Welcome to Cybersecurity Today. The email was accompanied by an official looking document that started talking about tenant admin abuse. As I read on, I found myself almost unable to believe what I was reading, what followed. In that document and subsequently in this interview, was a Tale of Intrigue that might match any Hollywood movie. The only difference is this is all too real. When I finished this interview, as I said at the end of the Friday show, my hands were shaking.
welcome to Cybersecurity. Today Today's show features Daniel Berulis. A self-described whistleblower and his recent disclosure to the US Congress uncovered how tenant admin abuse, let outsiders copy data from government sources and then wipe the audit trail. It's not the type of thing that happens normally in our lives. Welcome Daniel. Okay. Thanks for having me. Jim. Just a minor note 'cause I don't wanna leave the audience hanging. What is tenant abuse and what is exactly that you reported?
Sure. Absolutely. There's different layers of ownership within Azure in most cloud environments. And so at the highest level is what you have is the tenant. The tenant would be housing all your subscriptions and your various management groups within Azure. So essentially tenant is the highest you can go within your company. You have to go to Microsoft to get higher. And you were saying it's, that's a higher level of access than even A CIO would normally have? That's correct.
By zero trust principles generally. It's a break glass account only would be at that level. Not always followed, but best practices would dictate that would be the way it should be, yes. Great. So we'll come back to this. The situation was. At least one party having more access than they should ever possibly have and some things that happened. And follow us through our conversation.
Before we start I'd like to get to know you a little better, and I you sent me I guess which was your, documentation that was sent to Congress. And so I've read a lot about you, but I'd just like to share that with our audience. Tell us about who you are and how you got to the point in your career where you are right now. Sure. I definitely started it much like others in finding a passion in something. And mine happened to be infrastructure, this was almost two decades ago now.
And then I developed a love for automation various scripting and different tools. And that led into cybersecurity. And one thing led to another, we. Gotten to the point now in my career where I have a jack all trades and I've been exposed to many different sector, many different industries in the private sector. And recently here I was doing some government consulting and position notebook, national Labor relations board. And so I took that on and joined the federal government.
You're certified in Azure, Amazon Web Services. You've done, you've been doing this for a long time. You also have a really great community story. You've been quite active in, in both community work. And one of the things that I'd read about you was that you were actually working with people who were victims of human trafficking. So you put a fair amount of your time into your community work as well.
Yep. Yep. I have for many years I've been volunteer firefighter did the rape crisis center counseling do Microsoft tes always had a desire to give back to my community in a meaningful way. And joining the federal government was just another way to do that for me, to be honest with you. I'm assuming with your credentials and they are significant. I'm sure you didn't move over to the government for the money. That's a very valid assumption. Yes. But for the sense of purpose and the mission.
Absolutely. But you've held some pretty pretty good positions here. You, you had a top secret security clearance at one point, so you understand when we're gonna be talking about protection of data. You've been thoroughly trained in that. I don't think people really realize how much. Goes into getting a top secret security clearance. You're obviously told not to use commercial apps on your phone, but we won't go there. But what's the process for getting that, for a normal human being?
Sure. Try to think of somebody that could validate where you lived 10 years ago. From your life and then in by that time, 15 there's so much that they dig back into bo both previous, every, employee you've talked to, every boss, lots of different facets that they dig deep into to figure out exactly who you are and whether or not you're trustworthy with the government secrets. Yeah. And I presume you get the lecture on how to treat things. You're, they're strict rules.
Can you remember any of that when and hearing that for the first time? Absolutely. Yeah, so classified information never leaves. Where you're viewing it, you don't disseminate that. I can tell you that there's different protocols. We generally classify with traffic lights. For which, red, yellow, and green to indicate who this is shareable to. And furthermore, the one thing that is drilled into your head is that government systems are protected.
The data is not to be exposed to people that are unauthorized to view it. That's like the number one thing that's drilled into your head time and time again. Yeah, and there's that principle of least disclosure. Even if it's not particularly written down, it's you have to ask yourself, does this person have a need to know this information? So it's not just rules, there are principles that you have to follow. Yeah, absolutely. So we'll take this. You're a normal guy.
You've taken this job, you like, obviously liked working there. I can read that even into the comments that you make. You're having a good time and all of a sudden there was a call that said you need a bodies and chairs meeting. Can you describe what that was, what that call was like? Sure. I was surprised actually. I. Had we had not gone fully back into office yet. We were still partially work remote. So that call was unusual, but also exciting.
