Consulting ServicesCybersecurity Risk & StrategyCustomer ExperienceWWT ServicesSecurity TransformationDigital
Video
•
147
views
•
34:38
•

September 22, 2020

TEC37 E14: How Cybersecurity Becomes a Business Enabler

Making security investments based on the current threat landscape is a no-win situation for today's CISOs. With a never-ending sea of threats, CISOs need to take a different approach, one that manages risk based on business goals and objectives.

Please view transcript below:

 

Robb Boyd:

The ability to strategically deal with cybersecurity is often derailed by the noise and the daily drum beat of security threats, weeds. Well, today's guests assert that although cybersecurity is still treated as a cost to be managed in so many organizations, there are practical, specific steps that can be taken to remedy this. We're going to cover these steps, along with the seven areas of cybersecurity mapped to your business concerns and how to use them, plus how to have a risk-based conversation that ties the people, process, and technology requirements all together. It's all this and more on Tec37, your podcast for technology, education, and collaboration from worldwide technology. My name is Robb Boyd.

Robb Boyd:

Well, welcome to the podcast, gentlemen. Our title for today's program, How Cybersecurity Becomes a Business Enabler, which feels like somewhat of an age old question for security practitioners. But I know you both have some fresh ideas for addressing this, plus I mean, who in security doesn't enjoy a little help with remediation? But let's start with some brief introductions so everyone can understand the street cred that you both bring to this topic. Todd, why don't we start with you?

Todd Neilson:

Great, thanks Robb. Thanks for having me. This is a great opportunity to talk about cybersecurity. So today I am the Global Director over the cybersecurity Services and Consulting and Advisory for World Wide. We get the opportunity to work with our largest customers around the world regarding the cybersecurity strategy and development. I've been in the cybersecurity industry for about 30 years now. Most recently I had my own company that we deliver cybersecurity managed services, as well as advisory, where I acted as a virtual chief information security officer to about 40 different clients around the world with a good opportunity to see what they were doing. Prior to that, I had been in vice-president, director of sales level roles for companies such as Computer Associates, CA Technologies, Oracle, IBM, and Sprint, et cetera. So I've been doing the geek thing for quite a number of number of years and take some of that experience and have the opportunity to work with clients to get some of that wisdom back.

Robb Boyd:

Excellent. Well, I'm looking forward to hearing what you've got because you do have some interesting methodologies, I think, that are going to help a lot of people. But I also agree that Greg has got some interesting stuff to share, but Greg, do you mind setting up your background for us?

Greg Schoeny:

Sure. Hi Robb, Todd, thanks for having us today. It's certainly an exciting topic. So Greg Schoeny, Vice-President of Services and Strategic Solutions for WWT, really primarily focused on the global service provider business. This encompasses large carriers, telecommunications companies, cable companies, media, as well as various cloud service companies. And we spend a lot of time, myself in particular, we deliver a broad array of services to these companies. This can include high-end staffing services, security, software development, large program logistics, as well as business advisory. And increasingly, as we're out there with our customers working closely with them, security is intermeshed, interwoven, if you will, into all the different conversations we're having around digital transformation and IT. So certainly looking forward to this discussion today.

Robb Boyd:

I'm always amazed as I continue to meet more and more people at World Wide Technology, just the depth, you guys always have such interesting backgrounds and the number of customers that you work with also, of course, is really important here because you've seen the good and the bad on all sides of this stuff. So let's first set up the reality for how you would describe what our customers are living in right now. Let's go back over to you, Todd, what do you say?

Todd Neilson:

The thing that we're seeing quite a bit of is with regard to security and our technology expertise at a sea level is where we're really seeing the concern pop out, right? So the technologists, the engineers, the architects, honestly, not a lot has changed. They're still doing a lot of firefighting, a lot of reacting to the security, blocking and tackling. But what we're seeing is that the cybersecurity components in today's business can no longer be managed as a cost center. So it needs to become a business enabler to what that individual business does.

