Video: The Power of Tabletop Exercises in Improving Operations and Preparedness | Duration: 43s | Summary: Tabletop exercises are crucial for practice and preparedness, uncovering areas for improvement and enhancing operations.
Video: Enhancing Trust and Collaboration for Effective Disaster Recovery | Duration: 56s | Summary: Collaborative drills reveal gaps in recovery plans, creating a need for teamwork and alignment on objectives, building trust and confidence.
Video: Rethinking File Sharing: Layering Security for Effective Protection | Duration: 55s | Summary: The traditional approach to file sharing is no longer adequate, and additional layers of security must be implemented to protect against threats.
Video: Navigating the Cybersecurity Landscape: Optimizing Infrastructure for Effective Defense | Duration: 65s | Summary: At an inflection point in cybersecurity, optimizing infrastructure with our valuable teammates generates enormous value.
Video: Securing File Sharing Practices for Better Business Resiliency | Duration: 72s | Summary: Adoption of commercial products without considering implications and business needs results in sharing sensitive information inadvertently, highlighting the need for better security measures.
Video: The Need for Expertise in Compliance and Security Initiatives | Duration: 47s | Summary: To effectively manage security initiatives and ensure compliance, we need someone knowledgeable and capable of communicating with our leadership.
Video: Optimizing Infrastructure and Cybersecurity: A Collaborative Approach | Duration: 60s | Summary: Infrastructure and cybersecurity are at an inflection point, with crowded space and improved tools for protection and resilience. Optimization is key.
Video: Tactical Measures for Cybersecurity and Infrastructure in the Recovery Stage | Duration: 91s | Summary: Tactical measures for cyber and infrastructure teams to aid future recovery include side-by-side comparisons, ensuring recovery aligns with intentions and resources.
Video: 6 Word Title:
"Unlocking Security: Necessities, Discovery, and Encryption | Duration: 62s | Summary: are essential for ensuring the security and privacy of shared data in today's digital landscape.
Video: Navigating the Challenges of Insider Threats in a Collaborative Environment | Duration: 49s | Summary: The COVID shift and remote access have introduced new threat layers, requiring an open and collaborative environment while ensuring security.
Video: Optimizing Security Practices for Infrastructure Protection | Duration: 29s | Summary: Optimizing collaboration with infrastructure teams is essential as most of what security practitioners protect is owned and operated by others, generating value.
Video: Tactical Ways for Infra and Cyber Recovery | Duration: 77s | Summary: Accelerate recovery by integrating infrastructure and cybersecurity efforts, emphasizing proactive measures, and conducting regular side-by-side comparisons for efficient and cost-effective outcomes.
Video: Lessons Learned from Legacy Hardware and Data Backup for Efficient Recovery | Duration: 81s | Summary: Lessons learned from incidents emphasize the importance of evaluating backup strategies, data restoration efficiency, and infrastructure capabilities for successful recovery.
Video: The Increasing Threat Landscape and Client Concerns: Positioning for Security | Duration: 48s | Summary: The increasing number of cyber attacks on various organizations, including Target, has raised concerns about our clients' data security.
Video: From Silos to Synergy: Aligning Security and Infrastructure in a Unified Front | Duration: 3660s | Summary: From Silos to Synergy: Aligning Security and Infrastructure in a Unified Front
Transcript for "From Silos to Synergy: Aligning Security and Infrastructure in a Unified Front":
Excited for this session. We've got a few more minutes before we kick off live. But, yeah, thank you everyone who's joining us today. We're super excited. I will go ahead and kick it off in the chat, but I'm just gonna say once again, welcome and thank you. I'm hosting or moderating this session from silos to synergy, with my coworker, Benjamin Clark, and our product marketing team at Nasuni, as well as our fabulous speaker panel. I will let Ben introduce everyone in a moment. If you wanna take a second to jump in the chat, let us know where you're dialing in from. We'd love to see that. We love seeing all of our customers all over the world. Few quick housekeeping items, though, for the session today. Our speakers will be, you know, chatting and discussing different topics. We definitely encourage questions. So if you go to the q and a tab on the right side of your screen, ask questions. If you see someone else has asked a question that you're very curious about as well, upvote it. It's got that option. You're also able to obviously put anything in the chat as well. Hey. Thanks for for dialing in, Ben, from New Jersey. Anything else? Super super fun. We're really excited about this topic. I think it's a great way to kick off cybersecurity awareness month for October. And yeah. Alright. Well, Ben, I will hand it over to you. Should we give it one more minute? Let let some people come in. Yeah. Absolutely. I do see some people already, popping in, but, yeah, everyone, welcome, and, yeah, thank you. Alright. We'll kick it off in just a sec. Hello, John. Alright. I think we're okay. Let's do it. So, yeah, just to to kick it off and set the stage, Ben Clark, product marketing manager at Nasuni, and, you know, have a focus on security and ransomware protection. And we're not we're not really talking about Nasuni today, but, you know, as a overview, you know, we're a hybrid cloud infrastructure platform. You know, we focus on scalability, security, while remain while keeping edge performance. And security over the last few years has been a big topic for us. We've introduced a ransomware, product. And with that, you know, we've been talking to a lot of customers and dealing with different groups, and we're seeing that, throughout the industry, you know, with some companies, you know, maybe depending on size, the the infrastructure team owns the budget and responsibility for security and making decisions and maybe recovering from an attack. And some, you know, you have security teams and the CISO owns that. And some it's kind of a, you know, a blur and they somewhat work together and share these responsibilities. And, you know, in the market we're seeing, you know, maybe 2 groups that were not always greatly interconnected are are coming closer and closer together. And so we thought, you know, as we've experienced this in the market, and seeing this trend that we'd have a great panel to discuss this. And so before I pass it over to the panel just to introduce our panel, consisting of both sides of those those two teams. We have, Joanna Berkey, who has a long career in cybersecurity, self proclaimed recovering CISO with past roles as a CISO at HP, Siemens, and more. And joining her, David Newman, who who also had 39 years of experience in in cybersecurity, starting in the US Air Force and then leading to multiple, CISO roles, including Iheartmedia and Rackspace. And