Welcome to CyberFocus from the McCrary Institute where we explore the people and ideas shaping and defending our digital world. I'm your host, Frank Cilluffo and this week I have the privilege to sit down with Manny Cancel. Manny is a Senior Vice President at
NERC and the CEO of the Electricity ISAC Information Sharing and Analysis Center. Manny's going to give a little bit of background on those issues and obviously we're going to go deep into grid security, I think an issue that's tight top of mind for everyone. Manny, thank you so much for joining us today. Frank, thanks for having us. Really appreciate being here and the important work you do. I would love to start
with. I know most of our viewers and listeners are familiar with the electricity isac, but they may not have all the background. Thought I'd start with sort of that psa and to give a little bit of background, what is the isac, who does it serve, how long has it been around? Anything else you think our viewers should hear? Sure, thanks for that. Happy to provide that background. So the ISAC has actually
been around for 25 years. This was our 25th anniversary year this year. Happy birthday. Happy birthday. Right. So you know, but we've seen the ISAC grow tremendously in those 25 years. So we are a stakeholder organization for the electricity sector. 1800 members, most
of them are utilities across the United States and Canada. We do have about 2, 250, 250 government partners and technology partners that are part of the isac and really, you know, people that are stakeholders in the ecosystem here that all have a vested interest in keeping the grid secure, have a variety, you know, of utilities. Obviously the investor owned utilities, large public power and small utilities like municipally run co ops and,
and rural cooperatives and things like that. So we have a diversity of, of utilities that we need to serve as well as our you partners in the federal government, both in the US and Canada. And I always say this, it's our responsibility to, to help and support the equities of all those stakeholders. So that's the isac. The one other thing I'll say I am, we are part of nerc, but we have no compliance, management or enforcement functions. It is strictly a security organization that is really
focused on sharing and making sure the industry is sensitized to the security risk. Awesome.
So Manny, you've been at the helm for four years and from the day you came in to today, it's been a busy four years. I would proffer to say, and let's start with a little question sort of on the, on the threat landscape. And you've had Volt Typhoon, you've had an epidemic of ransomware. How has the sector sort of changed its security posture to deal with the, with the, the rapidly changing threat? Yeah. So couldn't agree more that the posture is complex, you know, at a
pace that we've never seen before in terms of both complexity and velocity and arguably overwhelming. And so you've seen the industry continue to focus on how it continues to enhance its capabilities going forward. And you know, I always like to note this is not a, is not an issue that the electricity industry just woke up to. Right.
We've been paying attention to security risks for, for decades. But as you point out, there's always a need to sort of look at our capabilities, continue to refine our capabilities, think about how we are addressing new things like new technologies like AI and things like that. So, you know, those are the challenges that I think are in front of. Us as we go forward, you know, and I'm going to pull on
the new technology and AI and everything else that's both shiny and real in a. But one thing that I've noticed and disagree with me, I have a hard time divorcing cyber from geopolitics. If something's popping somewhere and going boom in the middle of the night, it probably has a cyber nexus to it. And if it doesn't, it had a cyber role in one way, shape or form or another. How do you feel? Sort of the. And we'll start with the two, the Big bear and the
Big Dragon, China and Russia. Are we getting to the point where, and I long argued that industry's on the front lines, but they never went into business thinking they have to defend themselves against nation states. Are we starting to get to an equilibrium there? I don't know if we're at an equilibrium, but, you know, you make, you
know, a great point. Right. The threat has really become so much more complicated because of the geopolitical tensions that are going out throughout the world. So pick your part of the world. Southeast Asia, Russia, Ukraine, the Middle East. There's so many areas. Right. And I agree with you when, when you hear about a cyber issue, you have to really ask, is this connected to a nation state or political adversary? So that's something that we keep in mind. We try to, you know, evaluate as we, we
do our analysis as we go forward. What you said is absolutely true. It's kind of, kind of not a fair fight. Right. Corporate corporations were not designed to fight nation states. Right. So this is why it's critical that we continue to work with, you know, our federal partners and, and state and local partners to one sensitize them to the issue to look for bad behavior. And, and the adversaries are getting much
better at hiding that. Being stealthy, being persistent. And that's what makes this challenge all the more, you know, hard to address. But nonetheless, we keep, you know, looking. At
these things and I don't want to lead the witness, but I would say that that cooperation has improved exponentially, in large part because the bad guy has a vote. We have no choice. But is that fair? Yeah, I think, you know, since I've
