On Location With Sean Martin And Marco Ciappelli

Is Defense Winning? | A Black Hat USA 2024 Conversation with Jason Healey | On Location Coverage with Sean Martin and Marco Ciappelli

Episode Summary

In anticipation of the Black Hat Conference 2024 in Las Vegas, Sean Martin and Marco Ciappelli sit down with cybersecurity expert Jason Healey for an engaging episode of "On Location With Sean Martin and Marco Ciappelli." The discussion provides a sneak peek into the topics Jason will cover during his upcoming session, exploring the current state and future of cyber defense.

Episode Notes

Guest: Jason Healey, Senior Research Scholar, Cyber Conflict Studies, SIPA at Columbia University [@Columbia]

On LinkedIn | https://www.linkedin.com/in/jasonhealey/

At BlackHat: https://www.blackhat.com/us-24/briefings/schedule/speakers.html#jason-healey-31682

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Opening Remarks:

Sean Martin and Marco Ciappelli set the stage with their signature banter, creating an inviting atmosphere for a deep dive into cybersecurity. Marco introduces a philosophical question about measuring success and improvement in the field, leading seamlessly into their conversation with Jason Healey.

Meet the Expert:

Sean introduces Jason Healey, a senior research scholar at Columbia University and a former military cybersecurity leader with extensive experience, including roles at the Pentagon and the White House. Jason shares his excitement for Black Hat 2024 and the anniversary celebrations of ITSPmagazine, expressing anticipation for the discussions ahead.

The Role of Defense in Cybersecurity:

Jason previews his journey from military service to academia, posing the critical question, “Is defense winning?” He provides a historical perspective, noting that cybersecurity challenges have been present for decades. Despite significant investments and efforts, attackers often seem to maintain an edge. This preview sets the stage for a deeper exploration of how to measure success in defense, which he plans to address in detail at the conference.

Shifting the Balance:

Jason highlights the need for a comprehensive framework to evaluate the effectiveness of defense mechanisms. He introduces the concept of metrics like “mean time to detect,” suggesting that these can help gauge progress over time. Jason plans to discuss the importance of understanding system-wide dynamics at Black Hat, emphasizing that cybersecurity is about continual improvement rather than quick fixes.

Economic Costs and Broader Impacts:

Sean shifts the discussion to the economic aspects of cybersecurity, a topic Jason is set to explore further at the event. Jason notes that while financial implications are substantial, other indicators, such as the frequency of states declaring emergencies due to cyber incidents, provide a broader view of the impact. He underscores the need to address disparities in cybersecurity protection, pointing out that not everyone has access to the same level of defense capabilities.

Community and Collaboration:

Marco and Jason discuss the importance of community involvement in improving cybersecurity. Jason stresses the value of shared metrics and continuous data analysis, calling for collective efforts to build a robust defense against evolving threats. This theme of collaboration will be a key focus in his upcoming session.

Looking Forward:

As they wrap up, Sean and Marco express their anticipation for Jason’s session at Black Hat 2024. They encourage the audience to join in, engage with the topics discussed, and contribute to the ongoing conversation on cybersecurity.

Conclusion:

Sean concludes by thanking Jason for his insights and highlighting the importance of the upcoming Black Hat sessions. He invites listeners to follow ITSPmagazine's coverage for more expert discussions and insights into the field of cybersecurity.

For more insightful sessions and expert talks on cybersecurity, make sure to follow ITSPmagazine's Black Hat coverage. Stay safe and stay informed!

Be sure to follow our Coverage Journey and subscribe to our podcasts!

____________________________

This Episode’s Sponsors

LevelBlue: https://itspm.ag/levelblue266f6c

Coro: https://itspm.ag/coronet-30de

SquareX: https://itspm.ag/sqrx-l91

Britive: https://itspm.ag/britive-3fa6

AppDome: https://itspm.ag/appdome-neuv

____________________________

Follow our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRo9DcHmre_45ha-ru7cZMQ

Be sure to share and subscribe!

____________________________

Resources

Is Defense Winning? (Session): https://www.blackhat.com/us-24/briefings/schedule/index.html#is-defense-winning-40663

Learn more about Black Hat USA  2024: https://www.blackhat.com/us-24/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Episode Transcription

Is Defense Winning? | A Black Hat USA 2024 Conversation with Jason Healey | On Location Coverage with Sean Martin and Marco Ciappelli

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.

