for those of you growing increasingly concerned about the

security of your it infrastructure.

This episode talks about the concept of an MSSP managed security service provider.

Uh, I think you're really going to like what we talk about.

Hi, and welcome to Backup Central's Restore it all podcast.

I'm your host w Curtis Preston, a k a, Mr.

Backup.

And I have with me the guy who I've finally experienced what his dog

is named after Prasanna Malaiyandi

Prasanna Malaiyandi:

What's going on, Curtis?

Prasanna Malaiyandi:

I know,

you

you really weren't sure

where I, what I was

so I thought you were going to go for like your stair

consultant or something like that, but No, I think that's a good thing.

So,

no.

I, I, I got to experience, uh, Kulfi.

Indian Ice Cream

um, yeah.

That was quite, uh, cuz we went to this new, uh, place.

Uh, and, and I, and I shouldn't, should I say Indian food or

should I say Himalayan food or?

Uh, cuz it was the taste of the Himalayas,

It could be, well, it could be like

Indian or Nepalese, typically.

Those are,

Yeah.

Nip Nepalese.

yeah.

Yeah.

Um, but they

had, but they had, Vindaloo.

Although, um, it, it was funny, I, you know, I went, I think I

told you I went once and I I got a seven outta 10 and it was like, as

well have been ice cream as far as

you like really spicy Curtis?

standpoint.

And so I said to the, I went back to the waitress.

So we literally went just a couple days later

Oh, you went back.

I didn't know this.

yeah.

Oh yeah.

We went back and I said, I said, you know, I had a seven the other day and it

was nothing like, I need more than that.

And she's like, she looked at me

like, you can have an eight.

Like, like I was, because I was gonna go for the 10.

I'm like, if that's a seven, I'm gonna go for the 10.

She's like, I'll let you have an eight, you know, and I was like, you know what?

You're not in charge of me.

And how was he.

Um, but I had a eight.

It, it was definitely, it had more bite to it than the seven.

But I don't know, I've had like authentic Indian vindaloo with,

with authentic Indian spices.

This doesn't taste like that.

well, I, I, I wanna say that each region

probably does their spices slightly differently based

on what they have access to.

yeah, there's that, this is why I asked you

the question about whether or not it's cheating just to throw in a

little cayenne.

And it sounds like it is.

Cuz I

tasted cayenne.

I was like, I, I'm pretty sure they put cayenne in just

to make it a little hotter.

Um,

But then you ended with dessert, which

you know

the mango.

Oh right.

Which we, yeah.

Yes.

And the mango Kulfi.

And I was like, Kulfi, I know . I finally got to see what

Kulfi

he was named Kulfi because when we were adopting

him, uh, we called up my sister.

And she was really hungry that day and so on.

Her mind was food, so she started naming off Indian Foods like Chutney and

Sambar and Mixture and Jalabi and kulfi.

And so my wife and I, we decided kulfi was an awesome name and it works well for 'em.

That's funny.

That's funny.

I know.

He's, he's been on the

podcast a few times.

Um, mainly just sort of barking and

Yes, a couple times.

wanting

wanting to be on your lap, right?

Yeah.

Well our guest has 25 years of experience working in the

networking, telecommunications, and information security space.

Uh, he is currently serving as a c e O of Solcyber managed security services.

We're excited to have him on the pod.

Welcome to the podcast, Scott McCrady.

Thank you Curtis Prasanna.

Very nice to meet both of you.

Um, I actually, I was just to pivot off your food conversation.

I actually spent a year in Thailand when I was younger.

I was a volunteer English teacher, and uh, I remember my very first meal there.

I, I thought I was used to hot food.

I, I grew up in Dallas, so you know, jalapenos and stuff.

And so they asked, do you want it hot, medium, or mild?

And I thought, you know, I'll be safe.

I'll have, I'll, I'll get medium.

Uh, it was, um, I don't know if you've ever gotten the

hiccups from having food too

hot, but I immediately, you know, two or three bites into it.

I'm sweating profusely.

And then just out of the blue, you just get this, these hiccups that

for like two or three minutes.

And, and that's when I realized that, uh, Thai hot food is a different level of hot

food than what I'd, uh, what I'd gotten used

I've been, I've been to, uh, Phuket and I just remember I

was, I was hanging out with a local and I asked them to order two dishes.

One that they felt was, you know, for the wimpy American, but still spicy.

And one that they would eat.

And I would try the one that they would eat.

And if I couldn't eat it, then we would swap dishes.

And I just touched the tongue, touched the spoon to my tongue, and I, my head

blew off and I was like, swap, swap, swap.

I, I can't, I can't do it.

I can't do it.

Un for, for, for, for my palate.

Uh, the sticky rice and mango as a dessert was amazing.

I could live, um, chicken fried rice, uh, with a beer was about

as good as you're ever gonna.

And I love their stir fries and their curries, but I generally had to tell

'em to, to take it down a notch.

Um, cuz I could, I could eat decently spicy food I

it's a different level sometime.

it is just a different, it, it's a different level.

It is a

different level.

Yeah.

Yeah.

Delicious.

By the way, I never, never b been to a Thai restaurant in America that's been

able to recreate that unique flavor.

no, that's the problem.

This is why no one should travel, right.

Um, so so, uh, because, you know, you live in, you live in Texas . I

live in San Diego, I can get decent, uh, Texas style barbecue here.

Uh, but it's not that, it's not what you can get there.

Um, and I will definitely tell you, no one here knows what

a beef rib looks like, right?

An actual Texas beef

rib.

It's, it's two and a half pounds, right?

It's one rib, it's two and a half pounds.

And,

deliciousness, of sweet, sweet deliciousness

Yeah.

Um, uh, yeah, you know, we've already, we talked before the recording that

you know, that I did this, this barbecue road trip with my wife,

uh, there, just right when Covid was starting to die down just a little bit.

Uh, and we did this little road trip and, uh, made a little YouTube

video of each stop and, um, yeah.

But, but this is the problem.

Like, I, like I've been in New Orleans, I've had, , Cajun food in New Orleans.

It nowhere is as good as

it is there.

Um, Indian food in India.

I've had Indian food in India, right?

Um, and made one big mistake there.

I was at a, I was at a buffet and I managed to put, um, a big scoop of chutney

your problem.

based on thinking it was, I thought it was a man.

And, um, so I put a big scoop, big scoop of it in my mouth that, ah,

you know, didn't burn my mouth off.

It's just, it's a really strong flavor.

Right.

It's, it's something you're supposed to dab on.

