Cybersecurity: Amplified And Intensified

Episode 22 - Peeling an XDR onion with Jimmy Hatzell.

July 26, 2021 Shiva Maharaj/Eric Taylor/Brian Weiss/Jimmy Hatzell
Cybersecurity: Amplified And Intensified
Episode 22 - Peeling an XDR onion with Jimmy Hatzell.
Chapters
Cybersecurity: Amplified And Intensified
Episode 22 - Peeling an XDR onion with Jimmy Hatzell.
Jul 26, 2021
Shiva Maharaj/Eric Taylor/Brian Weiss/Jimmy Hatzell

James Hatzell is a channel marketing professional with hands on experience in IT and cybersecurity. As Director of Marketing for SKOUT Cybersecurity, James uses his technical and marketing knowledge to build content and tools to help MSPs sell cybersecurity as a service. Prior to his time at SKOUT, James served as the CTO for a healthcare start-up and holds degrees in both Information Sciences and Cybersecurity from Penn State University

And that is how an IT Guy who went to college for cybersecurity ends up in marketing.

Jimmy Hatzell | LinkedIn
Twitter: JimmyHatzell
Home | SKOUT Cybersecurity (getskout.com)

Eric Taylor | LinkedIn
Twitter: barricadecyber
www.barricadecyber.com

Shiva Maharaj | LinkedIn
Twitter: kontinuummsp
www.kontinuum.com   

Brian J. Weiss | LinkedIn
Twitter: bweiss805
www.itech-solutions.com 


BARRICADE CYBER
Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
IT support that's actually supportive.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Show Notes Transcript

James Hatzell is a channel marketing professional with hands on experience in IT and cybersecurity. As Director of Marketing for SKOUT Cybersecurity, James uses his technical and marketing knowledge to build content and tools to help MSPs sell cybersecurity as a service. Prior to his time at SKOUT, James served as the CTO for a healthcare start-up and holds degrees in both Information Sciences and Cybersecurity from Penn State University

And that is how an IT Guy who went to college for cybersecurity ends up in marketing.

Jimmy Hatzell | LinkedIn
Twitter: JimmyHatzell
Home | SKOUT Cybersecurity (getskout.com)

Eric Taylor | LinkedIn
Twitter: barricadecyber
www.barricadecyber.com

Shiva Maharaj | LinkedIn
Twitter: kontinuummsp
www.kontinuum.com   

Brian J. Weiss | LinkedIn
Twitter: bweiss805
www.itech-solutions.com 


BARRICADE CYBER
Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
IT support that's actually supportive.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Shiva Maharaj:

This is the cybersecurity amplified and intensified podcast. Today we have Jimmy hutsul I hope I didn't butcher that promise guy security going on

Jimmy Hatzell:

now much just happy to be here another nother Monday filled with new cyber news. And you know, just it's a it's an interesting time to work in cyber security, that's for sure.

Shiva Maharaj:

What do you guys see in this?

Jimmy Hatzell:

Oh, I mean, like, everyone saw the Kaseya you know, incident that happened, it was it, it was a big deal for a lot of our customers and partners it for me, it was really cool. I'm on the like, go to market side. But I run internal communications for our entire company. So watching that thread develop from like, we saw it from when it was just, you know, post on a discord channel or Slack channel and then watching it, you know, materialize and become more and more legitimate and being part of the the Sox war room to help get the word out there and, you know, say what's happening and release statements and stuff. It just seems like the biggest cyber attack that's ever happened is happening every month was scout

Eric Taylor:

a part of any of the discovery of any of that stuff, I didn't see anything officially come from Scout, you know, on the whole, because I mean, Hunter S was pretty much doing the spew of their bullshit, but you know, was scout unofficially part of any other discovery and iocs or anything like that

Jimmy Hatzell:

we are implementing the iocs. In real time, we weren't publishing them publicly, we were communicating to our borrowers. So we sent out bread advisories every week, we send out like, I used to be like once a week when we started them, basically like an emerging threat and whatever remediation you can do. Now it's gone to like three or four, just because the amount of threats have happen. We try to keep them to technology, that's, that's relevant to our customers, partners. So I mean, for us, it was more we were, you know, we're involved in all those communication channels where it was initially unfolding. We were loading up IOC s as they were happening in that you know, those first couple hours, but we were not publishing our results publicly or part of that Reddit thread or anything.