Todd Neilson:

Now that may be a healthcare company, that may be a mortgage company, maybe a bank, maybe whatever their business needs to be in place, the problem ends up being is being is that the fear of tactics of past, of regulatory fines or getting your credit cards taken or spoiled or hacked, those are still true threats, but they no longer can be used to manage the business. So that's what we're seeing is really what we're trying to focus on is how cybersecurity can enable that business.

Robb Boyd:

Well, how is it... Just to make sure we're all on the same page, why would you say cybersecurity is a cost center? And maybe how did it get there? I don't know. Greg, do you want to weigh in on that?

Greg Schoeny:

I think Todd would agree and the problem has gotten exponentially larger, right? In recent years, there's more infrastructure connected to the internet, more endpoints, mobility is certainly thrown a curve in that, there's more available bandwidth. And so with that, more threats, as well it doesn't take a sophisticated actor to perpetrate an attack, right? And I think all of that is combined to be a bigger problem in recent years, in the past five to 10 years. And yet, in the not so recent past, security was seen as something within the IT department, you didn't have these large, massive attacks that were happening at scale, ransomware.

Greg Schoeny:

And the reality in the last five years is that has become a major issue. And so all of a sudden security goes from something within the IT department to something that is on main stage, is at the board level, is intertwined with risk compliance issues within large organizations. And so it's not as much a cost that sits within IT, it's, what am I doing as a business to keep my enterprise or organization safe?

Todd Neilson:

Yeah. It is definitely that, Greg, also one of the other reasons I see quite a bit is they treat cybersecurity cost-wise like buying insurance. So we need to put this stuff in place so that we don't get hacked, or if we do get hacked, we're "covered". So cyber insurance is fairly new in relation to insurance in general, but the cost center components is so, it's going to happen. You're going to have a wind storm, your house is going to fall down, you have a fire or whatever. cybersecurity's been treated like that as a cost center in terms of insurance purchase. And it can't be that way anymore. It needs to be an enabler, not an insurance policy.

Robb Boyd:

Yeah. Okay. So specific to the title of what we're trying to go for here and then exploring a little bit about what you're saying and at the risk of maybe denigrating myself and those who do what I've done for a living for quite a while, is working for a vendor in most of my history, how much do you think the vendors are involved with possibly setting the agenda when they're selling security, so to speak? So a security vendor, I feel like security vendors and all vendors, we train our customers a lot. And so a lot of times that may be all the information they're operating with. Is that dangerous in this situation?

Greg Schoeny:

Yeah. I mean, I'll jump in on... Go ahead Todd.

Todd Neilson:

Go ahead. I was just going to say, I believe that it's absolutely a problem. There are very few companies out there that do full enterprise suite of security tools and services. So that means you have to have your security strategy from multiple vendors. It's just the way it works. You can't just have one company. Or you get vendor lock in. So I think that's one problem. What else are you seeing, Greg?

Greg Schoeny:

Well, I was going to say, if you think about World Wide's business and the business and services we deliver to our customers around security, it is a blend of services that include staffing, that include professional services, but as well, helping to consume technology, taking various point products and putting them together, making them work, which in security is incredibly important.

Greg Schoeny:

I will say, when I look across our base of partners, no one's trying to sell a point product anymore because I think there's a recognition that CISO's, organizations that we're selling into, that we're partnering, we truly have to be there helping them figure out how to delever their risk, how to increase their ability to secure the enterprise. And that does not happen with another firewall, another end point. And so I will tell you that I'm really proud of the partnerships we put in place to be able to say, "All right, let's have a conversation around security and then let's walk back to what type of technology, people, processes do we need in place to secure the enterprise."

Robb Boyd:

Now you bring up a good point. Let me jump in because I want to define, there's going to be some C acronyms here that we start with. You said CISO, I say CISO. We mean the same thing. Chief Information Security Officer, to make sure everybody's on there. And then of course you have your CEO, which for purpose of this, that's the person's running the business. And then of course you have your CIO, and so we think about a Chief Information Officer, what are you guys seeing in terms of what are most reporting lines like? Because I feel like this is going to have an effect on decisions that are made as well as exposure to what the business cares about. What is that reporting line like for security to information?