been in the industry, which is over. 40 years, including CIO of Con Ed. Right. Including as a CIO in a big city, you know, the, the cooperation, the partnership between the industry and government is really quite robust. Right. Something quite honestly that is just table stakes. It has to continue as we go forward. That's how we're going to stay ahead of this. You mentioned there's a difference between sort of the Duke
Energies and the Southern companies and some of the co ops. How do we sort of square that circle? Yeah, that's a challenge. Right. You know, the big guys have
mature programs, a lot of resources. Probably the gold standard in the cyber business. Yes, arguably. And they're big targets though, too, right? Absolutely. For a reason. They're big targets for a reason. But that doesn't mean we should ignore some of the smaller players here who also servers, you know, critical businesses, critical defense infrastructure are vital to the success of the economy here and the lifestyle that we have. So really what we
try to do is help. And by that I mean we curate products and services for the different audiences that we deal with. Right. And we don't dumb things down, but we make things more consumable and digestible for maybe. And usable. Right. For an organization. So look here, not necessarily here, focus on this. You know, when we ring the bell, we try to ring the bell and really make sure that people are paying attention. The other thing that's unique to the, the electricity industry, and I think
it's because we're not competing against each other. We do share quite a bit. We share information, you know, not only with the threat landscape, but this is concept that we've extended from storm restoration, which is called mutual aid. And so there is a cyber mutual aid program in the electricity industry here in the United States, where we have developed the requisite legal documentations and NDAs that would allow companies to pick up
the phone and call somebody during a bad period and get assistance. And the good thing about this is, unlike a storm where you have to mobilize crews and trucks, people can work from wherever they're working and work on the issue too. And that is, that is a unique program to our industry. Absolutely. And essential. And unfortunately we
have a lot of scar tissue and lessons learned from response, recovery and restoration along those lines. You know, you brought up AI and you're seeing massive growth in the utilities with data centers and AI just in terms of customers and the like. But how has that changed the industry? And, and I'm not asking you to look into a crystal ball, but what does it mean kind of going forward? Yeah, just from
an operational perspective, the concern with AI is the impact on reliability. Right. You know, you have this proliferation of data centers and this growth and load, which is great for the economy and the utilities, you know, but at the same time we have to be able to serve that load and it cannot impact the reliability of the system. And so, you know, the need to site more generation to do this in a, in a, in a well engineered way that we don't put the system at
risk. Now, from a cyber perspective, you know, I think there's a lot of benefits and there's risks associated with AI. Right. AI will make hacking easier, faster. Right. We saw some of this during the recent political campaigns that have gone on here. The spread of disinformation and other, you know, sophisticated techniques. At the same time, I think
it'll make finding, you know, the bad guys a little easier. Right. You know, we'll learn about what they're doing and especially for things that are persistent and stealthy like Volt Typhoon or Salt Typhoon, over time we'll learn, you know, the techniques that they're using and we'll be able to adapt our tools to, to help detect and mitigate against those risks. You know, I'm glad you brought up Salt Typhoon as well. And
we have lots of typhoons popping around the world right now. And Microsoft's names for some of these incidents. Volt Typhoon, I think was a big eye opener in terms of there was no value for collection. This was purely to be able to penetrate the system in the event of a crisis, take advantage of that. Salt Typhoon, on the other hand, is another massive espionage sort of campaign. How are you cooperating with
the telecommunications sector and some of the information sharing and analysis centers there? Yeah, so
we meet on a monthly basis with all the critical infrastructure ISACs. Right. And then through other Venues. There's a lot of coordination. I personally coordinate with my peers at the telecommunications isac, Financial Services isac, and through, again, through various fs. ISAC was the
first isac. Were you the second or. I don't know. I don't know the order.
But, you know, Steve silberman@ the FS ISAC is a longtime colleague known from New York City and. Absolutely. You know, so there's a lot of New York roots. There's a lot of New York roots. Right. But. But again, that. Again, that collaboration, just like our collaboration with the government is critical. Right. You know, for information sharing, for the sharing of best practices. You know, when Russia initially invaded Ukraine, we activated what
we call a playbook, right. Which. Which gets us involved with the other critical infrastructure, ISACs. And it was interesting to learn from the other industries that had assets in Ukraine or in Europe the impact that was going on there that we may not see here in the. Right. So that just underscores the value of these partnerships. And
I might note, and again, disagree with me, but a lot of the lessons we can glean from hot spots around the world could be a movie coming to a theater near you in the United States. So it is important to share, learn, and most importantly, then protect in terms of what we're learning. Is that a fair point?