Shiva Maharaj:

Did you guys get any your clients pop? Well, let me rephrase that you didn't get your clients pop that was gonna say, Is it any of your say a partner's get pop?

Jimmy Hatzell:

You know, we we actually, we were very fortunate in that mode, the overwhelming majority did not we had a couple small ones. And I will say one that happened, and it was contained pretty quickly, was a company had a former technology partner MSP that had the software, the agent still installed on their computer that was never fully removed. So that's, you know, that's how that one happened.

Shiva Maharaj:

If I can stop you there, we had Brian Weiss on here, former Kaseya user, he got popped with ransomware, back in 18, sbsa. breached, and he came across some of his clients and colleagues who took over clients from Kaseya VSI msps. And it was a half installed agent that came back to life for this breach.

Jimmy Hatzell:

Yes, just a reminder, like you really have to remove all old software. If you're moving, you know, from a managed provider, especially, you know, remote monitoring tools. Like people have old versions of LogMeIn or TeamViewer, or splashtop, or whatever, especially with work from home, like a lot of people have that stuff. So it's just being mindful of what's even installed on your computer.

Eric Taylor:

Like, it's such a good point that I've always, you know, stressed about and really scream at the top of my lungs as much as possible, you know, being able to have an MSP or any technologist go in and say, Alright, we're implementing zero trust from the signing of our contract. We don't know crap about your network work, trust and shit, you know, I mean, is that something that scout helps their partners go through legitimately go through and you know, start labeling only trusted stuff and be like, hey, look, we know this is not part of your stack, you really need to start removing that is, is that something the scouts doing? Or on the roadmap for doing because? I know, there's not many security vendors out there that actually do that type of level auditing.

Jimmy Hatzell:

Yeah, great question. We are, you know, we encourage our partners and customers to do that, you know, we encourage them to you know, follow best practices, which obviously involves zero trust. Typically, we'll you know, align our help our customers aligned to you know, framework such as Mr. C is for

Shiva Maharaj:

today, even though it's not complete, excuse me, you guys aren't aligning with CMMC even though it's not even complete. No, no, absolutely. Absolutely. being completely facetious there by the way,

Jimmy Hatzell:

no, no, well, I look at it like if you're, if you're complying with a framework, like NIST, the CMMC is based on this. So like the the regulations, such as CMMC, level three, which is really just a farce is you're going to comply with the majority of it as long as you're aligned and aligned to this. I think

Shiva Maharaj:

we found a unicorn here.

Eric Taylor:

We might have just started found a managed

Shiva Maharaj:

SOC guy in the channel that sounds like he knows what the hell he's talking about, in marketing to

Eric Taylor:

in market but we're only six minutes in To this thing, so I mean, let's not get ahead of ourselves yet, okay? You know, I haven't had to like rip off my headset yet. So

Jimmy Hatzell:

But back to, you know what we're talking about with our products, zero trust. So with our managed Endpoint Protection, well, we like we go into a blocking array, like watching mode, and then a blocking mode where it's basically, it's like, white labeling or not white labeling whitelisting software as it goes. So what we were able to do with our Endpoint Protection, is we were able to block globally, that agent, XC file in all of our Endpoint Protection customers, and then anyone using any other products, all that data is logged into our sim into our, you know, analytics platform, we'll call it and we were able to just search for all the iocs and just call call, call call call call. And our SOC, just you know, they were just calling anyone that had anything to do with Kaseya making sure was offline, and they literally had a list, like adding new customers to list if there's anything that search came up with, and then just crossing them off until they had an actual conversation with the person and 99% of those conversations. Were I'm using the cloud based, or I'm taking offline right now. But most of them are on cloud based, obviously.

Shiva Maharaj:

How many sock analysts do you guys have? Ah, good question, because we're growing. ballpark it. You know, we talk in fine. Yeah.