At first myself and my coworkers, we were actually pretty excited to meet Doge see what they were, if they met their technical chops and if they could come in and, we could work with them. I actually got there early. I remember the next Monday which. It, the drive pretty rare event for me. So I got in there with 20 minutes to spare. I was pretty excited to come that Monday.
So you, you get into work early, you're sitting there in the conference room, the could, could you see the black limo pull up? What, how did you know that was Yeah, so I'd actually gone outside. It was about 15, 20 minutes after start a day. And so I'd been there for about an hour now. I went outside with one of my coworkers and we're. Looking on the outside and see it in the peripherals and obviously the lights and the make it big, draw attention.
But it was an SUV with police escorts front back and it pulled into the parking garage. And I can honestly say that out of ev there wasn't a single other time I've seen that while working at the, that building or anywhere near the building. So that was unusual. We both commented and said, oh, hey, I bet that's them. So you see this limo pull in, they get up and into the building and you're having a meeting. And what was announced to you?
So the announcements weren't I. Through official channels, they were your boss comes in or your coworker comes in and they close the door to your office and they tell you, oh, hey, I just that such da. There wasn't any official email or any kind of like official memo that was sent out. But the understanding was that we were going to be expecting them to come up and just talk to us, understand what our jobs were and any kind of system access that they needed.
We were told to grant them without question. So there was no official presentation and they didn't come in and present to you in a conference room or anything, like they just, you were just told they'll be by your desk to ask you what you know, what you're doing right. And all that sort of pretty standard stuff actually, right? Yeah, so far it was pretty standard.
The only thing that really raised a red flag off the bat is that I talked to my CISO later in the afternoon that day, and he confided to me that. He had been instructed he, sorry, he had suggested a streamline process for them, which is to log their accounts in ServiceNow and just create a ticket to log the access that they're gonna be given and the accounts they created versus our normal SOP of going through the user creation process.
However, he'd been shot down and told instead to not make any log record of their accounts at all or what permissions are given. And that was the first major Something's wrong that went off in my head. And him as well. Yeah, that's, he both freaked that's a pretty creepy feeling. In a world where transparency, is supposed to be our big thing and following the rules that we have for security, for somebody to come in and say, keep this off the books.
What did you what went on inside your mind when you heard that? So I definitely, I was alarmed. That was my big something's wrong here, guys. Something's fishy. Something is not aligned with benevolent intention. So at that point I just started listening for anything else. Started looking around. It wasn't until a few days actually, but I started noticing some things that also didn't add up and added to that overall, that fear, those indicators and those were what, can you describe that to me?
What was your first clue absolutely. That things were going wrong? There was a large spike in outgoing data, and when I say large we're talking magnitude of three or 400. It's pretty flat baseline on a metrics as far as data output from this ethernet adapter, and then just this huge spike. And there wasn't anything that correlated.
I saw the chart on your disclosure document and you'd included that and it, if the audience wants to picture it, it's like picture the bottom of a chart with basically a flat line, almost hugging the edge of the bottom and a spike that comes up and takes over the whole page. This is what you saw, any security professional should be looking at going what gives. And so that's what you saw. What did you do about it?
So immediately I'm very much a pragmatist and realist, so I started looking is there any corresponding inbound data? Maybe it was some patching of some system, nothing. So it's, okay. Are there any other systems that are high utilization during that time? And I found the database the NextGen database was the only other resource. And I said, okay, what time is it? Maybe it was just people moving data copying over, some DBA doing a something.
It was at 3:00 AM to 4:00 AM So as I looked for further answers, it became more and more evident that it wasn't something benign. And is that when you started first checking with the development team, see if there's something there. You went around and checked to see if Yeah. If anybody could have done this. Yeah. Throughout this process like I mentioned, the biggest thing, my goal was to try to figure out what exactly you know, had happened that had a logical explanation.
And so I went to both the security team, the network team and the developers and actually the head of development. He disseminated down through his whole team just to make sure nobody, no contractors, no third party, nobody was doing any work during that time window. And it came back that was the case. Networking was your next stop. Yep. And you checked there. Yeah. Yeah. Nothing happened.