_________________________________________

[00:00:00] Sean Martin: Marco.  
 

[00:00:02] Marco Ciappelli: Sean.  
 

[00:00:03] Sean Martin: How you doing?  
 

[00:00:04] Marco Ciappelli: Vroom Vroom.  
 

[00:00:05] Sean Martin: Vroom Vroom. Vroom Vroom Vroom. Three times better. Are you doing, uh, better than yesterday?  
 

[00:00:14] Marco Ciappelli: Um, define better. Um, how do I measure that? How do I measure my success? And what is success? Let's get philosophical right away. Let's present this. I think you're  
 

[00:00:29] Sean Martin: not doing better. 
 

[00:00:31] Marco Ciappelli: Thank you. I appreciate your friendship so much.  
 

[00:00:35] Sean Martin: I want you to do better. How's that?  
 

[00:00:37] Marco Ciappelli: Okay, that's a good push. It's a stimulus to do better. But I need to know how I measure again. How and what does to be doing better means. So before we get into this intricate conversation, which I'm sure our guest is going to make it a little bit more easy. 
 

To understand I would say that uh, this is a chat on the road is a pre event for the coverage that we're going to have Itsp magazine also on location with Sean and Marco Blackhat, I like to remember again. This is the 10th year that we cover as official press And it's also itsp magazine's birthday. So yeah  
 

[00:01:20] Sean Martin: Happy birthday to, uh, somebody behind the curtain. 
 

Well, let's, uh, let's get into this chat. This, uh, this topic caught my attention and Jason seemed really cool. And I was like, let's, let's do this. Let's figure out what's, uh, what's going on with some of the research. Jason Healey is with a senior research scholar at Columbia University. How are you, Jason? 
 

[00:01:43] Jason Healey: Having a fantastic day. Thanks. Looking forward to Black Hat and celebrating your birthday. You're a very precocious 10 year olds, I got to say, you can, you can do so much at that age.  
 

[00:01:55] Marco Ciappelli: We were already there when we, when we were, we  
 

[00:01:57] Sean Martin: don't know, we don't know what we know. We think we know it all. What we do  
 

[00:02:03] Marco Ciappelli: know is that I love this topic. 
 

So Alan and I write into it.  
 

[00:02:07] Sean Martin: Yeah, let's do that. So, um, Yeah, no, if there's anything from, I'm certain there is, from the work you've done leading up to your talk, maybe share a few words on that to help people kind of get a picture of who Jason is and, uh, how this all came together.  
 

[00:02:25] Jason Healey: Yeah, thanks. So I made my way in, uh, like, like many folks, um, from the military, was in the Air Force, got very early start in the field back in 1998, well, relatively early start in the field, where I. 
 

Um, as a relatively young officer at the Pentagon, got to help set up the, the military's first, um, military cyber command. Uh, it was the joint task force computer network defense. There were 25 30 of us that started out, went on to be cyber command today, and, and I left there to join Phil Venable, now at Google Cloud. 
 

Then he was at Goldman Sachs, and it was great to work both Department of Defense wide and then working for such a visionary like Phil because they had this big picture. Um, of, okay, what's happening, not just at our own individual firm, but how does that fit into the larger mix of what's happening across the entire internet, across cyberspace as a whole? 
 

So when a couple of years, um, ago, I, I made my way from being a practitioner, um, I also did two, two stints at the White House, um, into academia, um, in research, I'd always been, um, uh, haunted by those topics of saying, well, wait a minute, how are we doing? Right. We're putting in all of these, uh, you know, all of these investments, right? 
 

Hundreds of billions of dollars. We're doing all of these patents. Um, we're, we're working so hard, right? All these, um, events that hit on Fridays, all these missed kids birthdays, all these worked weekends and holidays. And are we actually making a dent in the problem? Not at the level of individual CISO and enterprise, although of course that's, that's super important. 
 

But at the level of the Internet as a whole, and what really hit me, I was doing research for a book that was the first, um, military history of cyberspace. It's called The Fierce Domain. Um, kind of like, you know, who's been doing what to whom in the national security space. And I found these quotes that said, um, You know, the, the red team always gets through, essentially. 
 