Jimmy Hatzell:

2025. So we have our analysts that we have senior analysts, and then we have our red team as well. And then we have our purple team as well. So basically, when an incident happens, we assign a senior analyst and a member from the red team to each case, but this one, I mean, it was so Global's all hands on deck, and are you Where's your team located? continental US? Or are we talking? No, no, Ukraine

Shiva Maharaj:

or islanders like to say is off during their software coding

Jimmy Hatzell:

all of our SOC or SOC is located in Long Island. Gotcha. Yeah, we you know, we are CGS compliant and everything too. So

Shiva Maharaj:

it just is a dumpster fire. It's tough. It's I've never walked into a municipality, and they were actually complying to what CGS wants.

Jimmy Hatzell:

Yeah. But, you know, we can you know, we can work with municipalities and police stations and stuff. So

Shiva Maharaj:

what type of platform? Are you guys running? You mentioned the last stick. And are you selling? Are you an SDR? Yes. So part of the Barracuda announcement was that they're getting to the SDR game. So how to scout the fine SDR these days.

Jimmy Hatzell:

Sure. So SDR extended detection response. In my in my view of things is an SDR has to have some form of technology, and then some form of people as well. And then multiple layers. So those are the three criterias that I will use to use for like evaluating SDR whether or not it's an SDR platform. So MDR is a great example. You have some form of Endpoint Protection software, typically. And then you have a sock, or some sort of response team that responds when something happens. x yours, that plus email plus sim plus any other you know, products, you layer it, it's the combination is the expansion of MDR into multiple layers of cyber and the end the really the natural progression of the market. What are you guys using for

Shiva Maharaj:

your endpoint? I know you're using Enki on email, or at least you were I don't know if you still are? Yeah, correct. Yeah, we're using silence. Okay. And why did you guys do silence? If you're privy to that or part of that decision making process?

Jimmy Hatzell:

You know, it works really well. That's why we use it. No, it does. We have longer plans in our roadmap to integrate more Endpoint Protection programs in I can't really talk about them because I don't know exactly what they're gonna be or, you know, we're not ready yet. But that is a big part of barracudas plan for the scout xDr platform to use to be able to integrate with more Endpoint Protection software's.

Shiva Maharaj:

Now, you guys, I mentioned that you guys, you're a unicorn, but I think scout is almost a unicorn in itself, because it started off as a company. I believe your founder, either started over in Ireland and brought it over. You actually started in the US, but yeah, he's an Irish guy. Very good. And then you were offloaded to RSC ventures. And you just, I would say you're probably the first MSP play to get flipped by a PE firm. And I would say RSC seem to have nurtured you guys really well put you back on the marketplace, as opposed to gutting you and having your service level go down to shit like most of the other peas are doing in the channel,

Jimmy Hatzell:

you know, rst was a great partner for us, especially during growth. We had Matt Higgins who you know, is the CEO over at RC it's backed by Steven Ross. And they you know, they know customer service really better than most venture capital out there. I mean, they have companies like Equinox soulcycle you know, like Milk bar, a lot of direct to consumer companies. So this was sort of a natural company for them, I guess they helped us get to a level and maintain a level of customer service that the super high. So when we look at customer service in the same way, when I look at marketing and branding, look past b2b, how can we look at direct to consumer spaces or you know, like a, you know, directly with like, companies that have a higher standard for customer service, and their brand and marketing, then maybe a lot of b2b companies or cyber companies have and when you're comparing yourself to people outside of your industry for that, it's easier to raise the standard. So circle back just a bit before we get too far off topic.

Eric Taylor:

It's really interesting that you chose silence as your partner was that a scout decision, a barracuda decision? And what made y'all decide to go with silence versus something like a CrowdStrike? or one of the other leading competitors to that?