Because we have like packet sniffers, we have egress, that normally would've picked up and at least told us what the date it was. But when we went to check those, they were in an off state so somebody had turned your packet, sniffers off the network washer, and Azure was, wow. You gotta be, was in an off state. Yep. This has gotta start to creep you out. This is starting to sound like a spy novel. Or the chasing of a hacker that's very clever. Spike in data . Things are turned off.
What were the discussions like? And I don't want to even in. Apply that I would get you to give, get anybody else in trouble or say that somebody had done something. So let's leave that off the table. 'cause I don't Yeah I can sense, I know you're not that type of guy but to the degree you can tell me, can you talk to me about what the discussions were like internally? And one of the reasons is we've got a big security audience.
They're gonna have these types of discussions when they see these types of things. What did you do and what did you discuss with people and what was their reaction? So I went up my chain of command. That's what you're trained to do is that you escalate through your chain of command. And so I can honestly say without reservation that my direct chain of command, so be my a CIO of infrastructure the. A CF security. And the CIO all took this very seriously.
They, we started enacting and building up our internal threat monitoring for internal threat actors tooling. We spent more money on better security auditing and logging, interfering, logging some of these things that we hadn't necessarily. Had the budget for because of, what our policy constraints hadn't been. We found, they made ways to make this work now, which was to, to their credit, very great.
The problem is that it's just not a retroactive thing, so we didn't have a lot of tools to go back and say, what, how could we apply this to this date in the past? And so another one of the things that I I knew from why this looked the big picture, knew what to look for, is I've done like red blue War games exercises at clients in the past. And so I knew what an attacker, mindset would look like, or playbook I should say. And so I looked at some of these other repos that have been downloaded.
Some of the other tools I knew to look for, and once I found those, it was clear to me that's exactly what this was. This was a, an attempt to covertly ex exfiltrate data. Just like you'd see in the private sector. And this is, we're trained for this, but. This is every security person's nightmare is you've got somebody attacking you don't know who or from where. When did you start to notice other things happening?
It was over the course of a few weeks that I you know, because I still had my normal job duties too, but I was. Looking at metrics from different review, trying to, I remember look at one point for budgetary savings at a storage account. I noticed another anomaly. So it was during the course, normal events for the next two weeks, a bunch of these pieces started adding up to that picture. So you're now looking at this, you're doing your regular, you've got.
You've noticed that internal alerting, monitoring systems turned off, multi-factor authentication has changed. And what else did you discover? Besides those? There were some conditional access policies that have been altered. Some really odd logs around that time now that I was able to narrow it down to a certain time window. I was able to look for things. The container being spun up, but we're not using containers at all, was a big another. That's problem.
Yeah. You found a container on the system and again, it's not something you would, I found of the container being spun up and deleted. Not like a ah, yep. So whoever's doing this is being pretty clever there. They're deleting everything right after they've used it. They're not leaving anything on the system for you to find. It looks like a very well scripted execution.
Yeah. My, my guess is because the time and how many activities were executed in a small amount of time that this was scripted some way Python thought, something that was, essentially prepackaged and then run. Doesn't seem like there's a lot of time for all the different interactions for a human to make the actual clicks. Wow. So they've done this before? Yeah. This would, this feels like a hack.
The other thing that you noticed that I noticed from your, from going through your documents was that. They turned off the blocking of mobile devices in Yeah, so that anybody can get into your systems and it was odd. They disabled like the insecure clients and the iOS, so there's four settings in Azure. They didn't just completely eliminate mobile devices, not be able to login in, but they made it so insecure and I think it was iOS, where previously they weren't allowed.
Are now allowed to log into mobile devices. I still was not able to put together what part of the picture that was, but that was an another anomaly that nobody in the office owned up to. I couldn't find any record of the activity logs of somebody making that change. They, to me, it just seemed it just magically happened. I don't wanna keep coming back to this, but you're talking to people in your office, they're looking at things going, we didn't do this.
I. Aren't people starting to freak out by this point? You have to understand there's a culture of fear that permeates, and these people have been working government jobs for 15, 20 years. They are very scared of, having to have their heads on the chopping block and going out to, and that, that was pretty clear. If you've looked at what happened with CISA and some of the other agencies, that's exactly what happens if you start. Looking into this kind of thing. At first, yeah.
But then when the kind of everybody put together, what happened, what timeframe? Things got very quiet, particular from some of the. The people I'd been working with up until that point, even when you noticed that there was an IP in Russia trying to log into your system. And would've been successful if not for the condoled access policies that we had in place is a tertiary backup to geo blocking that this shouldn't have happened.