then from the from the opposing side, we have Steven Bell as a captain. In the other corner, Steven's one of our our great Nasuni customers and a longs long time infrastructure leader in the AEC industry, and he's he's currently VP and CIO of AEC firm, Leo a Daley. And so, you know, our panelists today, it's gonna be a conversation based. They have, you know, some topics to cover, but we're really just trying to have a great conversation about this topic in general. Definitely up in the right hand corner, ask questions. We'll be we'll be looking at the questions up there and, you know, trying to answer if not during the conversation at the end for some q and a time, but, I think that's it. And so, Joanna, I will pass it over to you to kick it off. Great. Thank you so much, Ben, and thank you, Nasuni. I'm excited to talk about this. We you know, there's webinars and panels all the time, but I have not seen much, if any, conversation about how the worlds of infra and cyber intersect these days. And how, number 1, how do we take best advantage of that fact? We can't avoid it, you know, with the way emerging technology and innovating technology is is hitting all of us no matter our function. But how do we use that to make a sum that's greater than the parts? So I'm really, really excited to talk about this, and I'm excited to be joined by Dave and Steven today. Somebody in the chat, John, has already noticed that I am surrounded by a large yarn collection behind me. I used to say if the cyber thing didn't work out, I was gonna open a wool store. And I guess now that I'm recovering, it's time to open that yarn store. But that'll be after today's webinar, we're gonna now dive into IT infrastructure and cybersecurity. So though I I I teed up a little bit of why I think we are discussing this today. But to start with, you know, and I'm not gonna tell y'all, I'm not one of those moderators who wants to go, Dave, answer. Steve, answer. Steve, answer. Dave, answer. But, you know, first couple of questions I really would like both of your points of view on. And the first thing I'd like to touch on is what's the state of the union today? What do y'all see in terms of how infrastructure and cybersecurity works together or not? So, you know, Dave, I'd love to kick it off with you. Sure. Thanks. And and thanks also to Nasuni for having us today. It's a great conversation. Thanks to you, Joanna and Steven, for letting me participate. With respect to, the state, and Joanna and I work together, full disclosure as as analysts, by the way. My personal belief is is that we're in an inflection point. You know, we've got this kinda incredibly busy and crowded space on cybersecurity side of technology vendors. We've got a lot of tools and capabilities out there, and, and and we've gotten better, at this, at this kind of protection and defense and resiliency business. And I don't want anybody to ignore that. I think where we continue to optimize and we have to is with our infrastructure teammates. The reality is is any any practitioner, security practitioner that's on the call today is is, like, 99% of what we, endeavor to protect, we don't own and we don't operate. It's somebody else's. It's the Stevens of the world, that that really bring that to bear. So so I think it's a necessity, and and it's it's generating enormous, value proposition. Quick byline, when I was, the CISO at Iheart, I kind of, through a weird twist of events, ended up in inheriting IT infrastructure, and operations. And we we exceeded all security expectations by doing good infrastructure and CIO work. And, I was really proud of what the team did there. A lot of that was really understanding the common outcomes that we were both focused on and having an open and transparent and very supportive, infrastructure. I I dare to say maybe it's like a marriage. Sometimes it's, it's a great day. Sometimes it's a difficult day. But at the end of the day, if you work together to, towards a common outcome, then you're you're there. Don't ask me about my marriage, though. I don't know that that's a good template for how we should do infrastructure and security. I don't know. I'm already liking the analogy, and I'm thinking about through my the last 10 years of my career. I I think it's a really good analogy. Steven, what what do you see today? What would you say state of the union is in these functions, where they touch, where they don't touch? I also wanna thank, yourself, Joanna, David, and, Nasuni. I will try to not talk about Nasuni, as Ben mentioned. But they have had a a role and impact in, what we've been able to deliver today. So, that might come up. Shameless plug. You can do it. It the the intro also made it seem a little bit like rocky. Like, I felt like I might be the underdog here. So hopefully hopefully, this won't be like a presidential debate where there's bias moderators and and favor one side. I'm backtracking. Dang it. But I mean, in all seriousness, there's we're kind of in an unprecedented point, and I certainly agree with with Dave that I'd say we've gotten better. You know, there's a there's a view of the world. I've I've only been in this role for 18 years, particularly in our industry, which is not very, regulation driven. You never looked at yourself as the as the victim or the target. And that's, you know, that was great for a while, but we're certainly not at that point today. It was interesting. Dave said you don't own, and then he pointed to me, and I immediately was thinking about the customers we serve. Because while we deliver services and product, we really don't own a lot of that that data and information that we are now being asked to and and often attest to protecting. So we have really had to take a a a not I won't say in a bailiff face, but certainly a real stern look at this integration of, cybersecurity and an overall security initiatives into our entire environment. And and, you know, that just gets more complicated when you realize how much stuff you have isn't in the Cloud. It gets more complicated when you look at the number of consumer based either products that like to get on your network that that our folks are coming in. They're they're great tools to enable our services, but you have to you put some controls around them. When you look at, you know, SaaS based solutions, a lot of which are, you know, coming to us from the AI category in space, how you have to shift and provision differently, as a CSO and then so and and then, you know, if you're not tying that into our, actually making it happen. So it's kinda like the idea people are the CSOs and the implementers of the the infrastructure side, more so than ever before. It kinda kinda feels like that flipped somewhere along the line when we started to move into that cloud space and and the the remote slash hybrid space. Mhmm. So, you know, only 18 years in this space, and what an 18 years. If we, you know, think about 06 to now, you've seen a lot. And, you know, longer than a lot of marriages. I I won't beat that analogy completely in the ground, but I do like it. And one reason that I actually really like this analogy is people always say, you know, in a good marriage, you're not 