Jimmy Hatzell:

Oh, great question. I mean, we chose silence in 2018, and have been building off it since then. I wasn't part of the evaluation process. So I can't tell exactly, I just know that it has worked very, very well, for customers and partners. Again, now it's a changing market, you will always have to respond to things and you know, respond to the changing market. So when we built our platform to set it up, we didn't set it up all like we like we don't just manage, like, like when we're deploying things, we are just deploying silence, right? We have our own dashboard, that we integrate everything from silence. So we can we build things out for the future, knowing that the technology might change, people might want to use something else in the future. So the direction that we're heading with our SDR platform is the options of, you know, multiple Endpoint Protection companies. So I think like when you're looking at why did you choose silence, it's more like that was the first company that, you know, our partnership made perfect sense for them. With us. The technology was good, especially at the time that we were, you know, starting to really build out our SDR platform. And now, you know, as we mature and grow, it's going to get bigger, and there's gonna be more providers in there as well. But you know, I love you know, you mentioned CrowdStrike Sentinel, one's a great company. There's lots of, you know, carbon black as well, like, there's lots of great Endpoint Protection. And we have worked with these in the past. And you don't need to use silence if you're a scout customer. Just if you want to manage Endpoint Protection. That's what we're currently using.

Shiva Maharaj:

You mentioned that you guys built a dashboard, or the products you sell. pull it all together. Is that just a cabana? Or is it something more proprietary than that?

Jimmy Hatzell:

No. Great question. And I appreciate that. Because I've seen a lot of people just using cabana. So versioning from perch,

Shiva Maharaj:

so I know the Okay, I know how that is supposed to work.

Jimmy Hatzell:

Yeah. So version, point five, beta was kabana. And then the reporting, really the thing that had is move off of it was the reporting. It wasn't robust enough and customizable enough. So we actually built our own reporting engine, and we rebuilt everything using Node JS, and react. So everything's built custom.

Shiva Maharaj:

You mentioned that you guys are a customer centric company or because of rst you're more of a customer service oriented type of company. How do you interact with a CSO at a client of yours? Now are you guys channel only?

Jimmy Hatzell:

We are we are chat only but you know, like why it was the best way for us to help the most people.

Shiva Maharaj:

He's losing his unicorn status.

Eric Taylor:

Yes, I told you. I told you my

Shiva Maharaj:

15 minutes 16 minutes entity done fucked it up. But anyway, let's dig into that why I don't believe any company should be channeled only because I think you miss out on a considerable cross section of opinions and ideas from other people. And I don't think it hurts to get more data points in it's gonna cost you more to filter through the bullshit, but I do have a preference for non pantaloni vendor interesting. And then you said the help word, excuse me, you said the help word. We're trying to help trying to help know how to make money we're doing the Ponzi scheme that is MSP like that's you know, that's where I see I've

Brian J. Weiss:

got an opinion on the channel only I you would I'm I'm okay with the channel only as long as you also market towards large enterprise companies with internal IT departments but get that give those leads to msps.

Shiva Maharaj:

By msps. He means himself not only himself

Jimmy Hatzell:

well, so I think that this is you making some good points and the evolution of our sock sort of maybe by accident got us there. I like to say it's on purpose, but I don't know. So we started out selling directly we first started the business and then naturally msps were brought to the conversation in half if not more of deals and we're mostly focused on mid market. But our security operations center has operated with direct customers, you know, legacy, as we call them, we have served fortune 500 companies And very large public companies as well. So we know like, a lot of companies are trying to build the software and build the SOC after we built the SOC and then built the SDR platform the software afterwards, which makes it a lot easier to scale. So I definitely appreciate with what you're saying, because if you're just building the software, and then you know, only going down this piece and trying to catch up building the sock after I could see how that could be extremely, extremely difficult because having those large scale incident response scenarios, working with the seaso team working with, you know, reporting on like, like with government agencies, if something happens, these are things that Assad has to go through, and actually feel that that, I guess, pain to actually reach that level of maturity, and provide that service level and have that expertise. And like if I thought about, like, if we tried to do that now building the sock after just having the platform, it would be extremely difficult. You know how we can scale that fast. It's just we have enough, hard enough time now hiring enough people to work in our SOC. So could imagine starting over

Eric Taylor:

so with the exception of Barracuda strain, and forgive me, is it official that Barracuda is acquiring scout is that public yet?

Jimmy Hatzell:

Yes. The acquisition completed last week, Barracuda has acquired scout cybersecurity, so I can't comment on that.