Absolutely. You know, again, it's not unreasonable to think that what we're seeing in other parts of the world could occur here. And again, you know, when the invasion of Ukraine occurred, one of the things we did is we went back to the industry and we said, look, here's what happened in 2015, 2016, this could happen again. But again, all these attacks sort of provide an opportunity, sort of look back and see what could the impact be here and learn. Because the reality is when we have
a crisis, that's when I see the public and the private sector come together in a very powerful and strong way. I don't necessarily see that on an everyday environment. I'm not sure we need to. But learning from that, I think is essential. You know, last year, when I looked at the sector, there seemed to be a whole lot of physical attacks and kinetic attacks and rifles and the like domestically and. And we all know there have been some significant incidents in the past in California and
elsewhere. Anything we can be learning from that, and I dare bring this up now, drones are front and center and on the top of everyone's mind this week in terms of uas, what does that mean for the landscape and sort of the convergence of physical and Cyber, Yeah. There'S certainly been an uptick in physical security activities. And
again, something, you know, and I think it's important to note, we just, we do not just track physical cybersecurity. We focus on physical security and have a whole team focus on that. You know, look, the bottom line here is that activists, extremists, and we haven't seen any evidence of this, but nation states too, potentially all possess that capability. And they know attacking, physically attacking, critical infrastructure is just another arrow in the
quiver. Right. And just look at Ukraine. I mean, kinetic attacks, kinetic attacks, cyber. Infrastructure, you know, so after the shootings in Moore county In December of 2022, we took a much more focused analysis of physical security incidents. Right. So the punchline is they are increasing. Right. You know, people know that their assets out there, they know that
there's a way to potentially impact the grid by attacking these assets. The overwhelming majority of these attacks are not consequential, meaning that they don't cause operational impact to the grid, what we call grid impacting incidents. Right. They, you know, the 3% that do put the grid into a operating contingency or cause an outage. Right. So we have to again remain focused. Right now, the critical infrastructure standards, the SIP standards, offer and
proffer some suggestions for protecting bulk power assets. So these are bulk power high voltage transmission substations, not necessarily distribution, but there's an opportunity, sort of look at what we're doing on the bulk power side and thinking about how do you extend that to other assets. You open up another line of questioning and not sure how deep you
want to go here, but supply chain issues are pretty significant. And whether it's UAS drones in terms of the DJI issue, ET could be phoning home. And I know that they've been deployed all throughout the United States, including by critical infrastructure owner operators, as well as sort of bulk power. And the need, if a crisis were to emerge, are we front and center and first on the list is a question. And
it takes time. I think people don't realize. You don't just snap a finger and boom, you're going to get a transformer online, but to come from a black start, to be able to start again. What are your thoughts around that issue? I could
probably spend the rest of the day talking about supply chain, not, not only, not only on the, on the physical asset side, like transformers, but, you know, certainly software supply chain is a challenge, again, something that we continue to look at. There's been a focus, particularly on the distribution side, to increase the, you Know our supply and capacity, probably more needs to be done from a manufacturing perspective there, but making some
progress there. Drones, again, I don't know that I answered your question right out of the box there, but again, we're seeing a proliferation of the use of drones. I think the challenge with drones is that there are legitimate use cases and then there are malicious use cases and finding out, you know, the difference and then taking actions against that. So again, not all drones are created. Equally, not all drones are created
equal. And then when you inject the supply chain issue there, what a foreign, foreign manufactured drones, what risk do they bring? Right. How do we protect against that? So I think a lot more to go and, and I think probably if I had a call out, there are several priorities, but an opportunity to work more closely with federal agencies. I think we've got to collaborate on that, you know, quite a bit.
And again, there are lessons to be gleaned overseas in terms of UAS and conflict and straight up warfare that have significant implications. And, and I think you touched on this. But on the manufacturing and advanced manufacturing side, I, I again don't want to lead the witness too much, but we got to bring some of that onshore, some
of that, or at least friendshore, some of that. So we're not dependent upon countries that are countries of potential concern or in the orbit of countries that potential concern.