Prasanna Malaiyandi:

Not eat as a main meal.

That's both the joy and the, uh, like if you ever get

a chance to go to, uh, uh, Holland, their, um, their food there, the, the,

the Thai, the, uh, Indonesian food.

Right.

Um, uh, the, the, the rice, the rice dishes.

Those are really good.

Um,

looks like we've lost our

just went to go look after his pup.

Yeah.

how

how

the, I told you guys this was gonna happen.

He literally has been perfect today,

and now he just threw his his bone underneath the couch.

which of course he can't get to it cuz he doesn't have opposable thumbs.

And uh, the only time he tends to freak out is if he,

if his one of his toys or his

bone gets underneath something and then he'll,

you know,

call

you said he's, he's six, six months old,

Eight

months

get him as a

Eight months old.

His name I did, he is, uh, I, I traveled all my whole life and so

I haven't had to be able to have a

dog for, you know, a long time.

So, you know, I was

like, I'm gonna get a dog finally.

I'm not traveling as much, I'm not going overseas.

All this jazz.

And oh my goodness, he's a blast.

So much fun.

Such a sweet boy, good puppy.

You know, all dogs are nice, but

for me he's easy because he's,

he's, he's not too

Yeah.

It's cra it's sort of the luck of the draw, right?

That

it is.

You gotta love him no matter what.

Right.

But, uh, I did, I did get lucky.

awesome.

Good for you.

So we're, we're gonna talk about, um, you know, one of our favorite

topics today, which is, uh, security.

Um, and I honestly, you know, I can't imagine what it's like

to manage information security in today's , today's world.

Oh, I was gonna tell you,

wait before you go.

I finished the book, cuckoos net.

Cuckoos Egg.

Oh, you

finished the Cuckoos Egg

Sorry, I totally forgot to tell you since,

but we're talking about security now.

So for those who haven't read it, go read The Cuckoo's Egg by Cliff Stoll.

It's a really good book.

It's, or sorry, cliff Stole.

Yeah, it's a really good book.

It's from the eighties about, uh, what would you say, an IT

person trying to find a hacker.

I'll leave it at that.

Yeah.

Yeah.

It's a fascinating story of, he's, he's, uh, a Unix cis admin at Berkeley Uni.

It's a true story.

He's a Unix CIS admin at Berkeley University, and they, they had, um,

this was when the Unix computers, like university Eunice computers with

Bill for time, and they had both the onboard, like the native time system,

and they had the, um, and they had a commercial one, and they were, they were

75 cents.

Yeah.

yeah, that's what, 75 cents.

And so he just went as a project just because, um, and he ended up, you

know, un uncovering, uh, hackers.

And this is before, um, that was

considered a crime.

So like he, like he's, he goes to the FBI and FBI's like,

Well, did they steal anything?

more than a million dollars?

They're like, no.

Do they steal classified information?

Nope.

They're like, not our problem.

Yeah.

It's,

it is a fascinating story and where it ends up

is, you know, it, I, I think it just, it

just gets better and better as

I think

everyone should read that.

If you're into security and you want to see how it was done,

like in the Hey days, right?

In the very, very early days before all of this stuff actually happened.

Read the book

back when I had brown hair,

Yeah.

Go.

Go read the book.

It's

Scott, have you, have you ever read that book?

I haven't, but I, uh, I typed it in while you guys

were talking, so it will be, uh,

I am a voracious reader, so I

will, uh, it is on the list.

it's, it is, it is a, you know, it's written as a, as a story.

Yeah.

Um, and you know, it's in a day before monitors.

Like he has a, he has a printer.

He has a printer that's printing, like he puts in honeypots and, and he's sleeping

in the data center

to, to

listen for the printer

part is he's an astronomer,

astronomer by education, right?

my education.

Yeah.

But those were just the days where people just got in and

started, you know, doing that.

I mean, it's actually not that different than today, but,

you know, back then it was pretty, uh,

it was all, all

Prasanna Malaiyandi:

recommend reading that book.

Prasanna Malaiyandi:

And the reason I brought it up is because we are talking about

Prasanna Malaiyandi:

security and it just, uh, hit me.

Prasanna Malaiyandi:

I was like, oh, I gotta remember, tell Curtis.

Yeah.

Scott, Scott was like, why are we talking about a book called Cuckoo's Egg?

Um,

Well, we've covered barbecue, spicy food, and books,

which are three of my favorite things.

So

I can we call, can we call the podcast a success?

Exactly.

We, we could cover beer if you'd like.

Um, I.

I.

made beer for a few years, uh, so we could talk about that as well.

So, I mean, but, but let me, let me ask you this, besides what I see as

the ever present worry of ransomware,

Mm-hmm.

what else, uh, are, are today's IT departments worried

about from a security perspective?

Well, ,I think.

Um, That's a great question actually.

I don't know if I've ever been asked that question because they'll say

what, you know, question or what, what keeps people up at night?

But outside of ransomware, I think, you know, Curtis, I think if you were

to synthesize right this thing down is ransomware is the, uh, threat of the day,

or it's the term that everybody knows,

but ransomware now is really sort of morphed into lots of different things.

And so, um, you get, there's terms like double ransomware,

um, there's, uh, obviously the, the information gets, uh, stolen.

And so what's happening is just the extortion where, uh, and so what's

happened is just the process of people getting into organizations, uh, is causing

this ability because of the threat is really sort of morphed into sort of

what we call threat as a service or tax as a service, or hacking as a service.

You don't have to be the smartest guy in the room to go hack somebody.

Now you can literally just point and click there's, there's wind, you know, things

that look like Windows applications.

You can install a widget.

and all of a sudden you can start hacking for almost nothing and not

really know what you're doing besides if you can move a mouse around.

So the whole threat landscape scape has changed.

Ransomware tends to get the notice because there's notifications.

Um, for a lot of the larger companies, it's a way of getting payments out.

But when you start talking about the overall small medium enterprise, um,

and just the massive number of companies that the, the US has specifically, um,

once somebody's inside the organization, they've got, uh, the ability to wire.

Uh, so wire fraud is huge.

Um, they take taking over an account, uh, and do an extortion based on, uh,

components that you have in your account.

Uh, so there's all these different sort of knock on effects the

customers once they're breached.

And what,

Or I guess you're talking about the knock on effects.

I guess even once they breach one of these, say small medium businesses, they

could use that also as a launching point to attack other organizations as well.

Right.

Kind of bringing them.

You're right on the money.

It's called supply chain risk, right?