And we're going to hear that again at things like that at Black Hat. We heard at DEF CON and RSA basically every year. That quote goes back to 1972. And if you think about it, it's not just about what the red team can do. It's saying when the attackers are disciplined and know what they want, they're going to get what they want. 
 

In some sense, it's a sense of saying offense has these advantages, right? Um, that in general, we need a varsity defense to go against junior, uh, uh, varsity attackers. Um, and if they're coming at us with their best team, then man, we need to get, have all stars. And so, boy, it's been over 50 years since we came up with that. 
 

So my talk for Black Hat, you know, I've been on this topic for maybe 10 years or so, was to dive in and say, all right, how will we know if defense is winning? If we're not just improving year on year, this is something I picked up from Dan Geer, right? He said, every year we on the defense, we're having personal records. 
 

We get to look back and say, we are doing better this year than we were last year. But he said, every year the attackers are building up world records, right? So they're improving faster than we're improving. So how can we measure that? How do we get into this to really try and assess Whether or not we're making relative gains against the Threat Act. 
 

[00:05:59] Marco Ciappelli: Boy, I'm thinking, uh, a city, a middle aged city, medieval with the walls. Oh, yep. And, and go way back than 50 years. I'm gonna go back 2, 000 years plus. And, uh, I, probably the attackers always been winning. Is more like the measure of what is winning and how you balance the winning The defense with living your life. 
 

Are you just gonna be cop inside the wall the whole time? So You know where the balance strike in society definition  
 

[00:06:36] Sean Martin: of winning, right? They might have a success, but is that winning  
 

[00:06:42] Jason Healey: right and in almost every kind of military conflict You see this go back and forth Except maybe nukes right in nukes the the attacker, you know There's not that many defense that you defenses that you can put up against Nuke, and they're relatively easy, um, uh, to beat. 
 

But in most other areas you see this back and forth right in, in, um, the American Civil War, and especially in World War I, right? It was Alan and Spirit and good. We, we can charge and it's going to be, you know, the spirit of the bayonet or it's gonna be the spirit, um, of the opposing side that's gonna decide who wins. 
 

It was certainly the French position and right. It didn't do well facing machine guns. Um, and, or in the American civil war, um, where masked rifle fire was actually pretty darn effective. So you've seen this go back and forth and, and certainly in, in our field, right. The, the offense, um, doesn't predominate, right. 
 

It doesn't, um, it, it doesn't have supremacy, right. Defense certainly has great chances as we see again and again, again, of all the companies that aren't getting, getting hacked, but there has been these You know, we never invented the internet to be secure, right? We focused on other things. Um, we roll out software again and again and again that has the, um, we rush to market and add in security afterwards. 
 

By the way, that's another thing that goes back to 1972. Quotes that say you can't add security by retrofit, it must be done by design. We've known that for 50 years. Common mode vulnerabilities like we saw with with the recent CrowdStrike failure, right? That so many of us are relying on the same systems that have the same vulnerability can go wrong at the same at the same time, right? 
 

That doesn't mean that that offense has is dominated is going to win every time. But at the least, at the level of the overall system, it generally means that the, the, the playing field is tilted to their advantage, you know, to go back Marco to, or to, to your example, right? They're in the uphill position with the sun at their back. 
 

Right? It's just a little bit more difficult for, um, for us to try stock. And this really plays out in the new white, well, I guess it's not new anymore. The White House National Cybersecurity Strategy. Where they say in the very beginning, right? We've got to have a more defensible cyberspace. We've got to flip this around so that we don't end up having national security level incidents just because somebody clicked on a link and I'm happy to say I did help draft that strategy and that section that that talk about the more defensible internet About shifting about having more leverage, right? 
 

Where can we do the smallest turn of the screwdriver? That's gonna have the biggest impact and so The greatest gains for the defense over the attackers at the largest scale and least cost. Um, that came from our work at Columbia University with our New York Cyber Task Force over, over the last eight years or so. 
 

[00:09:43] Sean Martin: So, so many questions. Um, how, I guess, before we started recording, we talked about the individual. So there's a CISO in their program and a business, and there was an industry where a collective of them might share information and become a little stronger or better than other industries. But then there's the, the broader all of us together. 
 