Yeah, I couldn't agree more. I, I think the way I look at it is what do we have to do to really buy down the risk? Right. You know that, that, that's the focus that, that we have to take. Well said. Now, New
Yorker, Mets or Yankees? I am a Mets fan. Me too. So I'm Islanders, Mets, Jets, Islanders. So maybe you feel my kindred spirits for all these years. So it's been a tough few, few years. Although our Mets will be back, but jets maybe. But I bring that up because Yogi Berra once said, the future ain't what it used to be. So what do we sort of look at? And Yankees, unfortunately, but a great, great, great American sort of. How do we get ahead of some of
this risk? And the reason I ask this is we're very good at backfilling. We tend to march into the future backwards looking in our rear view mirrors and addressing what we just saw. And of course we need to do that. But how do we look forward? Yeah, I think, you know, looking deliberately at supply chain, you know,
CIS has put out a lot of recommendations like secure by design. Right. You know, I don't think anybody cyber. Informed Engineering, cyber informed engineering. Absolutely right. And those have to become more than buzzwords, and I think they are. But how do we practically enable that? And again, you're not going to wave a wand and every piece of software is going to be secure by design, but the software that we all use or the software that is critical to running a data center or an electric grid,
that really has to be much more secure. Right. I think at the same time we have to recognize the fact that because we've seen it, that things will happen and how do we engineer our systems to be more resilient. Right. You know, whether it's from a physical attack or a cyber attack. Right. So something may go down, but how do we get it back up or how do we back it up
quickly and switch over to something else? I think there are opportunities, you know, again, not to do it ubiquitously, but there are opportunities to sort of focus on that as well. And I do think you touched on the word and said resilience is
the, is the outcome. I think in a worst case scenario at least we hope we can bounce back, if not bounce forward. Right. And I think we're never going to be able to say we can protect everything, everywhere, all the time from every perpetrator and every modality of attack. That's correct. That's right. Going deeper on the ISAC and the electricity isac, how would you compare contrast and I'm not asking you to
grade, even though we're university, but compare information sharing. What differentiates maybe the E ISAC from other ISACs and, and just your thoughts there? Yeah, I think one is the
community. You know, we have a history of sharing and I mentioned before, we don't necessarily compete with each other. The other thing is that the ISAC is walled off from its compliance function at nerc. Right. You know, that's very important. We wouldn't be in business very long. Exactly right. You know, so I think, and we try to remind people that all the time. The other thing it's not, and I firmly believe this, not just about sharing widgets. You know, you don't have to contact the isac.
We're happy if you do that every time you get a phishing attack. But it's important to contact us when you see evidence of a severe attack, a ransomware attack or evidence of a nation state threat actor or something you just can't explain. Right. Where you see significant impact or potential impact, we've got to ring that bell fast so we can sensitize the industry. And to pull that Thread a little further. It's
also sort of the canary in the coal mine. Others are going to be facing similar. Don't, don't think they're just going after. Sometimes maybe it is very discriminate, but in large part it's one piece of the puzzle that I think industry as a whole has a need to know. Right? That's the argument. That's the argument. Right. You
know, I think there's a much broader acceptance of the fact that this may not just be me, it could be the rest of the sector or it could be other critical infrastructure sector. And connecting the dots between. You mentioned convergence. Right. Is a physical attack a precursor to a cyber attack or vice versa? Or vice versa. Right. Those are things we need to think about. You know, crisp sort of the visa
workshops. Obviously GridX share a little bit about three of your flagship programs and any others I'm forgetting. Yeah, look, CRSP is a bespoke program, a great example, the partnership
between the federal government and the sector. It's a sensor program that looks for malicious behavior. It's been around for 10 years. I could cite national labs, national labs that are involved. I think there's an opportunity to increase and enhance the technology, also increase participation in the program. Not that these sensors have to be on everything or everybody, but we can strategically do this and probably expand it to other sectors as well
too. As far as the visa and other security workshops, really focused on enhancing the awareness around physical security threats. And in the visa workshops, what we like about them is that we really don't do anything. We just facilitate the conversation and it helps our members think about sort of the, no regrets, lower cost moves that they could take to affect their resiliency. Grid X. I've been involved in Grid X, every single Grid X, either as a player and now I get, I get to throw the
party. But again, an incredibly effective. And for people that are not familiar, it is the largest grid security exercise in North America and arguably the world. We increasingly get more and more of our members to participate. It is two days of what we.