5050. You're not meeting in the middle. You're each 101100. Right? And you're gonna have days where you you go way further than the middle to to meet your partner on the other side. And I think that's a, oh, actually a really good illustration for this evolution we're seeing of functions coming together. So in those years, Steven, you know, you will have seen interesting evolution and probably seen more and different than a lot of people in the audience today. What are some of those evolutions you've seen? Ian, are there any you've seen that you'd actually tell our audience to be on the lookout for? Because they might be happening and and might not really be getting focused attention yet. And are you talking, evolutions of how we're protecting ourselves or more, again, focused on this interaction between these two roles? Probably a little of both. But, you know, really kinda what comes to your mind as saying, oh, wow. I've seen this, and I think other people need to be on the lookout for this as well. Okay. Well, I think about it from from really those two perspectives. The the sort of what's going at us and how we've, been dealing with it. And there's sort of this, splitting away from the the marriage metaphor for a moment. More to this, sort of undulation, or I think I used this this teeter totter, seesaw, analogy before. In in part, when we started to really take on a serious look at cybersecurity, we it was partly on personnel interest, career progression. We had someone that I could sort of develop into that role and excited about getting those certifications, that sort of thing. You know, simultaneously, we were starting to see, from the outside, luckily, some of these, attacks like, you know, Target got hit and, I won't go through them all. You you know the litany, of folks that were getting hit. And so things started to get really serious and you started to realize it wasn't you it wasn't just, banks. It wasn't just, you know, the government that was getting attacked. And so and then you had had to really think hard about the clients and what we deliver to our clients and and why people would want the type of information or or or even worse, why they would use you to get to someone else. And that those became real fears, and therefore, we had to to position for them. Admittedly, to have the idea to put into action and to see the threat, it was a lot more difficult to actually, you know, bring that mentality into the organization to get the rest of your group, much less your employees to realize that, you know, grabbing that USB stick and throwing it in that you got from a a vendor, no offense, Nasuni, but you got from some conference, or you picked it up off the ground, heaven forbid, that might not be something that you wanna plug into your computer. So, so sort of to play out this ebb and flow, this teeter totter, we kinda went to an individual because you're starting to see and having the position. They became an expert, which is great, but they needed legs. It was like, you know, given the head without the body. And, and then we so we tried that. Hey. The security person is gonna tell infrastructure what to do. That person left for for advancing their security role, which is great. But then that left us with the other decision, which is, okay, everyone should be security minded. And that's great, except for the fact that everyone at that time and 15 years ago, 10 years ago, they had a day job. Right? A sysadmin wants to do sysadmin work. Hadn't really been had that mindset of layering in security as part of the role. And and I think then then, you know, that played out for several years, but then you realize how much is not happening. And then you also realize, is this I could talk a lot about the COVID shift, and the remote access and the challenges that presented. You can talk about the the cloud, shift. You could talk about the virtual space and that shift. All of those started to present this sort of new and dynamic threat, layer in insider threat becoming a real situation to consider. Layer in, we're a very, con consultant heavy and partner heavy industry. So we need to have an open collaborative environment, but yet, you seems like every time you open the door, you know, some bad actor wants to slide in. So so we had to sorta elevate teeter back and say, okay. We need someone who's running the show here. We need someone who understands some of the compliance that's being asked out there, some of these higher level security initiatives that's gonna drive the conversation and be knowledgeable. I actually had to jump in on my own within some of that space, in part to make sure that our top level leadership had a clue, and that could be communicated, in a way that they would understand very succinctly, very precisely. And also in part because it's really hard to direct a team, especially a combined team, without having your feet on the ground, at least get in your hand in both areas. Mhmm. So so we have definitely shifted back to this, space where you have someone leading the effort, but, it is actually a really good marriage right now for our our infrastructure lead, which I guess I ultimately hold, but I have have a team of folks that really do the work, are complementing each other. It's not so much a hand off as much as it's a dance. You bring up a really interesting point. And I think, you know, we've all seen that teeter totter over the years. And especially things like an incident or a almost incident can really all of a sudden go, oh, gosh. And all of a sudden you get a tilt on that that Peter totter. You bring up something that I think is super important to infrastructure teams and to CIOs, which is, you know, you have assist admins sitting there doing their job all day long, and all of a sudden someone comes around one day and says, you need to keep doing your job, but do it in a secure fashion. Alright. Good luck. See you later. Peace out. Right? So that importance of how are we giving the CIO's organization the tools they need to do their job in a secure way, I think is is one of the super interesting evolutions that that you touched on there. And I would say that's kind of been a bit of a sneaky one, you know, being coming from the CISO side, all these, you know, these 30 years I spent in the career, we tell people how we want them to do their job, but we're not so great at enabling them to actually do it the way we need. And oftentimes, they're they're saying they're going, where am I on this teeter totter? Right? So that actually kinda takes us I I wanted to not go too long into this chat before we get tactical. You know, as interesting as it is to for the 3 of us to pontificate together, I think panels that don't have tactical takeaways are probably not the greatest use of info, so let's get tactical. And, you know, Steven, you you were just talking about how we find our place on that teeter totter. I instead of talking you know, I'm gonna start somewhere weird. I'm gonna start with recovery here. Normally, when we talk about tactical ways for infra and cyber to work together, we're gonna start with, oh, how do you do business as usual? Or how do we work together before an incident? I wanna