Todd Neilson:

I think Greg hit it on the head when he said that the security business has come out of the IT organization, right? And so traditionally, the CIO, six plus years ago was also the CISO, was also the tech director, was also the whatever, right? So multiple hats. And so why the CISO has... Since the CISO has grown out of the IT organization from a technical perspective and as a cost center, it tends not to be considered a part of the C-suite, if you will. I think it's because they haven't either viewed cybersecurity as an overall business risk, just like any other business risk, or it's specifically what Greg was pointing out, it comes out of IT. What do you think, Greg?

Greg Schoeny:

Yeah. I mean, I almost think you have to stratify the market a little bit. I mean you think about the large enterprises, large organizations in the public and private sector with very sophisticated programs that they've been running for 10, 15 plus years, the security leader will typically have an elevated status in the organization. We've even seen a direct appointment to the CEO with a dotted line to the board. And I think that this is out of necessity that the board says, "Hey, we have to understand what's going on in the bowels of the organization."

Greg Schoeny:

But as Todd is exactly right, historically grew up as an IT function, and now it's more of a risk, compliance, governance function within an organization. One of the things that is clearly continues to remain an issue is the CISO's ability to communicate with the board in non-technical terms, to take all the things that are going on underneath the hood and assess risk and then make recommendations, so that a non-technical board could even understand or comprehend what the heck that person's saying. And I think that's one of the things that Todd's going to talk about today and what we're setting out to solve is improving the communication, the ability to assess risk between the business and the technical side of the house.

Robb Boyd:

Yeah. It sounds like... I love that. I want to get into the risk term a little bit further because one thing you're talking about there and what we're speaking to in terms of the relationships is that there's something to be gained, there's something important it sounds like when the CEO will say has the most optimal view of the entire organization and understands what's most important because all of us in our own groups in any company, we've all got, what's important to me right now and individual salespeople, they're paid based on being selfish because they're transaction oriented and that's the way we want them to be. But you need someone running it all and you need security, it sounds like, to be looking out and having that same level of business understanding, but with the additional skill sets, which make me shudder to think about, of being able to translate that across an entire business and in-between the leaders of each business who, I assume if you're addressing the C-suite.

Robb Boyd:

So you brought up risk. It's funny. I think it was 30... It was probably 36 years ago or something, before I was in technology, I was a security officer for a hotel chain and I had left Four Seasons doing security. This is back when I was still in school and went over to a Western hotels. And one thing that struck me, the group that I was working for in Western wasn't called Security, it was called Risk Management. And it was the first time, this was a long time ago, but it got me thinking differently just with the name change.

Robb Boyd:

Now this is physical security, we're not talking, there's nothing about technology whatsoever, but the point was still the same, I think here, which is it sounds like you're going to, is you're saying, as you mentioned earlier Todd about being able to purchase risk insurance, is the first thing to acknowledge it sounds like is that risk is not something that you can get rid of. In fact, I think I've read your article that we're going to recommend here at the end of this, but what are the different things you can do with risk by the way?

Todd Neilson:

Yeah, that's a good point. So the thing with managing risk is, if you identify or when you identify that risk, it doesn't typically go away. Okay? So you have to address it in some way and to your point, there are four things, at least with a cybersecurity perspective and at a business level too, that you can do with risk.

Robb Boyd:

I think so too, yeah.

Todd Neilson:

You can mitigate it, you can do something about it, right? Put something in place, put a control in place or otherwise. You can assign it. We do this all the time. You assign your risk to say State Farm or Geico for your car, right? So you get in a car accident, you assign that risk to them. So you can do the same thing in cybersecurity. You can assign that risk over there. The other one you can do is you can ignore it. Okay? The interesting thing is, is majority of risks are simply ignored within the business, we find, which is-

Robb Boyd:

But, if I jump in on that one, one second though, and I'm curious and I feel like this is an important distinction, is that when it comes to ignoring risk, is I feel like there's two different ways to ignore it. Are you ignoring it because you're aware of it and you're actively ignoring it because you've made the choice to do it? Or are you ignoring it because you're not even aware of it?