Call distributed time at Funny island in Long Island. That's right, that's right. But we
spend time where people can exercise or organizations can exercise their response plans. And then we culminate it with what we call the executive tabletop here in Washington, where we bring together the CEOs of the industry, both in the US and Canada and members of the governments there. And quite robust conversations. And always something comes out of it. I mentioned cyber mutual assistance that came out of a GridX increased collaboration with other
critical infrastructure sectors came out of Grid X. Right. So we look forward to more of that as we continue. So the E ISAC is who brings that group together
after for lessons learned and hot washes and more importantly to get stakeholder support to actually do something about it. Right. You know, we run the exercise, we provide the
scenario, we facilitate the executive tabletop, we put together an after action review. Anybody that's interested in seeing the after action reviews can go to nerc.com and take a look at it. And each year or each exercise, the exercises not only become more robust but, but the follow up is more robust. And that's where it matters. Right. That's
where the rubber hits the road. You know, you mentioned a couple of things that building trust, credibility and confidence with your constituents and in this case your stakeholder community, which is diverse, again, they don't all look the same. How do you do that? And I know that's sort of a open ended question, but, but it takes years to build trust, it takes minutes to lose trust. And, and you mentioned a couple of things that if you did have sort of that regulatory hammer, maybe you wouldn't
be able to instill the confidence and trust in the community. What are some of the other sort of ingredients to success here? Well, you know, one, I think it's
may sound a little hokey, but it's just regular engagement. Right. It's communication. We are, we are a stakeholder organization so we're only as good as how they feel about us. Right. And so, you know, I make sure that I engage regularly with CISOs in the industry, across the industry, again, our partners in the government. You know, I have regular communications with folks at FERC and DOE and DHS just to maintain that
continuity. We support them. You know, I think it's important that we show that we are supporting what industry is trying to do and what the government is trying to do. Right. It's not that we have a horse in the race but you know, it's important that we stay aligned on these things. Right. So, and some of that is, you know, the old fashioned way. You know, I travel a lot, going to see folks and having these discussions, having discussions like this and I think it's important
in terms of our, our. Relationships and, and I don't find that hokey at all.
At the end of the day. Don't expect to come to game day if you're not practicing and making mistakes on the practice field every day and just engaging. So I do think when you look at the stakeholders both in terms of scale, scope and where they are. It needs to have that reason, that tissue to sort of like if you want to get bigger, you got to go to the gym, you got to do the reps. That's right. That's right. And at the end of the
day, the reps are what matters. And, and you certainly don't want to be exchanging business cards when the bomb goes off. That's right. Something bad happens. You know, we talked a little bit about AI and what that could mean. I'm not going to bring in the whole quantum discussion, but along the lines, in terms of advancements in technology, what are some of the positives you think we can, we can see out of this and, and maybe put on your, your hat is when you were CIO
of Con Ed. I mean, yes, obviously there's a red and a blue. It's a double edged sword. I tend to think that historically the initiative remains with the attacker, but I think the Defender blue does have some potential, huge value if it knows how to employ and deploy some of these technologies. Yeah, I mean, I talked about
AI in the context of security, but think about it in the context of operations. How do I switch to alternative generation sources? How do I optimize the status of the grid? How do I better inform my asset management program on a resource perspective? Where do I deploy crews and resources, whether we can use AI to again predict more about what weather will do and how it'll affect the grid and then maybe take preemptive actions there too. Are you starting to see that with AI being a
driver and an enabler? Yeah, I, I, absolutely. I think that's where the sector is
going to, you know, invest its money to sort of do that. Right. So when
we talk about critical infrastructure, the government is defined 16 sectors. I would argue the grid and electricity is at the very top of the list. Without power, doesn't matter what else Tom used to say. I think he might have said it on one
of these podcasts. Electricity, 7% of GDP. That's the first 7%. It is the first
7% electricity. Yep, well said. But what some don't realize is you need water running for the sector to be able to stay up and running. Let's talk about sort of some of the interdependency and what you think the sector and the eisac and you touched on this, but more that could potentially happen if needed with some of your colleagues across the other ISACs and then industry. Yeah, look, my comment wasn't meant
to Criticize any sector here. They're all important. Right. And our reliance on water, on telecommunications. Right. Critical that we have telecommunications, particularly when we're trying to restore parts of the grid. Right. And as we've said, they need electricity to operate their systems too. So again, having discussions about how we collectively increase our resilience is very important. And
we've been having some of those discussions. The most recent hurricanes that hit the Southeast, you know, again showed us that there are still opportunities to increase how we collaborate and affect resilience in both those sectors. Do you see a time and point where
everyone's getting a similar matrix across the critical infrastructures to glean? And obviously some will be of less and more interest to certain sectors. But when I had the privilege to work for President bush Right after 9 11, he would get a separate foreign and domestic intelligence snapshot until he said, hey, I need these two to come together. Do you see that happening in the critical infrastructure space? I do see it happening.