And that supply chain risk, the classic is the H V A C company that,

you know, got, was the mechan, was the mechanism to get into target.

Uh, and so those, those small, medium organizations can actually be the

threat vector into, uh, a, a future

In fact, a lot of the attacks we've seen right have been.

about the actual organization, more about like a vendor or someone else,

or a third party who had access to a company, which then allowed the attacker.

And like if I go back and think Curtis about like the Okta hack

right, was a third party right?

That had access to Okta.

Yeah.

And that was, wasn't that one Scott, where they didn't necessarily do anything Right.

They just showed that they got access.

They showed some screenshots.

Do you remember the, this one, Scott?

I don't know if that one specifically, um, what you do see with

a lot of the service providers, um, and you just saw it with last pass, is

there's a variety of reasons why, uh, an organization would get, would breach.

And so it could be just the consumption of the underlying data.

So if it's a nation state, they literally are just building profiles

on, you know, people in entities and organizations in the us.

Um, so it could just be a theft, uh, it could be ransom, it could be

financial, um, or it could be, uh, to leave code behind or leave breaches

behind that they can then, um, weaponize at some point in time in the future.

Uh, and so as, as an example in the past year, uh, you've seen about plus

minus about four times as many zero days in the last 12 months, and you

saw in the last four years, And so, um, a lot of those appeared to have

already been obviously, uh, they were already, no, no, sorry, not known.

They're already created, but they hadn't been used yet because they're

being, they were waiting to use those when the time was right.

And so you, you see these patterns that emerge based on what's happening

around the world, um, what's happening in the economy, uh, or if

they're what, uh, organizations or nation states want to accomplish.

And, and that's sort of, you see this wave of threat patterns of which ransomware

is, is obviously fitting inside of that.

Um, but when you look at something like a zero day, you're not usually

going to use that on a mid-tier

That's interesting.

Yeah.

I never would've thought like,

sort of stockpiling your zero days, right.

And then using it.

Oh, for sure.

Yeah, but isn't that like if you, so, so what

you're saying, let me make sure I understand what you're saying.

So someone develops an exploit that is unknown to anyone but themselves,

and then they're just sitting there waiting for the right moment to use it.

Is That

That is exactly what I'm saying.

Yep.

Because I would think that once they get an exploit, they'd

want to use it right away before anybody finds out about it and patches it and

Not, if not, if you're a nation state, Curtis, um, you

wanna keep these in your back pocket.

Now some of these are against, uh, you gotta remember, and, and there's a lot

of different verticals that are targets.

You've got, um, infrastructure pipelines as an example.

You've got, um, systems that, um, operate iot.

So there's a lot of different areas.

So when you talk about zero days, we tend to think like

zero day on a Windows machine.

But the, um, but the, the spectrum of what can have a zero day is

actually quite large cuz so many connected machines are out there.

That's, yeah.

Um, fascinating.

I, I, I actually never even, never even

But I guess the one downside of sort of keeping it in

your back pocket is someone may discover the exploit or the bad code, right?

And go and patch it before you get it.

But like you said, it's like if it's existed around for a while, maybe no one's

going to notice it, and it's probably a risk that they're willing to take.

Right.

Yeah, and again, it

really is organizational dependent.

So if you're, if you are a, uh, threat acting organization that's really designed

around making money, you're probably going to use it relatively quickly.

Um, get your money.

If you are a nation state, uh, targeting infrastructure, then you may hold in

your back pocket because it may not be super common to find, uh, that zero

day inside a piece of infrastructure.

A zero day in windows obviously is, is, you know, the golden

goose in a lot of cases.

So each of the systems and the goals of the underlying, uh, technology and the

underlying organization dictates the use of how the different attacks are done.

One of the things in most of the conversations talk about, uh, malicious

activities, by the way, because that's what sort of, everyone's used to,

like, they think about the virus on the machine, but really in today's world,

a significant amount of the attacks and especially the damaging ones start, um,

with known username and credentials.

And so about 60 to 70% of the actual, um, More damaging attacks actually start from

the fact that somebody harvests it, Scott McCrady's credentials and now the bad

actors are logging in as Scott McCrady.

So, um, now they may in the future drop a piece of code or they may put a file

list, uh, executable up in memory that's downloading stuff from the internet.

But because we spent so much time talking about malicious attacks and

zero days and things like that, it actually does, I think, obfuscate from

the fact that there's a whole breadth of breaches that start from the fact

that the bad actors are logging in

like this is like phishing attacks and

So they're log,

that give their

well, no, not even that.

So let's, so imagine a phishing attack that says, Hey, you

know, um, re-log into Azure ad you click on the button, you put your username

and password in, it says, thank you.

Now they have your username and

password.

They log in as Scott McCrady.

How do you

know that that's not me, right?

Because they just logged in as me.

So, um, I guess my point being is we talk a lot about malicious,

which we should malicious code.

There's a whole world around, um, trying to protect

organizations from, um, legitimate

access

Do you know what the split in your mind, what the split

between those two categories would be?

Like?

Are most of it through the harvesting credentials side of things?

Sort of less of it around the malicious attacks.

Yeah.

60 to 70% of the, uh, of the more significant breaches start with harvest,

with some sort of harvested credential.

and it, it's funny you, you said that literally like the

question that I was going to ask you before you started talking about this.

Um, so I say a lot that if everyone.

just use good password, uh, rules.

Right?

Which is like not using the same username and password everywhere.

Um, using mfa,

Mm-hmm.

you know, and having a decent password.

Right.

Um, and not using m or I'm sorry, and, and use mfa if, if just

everybody did those two things,

it would stop a significant portion of the attacks out there.

What do you think about that?

If somebody says, what's the one thing I can do?

I would say, turn on mfa.

Now there's ways of getting around it.

Uh, you know, there's

there's more elegant means.

Most people still think of like the, the phone messages.

Uh, but some of the authenticators tied in to, you know, some of the

major products these days, um, are, are a lot more seamless than what

people probably think they are.

Uh, so, um, it, to your point, Curtis, yeah.

When I get asked, what's the one thing you do?

I'm like, turn on mfa.

It's, it's, now there are ways again to get through that, but it is a massive, uh,

benefic,

So let, let, lemme tell you something, uh, Scott,

there's a, there's a new movie that's in the theaters right now called

Missing and um, it's, it's a sec.

It's a standalone sequel to the movie searching.

Both of them have the same premise where it's, um, where it's somebody's

searching, looking for somebody that's disappeared and they're doing it all

on the computer screen and the whole, the whole movie's, the computer screen.

and and in this movie, one of the plot, you know, developments is

that the, the character figures out how to hack into an account, right?