Todd Neilson:

Yes. There's a distinction without a difference, because that becomes the fourth issue, which is acceptance. So really, it's what you're talking about, accepting.

Robb Boyd:

Oh. That's a good point. Okay.

Todd Neilson:

We know about it. I'll give you a technical example. We know that Port 80 is open on our web server because it's serving us HTTP over that port, right? Risk, it can be exploited over Port 80, but got to leave it open. So we put other controls around it. So that's the difference between ignore and accept is we try to mitigate with other controls.

Robb Boyd:

Interesting. Okay. No, that's a good point. I'm glad... Your distinctions are becoming even more clear now. Okay. So everyone I feel like has different opinions about what is important for their part of the business. We talked about that and our promise here in this episode is to begin talking about how, because it is feel like an age old question of, "I want legitimacy," but there's good reasons why you want security to be much more tied to the business because that is the only way I feel like probably to accurately measure the risk against the expenses, because it's going to boil down to money here at some point.

Robb Boyd:

What are the... Let's get specific because you mentioned, and this is an article we're going to share as part of the takeaways from this one, but Todd, you were talking about seven areas of the business that I think if I understood what you were saying correctly, that represent from extensive research, all areas of the business, you can map risk to these business areas. I wonder if you could walk us through those and we don't necessarily have to go into all of them, but I think they're interesting.

Todd Neilson:

Yeah, sure, absolutely. So you're spot on. So the thing is, you have to do this in a way that is meaningful. So in other words, it's not a sales pitch. It's actually an exercise and we'll talk about how we actually do that in a way that makes sense. But the seven areas that we're talking about are impactful to that board level, like Greg was talking about, how do we relate to the board? So they are things like market trust and brand and reputation of the customer, right? If you get hit, your brand takes a hit. Availability and performance, so uptime, making sure your customers can get on your website for instance and buy your stuff, right? So I guarantee you that web time or performance and availability is important to say, Amazon, okay?

Todd Neilson:

So culture, policy, and governance. You have a governance requirements, you have what your culture is around cybersecurity, and what those policies are to enforce it, not only because you are required to by law, but because it's just good business. Compliance requirements, whether that's credit card compliance, government compliance, the cost of those controls, because that could be bottom line or top line hits on what you're doing in cybersecurity, you still need to manage the cost. Data assurance, so that data is typically what runs a lot of these businesses. So you have to make sure your data is available. And last, but certainly not least, the seventh would be your security liability. What is your liability out there? If you get hit just like any other liability, you have your HR liability, your real estate liability, whatever those business risks are. Security is just another set of liability and managed as part of your business.

Robb Boyd:

Are you saying with these seven items that this should be like a checklist that I should make sure that I've spread my money equally across all seven areas to make sure that I'm secure? What's the right way to look at this in context?

Todd Neilson:

Yeah. The peanut butter approach, that never works. So we don't want to do that, even though we like peanut butter. So no, actually the whole point of going through an exercise such as the seven areas and prioritizing your risk to these seven areas is because we only have a finite number of time and money. And so we have to figure out what of the seven are a priority to my business and they're always different between businesses. What's different for your small business, Robb, would be different than a large healthcare organization, that would be different than a bank. And so the nice thing is that it's not necessarily about the specific area itself, it's specific about how you prioritize that for your business and then map the risk the discovered gaps that you find in your environment to those priorities.

Todd Neilson:

I can't tell you how many times we go through this risk assessment process and a CISO will come to me and they'll say, "Look, we're spending our money. This is our budget for this year. We're spending it on this, this, this, and this and these are line items. We're going to buy a firewall. We're going to buy access control. We're going to buy this." You think that's the right thing to do. And I always need to ask them, what business problem are you trying to solve? And they always pause and they go, "I don't know." Okay? So let's start with the business first and then map those risks those business areas, because that's what's important to your company.