I think there's probably opportunities for it to happen again. Not necessarily wait for the bad thing to happen, but to do that. But through venues like the J, JCDC at DHS and other venues, I think you're starting to see a sharing of information and, you know, bringing the risk and looking at it. Especially run up of events,
right? That's right. Run up of events is critical, but I think obviously there's more
to do in the energy sector. We have this concept of the ETAC Energy Threat Analysis Center. I'm glad you brought that up. Which, which really is, again, a great forum for discussing the threat. That's obviously more in the context of electricity. But you know, stepping back and then deciding what do we tell the industry about and. And what do we tell other industries too? Exactly, because that's a big part of it. Right. What advice would you have for the next generation of leaders in the space
of securing the grid? Yeah. Don't give up. Right. You know, I know it's easy
to sort of get demoralized by all these things, but you know, we have a track record of being able to do this, and I fully expect that we'll continue to do this. I think I said it before, you know, we have to design a grid that hopefully can prevent these things or at least detect them, but we also have to design something that can recover faster. Right. And I think, you know, that's the opportunity. And you know, 40 plus years ago when I joined, the industry
was kind of a state industry. Right. Very slow to change. Well, that's flipped on its ear. Right. It's arguably a really cool industry to work in right now, and I think there's lots of opportunities. It is a cool industry. It's leading. And I'm
going to. Before I ask my last question, I forgot to ask around ot, which I think is bread and butter of the utilities. Do you feel that that community is rising? Because again, I have a hard time differentiating today, at least from the bad guys perspective of IT and ot, physical and cyber. But any, any words of wisdom. It's definitely rising and I think, again, provides an opportunity to. Again thinking about
how we architect these systems, protect them, and make them more resilient. Your point about the convergence of IT and ot. Most of the OT attacks come through it. Right. So, you know, it's important to keep that conversation going and understand that. Right. You know, we've seen from the ransomware attacks where the adversary is, weren't necessarily targeting the ot, but they might as well have been because in many cases OT got shut
down. Right. So, you know, I think that's the way we need to look at it, that you can't completely separate it from OT and vice versa. And obviously they
have unique differentiators. But at the end of the day, if OT systems are down, that normally means you have kinetic physical impact, which could actually lead to loss of life. That's right. Public health and safety and the like. Manny, what questions didn't I ask that I should have? Jesus. A lot to go through about resources. You know,
how do we keep policy. Without resources and rhetoric. Yeah, yeah. You know, I think how do we keep an adequate supply of resources, a pipeline of resources? You know, there are a lot of initiatives. Yeah, yeah, that's right. No pun intended. But you know, certainly like institutions like this that are really focused on doing that, you know, helping to create the next generation of cyber security leaders. I think that's really important
as we go forward. Manny, thank you for your service. A true veteran in this
space for so many years. And thank you for all you're doing to advance the ball, keep our lights on, and keep fighting the good fight. I really appreciate it. I figuratively and literally have a token of our appreciation here. Thanks so much. Just wanted to say thank you. Thanks. Thank you. And for our viewers. Stay tuned. I wanted to wish everyone a Merry Christmas, Happy Hanukkah, or whatever it is you may celebrate. We'll be back in the new year. Onward and upward. Thank you. Thank you
for joining us for this episode of Cyberfocus. If you liked what you heard, please consider subscribing your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes or individuals you'd like for us to host. Until next time, stay safe, stay informed, and stay curious.