And this person, um, then, then they're able to get into every other account

cuz they use the same username and password on every one of the accounts.

And not one of them had MFA turned on , right?

The movie would've been a lot shorter if, uh, if, if they had

A lot less drama if they got caught after five minutes.

And, uh,

Yeah, but I, I've literally, the, the best part is the

person that they were able to, uh, do this to is a security specialist,

Yeah, of course, of course.

Welcome to Hollywood.

I, I, uh, I lived in, uh, I lived in, uh, you know, overseas, uh, in a few places.

And, uh, there, let's just say that the, uh, viewpoint of Americans

was very Hollywood centric.

So, you know, they'd be like, you know, are, are gangs just running

wild and shooting people on this?

We're like, I know, you know, that's not, like, that's not happening.

Um, and so Hollywood does tend to, I don't know if you guys

remember this movie called Swordfish, where Hugh Jackman early days, and

like, he's like dancing in his chair as he's hacking into stuff with

like 75 screens up in front of him.

And I'm like, yeah, that's, that's exactly, that is literally

exactly the way it goes down.

That's, that's exactly what happens.

Yeah.

Um, the, yeah, it's funny, I, I, I, I gave up like criticizing movies,

uh, for the most part for that stuff.

Uh, and, and more like applauding when they actually get it, uh, correct.

yes.

Right.

Um, which, which is not , which means I don't have to do it very often, so, yeah.

So, so you said MFA and Well, let, let me, um, so we, we talked about LastPass,

uh, and by the way, we did a whole episode on LastPass a couple weeks ago.

And, and the thing for us, by the way that that's interesting about the

LastPass story is, is it was their backup system that ultimately, uh,

was the result of the, it was the, you remember it was a two-phase hack, right?

And it was the, they ended up being able to access the backup system and

get, get ac, get their hands on the, you know, the, um, what do you call

that?

What do you call that?

The um, The vault.

I was gonna use a, like a, anyway, uh, sometime.

I'm sorry.

English is not my first language.

Oh, wait, it is.

Um, but yeah, that, having, having said that, I am still a

huge fan of password managers.

Um, and I I'm just curious if you have a, if you have a, an alternative to that.

If you, what, what do you think about password managers

I mean, absolutely necessary.

Uh, we're going to move away from passwords, so it's gonna become a

at some point?

Right.

in the future.

But obviously in today's world, you know, you gotta have a password manager.

Uh, but the, and the reality is, is that, uh, the, the joke that we

were just making about the Hollywood folks, but it's, it's not an uncommon

situation where, uh, you know, the passwords are used more often, you

know, more often.

And so they're like, well have the, have the 20, you know, letter

and number and all that stuff.

But again, the way that that's usually, uh, received is from

a breach from somewhere else.

Or they, they harvest it, right.

And.

To your point around mfa, changing your passwords, things along those lines.

Um, a lot of the work that we do is around securing organizations, uh, obviously

from malicious activity, but also from legitimate login via nefarious actors.

And so there's, there's outside of, of, um, just looking for malicious

code dropped on machines, there's way to look at seeing what people are

doing, how they're writing, what things that they're, they're taking care of.

So imagine that somebody logs in as, as Scott or Curtis, and they're looking

at emails and they want a wire done.

This is super common.

They'll send a, an email message to someone saying, Hey, this is

Scott, please send this wire here.

Here's the information.

We, there's ways of detecting that now.

Um, and just go, okay, that there's almost no chance that Scott, even

though they used Scott's name password, he's logged in as him.

Uh, maybe it's from a different location than he usually is.

There's a lot of his style.

Maybe he doesn't put deer in his, you know, response emails.

Almost never.

I mean, there's all these things that can trigger.

That we spend a lot of time on to try to make sure that we can, uh,

help secure

organizations.

Past guests on the podcast, we've talked

about that sort of thing, right?

Being able to detect these patterns is sort of fine tuning for each environment.

It's sort of complex, and when you end up with a lot of false positives, it's

almost like the boy who cried wolf, right?

At some point people just start to ignore those.

So how do you go about this

Prasanna, I'm gonna, I'm gonna slip you a 20 after this for leading

me, leading into my, uh, my spiel here.

Uh, no.

I, so I spent 20 years in the MSSP space, right?

I, I helped build out, um, the largest MSSP in the world, built out their

APJ business, and then ran their global s p business as with Symantec.

Um, helped build FireEye, Mandy, and SSP business, uh,

and we call it alert fatigue.

And so the standard model, uh, is.

Uh, you have a person or people, especially in the large enterprise,

right, they have to weed their way through the 40, 4500 security vendors,

figure out which of 'em, um, look interesting, do proof of concepts on

the top two or three, land on one, sign the contract, pay the upfront payment,

put the, all the stuff in place.

And then when they're done, they kick a bunch of data over to the

SS P M S P looks through it all and then sends over alerts going back

saying, Hey, this is informational.

This is a warning.

Which means, I don't know, it could be something bad, could not be bad.

I don't know.

This one looks critical, looks like there's something bad, but

we can't do anything about it.

Here's some things you can go check.

Um, and that model to me was very broken.

And so, especially in the mid-market.

Uh, and so we took a very different approach and tried to take the lessons

learned from 20 years, uh, of doing this for the global 1000 and, uh, trying

to deliver something that is much less alert, fatigue and much more, uh, what

we call practical security that, uh, allows organizations to have really.

truly, you know, fortune 500 level nation state creates security, but

tone down the noise and actually just solve the problems as they come up.

Keep the breaches from happening,

Because especially in these companies, organizations, I

should say, they may not have like the same level of security experts as you

would in those like global one thousands.

Right?

And so

they probably don't.

Well, every once in a while, maybe they spent enough money to hire

away the right set of folks, right?

Mm-hmm.

Yeah.

It's very, so what you tend to find in the, so when we built

solcyber, we've explicitly said we wanted to target the mid-market because

they struggle to get access to the capabilities and when the capabilities are

a combination of, of the classic people, process and technology, but a lot of the

best in class tech, they don't really sell it below 2000 users, 2000 employees.

It's kind of hard to get your hands on it.

Um, the stuff we use for user behavioral analysis, If you're below 10,000

employees, you're never, you're, you, you're not even going use it.

It's too complex, it's too heavy.

Um, and so, uh, it's just hard, um, to get ahold of tech.

The second thing is, is the right people.