Robb Boyd:

Okay. Wow. Okay. Because I feel like, then this becomes, because you're mentioning, and I don't want to get into too soon because I think this is exactly where we want to end this in terms of talking about how you start to build a model and what's the right exercise, because you've hinted at the fact that you guys have done this before with various customers. But I feel like there's a reality that it always comes down to in a lot of companies around funding where, let's say, the CISO is going to, and it probably happens on a regular basis, has to go to someone to say, "I need money for these activities and these products, these services." And then you're saying the question back should be, what business priorities are being addressed? Where is risk being reduced in what areas of the business with this investment? So if they're going to for funding, I mean, how does one begin tying those things together where it just feels like it always falls apart? Because it feels like that's harder to do. What would you recommend? How do we begin addressing that?

Todd Neilson:

Yeah, I think... Actually, I'm sure Greg has a bunch of insight on this too because he deals with this on a daily basis to align that value to the business. So it's mostly important around the audience to whom you are speaking and the realization of their business models. So, Greg, what do you think? What are the most important parts that you and your team typically map to?

Greg Schoeny:

I think the most important thing is, understand the customer, the client that we're working with in terms of level of sophistication of the existing program, what are the sets of problems that they've already solved versus what are the next sets of problems that they may or may not be aware of that they're trying to solve? We like to get into a conversation around cyber maturity or overall IT digital transformation maturity and where do you sit along that line? Do you have the basic controls in place? And so then what are the next set of activities that we're looking to solve?

Greg Schoeny:

It's a really off the mark conversation if you go into a customer that is dealing with really basic issues where you could take a lot of risk off the table and you want to have a really sophisticated security conversation, they might not be ready for that. It's equally missing the mark if you go into a large financial services organization, large carrier service provider, and you want to start talking about really basic security issues. These people are prepared generally to be really fine tuning their programs. So it's really important to be empathetic and understanding, and also take the time, Todd mentioned what industry are they in? Where is their business functioning? What geographies? What does the employee base look like? Certainly remote work has thrown a jack wrench into all of this, right? And it's really changed fundamentally the way that organizations have had to think about securing their workforce and it's done it overnight.

Greg Schoeny:

So again, I think it's listening, it's understanding, and then it's being able to map various technologies and some of the things Todd's talking about to help them address the issue.

Robb Boyd:

So it sounds like this is a very sensitive conversation that happens when you're... Because let's be direct about it, you guys are both speaking in terms of the fact that World Wide Technology and the organizations that you're responsible for here play a role in helping customers to do this very thing based on the model that we're speaking of. Am I correct in saying that?

Todd Neilson:

Yeah, you're exactly right. Finding out what your baseline maturity is, to what Greg was pointing out, for a specific business is part of what we do, is part of this model. So the seven areas that we discussed are the mapping, but the process to get there needs to start with some type of baseline. You don't want to, if you already have your blocking and tackling addressed, as Greg mentioned, then we need to understand where the next level is. And then we have to understand where your goal's going to be. And that's where your gap analysis comes up.

Robb Boyd:

I feel like in my experience, if I was to set this up with, say I've got a big customer that I'm managing as the account manager, and this is something that my customer contact has said that this would be of value and/or I've uncovered it through my extremely, incredible insightful skills. And I want to bring them in for an engagement and however that actually happens, I feel like there's probably some pre-engagement stuff that happens because I know I could get the CIO and probably the CISO, CISO, in no problem, but that's not who you're... Who would you want available for this type of thing? And what type of expectations need to be said about the commitment, both to expose information as well as be able to answer questions in the right areas? Because I mean, if you've got detailed questions and you've got broad questions, yeah?

Todd Neilson:

Yes. And you would be surprised. I mean, of the assessments I've done, we start out with an executive alignment workshop and I've had clients where I go in, I request them, "I need the CEO, CFO, CIO, all the C-suite in there, marketing folks, head of operations, direct." I mean, if you put these five, seven, 10 executives in a room, number one, it's expensive. Their time is very valuable. So they always, almost always, question, you really need all these people in place? And so the question I usually ask them is, have you ever had a conversation around your security business strategy and how it relates to enabling your business with this group? And 99% of the time says, "No, we've really never had that as a group because honestly, the CEO or those other executives not in technology, cyber scares them a little bit." They don't understand it. They think it's too technical or they, "The CIO can handle it, just meet with him or her."