Eric Taylor:

Yes.

Shiva Maharaj:

It's basically he came in after the RSC acquisition, you come and be a rapper RC. Alright, after I see, Mr. We can have that conversation offline.

Eric Taylor:

But anyway, with the acquisition from Barracuda Is this where scout will actually they start expanding outside of the quote unquote, channel and start taking on new entities? Well,

Jimmy Hatzell:

so I mean, like, the demand for SDR is massive. And Barracuda is a very big company. So our right now, Barracuda MSP has is where we're integrating in. So any, currently, anyone who wants to join our platform, your one scout will go through a managed service provider or a barracuda, MSP or Scout, you know, MSSP will make the referral. So there is there's already been interest from Barracuda direct customers, and we're putting them all through msps. Gotcha. What makes you

Shiva Maharaj:

guys different from all the other managed sock players on the channel? Or what do you think makes you different?

Jimmy Hatzell:

So I think a couple things. SOC maturity is one or to talk about that. So I need to talk about that again, too. But the the like level of our platform, so like, we're not just managing endpoint, or we're not just SOC, we're not just Sim, you know, we're looking to be that xDr platform. I think a lot of people are saying xDr. But I think that we're actually doing it. So manage email protection, managed Endpoint Protection, log security, monitoring, network security, monitoring, authentication monitoring is something that we've looked at. And in our product roadmap, infrastructure monitoring is in our product roadmap as well. So like, what makes us different to, I believe wholeheartedly? Is the level of service you're going to get from our SOC, which probably everyone would say, but I actually think ours is better. And we've talked about why. And then to the extent that our platform actually covers holistically, it's not just an endpoint protection company.

Shiva Maharaj:

So going back to email protection, what are you guys actually doing there? Are you just letting Anki run its game? And its feature set? Or are you actually managed setting it up managing it triage, eating? And the second part of my question is, what are you guys doing in terms of network analysis? And potentially protection?

Jimmy Hatzell:

Sure, the ladder on your first question. So you know, we're managing the setup, we're ingesting that data as well, all the alerts that come in, from our input from our email protection go into that dashboard, you can actually like reset passwords from our dashboard. You know, set up filtering rules, stuff like that. So like we're building it for cross functionality. So there's things like, Oh, 365 security line, which is another product. So by having email protection, yeah, you have the technology through Enki. But the management of it, that cross correlated with our own office 365 monitoring is much more powerful. And then, you know, should something happen, we have our SOC on it, whether it's, you know, phone calls to, you know, or helping you work through or mediation. Does that answer your first question? It does, but

Shiva Maharaj:

now you branched me off here. Okay. Are you doing for tenancy office 365 tenancy monitoring? Are you just looking at the canned reports that are coming out of 365? Or are you actually doing some threat hunting and analysis of what PowerShell may be running in the tenant?

Jimmy Hatzell:

Great question. I think I would probably need an SC to answer them in which is my

Shiva Maharaj:

slack them and get them on here.

Jimmy Hatzell:

What types of security use cases are most common? So there's multiple logins from different geo locations, to FA bypass or to FA disable delegate access added email forwarding, added forwarding rules, external forwarding rules, those are some of the most common security use cases that were alerting on those pretty much

Shiva Maharaj:

the standard event log notifications out of 365. And you're just parsing with your own rules. That's, I mean, what you're doing, but I think that's the limitation of 365. Right. I don't think anyone can actually do more than that, based on what's available through the graph API.

Jimmy Hatzell:

Yeah, I mean, we use the same API, everyone, you know, is using, it's got theirs in, and by the same limitations, you know, with the, with the delay of data, sometimes stuff like that, that everyone has, but I think it's important on the cross correlation. So yeah, oh, 365 is great. But when you have Oh, 365 monitoring, and email protection, and then you can get the logs from both of them and correlate them in the same platform, that's when you're getting that multiple layers of things, including endpoint to or network or log, if you're seeing no traffic from similar IP addresses across multiple plot products, or users. You know, that's how we can get these minor alerts. The you know, yellow, yellow, yellow, the extra all sudden is a red because it's across multiple vectors.