And so, you know, you're 400 employees.

You may have two or three folks total, right?

One person who may be super savvy at security or maybe

actually just a good IT person.

And so how do they work their way through this

massive mound of security stuff to figure out what actually

secures the organization?

Or you have somebody who's super, super smart, they really understand security.

They don't have the

people to manage it, the time to put it all in place

Or even budgets.

Uh, and so,

and then the third one is the budget, right?

Is stroking these upfront payments so that you're, you're hitting on the head.

So two things.

One is, Uh, time for me to do

our disclaimer, uh, Prasanna and I work for different companies.

He works for Zoom.

I work for Druva.

And this is a, this is an independent podcast, not a podcast by the

company and the opinion set.

You hear our ours.

And, um, also if you wanna join the conversation, reach out to

me at w Curtis Preston, uh, at gmail or at WC Preston on Twitter.

And, um, you know, join the conversation.

Also, be sure to rate us, go to your favorite.

Uh, most of you, it looks like you're listening on, uh, uh,

apple, you know, uh, podcasts.

Uh, just scroll down to the bottom and you can give us, you know, six stars.

If you can give us six stars, that'd be great.

Um, by the way, you were, you were talking about, uh, fatigue, right?

So I just yesterday, so I use, um, uh, Zapier, like an automated tool and I've

been playing around with it, uh, of doing Reddit searches and, um, Just play.

You have to be careful with Reddit searches cuz you can get a lot.

And uh, I was like, oh, I'm gonna pick one of our, without saying who it is one

of our competitors who has a very unique name that isn't gonna show up anywhere

other than discussions about them.

And so I put them in and uh, on the video, uh, I'm gonna take

this out, but this is today

Mm-hmm.

and I can't imagine if those were security things

that I had to actually reply to.

That's right.

No, guys.

It literally came up on a conversation with a customer today is they

said, how do you get around this?

And we actually spent a lot of time talking through how we, uh,

really streamlined the alerts, um, and the responses to make it

much more practical because they, they'd used an MSSP in the past and.

They're like, it was just like

they gave me more work.

They didn't save me time.

They made my life, they made my life worse.

By the way, I should have, I should have made you

do this before, but what is an m s.

Ah, managed security service provider.

thank you.

Uh,

what does it do?

Yeah,

what is that?

Yeah.

Yeah, so it's a great question.

It started out, um, historically if you, you know, if you guys, we were

talking about the eighties before, uh, when firewalls and IDSS came

out, large organizations had NOCs,

Prasanna Malaiyandi:

Network Operation Center,

Yes, sir.

And so if you think of somebody like Eeds or ibm, they had these big,

beautiful BU buildings that showed that the network was all up and

running and online and all that jazz.

Uh, when all of a sudden these firewalls and IDs is inion detection systems

started generating lots of data, nobody knew what to do with them.

There was no system to dump that data into, right?

And so, um, your first security operation center was one who manages

the firewall and the IDs just from a day-to-day care and feeding.

But two, the, you, you generate the data in order to do something with it.

And.

Um, the process of gathering up that data and running analytics against it

was really the foundation of the first MSSP and that that contrasts with an

msp, which is a managed service provider.

And these get confused often.

And MSP is basically looking after your it, right?

Do you have your laptop set up?

Is your email turned on?

Um, that is not what an MSSP does and somebody like us, um, which is a

specialty mssp, we really focus on the threat and trying to keep organizations

protected, you know, against the threat.

So we don't, you know, we don't manage firewalls.

There's tons of infrastructure companies and MSPs that do that.

We'll take a data feed from your firewalls, for instance.

Uh, and that's really the core

difference.

So when you get this feed, then are you basically acting,

so are you acting on that data or are you sort of crunching it, looking at

patterns, anomalies, et cetera, and then spitting it back to the customer's?

Uh, security operation center?

right?

That's the standard model.

What Prasanna?

We built something very different.

What we did was, we said, um, for a mid-market company, which we consider a

hundred users up to about 200 employees, uh, there's a set of stuff everybody

needs to secure their environment.

We call it foundational coverage.

Uh, and if you look at the kill chain, Lockheed Martin kill chain, there's

a big one, there's a small one.

Um, there's a standard set of activities that a malicious actor

goes through in order to breach an organization and then either lock

up the data or exfiltrate the data.

And so in order to protect against that, you need about eight different things.

What we did was we went out and used the tools that we've been using at,

you know, these big, big companies and we put those into a package

that we call foundational coverage.

And we sell that to an organization and it's all inclusive.

So you get your, inst your implementation, you get your licensing,

you get your management, you get your monitoring, uh, you get your

detection, and you get your response.

Um, and so our model is very different because.

The tech stack that underlines a lot of the problems in the breaches

is not under the control of the

mssp, it's under the control of the customer.

Um, and our view, especially in the mid-market, is they weren't

getting best-in-class tools.

We used to joke that they've got AV and a firewall, and that's not gonna

protect, uh, people in today's world.

And so think of NextGen E P P E D R capabilities.

Think of user behavioral

you're gonna have to define that acronym.

E P P EDR is basically endpoint protection and

endpoint detection and response.

And so think of a really high-end piece of code running on a machine

that allows one to detect if somebody's changed a, a process on the machine.

And two, allows someone like us to get onto that machine

and fix it if something malicious is happening.

Uh, user behavioral analysis, U B a, um, process of mapping out of people are doing

weird random things that appear abnormal.

So

like suddenly uploading a lot of data from somewhere.

perfect example.

And so these, these components we actually sell per user per month.

Now each of these components, usually you have to pay up front for, you

have to deploy them, you have to do a POC on 'em, and then you have to

obviously, uh, sell, you know, uh, manage 'em and detect and all that stuff.

So what we do is very different Prasanna is we sell all of that.

Now on top of that core set of stuff that protects every company.

There's a lot of other things that people can send to us.

We call 'em data feeds.

We, we take data feeds from like 400 different technologies

and we'll use that as

context.

We'll correlate all the data, um, and, and things like that.

So that's how we do things differently.

So li a little confused there.

Um.

You, it sound like some of the things a person needs to protect

their environment you provide and some that they're providing.

Uh, so he help me understand that.

we draw the line between what we consider in, in infrastructure

and then threat.

And so what we provide is, is all cloud-based capable, but they're

tools that land on the endpoint.

And so we start at the user and we say, how do we protect

the user and the identity?

Um, and things that encompass all of that are included in the service.

