are, that if there's regulation, it's because it's needed. Okay. And if there's regulation predominantly, it's because there have been, you know, significant, you know, corporate missteps and in the past, right, so, you had the Enron scandal. Yeah. And then there was regulation that followed, so and on could never, ever happen again. Yeah. And you're absolutely right, Sarbanes Oxley. And Sarbanes Oxley. Is there because there was clear evidence that there were significant companies that were fortune high. Yeah, like Enron. That said wrong. So, so that so that I, per se as a philosophy and with my team, embrace regulation, okay, where regulation is a force to regulate is have to start somewhere. Right? And they can, they can. And it's, it's a very different to conceive something, philosophically or conceive something in paper. Yep. And then conceive something in action. Yeah. And the, to the theory and the practice, sometimes, you know, don't align and, and, again, hearing from my peers, I believe that some of the reporting that you have to do is no later than, you

Unknown Speaker  22:49  
know, emulate Excel or something. Yeah.

Stuart Seymour  22:52  
And, of course, as you're putting out a fire, what you don't want, is a distraction of having to prepare a report. Of course, in preparing a report, it has to go through, you know, scrutiny and what you do. And it's one of these things that, you know, is is, but you can influence the regulator, and as an industry, you can go to the regulator and say, you know, if, and I'm plucking this out of thin air, if the regulatory requirement is that we meet you and your regulatory team, you know, every five days, at, you know, your location at this time, right? That's a made up example. Yeah, you can say to the regulator, do you know what I'm spending more time actually, meeting you briefing you right, about this issue, than actually fixing the issue that you really, really, really care about? Right,

Jeremy Snyder  23:51  
protecting the data, restoring trust, whatever that is.

Stuart Seymour  23:55  
My fee, so I think there is there is an opportunity, you know, as industries get together to work with regulators, yeah. To say, you know, when you said that, you need this in, you know, 12 hours, right?

Unknown Speaker  24:12  
Do you really need it? Yeah. Why

Stuart Seymour  24:15  
do you Yeah. Because, you know, what I'm going to be doing in the first 12 hours is is is actually

Jeremy Snyder  24:19  
going through logs. I mean, this Yeah, but

Stuart Seymour  24:23  
now you're forcing me to put this on the top of my agenda, which means that I don't get to manage the incident, which means that I might not be able to contain it as well as I can, which means that the incident then, yeah. Do you really need 70 to two? Yeah. Okay.

Jeremy Snyder  24:37  
So to your point, regulation, probably because it's needed. Is the regulation spot on as to where it needs to be? I

Stuart Seymour  24:45  
don't know yet. Maybe. Oh, okay. No, no. And that's something that gets tested and adjusted. And I think it's, it's incumbent on industry. So for, for me, the telecoms industry, to work alongside or regulate to say, I understand your intent. I understand why you have these requirements. Yeah. But let me give you my reality and learn. Let me test if you still need those. That exactly, as you say, makes it I think, in my career I've worked with, with UK regulators in the past who have been receptive to just say, well, we needed to start somewhere and we drew a line in the sand and Okay, over the line was too near the line in the sand was too late to the sea and move it further into shore. But I think fundamentally. And philosophically regulation, is there because there's been a systemic failure that corporations have been unable to address themselves. Yeah, Sarbanes Oxley. Case in

Jeremy Snyder  25:54  
point. And how do you think about the personal liability aspect of what's going on right now?

Stuart Seymour  25:59  
Um, that is such a such a tough, tough question. In the UK, we don't have that. Okay. But I have a number of friends that are that are either going through that or are incredibly concerned. I think if you're if you're experienced in in cybersecurity, you will know that if I paint you an incident, yep. I can either shine that incident in a really good light, or in a really negative light. Yeah. And the interpretation depends on the the lens that someone wants to quit on it. Yeah. And the point that they they might wish that they might wish to meet. And I think it's really tough. When when you make that person? Yeah, yeah. I really do. However, in the UK, yet, we don't.

Jeremy Snyder  27:12  
Yeah, look, and I think it's, I think it's generally good that you don't when the challenges and I've had this conversation with a couple of people who have come on the podcast and talking about this, either current or former chief information security officers. One of the challenges around information security as opposed to accounting, accounting kind of always has a right and wrong answer. Yeah, like numbers don't lie. They are what they are. And the formulas for generating, you know, what is line five on a balance sheet is a consistent formula for every company. Whereas to the point you raised at the beginning of the conversation, if you even just consider that initial CIA triangle, took three companies, and they're going to have a different answer for which is the most important point out of those three? Absolutely, that's going to inform their defences and their security posture and everything around me.