Shiva Maharaj:

Are you speaking about multiple vectors? are you tracking bread correlation across multiple clients have the same MSP identify whether it's a breach at the MSP? Whether it's RMM, or poor hygiene?

Jimmy Hatzell:

Ah, great question. Yes, our msps have the ability to view things on a global on the use case rules set up globally, I think that's going to be a tenant by tenant basis case.

Shiva Maharaj:

So you can have one tenant that's out of the box. And by out of the box, your recommended best practice could be flagging for different things from a different tenant.

Jimmy Hatzell:

No, no. So what I'm saying is, if you are in MSP, right, and you have 10 customers, let's say just keep it simple. They're all separate. But if you want to run reports, across your customers on alerts, you have that ability. So I'm not sure exactly out of the box, whether or not we are running security use cases across multiple clients, I call them underneath, right? Yeah, I really don't know.

Shiva Maharaj:

I mean, if you don't mind, if you can follow up on that with me, because I'm curious, because not a lot of the Manage SOC providers in the channel. And maybe I'm not phrasing the question correctly. And maybe you guys are doing it, they don't, the Manage SOC guys in the channel don't seem to be able to identify these 10 clients as, say, my clients. And if they're all indicators of compromise, I see. The lowest common denominator here, that would potentially be my issue or an issue stemming from my company.

Jimmy Hatzell:

I seriously. So on the SOC side, there's parent child relationship, and we can see threats across clients. So when the analyst is going in, this has happened before I know this was happening before we can see and identify when there's threats from multiple clients and and sort of like, so. Let me explain this in probably so we can make sure we're on the same page, because I think is what you're saying. Many sock analysts are set up in their system where they just have companies, right? They just have companies and they may or may not be attached to certain MSP. So they're not able to really see like Company A has some threat. Company B has some that and company C has some threat. And there's not there's not any data point or parent organization tied in that specific system where is in their Salesforce or their CRM, they might have that great data. But in the SOC, it's not set up that way. So that they can't that knowledge. Is there. Is that what you're saying?

Shiva Maharaj:

That and then there's also training deficits, where some of the manor SOC providers aren't training their analysts to identify the correlation between clients for a single MSP? Yeah, I think if your channel only as most of the managed Sox are, that should be one of the first things you teach your analysts, they, hey, these two clients are having the same iocs do they belong to the same MSSP? And as a Kaseya? VSI?

Jimmy Hatzell:

Yeah, no, that's great question. You guys are good questions. Man. You really understand this stuff? We are absolutely

Shiva Maharaj:

fake it till I make it the brainpower here, man, I'm just here for my looks.

Jimmy Hatzell:

Yeah. Nobody's ever asked me that before. But yes, we do have that capability. Our SOC is regular train. I'm confident on that one, because I've seen them do it.

Shiva Maharaj:

Now back to the network. He said, I asked about what are you guys, if anything, what are you doing for the network? And how are you doing it without giving up your secret sauce and wants, you know, you want it here?

Jimmy Hatzell:

Oh, sure. I mean, can so we have a sensor that sits on the network can be virtual or physical, as many companies do. And basically we're monitoring for different iocs coming in and out of the network. So that could be virus signatures, that could be IP addresses. That could be you know, it mostly command and control servers would be the most common thing you know, this is communicating with this command and control server. So like great example, somebody is on your Wi Fi at your business. They're not set up in whatever your MDR provider your Endpoint Protection. In provider, there's a virus on that it's talking home to command and control server, or the the signature of the virus traveling through, then the the network monitoring would be able to identify that. And then you know, we'd be able to isolate that machine and and start to triage in that.

Shiva Maharaj:

Are you putting in a note tap? That's basically mirroring the uplink port? I don't know. I do not believe so. But I don't know. Exactly.

Eric Taylor:

So we aren't actually doing it. Are y'all actually looking at beacons inside of the network? Or how's that thread until pretty much get analyzed? Can you repeat that? So are you looking at the beginning of the agents have what's the communication is going across the interface? or How are y'all start really diving into that it's up too much of a proprietary type of analysts?