But if, if a, if an, if a customer said, Hey, I've got 400 employees and I've got

two offices and my employees are most of the time at the house, but sometimes come

to the office and at the office we have a firewall, um, we're like, great, we'll

take a data feed from your firewall, but we're not gonna sell 'em a firewall and

implement a firewall because generally speaking, we consider that infrastructure

traditionally with sort of security.

But a lot of that type of stuff has moved over to an infrastructure team.

So whoever's handling their router switches and laptops can

usually also deploy the firewall.

And that's how we define it.

Just finished the thought here.

And what about, what about servers, infrastructure and,

and cloud infrastructure?

What about, because it sounds like you're focusing on the endpoint.

What about that other part of the infrastructure?

Uh, so servers we consider an endpoint.

Uh, so

we can take what we're doing, uh, on, you know, Scott's machine and do it at, at a

server, which most of our customers do.

Uh, and then cloud.

Great question.

There's essentially two types of security for the cloud.

Uh, the first one is threat.

So we can actually take a data feed from every cloud provider's

security, uh, tools toolkit.

Mm-hmm.

so that's the cloud watchers, what have you.

We can take a data feed and we have a bunch of analytics we run against that.

The second piece is, um, a more sophisticated layer

of security in the cloud.

And so there's tools that can be deployed.

Into the cloud.

So there's a, there's a concept called, uh, cloud security and posture management.

So a lot of your big breaches have happened because somebody left the front

door open to their storage . Um, and so what this does is in real time looks for

a change in that posture that says that that's now probably an open, uh, an open

service or an open storage, uh, container.

Uh, and so there's tools that can be deployed, deployed there,

and we offer all those, we call those extended coverage options

because not every customer has a sophisticated cloud infrastructure.

Uh, and so we don't put that in foundational because not

every customer needs it.

Uh, but uh, we do offer those as extended

Do you support?

Like I know you talked about server, you talked about

device, you talked about cloud.

What about SaaS services?

Like are there things you do around Microsoft 365?

and other services like Salesforce, et cetera,

Yeah, great question.

So the.

Majority, probably 80% of our customers are, are, have a cross section of things.

That cross section tends to be, uh, mostly remote with some, some

small offices, very sass heavy.

Right.

Um, and on Office 365, that would be like, if you were to say draw the circle, right.

80% would sort of land there.

And first of all, office 365 provides a lot of amazing identity telemetry.

So we scoop all that up and we, uh, we tie it into the back end

so that we can actually get the ID telemetry and correlate that

it's like the data stream that we talked

about with the firewalls.

Similar to that, you just get a data stream.

exactly, and, and part of the reason why that matters is,

and this goes back to the whole alert, fatigue and noise and the, it's very

common in a lot of situations where the MSSP is saying something like, ten,

ten, ten seven we think has a problem.

Sort of like this.

These are the four things you need to go check.

And then, Prasanna or Curtis, you guys go run off and check it and

you come back and say, I'm not sure.

And then you contact us and we go back and forth.

What we're doing is we're switching that and we're trying to say, um, Scott

McCrady and his machine have a problem.

And we know that based on the identity data, the machine data, the user

data, um, and, and, and this is how we

solve that problem.

So because we track to user instead of the ips and knowledge

And, And, it sounds like you're able to, uh,

actually stop it, that you c you can actually affect the change necessary.

we can.

So we do.

So one of the frustrating parts of of security is these words

get sort of used by everybody.

And so there's a concept called response.

And so a lot of companies are not what I would call, they're being disingenuous in

the fact that they say they do response, but what they really are doing is notifi.

they're saying, Hey, we think we, we think we detected something, and

we're sending you a notification.

They call that response.

What we do is actual response.

So if we are, if we see, uh, a hash on a process change that we know

should never change, we're gonna go back there and try to quarantine that

process, quarantine that machine.

We're gonna do something if we can.

Uh, and that's, that's a fundamental difference about what we do because

again, if you're looking at the mid-market, do they have the people that

know how to go research and track that down and, and do what they need to do?

Oftentimes not

so let me ask you this.

Um, and, and I'm, I'm gonna preface my statement slash question with,

with the following statement.

I have never.

Bought a security product in my life.

. Okay.

Like for IT infrastructure.

Okay.

Um, obviously some stuff's from my own stuff, right?

But not nothing for a company.

Uh, I looked at your pricing model.

Um, first I did one of the simplest pricing models I've ever seen.

Uh, I like that.

one SKU,

What's that?

one

exactly?

Customers don't believe it.

Yeah.

I, I will say that I choked a little when I saw the number.

Um, that's why I'm saying I prefaced this with, I've never

paid for anything like this before.

Um, it, it, it just seemed like a lot be because it was per user, right?

I believe the current, it was current was $57, I think per.

$57.

Right.

So I'm sitting here going, so if I have, so you're going for the

mid-market, I've got 500 employees, I'm gonna be paying you $25,000 a month.

Uh, that seems like a lot to me.

Mm-hmm.

me understand how that compares

that's not a, that's not a lot

Yeah,

Um, no, it's a great question.

First of all, I wa it is funny because as far as I know, we're one

of the only companies that actually puts our pricing on our website.

Uh, so we have the sing, which we call, um, annoyances, and

we put make cartoons about it.

And so you'll go out to these, security comes, it'll like,

it'll be pricing, you'll click on it and we like contact sales.

Um, so we actually list out our pricing.

Now, I will say we have bands, so we, and we don't list out every

band, cuz that'd just be sort

of silly.

But, um, so obviously, you know, we're working with a company

that's like 4,000 employees.

You know, the band's lower than $57.

But candidly most com most of the time we sell our deals are at $57.

And the way it breaks down is a very basic security stack, not

even the stuff that we're doing.

If you're a 200 employee company, you're going to run about $40 in

license costs per user, per year.

Oh, sorry.

For per, per user, per month.

$40 and just the

just licensing.

Okay.

but all that licensing is going to be actual annual paid up front.

So they, you don't get charged per user per month.

You'd have to back into it.

You say, well, I'm gonna pay a hundred thousand dollars divided

by 200, you know, divided by 12.

So most organizations pay around $40 for what we'd call, you know,

relatively mid-tier cap capabilities.

Now, mid-tier tools, these aren't best

Prasanna Malaiyandi:

That's just a softer stack,

Prasanna Malaiyandi:

right?

Prasanna Malaiyandi:

Yeah.

just the software stack, and this is street price by the way.

This is all stuff we've purchased in our life that we actually know exactly.

I mean, we got to, um, this things that we've, we've purchased.