start on the other side. Because I think at least in what I've seen, it is post breach or post almost breach or, you know, oh my gosh. We've got business continuity impact for some reason where people go, oh, wow. I sure wish, you know, we had done x, y, and zed different all these past months. Right? You all of a sudden get 2020 hindsight. So, Dave, starting with you, you know, we know all all three of us know that recovery is one of the hardest and longest things. And you get worlds colliding between security and resiliency. So from what you've seen in your career, what are a couple of tactical things you would say infra and cyber can be doing today to help their future selves in that recovery stage? I think I won't I won't call it easy, but an effective and low cost way is is, you know, the side by side comparison of what, what recovery is, how you do it, and, and and how do you achieve it. And does it actually match what you hope it does or you intended to do? So let me give you an example. When I led security for a global supply chain for a Fortune 50 company, they, we had a we had a partner who had an incident. It was a multibillion dollar third party relationship. It was a Log 4 j, exploit, happened in 11 minutes. So he got through the incident, he got through that, got to the recovery piece. And what we discovered was is this vendor had a lot of legacy backup equipment. No fiber attached doors, still stuff on tape. The bigger thing on that and so that way in its own in its own was really you know, they were never gonna be able to, meet their estimated time or recovery or the recovery objective time. Like, not gonna do it, right, with the legacy hardware. The other thing that was became a realization was they had been backing stuff up for almost 15 years. Why? Right? And so there was this enormous amount of data that needed to be restored in order to get to that recovery operation. The preponderance, of course, which was not, data that they needed to get the business running again. That simple drill, like and now now that was a recovery from an incident and then extended their recovery from probably weeks to months. And, but, you know, lesson learned from that, which I think is an important part of recovery is is what I call the hot wash is wait a minute. How do we back our stuff up? What's the state of or you talked about the state of the, the environment. What's the state of our environment? Can we can can what we set as objectives be met by our infrastructure? What kind of data are we backing up? Are there efficiency? So if you can do these drills collaboratively, against your, your recovery plans and objectives, you'll discover where you perhaps have a lot of gaps. And what comes out of that is the necessity to work together, because if you look at those things and you're aligned on those things, that's better for the 2 teams, it's better for the objective, and it's better for the business. And if you're able to articulate that in the same way, align to the same outcomes, I think you earn a lot of trust and confidence along the way of the q the consumers or customers that Steve and I have both alluded to in your environment. You don't own these things, but to be able to do that. And by the way, you don't even need to own a lot of these capability, but you could facilitate the discussion, and you should facilitate the discussion. Because recovery, business resiliency, availability, those are all in our mantra. Right? All of us. So, so I think it's a it's a good starting place tactically, Joanna, to do that. And I I'd be willing to bet for the 1,000 that are connected today, if you went out there and you took that opportunity to just sit down a cup of coffee around a table for an hour, you would discover and learn a lot. Yep. Wow. I'm thinking about 15 years of Nas's. I mean, just alone. Wow. Yeah. Yeah. Golly molly. So okay. I heard I heard some good takeaways in there. I one that really jumped out to me, and I like the way you put it, Dave, was define what recovery is together. That's a super interesting point, I think, because I I would bet. And and, Steven, I'd love your thoughts on this. If you ask the party accountable for cyber what recovery looks like and you ask the party accountable for infra what recovery looks like, I think you're gonna hear that full spectrum of confidentiality to availability. Right? And there's definitely a little bit of a different filter going on there. So, you know, Steve, do you have any additional best practices or ideas that are really centered around what can we do now to ensure good recovery then? And, boy, when Dave was talking, I I was just thinking practice, you know, the the sports analogy. No one steps out on the field. And as a professional athlete, you have whatever countless hours. You know, 10000 hours, I think, is the rule to become a master in in whatever it is. And, well, we just don't practice enough. This is one of those things that has has come to this point that we are taking it into consideration. We're taking cybersecurity very, very seriously, and we are, and we are aligning resources to accomplish that. But how often do we practice? And, you know, it kinda goes to that tabletop exercise. The and, David, you gave it a a different name, but it's this just how often do you mentally think through it? Visualization is another really powerful exercise to accomplishing goals. Right? So, I wish I could say we practiced more, but we probably don't practice nearly enough. And I so that that's actually taking us into a great area, which is one formalized way of practice is tabletop exercises. Right? I think, you know, I would say maybe still in some environments, they might get more lip service than they do actual practice. But but we know it's single handedly one of the best things that groups can do to to not only be ready and to recover quicker, but actually to make their operations better. Because, you know, I think even though the idea of a tabletop is to build a muscle and to be ready, in my experience, it almost always uncovers something that you can change today that that makes operations or or practices better. Right? So, Steven, you mentioned the team sport. Dave, I know you've got a military background. You already came up with one great analogy, which is is marriage. Give us a military analogy on table tops in practice. Yeah. I'll I'll I'll expand on that a little bit. The so one of the things that I did in the air force is served on the inspector general. So I was, part of an inspection team that would go out and evaluate the operational readiness of war fighting units. And, you could think of that that's that's more than an exercise. Right? That's a report card. Right? That's a really, really important one, but it's making sure you can do what you say you do with respect to your your mission and those kinds of things. But one of the things that we did in this learning cycle, and and and, you know, the the IG or the inspector general is a little bit like that old Ronald Reagan tagline that, you know, we're from the government and we're here to help. Right? You know? IG shows up for a big operational readiness inspection. It's a big report card. It's