And I guess to, to your point that that's the view we need to gain on how well are we doing,  
 

[00:10:20] Jason Healey: right? Well, we need to do better on all of them, right? It, it's difficult enough for CISOs to understand which of their controls are effective, or if I buy this tool, what's it gonna mean from my ROI. So I don't mean to say that, that my work is, is any sense more important than that? 
 

Um, but the bulk of my  
 

[00:10:37] Sean Martin: question is, do we need, do we need the individual, the industry, the type of system do we, do we need different types of use to achieve what you are looking to do?  
 

[00:10:50] Jason Healey: Yeah. Without a doubt. And so what's been difficult as we've been going through, like if we look at the metrics and we see all of these different metrics and it's hard to know what to make of them. 
 

Right? We see Scattered Spider has been changing their TTPs really frequently, and so this is a really bad thing. Or we see that Scattered Spider is able to use relatively easy TTPs to get in, right? They're just able to use valid credentials. Well, and that's a bad thing. So here we're looking at two things. 
 

They use something really easy, or they use something really hard, and in both cases we say it's a bad sign for us. Well, I doubt that's true. So we need this framework of saying, all right, if we're really succeeding In minimizing threat, minimizing vulnerability, minimizing impact. What are, what are our propositions about what success is going to look like in those? 
 

And once we have that, then we can then go to the people that are reporting the metrics and we can do a better job of saying, all right, can you give us that in a time series? Like here are metrics that are good for the CISO. Here are metrics that help us understand the system as a whole. And I'll give you one of the classic ones. 
 

It's to me, it's the only metric that we've really been reporting for a long time that tells us the system as a whole. It's mean time to detect. Verizon Data Breach Investigation Report, um, back to the Wade Baker days, has been, has been talking about that, and it's shown the substantial shift over what, the 15 years they've been doing that report, um, that we've been detecting faster and faster. 
 

Adversaries have had a harder time staying hidden across the tens of thousands of incidents. That Verizon has looked at across time. Now, maybe that was because of ransomware. It wants to get detected early so that you have to pay. We re recently some reporting from secure works and from Mandiant has shown, even if you're subtracting out ransomware, we've been detecting faster. 
 

And I love that metric because it's, it's, it's directly measuring how well threat actors can hide and defenders can, can catch them. And we've seen this great improvement. So that's why I love these kinds of statistics that we've got to pull out and really say, good, this helps us understand the system wide dynamics. 
 

[00:13:13] Marco Ciappelli: Yeah. You know, this connect to a pre event conversation, Sean, that we just had with the, um, with the other presentation, which is still a, yes, Fred, which is still a research and they're like doing a grading system. Oh, yeah. They look at the nation, state, defense, and cyber security level, and include China, it include, uh, United States and many other countries. 
 

Oh, is this  
 

[00:13:39] Jason Healey: the cyber strategy talk?  
 

[00:13:40] Marco Ciappelli: Yeah. Yep. And, and what I liked a lot about that was that he used a lot the word relative.  
 

[00:13:49] Jason Healey: Mm hmm.  
 

[00:13:50] Marco Ciappelli: So it's all relative to the security of others, uh, because it's not a confined environment. And I feel like what you're going here with weaning relative to what, right? I mean, that's from a philosophical perspective is how we need to look at this. 
 

So if you have a frame, a list, it's not that one by one you can follow the little point and check. And then you're like, yeah, I'm good. I'm good. No, well, you're good until now. Maybe you're better, but you're not necessarily. There is a relative winning that's  
 

[00:14:28] Jason Healey: Absolutely because because because defense is never going to win right and it's the american military view, right? 
 

I mean There's a fight going on in europe again or wherever and we're going to send the gi is over and we're going to save The day and then we're going to bring our troops back because we won right? This is this is not going to be that kind of kind of fight Um, but is defense winning sounds a lot better is defense doing better relative to attackers over a long period of time There's a quite a bit But you get that, but you're, it's, it's the right point. 
 

And so I mentioned this scattered spider example of how we looked at these different areas. So what we're, what I'm going to go through in the talk is saying, all right, If we, if we as defenders are doing better disrupting thread actors, what would we expect to see? Right. We would expect the thread actors to no longer be able to use the easiest TTPs. 
 