So that's before you get somebody that actually has to deploy it and manage it,

has to, that's gonna run the simulations.

Um, so that's before what we call care and Feeding.

Uh, care and feeding for a standard 200 employee company for, uh, again, a basic

security stack is a person, it's a.

Today's world called a hundred, $125,000, um, for, you know, a

semicon for a competent IT person.

Uh, so there you go.

Right there, right?

So you're already over 57.

That's before you get into detecting response.

So that's before you actually take all that data out of there and run into

a 24 by seven system and then, you know, responds at whatever two in the

morning and actually fixes the problem.

So we tend to be about 40 to 50% cheaper, believe it or not, um, to do this than

actually trying to build it yourself.

Uh, we also don't charge upfront fees.

So we financially companies love it.

And to give you a sense, an MSP that if you were, if you were a hundred

or 200 person company, almost all of, use an MSP to manage their laptops and

their, you know, email and all that, they charge about 150 to 200 bucks

per user per month to do all that.

So,

um, we tend to get very, very, Yeah, we, we tend to get very, we're people

are very complimentary of the model.

We, we, uh, businesses is relatively speaking pretty good.

Wow, that's Well, and just in my head I'm going and

thinking about, okay, so there was like, you were talking about the M S P was

like a hundred to 150 a user, right?

Security is like 50 a user.

Right?

And then I started thinking about, okay, backup.

And it's like backup is such a small percentage of that if you think about

Well,

but yeah, that, and that, that was the problem, Scott, because I'm

comparing it to like, what we charge and you know, we're, we're like a

couple of dollars a user, right?

Um, but it, it's not the same, you know, it's not the same.

Right.

Um, so that's, that's where my sticker shot came from.

But I, by the way, I, I am, you know, I, I get the thing that I work for a

SaaS company and that of course I'm gonna like the SaaS pricing model, but

I really like a SaaS pricing model.

You know, the, the

old, the old way

three-year

I mean, the way you have to buy a.

Yeah.

Exact three year contracts, five year contracts, having to, you

know, on our, on our, in our world, I have to size everything, right?

I have to,

how big will my backups be in three years?

No freaking idea.

Right?

And so I'm gonna oversize it and overspend and I have to buy it all now.

Right.

Um, and, and 90% of it's gonna go unused.

we talked about the Netflix model, right?

Or your streaming service model of choice, which, but you all remember, I

mean, um, Curtis, you and I are probably older than Prasanna, which I, you know,

but

we are.

like,

we're probably technically savvy people.

So I built a media server at one point in time.

I went out and bought all my CDs or Blu-ray discs, and then I bought my

media server and I got my Plex server, and I sort of had, quote unquote,

on demand entertainment, right?

I built it

all, and then Netflix came around and basically said, Hey,

we're gonna do all that for you.

Stream it to you, give you a lot more choices, and we're gonna charge you 9 99.

and I was like, I

don't really need my media.

I mean, I still have it

. Um, and so that's the

I say it's all the time.

It's lost in the eighties.

You're going to, you gotta still go build this crap all the time.

Pay up front, stitch it all together.

Hopefully it works.

Oh, by the way, we're not 4k.

So now you gotta change it all out so the latest threat comes out and

all of a sudden your current security stack doesn't work against it.

And there's nobody that's actually solving that problem.

and and that's what we're trying to solve.

As soon as, as soon as you said you had a, and by

the way, my, my media library or the hardware that comprised my media

library is right over there in a box . That's, that's gonna go somewhere.

Cuz I had to save, had the same exact thing.

I think the other thing with the SaaS service, and I don't

know if you do this as well, Scott, it's.

unlike in backup, where you'd have to wait for like the patches to come

out, and then you'd have to deploy it across your entire infrastructure,

and that takes time in scheduling.

Right?

With the SaaS service, a lot of times you get the benefits of, Hey, it's

easier to push updates and upgrade without having to sort of wait for

some IT person to be like, yeah, let me go schedule these things.

No, it's, it's, it's true.

So again, we target mid-market and we we're very explicit about that.

But one of the reasons is everything we do in the stack itself, so all

these best in breed products are now all cloud-based or on, they have both.

Some have both.

Most of 'em are cloud have shifted.

So none of our stuff's on-prim except for the stuff we have to put on

the actual endpoint itself.

Uh, and so it gives us this unique ability to up, we update the

service about every six months.

So as we see the threat change, uh, as we see something coming down the.

As cyber insurance changes, uh, we just update the service.

Um, and as a foundational coverage customer, it's included.

So you get on your quarterly business review and we say, Hey, now you get, you

know, we added in proactive threat, you know, uh, intelligence, blah, blah, blah.

This is

you, you now have access to it

So we just turn it on.

Some stuff

beauty, that is the beauty of SaaS

my friend.

Yep.

Um, we say the same thing.

Um, I'm looking at, and we don't have time to cover all these things,

but I'm just sort of scrolling through on Solcyber, by the way.

Tell me, uh, tell me what the story behind the name.

So l cyber.com.

So, uh, sun, so it was basically, you

know, a play on, on sun cyber.

Uh, and so obviously we're in Texas, it's warm.

Um, . And so the idea was really around the fact of soul, cyber, sun Bright.

Um, we wanted to be approachable.

Um, approachability as a concept, you know, this and security is like,

you know, here's the angry falcon as it sweeps down upon you, right?

Um, we didn't want to be a bird of prey because everybody's a bird of prey.

Um, so we were trying to figure out like, what's, what's approachable,

what's, what's more, uh, interesting and what's our, what's our tone of voice?

And so we thought soul cyber was just a, an approachable,

bright, uh, airy type, uh,

I like it.

And Trademarkable, and you can get a, you can get

a, uh, domain name . So there's, so that's always helpful.

The domain name does come in handy.

what's that?

The domain name is Handy

Yeah, absolutely.

So just curious, uh, um, do you have any advice for our, our backup listeners

specifically, you know, with regards to protecting backup infrastructure?

Uh, you have any thoughts there?

first of all.

I mean, kudos to them because we do what we do because we really attack sort of

the, the threat aspect of life for our

customers.

But there's a lot of, um, runway organizations can get by doing

what I call the basics, right?

And so people are always asking me like, what do you tell kids or young

people about like being successful in a career or what have you?

And I'm like, do the basics.

Be nice, show up on time, like be easy to get along with.

And it's sort of the same when it comes to security, right?

Confidentiality, integrity, and availability is the three

pillars of, of security.

We handle piece of that.

But the concept around like MFA and what we're gonna talk about here, um,

disaster recovery in the form of backup.