Stuart Seymour  28:02  
And you know, I detected this hostile party in my network. And I chose to kick them out immediately. Okay, one outcome, I detected this hostile party in my network. And I chose to let them stay in observe so that I can gather a bit of intelligence so that I can see, you know, what they may or may not be doing and like their emotions, so that further down the line when I know that, you know, they always go in the front door, turn left and left again, right, I can then put proactive do that long hallway. That's really the key priority. For the next time. Yeah, now. I pick them out straight away. I let them to observe them to them to find, you know, you can interpret those is, oh, my goodness, I kicked them out straight away. This person just does not know what they're doing. Oh, my God, this person is amazing. He was Yes. Hold on switch on Swift, quicker. And exactly the same thing. Oh, my goodness, this person is so experienced, because he knows and he knows. And he knows, sensitive yet. Let's

Unknown Speaker  29:09  
watch them. Let's figure out. Yeah. And

Stuart Seymour  29:11  
how could you let an attacker state that set the whole thing on fire? Did you take that omit you know, monumental risks, which one is right? Which one is wrong? And then you combine that quite rightly to say that not all companies are equal, and not all companies have, you know, the same imperatives and on the same drivers? Yeah. The CIA triad. One example? Yeah. Then it becomes, you know, contrary to accounting, it becomes a lot more nuanced and becomes qualitative as opposed to quantitative,

Jeremy Snyder  29:49  
right. And that's, that's the key point, right? Accounting and all that stuff is very much quantitative and security is art ative, and on the quantity side, I know one of the common frustrates Since what I hear is that, you know, this role of chief information security officer is still very new, kind of across the broader industry. And it's also not universal in the sense of like, is that a of a friend who likes to call it the big C? Little C? Yeah. Are you a chief information security officer with the seat on the board or in the boardroom and engage at that level? And by the way, gets to argue for an set budget? Or are you a little see who might report to a chief financial officer or report to a chief information officer or whatnot? Yeah. And you don't control your budget. And that very much limits potentially limits what you can do from a security perspective,

Jeremy Snyder  31:47  
This role of chief information security officer is still very new, kind of across the broader industry. And it's also not universal in the sense of like, is that a of a friend who likes to call it the big C? Little C? Yeah. Are you a chief information security officer with the seat on the board or in the boardroom and engage at that level? Who, by the way, gets to argue for an set budget? Or are you a little c who might report to a chief financial officer or report to a chief information officer or whatnot? Yeah. And you don't control your budget. And that very much limits potentially limits what you can do from a security perspective, or are you a big C in the first chapter and a little c in the second chapter? Right?

Stuart Seymour  32:49  
Yes. There's there's various Yeah, no, I think. I think that's, that's, that's a very, that's a very sage question to be thinking about. Yeah. Yeah.

Jeremy Snyder  33:02  
I want to wrap up Stuart with just a couple of questions. I mean, we're here at Infosecurity. Europe, this is arguably the largest cybersecurity conference in the UK. What have you seen this year? That's been interesting for you. So

Stuart Seymour  33:17  
for me, a lot of the shared experiences on the q&a panel were really super interesting. Yep. The talk on neurodiversity. I'm neurodiverse. I'm dyslexic. And that's a passion that I have. Yeah. For me, and the starting to talk about your diversity and, and it not being an it being more mainstream cyber security, and really harnessing the unique gifts that someone who is neurodiverse has, I think that was very, very good. And the more we talk about it, the more we will bring it to the fore. Yeah, but a nice to see all colleagues and friends are lovely to see that. Yep. And Lovely to meet with, you know, partners and vendors that provide services for us. And, and, you know, reestablish that, that that relationship, I think, you know, since COVID, a lot of interaction is now on, you know, teams or zoom. And, and I think the value of that human connection can't be underestimated.

Jeremy Snyder  34:26  
Yeah, I mean, especially, you know, the first half of the conversation we had today was about the importance of having open spaces for people to be able to be vulnerable and talking about the mistakes that they've made. And ultimately, cybersecurity is done by humans. Hello, I totally agree with you on the point of reestablishing connections, maintaining connections with you over time. Yeah, yeah, I always tell people, you know, I've worked in pure it, I've worked in kind of hybrid IT and cyber. I've worked purely in the cloud with very little connection to cybersecurity in that I've worked in cloud security. Cybersecurity is the space where I find the most kind of understanding that we're all actually kind of have the same mission. Yes, right, is to defend the integrity of the data, the security of the organisation that we're working for. And it's also kind of the industry where I see the most hugs happening, just on a regular basis, people greeting each other after assignments that are most unfussy.

Stuart Seymour  34:58  
Because if I tell you one of the things that I load on LinkedIn, is when you have some CISOs that are like, you know, hashtag data breach, hashtag ticket master, hashtag, you know, massive hack, and then we post something, yeah, kind of for clicks. And that tells me that those kinds of people have never really been in that pain. Yeah. And whenever I see, you know, a cyber breach, because of course the criminals what they want to do is add pressure and pressure and pressure and pressure right. So you pay the ransom. Yep. Or Daniels pressure to do this or that. So you you're aiding someone, you're aiding the hostile entities but with with true cybersecurity professionals who have been through that pain and who have had the shovels in the face, you know, sometimes it's really nice when when when someone just drops you a text and says, Hey, I saw the news a year okay. Yeah. Or can I help? Yeah. Or can I put my intel team on that because we're in the same you know, industry and what might happen to you could you know, your pocket on my to go you but yeah, they're coming potentially for our snakes. Yeah. And I think you know, those those people within the cybersecurity community that get it get it up and and are incredibly helpful and pathetic. Yeah, human. Yeah, human.

Jeremy Snyder  35:14  
I think that is a great point to wrap up today's conversation on sewer. Thank you so much for taking the time.

Stuart Seymour  35:18
Thanks for having me. Absolutely enjoyed it. Absolute pleasure.

Jeremy Snyder  35:20
Join us next time on another episode. 100 Cyber likes subscribe rate review share with friends all that good stuff you know what we're gonna say talk to you next time.

Discover all of your APIs today

If you can't see it, you can't secure it. Let FireTail find and inventory all of the APIs across your organization. Start a free trial now.