Todd Neilson:

But when we get in that meeting and we go through the seven areas and we want to prioritize that, we on purpose, do not do the pre-work that you're talking about. We want them to go into these meetings and react with their peers and have a strategic discussion. Because if you ask, "Is market trust and brand most important to you, Mr. CFO?" He's going, "No. No, no, no. Security liability is." But if I asked the marketing director, guess what she says, right? "Yeah, absolutely. Brand's number one." Right? So they have different opinions, so that's the reason they need to be in the same room so that they understand what their priorities are as a group.

Robb Boyd:

Or you find out they're all just repeating whatever the CEO just said. And you're like, "Come on guys. We can't work like this. You can't just parrot." Well, I feel like, do you ever run into this? Because I'm just curious, it feels like part of the information that you gather in this type of interaction becomes the ammunition or the reason for investments being more refined or put in certain places to make sure that they're doing exactly what the business needs, because that's what business is all about, is investing in the right areas to keep going.

Robb Boyd:

But then to get those people in the room, it almost feels like there's data you don't have yet to justify the reason why you need them to take this as seriously as you do. So to a certain extent, you're still somewhat dependent on a CEO, an executive team that recognizes the importance of security, even if they hopefully would be willing to admit that they don't know exactly how they're going to address it, but they've still got to admit they don't know, I guess, to even show up in the room.

Todd Neilson:

Yeah. But I think that's rare these days, Robb. And what I mean by that is-

Robb Boyd:

I knew I was probably negative.

Todd Neilson:

... if you were to ask a CEO today, "Do you really care about security to your business?" It's probably top five, right? It's there. I mean, I don't know about you Greg, but I've never [inaudible 00:27:06] large, small, medium sized business [inaudible 00:27:10].

Robb Boyd:

Let me tell you what, I'm going to pause you there, you're breaking up just a little bit. I'm going to let your connection catch up. But Greg, what do you think in terms of what the current climate is for customers at a C level, especially the CEO level, being able to understand, "This is something of value, even if I don't know exactly what's going to come out of it and I'm going to commit some time to being willing to turn this corner?" Is that a hard time to get people to set aside? Or is it maybe the context is easier these days?

Greg Schoeny:

I think it depends on the organization, the size, what type of security infrastructure partners they have in place. I will tell you one thing across the board, large organizations, small, and otherwise, there's a high level of fatigue in the market where they feel like they've been pounded by various integrators or in some cases, vendors that are coming in with point solutions and saying, "This is going to solve your problem."

Greg Schoeny:

I think that there's also a level of fatigue over people reaching out ceaselessly and being able to get into the conversation inch-deep, mile-wide. And so, we're really thoughtful when we engage and we recognize that our customers, in order for us to have meaningful interaction, we have to bring the talent, we have to bring the trade craft of security close to them. We have to listen, do our homework, understand their business so that we can have a relevant conversation. And I think the simple most important thing is establishing some trust by solving, let's say a specific problem, a specific set of problems. And then growing from there. It might sound intuitive, it sure does not happen a lot in the market. And I think when you can do that, you're adding a lot of value. You're not selling, you're working with customers to truly solve some of these problems.

Robb Boyd:

Well, I think sometimes you start at this higher level and then as you start executing on it, so many details and weeds are growing up around it that you start losing track of exactly why we started down this path. And it requires, it sounds like, if I can use this word with what you guys were doing, because I had done some work a long time ago where I got to watch consultants and how they work and they would facilitate discussions. And it was fascinating, people that are really good at facilitating these kind of things are good about making sure that they're drawing information out of the right people and whether the group realizes it or not, they're filling in blanks that are then going to allow bigger things to occur with the group and take them someplace they haven't been yet. And it feels like that's what you guys are talking about doing.