If companies were to do that effectively, uh, and manage it well, uh, a whole bunch

of problems sort of get solved and a bunch of risk gets taken off the table.

And so, uh, the first thing I'd say is, is will you tell everybody, you

know, they, they need to have 'em done.

They need to be tested.

You probably need to use a service.

Um, so that, you know, you take, again, you take some of that risk off the table.

Do you really wanna be checking your backups, uh, yourself And

most com Most people don't.

They

just don't.

They, they say they do, but they don't, right?

They don't have the time.

Life gets in the way.

So, um, it's absolutely critical.

100% mission critical to every organization.

We recommend it.

Um, a lot of the MSPs we partner with, uh, do it on behalf of the customers.

Um, and, uh, it's just something that is, is you can't, you cannot not do it in

and you were

Yeah.

No, we have, we, we have a, uh, Druva has a big s p program now.

Um, and so trying to roll that out.

Um, by the way, our name came from,

it's the Sanskrit word for North Star.

Um, so we're leading the way.

I don't know if she That's So you're after a son?

We're after a star.

Mm-hmm.

. You gotta pick something,

right?

Some

Scott, I know previously earlier we were talking about

sort of how you map everything to users.

When you go into these environments with backup servers or with things

that need to be backed up, do you consider that the same as any other

user device in the environment?

Right.

Where it is critical, it is important to make sure that's secure, right?

Just like anything in, probably, it's actually more important to

make sure that's very secure, just given all the data that's

sort of associated with backups.

Yeah.

Again, good question.

So there's two answers to that.

Um, is one you do actually.

Uh, so there was, there was, if we back up actually, and, and you all

may remember these days, there was a really big push around information,

um, attribution, uh, in classification.

And this was maybe seven or eight years ago.

And EY and Accenture, all these guys were like, let's go classify

all your information and then we're gonna have different security levels.

Relatively the classification of the information super makes

sense in, in, in life, right?

But it's like trying to keep your Tupper war drawer, you know, organized.

Like unless you're that company.

It's gonna be a mess relatively soon, even if you're a super organized, uh, person.

And so this whole concept around the classification of the

underlying assets and information sort of fell by the wayside.

Um, and so our view is a much, um, again, we, we call ourselves practical

security, as much more practical view.

So there's a set of tools that we deployed to every entity, right?

Most of those are tied to a user, but the servers, backup

servers, all that we deploy.

And the second thing is we actually, in the onboarding process, we classify

at a much more high level, um, the different types of assets, right?

And so, you know, CEOs, CFOs, like cfo, uh, if, if we see, uh, certain

types of emails going out from the cfo, they trigger faster than if we

see it going out from somebody else.

Same thing comes to the underlying assets of the server.

So if you are running a certain type of, of server and we see certain types

of information going to it, , we'll, we've already classified that at a

high level and said, okay, that's, you know, that's, that's benign

or that should never be happening.

And so we actually have the ability to, um, prioritize different types of assets.

Um, and, and that does apply towards certain types of servers, uh,

And I'm assuming that they would be able to send a data stream

from like your backup logs or the backup server to you guys to be able to detect.

And Curtis, maybe this could be one way to catch, I know we talk a lot

about ransomware and how it goes and deletes all your backups, right?

, if they sent you a log of, Hey, here's a data stream of events happening.

Right.

That's probably something that could be flagged from a security perspective.

you know, it's a great question.

I don't know.

We actually do take, um, logs from backup systems.

Uh, and we have, we have correlated.

It's a great, it's a great question, prana.

I, it is now on my list with my CTO on our one-on-one tomorrow.

Um, because we have the capability, but I don't know, I can't think of anybody

having

because it'd

be.

um, but theoretically,

things that we, that we've seen at least in

some cases is right, hacker gets in, they then go to the backup server,

they disable all the jobs, right?

They delete all of 'em, and then they delete all the backups that

exist, and now you're screwed.

Yep.

And nobody's there.

I mean, this is the reason why you do detect and response

is literally that story.

Now

you just used it for backups, but at some point in time there was alerts

going off that said that something, something, something's happening

that should not be happening, right?

And so imagine that's really the

job that we have, um, across a, an organization saying there's things

that are happening that, and there are

things sending off alerts that are notifying that

something, that something nefarious is going on.

So now imagine, again, we don't manage a backup system,

but imagine that we contact.

Or whomever and they said, oh,

crap.

And then they went in, fixed it.

Right.

That's really the goal, right?

Sounds great.

Um, , so, so, we could talk about this for a while.

And, and also apparently backups, I'm sorry, uh, barbecue

and, uh, media streamers and Thai food.

Uh, sounds like we have a lot of the same interests.

Scott, um, by the way, you have to come, you know, if

be beer and bourbon are also on my list.

So if

now see there, there's one.

That's one vice we do not share.

I'm

not a huge, uh, any fan of like, bourbon, whiskey, scotch, any of that.

I've never, I've never crossed that.

But

German and my dad's Scottish, so I, I don't have a choice.

I like, I think it's in, I think, I think as in the dna

um, I, um, uh, but if you want to come down

to San Diego anytime, uh, and fi

and, you know, have some, have some, actual Mexican food, not the stuff

you guys have over there, right?

Not the

I used to do a lot of work in utc actually.

That is, it is a beautiful area,

Yeah, it's a, it is, yeah.

La Jolla, which is, uh, Spanish for expensive af.

Anyway, um, so , so, uh, thanks.

Thanks a lot, Scott.

It's been a great conversation.

Ah, thanks for having me.

Hopefully as useful.

I know, uh, uh, the Dr and the backup people out there, uh, appreciate the

work and, uh, if any of you are, are like, man, I'm not sure if our security

is where it needs to be, then feel free to reach out Scott@soulcyber.com

or obviously solcyber.com.

Uh, you can find us

Absolutely.

And Prasanna, thanks again for your

I try.

I try, and Scott, good luck with moose.

Hopefully he's quieted down back there.

He is, he's already back to his nap.

It was, uh, obviously, uh, he, he, he wrestled that, uh, piece of, uh,

sweet potato to the ground, so he's

It's a tough, tough day to be a dog.

So I don't, we don't have a dog, but we have, uh, we have a grand dog.

Her name is Brulee.

Um, and, uh, she's a cockapoo and adorable, but, uh, and her favorite person

in the world is my wife for some reason.

But anyway, uh, well listen, thanks to our listeners.

Uh, you know, we'd be nothing without you, and be sure to subscribe