And the only way that it, again, I shouldn't speculate though what I can say is that there was a, there's different levels that one. Has to trigger before the next gets triggered as far as a login attempt authentication. And so they got past the normal, where you see a ton of these in normal course of day operations because email addresses are public. You know that you see tons of attempts, but you don't see successful authentications blocked by the cap.
Especially outta the country, unless the only other time we'd see it is if an somebody one of the lawyers travels internationally and forgets that they have their computer and they try to log in, then that kind of alert would flag. But for it to happen at three, whatever, the timing was so shortly after these new accounts system, a managed identity account, not just, so there was the regular account, then there's the system managed identity account.
The regular account is the interactive login is the one that we saw pop up there. So it wasn't like, it was just a programmatic key that was generated and stored to securely. This was like, this was an account's password. Could you tell what, whose account and password this was? So the, I can tell you that there were two new user accounts I saw one was. Jamaica Whitehall, and the other was Chicago White Sox. Those were the first and last names of the two user accounts that were created.
So I, I don't know the actual those don't seem like real names to me. But those were at the same time, two accounts that were created during that timeframe. But these are. Your notes say that these logins occurred within 15 minutes of accounts being created by Doge. So these are right, this was the second time they came back in. So the first time I didn't actually know, I just saw the records of the actual accounts starting to take activity. I didn't actually see the creation.
I'm guessing that's because I only had global admin, not tenant level where they were created. But I was able to see the actions by what's in Microsoft, what's called a sid or security identifier. It's unique to each resource. And so each resource has a unique resource id. And that was what was referenced. So it wasn't necessarily the account at that point as much as just the SID that I saw in the activity logs. And that was correlated through that same SID to that alert and the in offender.
So by this point, it's obvious you have to report this to someone. Yes, absolutely. And we my ciso who was very proactive about this saw the same thing I did, looked at my results and said, okay, yeah, we have to report this to you as cert. There's a procedure and policy we had follow. So we started putting that together towards the end of a week. And everything seemed to be going good. The right people were gonna come in and take a look, and then we went home for the weekend.
And the reporting line would be to CISA. There's a group at CISA you report this to. Yeah. There it, it might have a different name now, but it used to be called the US ERT team, which was like your SEAL team. Sick for for IT incidents within the government. If something happens, there's a breach, they come in, they help you contain and they help you, triage. So they're interagency. But they are part of sis, I believe. Yeah, so you're gonna report to them.
It seems like a fairly thing, something you're trained to do, MITRE is it calls into the frameworks, all of the stuff. You put the report together. I presume everybody worked on this report. When did you find out that the report wasn't to go anywhere? Just a few days later, whenever it should have already been submitted. And I think I was following up on a status. It was relayed to me. That it came down that we would, that was no longer in the agency's best interest to report that.
There was talk of not having our heads on the chopping block. There was talk of the making it disappear is the right thing. I was upset, so I went to my CIO. And wanted some answers there. And I was surprised, but it went, it came in from higher. So there, there's, I can't tell you where exactly it came in from, but I know that he didn't make the call. And that's about all I know at that point.
But I was very disheartened and a lot of us were just, we're hopeful that we would at least be able to trigger the right triage in reporting without being interfered. However, it turns out that. It was nothing was gonna happen at all. We were just to ignore it and, keep our noses down. Wow. So you've got people logging into your system, spikes of data exfiltrated, the traces of that being removed logs affected and. How?
I have to know, how could anybody explain to you that this wasn't to be reported? This is, and I'm sorry, I don't mean to be Yeah. Obtuse about this, but this is pretty black and white at this point. Yeah. People have been prosecuted for not reporting information like this. And to be honest with you, that should have been at the forefront of my mind. That should have been my motivating factor. I too, didn't want my coworkers to lose their jobs unnecessarily.
But when you see things in the you know what system jobs are in a database, right? They run periodically on time. When you see chunks of time with those missing as well as any other activity during those hours it's obvious. Somebody manually deleted. That wasn't just a system glitch 'cause the jobs just didn't log their activity for a little while there. Absolutely.
To not report that is, is fundamentally flawed with everything that we were trained to do and everything we are trained to do in the government. So it wasn't just myself, other people are up in arms too. We just. We didn't know what recourse, because if they were willing to fire the CIO and just stick somebody else in there, everybody else under him is the expendable as well.