a big measure. But we really do intend to make sure that we're learning from that. One of the things that we would do is is like every unit would be inspected. Here's what you say you do. Here's how well you do it, and then we would we would opine and and do those things. Some of and if those things were critical, then the onus was on that organization to fix that. But one thing that we used to do that I think would be really, really helpful in the context that we're talking about is we would create special interest items. If we were seeing a pattern of some kind of improvement necessity across multiple operations, multiple bases, multiple major commands, we would make that a special interest item, and we would distribute it. We would say this is a special interest item. Organizations are not effectively testing, their backup and recovery, plans. Okay. You're not doing that. How are you gonna do that? By the way, we discuss and and then that became an inspection for every single unit, and then we would share the results of that on the good side. Right? It was like here's how Stevens organization is doing this, here's the best practices, here are those kinds of things. What that enabled was is those units that weren't getting inspected, they could look at these special interest items and say, oh, okay. Let's go back and look at it. Here's an approach on how to look at it. Here's how should we think about it. Do we have similar issues? And then there's some best practices there so we can adopt. The the key takeaway here is commitment and, and transparency to do it to do commitment to learn to do it better, commitment to learn, and transparency on what perhaps isn't isn't going right or what could go better. Those are really characteristics of mature organizations, but you don't have to you don't have to go to a really mature level to achieve some really positive outcomes from doing it that way. I hope that helps for everybody, but I think that that's a really effective way to think about it. I like that a lot. So I oh, yeah. Please. Go, Steven. I just wanna offer, kind of a business translation. I love the term special interest. One way I think that's coming to us is we get, like, a Department of Transportation. And Yeah. They ask for some security validation and attestation, which is great. But there's 50 states, and that's one of them. But we like to do work for any DOT that's out there. So it's it's then translate in education, same story. And so to translate that and then to, take that to those other clients of the same client type, same market type, I think is a very powerful, and it's not just academic. It's a because if you're in you're actually compliant, you're helping them. What is it, helping them help you help them? And there's a selling point as well as it Uh-huh. So so Joanna and I, with with Taginfosphere, we track on close to 5,000 cybersecurity vendors. And what we often tell them, especially for those organizations like a Nasuni or or somebody else who are really bringing, differentiation, Talk about your perspective. Talk about what you believe and why that's important. Talk about your approach to solving these things. Those are different conversations a lot of times that buyers are very interested in. Kinda got a general idea of what you do, kinda understand what market you're in and and what you could do, and what my problems are certainly. But when you start talking about perspective and approach on how to use that, you know, if if somebody threw me the keys to the space shuttle today, that that would be really cool. I'd enjoy sitting at it, but gosh knows I could never fly the darn thing. So to get my point though, and so understanding deeply how how we do these things, I I'd like to kinda if I could just pull this out a little bit, longer, Joanna. I hope that's helpful. I teach part time. This is kind of my way of giving back. I teach at the University of Texas, at San Antonio here. I teach a graduate level course that I'm I'm doing now in cyber threat hunting. And last night, I was lecturing on the planning stage or the phase of of of a cyber threat hunt methodology and our approach. One of those one of the stages within that phase is knowing your operational environment. And I do have a class, mostly preponderance of whom are technologists or what I would consider technologists. And I tell them that the technology is only a part of it, understanding the business dependencies, this key stakeholders, how things are gonna how that environment has changed, how it's gonna change over the next course of a year. All those things are critically, critically important, because you can't protect what you don't understand and to include the people. And if the people don't understand what you're doing and why you're doing it, then you're not gonna get the participation partnership you need, which at the crux of it is what this webinar is about. How do you do those things? What goes into that? And knowing your operational environment, I think is incredibly important. So and I one of the things I told my students was assumptions exist. Assumptions are okay, but they exist for one purpose and one purpose only, and that's to turn into a fact. This is where things like tabletop exercises and all that kind of things, where you can make assumptions or come to a list or come with a list of assumptions that you wanna validate in that exercise that actually happened. And you wanna get behind the wheel, right, and making sure that those things, you don't wanna make any assumptions. Assumptions are dangerous, unless you're they're backed by substantiating facts, and then you turn those into facts. I hope that was helpful, you guys, just as a add on, but I thought it was a relevant example. Yeah. I'm hearing I've heard 3 to 4 really discreet distinct takeaways about how to do good practice here. One, visualization. Really get out there and imagine and picture what can happen and and what would it mean if it happens. I I love this call out of the special interest items. One thing that came to my mind there when y'all were talking was that applicability to m and a. You know, what what function gets hit super hard when there's divestitures or acquisitions? It's infrastructure. Right? So how could special interest items be useful to IT and infrastructure when they're they're dealing with these discrete environments. Stephen, you highlighted that that feedback loop and the how it can actually make your business better and more applicable to maybe a growing customer segment or maybe a growing TAM by taking what you've done in one area, applying it to another, and then the the importance of actually understanding the business. And and Dave, you mentioning that importance of understanding how the business really works. In my own experience, people in infrastructure almost always understood the actual operations of the company better than anybody else. You know, other groups think that they understand, but these people who are powered with running the company, they're the ones who really get it. So I think that's a huge thing to underline. Before we move off of practice, because I actually I wanna talk about file shares. I know everyone showed up today going, oh, I hope they talk about file shares. But before we go there, I wanna touch on one other thing about practice. And and it would and I wanna touch on how do we make sure we have the right people at the table for the practice? You know, because because I think there's multiple right answers to that. So so, Steven, will you wrap us up on the whole practice area and share a little bit about what and how and who you think needs to make sure that they're there? Well, I feel like that you're picking on my my pain points here. It's all of our pain points. Believe me. Well, I mentioned earlier that there's a, I mentioned 2 things earlier. 