Right. They shouldn't be able to just log in using valid credentials. We need to force them to do the more difficult TTPs. So in that sense, scattered spider switching their TTPs is actually probably a sign of success. We would expect to see them burn through vulnerabilities as we get better at patching them. 
 

We'd expect them to use more, so we'd expect a more rapid turnover of vulnerabilities. Um, and a decreased average age of vulnerabilities used in successful exploits. We'd expect to see things like maybe we see more zero days and a higher price for zero days. Just think of how often we, we come out and we report all the, all these years, Hey, we've seen more zero days, but we've never had the context to say, well, does that, does that mean we're doing better or does that mean we're doing worse? 
 

I would propose if it go, if you see these other things that are also happening. It probably means we're doing better.  
 

[00:16:21] Sean Martin: Interesting. Pulling all the context together to have a view of really what's going on. And not just looking at each one and trying to guess what signal it's telling you. The other thing, you mentioned impact as well. 
 

And, um, And the thing that comes to mind is kind of the economics of all of this, right? Because ultimately, uh, unless we're talking about human life, which is a loss if, if that, if actually we lose a life. Um, but otherwise it's, it kind of boils back down to money. How much are we spending compared to how much are we saving or preserving, uh, on the other side? 
 

And how much to your point on, if we're making things more difficult, if they're spending more for zero days on the, on the, uh, Bad actor side, or it's taking them longer and more investment to research, to find things to use. Those kind of start to weigh out. So are you thinking about this in the context of economics as well, or purely time series based? 
 

[00:17:24] Jason Healey: Yeah, well, well, certainly we can look at the time series based for the economic cost. Um, I don't love some of those because of the numbers aren't necessarily, um, there's a lot of low quality stats out there as we try, as we try and make these guesses, but we can look at the number of insurance claim, the amount of insurance claim. 
 

There's been good research that just, that just has come out in the last year on, The overall on catastrophic insurance losses, that is, single incidents over 800 million, which has actually decreased pretty, pretty, pretty substantially, but it's not only economic, right? We can look at, we started counting, for example, how often does a cyber incident cause a US state or region overseas in the United States to declare an emergency? 
 

Colonial Pipeline had 18 separate states of emergency declared for it, um, which is a good indication, um, of how bad something was that a governor had to, had to step up and say, yeah, this, this is an emergency. Um, the, for Change Healthcare and the National Security Council, their deputies committee met like every day for almost two weeks. 
 

Um, so even separate from the economic, which, which has counting problems with it, there's these other indicators that we might be able to use to pull in and say, yep, we've got these other ways to measure impact, um, other than just the pure, uh, dollar costs, um, or yen costs or pound costs or Euro costs, which can be, which can be tricky sometimes. 
 

[00:18:57] Marco Ciappelli: Well, there is also the fact that the breach and that the way that we're forced to use the internet as an individual privacy consequences of that, because, I mean, it's easy and it's very common to say, all right, how much is costed, but the, the individual or the school to get attacked constantly, or, you know, that there is an entire other cost. 
 

There is aspect of, You know, is, is, uh, is the protection democratic, meaning is it for everybody or just for the large company that can afford to have large defenses? So yeah, it's a good start.  
 

[00:19:37] Jason Healey: And that's one of the things that I'm not, we're just not in the research, I think going to have fully baked for black hat, but certainly we want to look at, for example, like so much of the focus of governments is on critical infrastructure and systemically important entities. 
 

And we understand why. Um, because they can have cascading failures, Colonial Pipeline, Solar Winds, CrowdStrike. Um, but we also want to look at, for example, the most at risk populations. Um, who are already suffering and might not have the connectivity that they need. And then they have, you know, this kind of stuff happen on top. 
 

Um, there are some good lessons that we can take from the pandemic on this, that focus, that focused on this with COVID 19, including work from, from, particularly from Josh Corman and others on the excess mortality. And certainly we're going to see, um, they've already started to find some indications of excess mortality. 
 

That is. It's tough to pin ransomware attacks on hospitals to say, yes, this particular person, um, died because of it. And that particular person, but you can see statistically, um, yeah, boy, we had more deaths in the U S and European and other health systems, um, during and after these ransomware events. 
 