Robb Boyd:

We've only got a few minutes left here, I want to make sure we understand about the services. But Todd, what are the type of things that you guys offer? You've been mentioning it, and so I apologize if this is a bit redundant, but let's be specific. What are the types of things that someone could come to World Wide and accomplish? In a perfect world, what would you like to be doing with them?

Todd Neilson:

Yeah, absolutely. So you mentioned the advisory and security services, we absolutely do that. We want to help them create that cybersecurity strategy through this model or another model that may fit them. It may be a compliance framework that they have a need for or to check that box, but if we go through and do this business level exercise, we do that, we do strategy development, we create a risk program for them so that we can actually execute. The unique part about what WWT can do or does do are the follow on items from that. So not only can we give you your strategy, we can help you with the placement of the specific technology, we can align that up with people in staffing, as Greg mentioned as well, to do that implementation. And then we can go ahead and help you operate it and put it together so that it's an ongoing value point to your business. So it's not just a, "Hey, this is what you need to do. Let us know how that goes." It is a full suite of security capabilities from people, process, technology, and operations.

Robb Boyd:

I like that. And so we'll come back, and I know you've written an article that I relied on heavily for figuring out how we might flow this conversation and I appreciate that, but you guys have the workshop stuff at wwt.com, as well as some other resources. Greg, what is good to know here as we wind things up about resources that you guys are providing and what someone should be looking for?

Greg Schoeny:

Well, I think clearly access to information. If you go to wwt.com, our platform, we really built a strong capability over the past 10 years with our advanced technology center, which is a multi OEM environment, it's got $500 million if that even sounds possible of various-

Robb Boyd:

I've seen it. It's possible.

Greg Schoeny:

... technologies. Right. With all the latest, greatest security in IT technology providers. And really what we use that for is to help customers figure out complex problems outside of their production environment, testing, scaling, integration. We've moved a lot of that now to somebody can do that on our platform remotely, which we did this before the pandemic, but it certainly now suits a wholly different purpose now that people can't come to one of our facilities. So it's access to information, pushing it out there, selling less and putting more information that's useful to our customers closer to them. That's really where we're focused.

Robb Boyd:

Well, I... Go ahead. Sorry, go ahead, Todd.

Todd Neilson:

I just want to point out that there are things, like you mentioned workshops, but we can help them do briefings on this platform at no cost on a specific technology.

Robb Boyd:

Oh, nice. Okay.

Todd Neilson:

We can turn that into a broader workshop to help them design their strategy. And if they'd like, then they can get us engaged to do the strategy, compliance, and technology. It's a very programmatic approach that we can help them today with information at no cost. So yeah. Join up, WWT, you can actually run a lab at no cost.

Robb Boyd:

Yeah. And to be direct, that's true, I love the fact that you can access the labs. I love the fact that you're educationally focused in this. It's not just a, as soon as you click here, here's what we want to sell you type of thing. But it's about connecting with the people that are behind there, because it feels like everybody in the organization has got their unique knowledge that they're sharing through that. But I think the big takeaway point is that there are ways to interact with you guys that as big and as beautiful as that ATC in St. Louis is, you don't have to go there. There is a ton of stuff you guys can engage with. And as you were saying, a complimentary level to get started, because sometimes that's exactly what you need is some open questions. I can't tell how many times I go to people and I go, "I'm not even sure how to phrase this question, but here's what I'm thinking." And then, boom, you're the right people like that, you get it.

Robb Boyd:

But you guys have good relationships with your customers, every single one I've met, and I feel like that is really a big foundational thing required here because this requires, empathy was a word that came up earlier, but definitely some exposure when you're going to get into this level of detail. But I think the benefits are worth it because this is an age old problem. How do we tie our expenditures for security to the very business goals that are important? Because that's the way we survive and thrive as we move forward.

Robb Boyd:

Anyway, that was my speech, long. Thank you, Todd Neilson, Greg Schoeny, appreciate it so much. To all of you, thank you for watching. Be sure and subscribe to us in iTunes. Rate us. Subscribe on YouTube as well, you can get the video if you're only listening to the audio. This has been Tec37 from World Wide Technology. I'm Robb Boyd. Thank you so much. We'll see you on the next one.