1, there's this this continued progression. And while your, you know, your CEO, your we happen to have 2 presidents since we have 2, operating companies that that or CFO, you know, this this top tier of leadership, they might know, pay attention to the headlines, and and they're watching the trends for their respective business groups. They're not necessarily tracking it to the depth that I think they need to in understanding cybersecurity. They'll see a headline. They'll pass it over. Now I have to figure out that's really something that we are are susceptible to or or they that they should be concerned about, know about, and figure out what to feedback their their way. That is certainly there's another group that I'm involved with called the Innovation Design Consortium. It's, it's a large it's a group of 40, large firms in the the AE space. We're having these data conversations, which fundamentally is what you're there to protect. How do we share? How do we coordinate? We we're talking about this data orientation, this phase 0 part of the the conversation, mandating it's the CEOs and the CIOs that are there at the table. That's just for the first conversation. The the the real critical group, which I think is is the answer to this question, is is your senior leadership, your HR leader, your people leader, your your data leader, if you have one, the CIO, the CEO. And then there's usually one other critical operational role that's part of that. Implied in there is the CISO. Right? So but you have this this table of of individuals. They don't have to be at the tabletop exercise necessarily in my mind. They don't have to be at the tabletop exercise, but but they better know what you're doing, why you're doing it, understanding the outcomes of what you're doing. And that, you know, that leads into the do you understand why we're spending an extra 300,000 this year to monitor logs? Do you understand where we need to continue to grow this effort, as a result of of the need to stay in business because the because this is how the threat landscape is is shifting. So I do think that there's maybe there always has been this. This is what we're doing from the technology side. CSO is included in that, at least for us. And then this is what we're doing at the leadership side. And those are different tables, but, what is the the barbell concept? Right? They're connected in the middle with iron. And you mentioned different tables. I I'm gonna pull that thread a little bit before we we go to to to file shares. I I think we're really starting to see and embrace more. It's not just one table of folks that that are involved in good practice, in good preparation, and in recovery. It it is multiple tables. And and once you sort of embrace that a little bit and go, oh, yeah, you're gonna have operational things that have to happen. You're gonna have coordination things that have to happen. You're gonna have field and market facing things that have to happen. I think that's a great way to expand that mindset about who's at the table and why for good practice. Right? But but you said, and I couldn't agree more, that cyber accountable party and that infra accountable party are are the nonnegotiables. Right? They they literally could not do it without each other. I am I I think everybody who has has worked in in IT or cybersecurity over the last 10 years has a a a PTSD inducing event they can share about about file shares. They're they're so convenient and so handy and so useful, and they're so prone to so many horrible kinds of misuse that that it's just absolutely staggering. You know, talk about a keep you up at night sort of thing. Like, I put file shares in there personally. Probably why I'm a recovering CSO and and, you know, no longer still active operating CSO. Right? So that area to me is is just a microcosm of a thing where it's super important for the infra and cyber functions to come together. So either one of you, I'd love to hear your thoughts on that, whether it's agreement, disagreement, best practices, you know, anything sort of in that area. Because I I would say probably for every audience member in here, it's something that probably needs a little bit of thought and focus. Do you wanna go first, Ted? Yeah. I'll I'll take a crack at it. I think that one of the pain points was is adoption of commercial products of a full gambit. We don't even have to call any out, but that where people are able to use a particular, capability to then share files and and and not only inside the organization, but outside the organization. As an example, your sales teams probably have this intrinsic need to share information of some sort and those kinds of things. Sometimes they don't understand the implications of it. Oh, I just wanted to share this, this particular file with Chelsea. Turns out that a competitor at at Ben's organization also has it because you didn't know how it went. And I think that one of the challenges within our, institutions is just to lock that down. Like, let's get that down. And then we don't do so with a consideration of what the business really needs or why they're trying to do it. That requires an investment in time and effort and collaboration to understand what that is. And then I think we need to look hard at how we facilitate that and and with ease and bringing those things on. Couple of my favorite books, the Phoenix Project and then the, the follow on to the Phoenix Project was the, the the unicorn, project, which is you don't have to read the both of them to understand what's going on. But this idea that, like, a developer gets on board but then is not productive for 2 or 3 weeks. Why? Because they don't have access to certain kinds of information. They don't have to do that. So I don't think you can come to the table with, like, oh, these are all the security things that we need to get done, in our file share environment. And the infrastructure people or technology people who are saying, we want to provide that in this way, you need to provide and start with an idea what are the necessities of the people that are using this information. How do you wanna do that? And then you facilitate it that way. That's great from up here to going forward. But what about all the, what about all the information is being shared out there, as it is today? You know, that's a legacy problem, not necessarily as associated with legacy technology. So you need some idea how did you discover that, so you at least have situational awareness on what's being shared from