So we started to come up with alternate solutions as to how to get this information in front of the right people, even though we're not allowed to officially use those channels. I, and and we've been through the fact that, the system was, you also traced it back, that confidential information was exfiltrated from your systems. Yes. And did that get raised in the case? And I'm just so surprised that someone wouldn't say there's just I'm mystified. I and I've had a long corporate career.
I've had those times when people say to me, Jim, you're a really honest guy, but sometimes you can be too honest. I've had that coaching talk, but this one's pretty cut and dried and yeah, it's gotta be, it's eating at you. What? What did you decide to do? I just, I have to be really careful because my one goal in this is not throw anybody else under the bus, so Exactly. And we don't wanna do that. So I have to take ownership for some stuff that even realistically may not actually be.
My, my decision or my choice. And after we you could just say decisions were made. Yeah. We don't have to, don't have talk. To be fair then who made decisions were made against? A few of our voices as loud as we could. Screaming into the void, I think as someone put it. But we did eventually. I did find the congressional reporting route, and I looked up my laws and statutes and what I'm supposed to do when I do run into this.
Now, the IG was also involved at my agency and the Office of Special Counsel as well. The, those are the, there's standard routes you have to follow if, but there is a method, there is a way for you to report it. So even if you feel like somebody's not taking you seriously, luckily. Those avenues are what actually proved to be fruitful. Somebody there listened and said, no, this is not okay. How did you find those? Did you just Google it? . How do you find out who to go to?
So actually Google was a big part of it too. Also there, there's some resources as a Fed that I have. Back when I was doing my T-S-S-C-I about how to report in the IC And so I along that same train of thought, I just started looking up how to do whistle blowing how to correctly whistle blow with legal protection and that led me one thing to another to, to where we are today. Did you talk to a lawyer through this?
Yeah, that's where I ended up eventually and he helped me prepare the disclosure and everything. And how do you find a lawyer who deals with this sort of stuff? There is very few but luckily one of the best it's Andrew Bakaj who the does wi whistleblower. A he's does exactly this and only this because he has an ex whistleblower himself. And so he is been through it. He's seen what, what can happen without protection.
He actually helped change the laws around classified disclosures and how that agency is more, the IgE there is more independent now. He's been a big player in the space for his whole career. And this is the guy you wanna go to. So there are a few, there's a handful of 'em out there. But once you find that the right person, they know exactly the right route to go and how to, protect yourself while you're disclosing. So what was your first meeting like with Andrew was his name?
I think I think I remember, i'm later recalling that I felt like I walked in there with a tinfoil hat on and and I, to, to his credit, he took me seriously the whole time. But just hearing it, reading it out loud, just going through what I thought might've happened was it was jarring even for me.
But luckily, very professional and he listened to me the whole time and took me very seriously and helped me flesh out some more questions and things that I needed to figure out before putting that disclosure together. Yeah. And yeah, because it, as much as we say, this looks cut and dried, this is your career's on the line. Other people's careers are on the line.
There's, yeah, this is serious stuff we're talking about, whether you know who's legally liable and it's easy to start to doubt yourself. Did you doubt yourself through this? Many times. That's why I tried so hard to come up with alternate. Viable solutions that could have explained some of this, because that would be a win for me. That would be a best case scenario. I don't jeopardize future job prospects. I don't have any kinda animosity towards my employer or from my employer.
I get to figure out, oh, this was this. We get to be for our security. That's a win-win. I probably tried a little too hard to just come up with some really crazy scenarios of how this could have, and I eventually, I just ran out of. Crazy bills I had to face reality and say, this is what it is, and put it together just morally. Now you're, yeah, you're a normal guy. You probably need a paycheck like everybody else does. All this sort of stuff. And you're looking at this did you have to resign?
Did you or did what? What were you facing? So that's a bit complicated because, the agency did not fire me, which was pleasant. However, the day after the disclosure then Doge announced that they were formally coming into the agency and they were gonna staff two people on the same floor, like basically right outside my office for two days a week. And a as part of this and I don't know who it was, I again, the FBI can. But the law enforcement's looking into it.
I received a letter on my door before I even disclosed to Congress, my door at my house that I've only been there like three months. Came home from work one day. Needless to say it wasn't a very conducive environment after that to go back to to try to work in the same office as the people that I've accused of at least possibly data exfiltration. So there was a lot of that. Aspect to, and I didn't wanna put anybody else's job, or I didn't wanna put anyone else in an awkward position.