[00:20:53] Sean Martin: Super interesting. And, uh, it makes me want to look up. I don't know how many years ago, it was a big thing to report on how many SMBs. Small, medium businesses went out of business after an attack.  
 

[00:21:05] Jason Healey: Oh, right. That's, yeah. That's, you're, oh, right. I wonder where that number is  
 

[00:21:09] Sean Martin: going.  
 

[00:21:09] Jason Healey: Yeah. That, that'd be great to, um, to find that, that's, that's, that's exactly the kind of stuff because sometimes those can be easier to find. 
 

There's been also some good work, some, from some Fed and former Fed economists on what happens at the level of states. Um, and, uh, so yeah, so there's a lot of good material out there, more than I can certainly capture with my research team. That is why we're hoping to encourage those that have this data, um, to, to keep, to keep going with it, to identify those that I, that are specifically at the help us understand the system level and really to present that in a time series. 
 

There's such good material. Like Veracode has such amazing material on the software development lifecycle, but they don't present all of it in a time series. So what we're hoping is that by having this as a framework or a catalog, right, it's never going to be as developed as, as ATT& CK or these others, right? 
 

It's not going to be, um, um, include everything that could possibly be out there, but at least we've got a basic framework so that you can report these in, and then maybe, fingers crossed, we could do an annual report that traces year by year, even quarter by quarter, how we're doing on these, on these top level system wide statistics. 
 

Thanks. Thanks.  
 

[00:22:27] Marco Ciappelli: You know what I like about that is the fact that instead of an yearly report of how bad we're doing, this is the top 10 threats, top 10 attacks. I'll show you something that gives us a little bit of optimism moving forward. I like that.  
 

[00:22:41] Jason Healey: And there are, right? The mean time to detect is to me one of the great ones, but this material from Veracode, Right, they show out of, out of software scanned, software with an open source library that's scanned the first time. 
 

Um, we've seen like a 30 percent improvement of, of no known vulnerabilities, right? That's what Secure by Design looks right, like. Software scan the first time, open source libraries, no known vulnerabilities. That's Secure by Design. Then we've got another statistic that Um, that looks at out of all of the total software that Veracode scans, which is a lot of software, um, how much of the, has a critical vulnerability. 
 

That's also improved by about 30%, by about 30%. Now that's only Veracode. So for us to really, so we've got a, we've got a selection bias. Um, so we do want, as we do this over time, to be able to find other sources for that kind of information, but we're not going to have the time for our black hat  
 

[00:23:44] Sean Martin: talk. But, uh, there is time to share what you do have, and, uh, I'll be joining that chat Wednesday, August 7th, 4. 
 

20, in Oceanside A, and, uh, yeah, I'm excited to see what you have. See the presentation and, and, uh, some insights and into the framework and how you plan to take this and hopefully people get involved and get engaged. Uh, great. Clearly we need the data. So  
 

[00:24:09] Jason Healey: great. Thanks. And I, and I'd mentioned, um, some of the folks that inspired me, like working with Dan gear over the years, who's really had this, um, I really had my eyes open on working with Phil Venables. 
 

And I'm happy to say that Phil is continuing to support this work at cloud, um, at Google cloud as one of our sponsors for doing this work.  
 

[00:24:26] Sean Martin: Nice. I think Dan was a keynote, if I'm not mistaken, a few years back. Yeah, great conversation with him. Super smart dude, of course. All right. Well, uh, Jason, pleasure to have you on the show and, uh, looking forward to seeing you in Vegas on Wednesday, August 7th. 
 

And for everybody listening, hopefully, uh, you found a few good nuggets in this chat. And we'll go connect with Jason in Las Vegas for his session. Which is entitled, Is Defense Winning? And take your own definition of that and, uh, have a chat with Jason and other people sitting in the room there. And, uh, please do stay tuned. 
 

We have much more coming to you from Black Hat before, during, and after the event. And, uh, I'm, uh, feeling good. Thanks a lot for this chat. Thanks, Jason. Thanks, Sean. Thanks, Mark.  
 

[00:25:14] Marco Ciappelli: Thank you.