where, how it's being shared, and then come to some kind of agreement under principles, not, not requirements. So encryption of information and all those things. Those are requirements for how you're gonna protect or share or whatever the case may be. Principles are something like principle of immutability. The idea that nobody's gonna be able to change a piece of information for a certain reason. Right? And so those are the kinds of things that I think that we need to do. That's upstream and a little bit downstream on how we do it. And I feel like a little bit like a broken record with saying understanding what your business partners need. But if if you're not doing that, chances are you have a greater than 5050 chance of running into obstacles or, worse yet, no adoption of what you're trying to do. And they'll find a way to get around what you're trying to do, by the way. It's just Oh, yeah. Yeah. It's intrinsic if it's intrinsically necessary. Yeah. Yeah. Companies hire smart people, and smart people are gonna find a way to get their job done. Right? Yeah. And, Dave, one thing I heard out of that that I think is key here is is visibility. Yeah. And, Steven, I I know as a CIO, visibility is something that it it it's a thing that you don't fix one and done and then move on and go, yay. We we we know everything out there. We've fixed the visibility. Time to move to a next a next problem. Is there anything you've got here that you'd like to share with the audience around specifically around this idea of where is information? How is it being accessed? Is it in a reliable and safe way that that serves the business? And how do you and your team just stay abreast of that in the IT and infrastructure function? It's challenging, and and I discover things every day, and and I have something that that I will share in that regard. But to underscore you what Dave was saying a moment ago, I I started thinking of the names of the products that we use that allow us to share information, and I would like to name a few, but I won't. Nasuni is one of them, like Microsoft is one of them. It's amazing technology that they're creating these abilities to have this platform level sharing that has some ability to manage the credentialing so that I don't have to allow these folks into our 4 walls. They put security teams on them. There's a presumption that their environments are more secure than ours. I think for the most part, that's a safe presumption. It's still left to the user to share a link, and this was my example. We have a managed SIM. We just got a map the other day, of where anonymous links to files or folders have been shared and where in the world, unfortunately, it was the world, those links are being accessed. Anonymous links, anyone that has it can get there. These might be benign files and folders. We can see, we have that visibility because we have a tool and a partner in place to allow us to have some of that visibility. But man, if that doesn't, the technology is continuing to move, the features and functions are continuing to move and evolve. If that's not challenging enough, then your users are sharing things in a way that is most open because, again, we we we're a very collaborative environment, so they think that way. They think this will be the easiest. I won't have to go back and manage Sally, and Joe, and George, and what that then opens the world up to in in sharing it that way. So now you have you know, now you could get to to to mitigate that little feature. The conversation we're having right now is what impacts the how does it impact the business to change the way that function works? And and so that's a TBD, because we're trying to understand, you know, the when you make this selection versus that. But I think that's a great example of we discover things not every day, but without these tools, without these partners, without activating the solutions that they have within their environment, whether it's a platform or an application. We have some external sharing capability within just a specific project information management tool. They have an extranet, but even that has has to have and does, luckily, you know, the ability to to give credentialing, to audit who accesses what, when. And that might be first and foremost for the project. But ultimately, if something were to happen, we're gonna use that same information to to look at the the to do the the forensics. Mhmm. That you bring up a great point, and I think we all saw this is another evolution. I think that we all had a front row seat to you. When, you know, over a decade ago actually, probably more than 2 decades ago, when the capabilities started to emerge of being able to share information across domains. You know? Great. Very powerful. Y'all highlighted the sales example right on. I mean, that's one of the ones I always think of as as true real business cases for needing to be able to share. But, you know, we've realized this is one area where you do need to layer something else on. You either need to use a different way of doing it. You need to layer something on there. You know, it it is an area where you can't just look at and go, oh, yeah. The 20 year old way of doing file shares is still serving us really well. It it's not. And, Steven, when you mentioned solutions that help with the credentialing, I saw Dave nod. Like, I think he and I both wish we had add more when we were active CISOs in that space because it is such an important one. It certainly takes a bit of a load off, but you can't turn a blind eye to it. We have this coopetition environment. We partner one day and we compete the next day with the same firm. We want them to have access to all the project information on one hand and none of the pursuit and project information on the other. It's a crazy dynamic. Yeah. It is. It is. And, I mean, it's fundamentally what powers business largely more than the the you know, obviously, it's the flow of money at the end of the day, but it's the flow of information and it being the right flow at the right time and and not the wrong flow at the wrong time. I want you know, I'll admit to y'all, I love stories. I love to hear stories. And, you know, feel free to properly anonymize, but I know our audience would love to hear, do y'all have any anecdotes you would like to share? It's either the horror stories of what you've seen go wrong when cyber and infra haven't been able to collaborate enough, or maybe the great story of something that went really well because they did. I'd love anecdotes as we're starting to get to the end of the hour. And I do wanna remind the audience real quick too. If you've got questions, throw in throw them in the chat. But until then, I'm gonna ask for some ghost stories around the campfire. I'll I'll give you an example of a good one, and then it kinda comes from that that experience where I ended up responsible for IT infrastructure and operations. And my my approach to that was a values approach first. Right? And, fortunately, I'd had experience in those areas previously, so I I wasn't completely ignorant of what they did. But it it's really disarming for a team when you come when you show up. And usually, you know, if you're