So I did I chose to resign at that point. Wow. And that's yeah that's gotta be tough. Now where does this go from here? Did you actually appear before anybody or is this just a document that gets sent to Congress? No, I've actually spoken to a couple different committees and offices. And them understand the right questions to ask for to explore us farther and figure out the truth.
And I still have some ongoing still work that I'm doing in that aspect too, but hopefully, there'll be at least enough resources now to get to some semblance of the truth before it's all, at this point, it, none of, a lot of the data can't be really trusted. Because as soon as Doge came in, they removed administrative rights from everyone else in the company. Except themselves. That includes like global admin, includes security admin, user administrator.
So we can even view like access logs or activity logs to see what their accounts are doing right now. Before I, resign it brings into question the validity of any kind of, data that comes out from them directly. And so the goal now is to get hopefully some third party or additional logging that comes, or records that come from outside the agency when we, when they review that. An objective outside source to, to actually review that. That would be ideal.
Yeah. Yeah. And just for people, 'cause we only have the exposure to this as theater where the person sits behind the desk and there's people yelling at you and telling you're no good and all that sort of stuff. What was the real experience like in meeting with congress? They're actually really receptive and a little bit more in involved than I would've thought at first. So I thought I would be handed off to someone who just, but it was very action oriented.
I think a day or two later they wrote a 50 or something person I. Letter to demand answers to the NLRB about this of over 50 signatures. They moved very quickly. I talked to other experts in the industry too, at other agencies, and they consulted some for data validation. So they did their due diligence and pretty quickly too. I was rather impressed at the speed of it all, how serious they took it. And where does this go from here? You'll have more curious that, I don't know.
My, my part in this hopefully is over. I've done, my, but this is over now to the bigger authorities' hands that hopefully, they can do what action they deem necessary or prudent. Wow. So looking back over it, I have to ask you, would you do this again? I can say I never wanted to do it in the first place. I was in a position where I saw something and I felt morally like I had, I, it wasn't given another option. I didn't want this in the first place. It's, this has been a harrowing experience.
That being said, would I do it again? I didn't have a choice in the first place. It's just who I am. There, there's an obligation you have when you see something that, that is this, that could be this drastically wrong that you have to tell someone. You can't just let it go by. And so I, I would, but knowing full well what it would cost me, I still would do it. I still didn't enjoy any of it. And I wouldn't wish it on, anybody else.
I bet, just to the degree that you can, if there's someone else listening out there who's in a similar situation, what advice would you give them? Absolutely. I would definitely tell them that build a support system, document everything. Make sure you're meticulous in your communications and your record keeping, and then get somebody that can offer you some kind of protection or guidance to do this.
It makes it, it's, it really is almost impossible to do it alone and you really do need that support system, and you do need to actually have that mental health care lined up ahead of time to take care of yourself throughout the whole process. There's a lot more to it than just submitting a piece of paper I found out.
And so I would suggest to anybody out there that's thinking about it, or in the same situation or seeing anything that could be unusual anything that's keeping you up at night, say something, go through the proper channels and find protection both for yourself and for your legal stakes in this as well. Oh. I wish you the best, my friend. I hope your next job is really easygoing and the most you have to do is talk about complex passwords.
Yeah. Yes, I have high hopes, and I appreciate you for having me, Jim. This is a really important message to, to get out so that people can know, and I thank you for doing that. This is absolutely important and I'll just, I'll thank you for this. I'm Canadian obviously but we have a huge American audience. It's, the bulk of our audience is American . Americans have a wonderful phrase and that's the one thing I'd like us to adopt up here in Canada.
You say thank you for your service and I'd like to say that to you Daniel. Thank you for your service to your country and to your profession. And that's our show. I hope you found this as incredible as I did, love to hear from you. I'm pretty safe across the border, so if anybody out there does want to. Have a chat or pass on any information. I've spent 40 years in the industry getting a reputation for being confidential and being supportive.
You can reach me at [email protected] or find me on LinkedIn like our listeners do. And like I said, if you're one of our listeners, we'd love to hear your comments and opinions on this same deal. [email protected], LinkedIn, or if you're watching on YouTube and. What you say can be public, , just drop a note under the video. And I'm gonna be thinking about this for a while and I'll be back next week with my cohost, David Shipley, bringing you the best in cybersecurity news.
I'm your host, Jim Love. Thanks for listening.