the security professional, you show up and you get the stink eye. Like, what do you want? You're gonna give me unplanned work. You're gonna give me, a lot of things to do that are outside of what, you know, Steven called their day job. And but when I I went to the AppDev folks first. Why? Because they were making products that were making my company money. And I told them I wanna understand what you value. And they were like, okay. Well, I started explaining what they do and how they do it. I was like, I don't wanna know that because I don't wanna do your job. I wanna understand what you value. What do they value? They value things like time to market on features. The quality of the code and products that they're making, those were their values. You went to the SRE or the infrastructure teams, and what do they value? They value things like availability and performance. And then you go to the security team, and what are their values? Their values are things like protection, in some industry verticals, compliance or regulatory obligations. So together in there was this idea of of a way to do these things. And so going full circle to those 3 groups, I started with the app dev team. I was like, what? You guys are running your own Kubernetes environments. Why are you doing it? You're not very good at it, by the way. I mean, we were giving with security people, we're giving them report cards every week telling them how horrible they were. I was like, we don't nobody else is doing it for us. We don't wanna do it. We don't like it. It's not part of my core function. But, yeah, if you can help me with that, that's great. SRE, can you do this? 100%. We can definitely do that. Here's how we're gonna do it and bring that together. And then they achieve more of the security outcomes and the resiliency outcomes, and focusing on those values to be able to do that because that group wanted to deliver this, this group wanted to consume it, and we wanted to make sure it was adequately protected. It's a it's a match made in heaven. Sounds like a unicorn. Right? There was a lot of crying and hugging and eye bleeding that that went into all that. But, but at the end of the day, everybody was super proud of the work David did. It was it was a body of work and there were outcomes there that we were all very proud of. And because we did it together, that right there was a recipe for future success. So I'm really really proud of that team that did all that work and came together. Shameless shout out that was at Iheartmedia, and there were just there's some great folks there that were doing that work. So I was really proud of it. Hope that's good enough story for you. I love that. I actually thought we were gonna get a horror story, because that's generally what CISOs share when they get together. I I will tell y'all, every CISO happy hour devolves into sharing horror stories. And that's a great one. I I love that. And I think it it actually it matches my own experience where so often the broader company, including people in cybersecurity, don't always really understand or appreciate everything the infrastructure team can do and all the capabilities they have. And the fact they're gonna have different ideas and different innovations as well on how to get things done. I I I don't think that's an area that's understood or valued enough a lot of the time. So, you know, Steven, feel free if you want to give us a horror story, you can, but I'd also be happy to hear about something you saw infra get tapped in to do one day that that led to better resiliency and business continuity as well. Well, this isn't my horror story, so I will have to be careful that there is a I do know of a this is one of those, just because you can, you shouldn't. Yeah. And, so it's a firm that, is not in the business of infrastructure when I data center infrastructure, I guess I should say it from that perspective. You know, we're we're in we're still in the AE space. We're in this in the, space of designing, for our clients and what we deliver are those designs. And so there's a certainly there's a certain amount of infrastructure you have to be able to maintain, refresh, but data centers get quite a bit more complicated. The scenario was such that invested a ton of money in this data center, their own space, not a colo, their own data center space, but we're running these legacy systems. Got hit with 1 vulnerability. About 2 weeks into their recovery, they got hit with a second vulnerability, which happened completely different. And this is maybe 1 in a 1000000, but it happened, which then sent them back into the, the whole research and mitigation, process. And what Dave said earlier, their ability to understand active projects and files versus what was on the logs or or in the books, that's a challenging exercise to go through. And and we have a propensity to wanna hold on to something that is 20 years old because, you know, the cycle time to do work for a client could be that long. And if we have the the keys to what it looked like back then, it might right? And so we you know, document retention has really pushed us into rethinking that strategy as as an industry. But the that was a scenario where you you had this isolated group that, you know, was smart about what they did from, how to manage the infrastructure, but didn't have the coordination with the vulnerabilities and the which I can only presume would have been that that CSO space. And and it costs them months of total recovery time. And I don't know how many dollars. Those are those are numbers I don't get to hear about. Oh, yeah. And not only actively spent dollars, but lost revenue dollars, potentially reputational impact dollars. I mean, it yeah. It is price tags are huge. That is painful. So I y'all have covered some amazing takeaways in here. I'm gonna touch on a couple of things that I particularly gleaned out of this, you know, sort of going from top to bottom. How the state of the union is that we are at an inflection point. We are at a great point for these functions to collaborate together more. We're getting more tools available to the functions that allow this that can, you know, number 1, assist us with recovery, which you hope it doesn't matter on a daily basis, but when it matters, oh my gosh, does it matter. Right? The importance of the practice, the building, the muscle, how we can use things like special interest items, visualization, etcetera in that practice. Audience here may wanna take away to go take a really special look at their file shares and their backups, for example. 2 areas very prone to not getting a lot of attention that can really impact companies. And, you know, lastly, how these stories might impact y'all. So I'm gonna hand it back over to Ben. Thank you everybody for listening. Dave, Steven, y'all are amazing. Thank you. Thank you. Yeah. I think we're over time, so we'll let everyone go. But, yeah, thank you all so much for sharing those stories and those tips. We'll we'll probably follow-up with everyone with some documents, maybe summarize the key points here, but I think it was an awesome discussion. Thank you, miss Suj. Have a great day. Have a great weekend. You too.