Jimmy Hatzell:

I don't use proprietary I think it's probably just put my head down. Like, you know, I like to get technical background cyber, but I am I am on the marketing side not working in SOC. So I don't, I don't have full knowledge on everything.

Eric Taylor:

So what just for those who don't understand that beaconing is like if my workstation is making periodic calls to Google, that's called a beaconing. It's constantly making that stuff. So if you have, you know, a workstation starting to do various beacons, or intermittent beacons, things that nature, that's really what starts sending off a lot of red flags is that a lot of idcs are IDs.

Shiva Maharaj:

I'm looking at one of your marketing pieces on your Salesforce right now. It's your network security monitoring BS. You know, Eric, maybe I can throw this out

Eric Taylor:

right away. Bring it up for you right now,

Shiva Maharaj:

if you guys are looking for cross site scripting, SQL injection, how quickly Did you detect that in the Kaseya incidents on your on any of your affected clients?

Jimmy Hatzell:

So okay, great question. So once we uploaded the iOS, so the agent dot txt was getting flagged by silence right away. So anyone who had Scott Endpoint Protection, we were able to stop that as it was happening. I don't know when, when or if the IOC is from the actual SQL injection attack to you know, get that initial access to like the zero j in in? Because they have esa was detected or not, so I don't know that.

Eric Taylor:

Yeah, cuz that's really two different aspects. I mean, the agent, k Gen, or agent e xe, but the SQL injection, yes, go injection is against the cloud instance. And the agent is just a remote agent. ubsa. So

Jimmy Hatzell:

basically, you're asking if we were able to detect the initial SQL injection zero day that everyone was, you know, breach by and I don't know if we were able to, but I don't really think anyone did, right?

Shiva Maharaj:

Hey, at least you to be honest. So I can accept that.

Eric Taylor:

I do think that, uh, john over there at Black Point, or black? Yeah, Black Point was saying that they were actually seeing some of that early signs of indication before the IOC is was put out of the double check. I may be putting words in his mouth. But I do think he made that claim.

Shiva Maharaj:

Would you say you work in tandem with a hunters? Or is that a direct competitor?

Jimmy Hatzell:

No, no, I mean, we do threat hunting for our SOC as part of our red team's exercises and a purple team's exercises. But, like hunters can work alongside Scott Endpoint Protection, I wouldn't consider them a direct competitor.

Shiva Maharaj:

Now I'm gonna throw Eric on the hotspot here. You mentioned your red team a few times. And that is Eric's thing. Right? He does a lot of incident response. I think he's more IR than he is MSP at this point. Oh, yeah. Do you guys make that red team available to clients of your msps if they want to go through some type of pen testing? And I'm gonna ask the question, because I know it's gonna come with it. Are you guys just using a nessus scan? Or is it something more encompassing?

Jimmy Hatzell:

No. So if they want a penetration test, we have a list of providers that we recommend. We don't want to be penetration testing ourselves. Other customers will require vulnerability scans for clients reasons, or just because they want them we will do more than just the report that comes with a nessus or tenable or, you know, whatever vulnerability scanner you're using.

Eric Taylor:

Gotcha. Yeah, that's one of the things that we always get worried with, especially ones that we've been taken after a incident response are like, so yeah, can you you know, pen test us? I'm like, Yeah, but we're not going to. Yeah, we already know the loopholes in us. I mean, yeah, we definitely have some partners that we actually outsourced as well or refer over but yeah, it's good to, it's good to hear that you're taking that stance like look if we're being the security firm for your organization, or and being that you know, outside resource we cannot pin test you at the same time and there's so many companies out there that will or they will just flat out say hey, here's an EM map export or here's nessus scan or rapid fire tools, scan yamaga drop 7000 pages on your damn desk.

Shiva Maharaj:

Talking about network detective, come on, that shit doesn't work.

Eric Taylor:

That's just a great way to kill a tree or forest. I've got

Brian J. Weiss:

a couple of questions if I can jump in, you can't. My caffeine is kicked in now. So I'm a little more away before

Shiva Maharaj:

you get started. Brian, I just want to warn Jimmy that he's literally just waking up because he's from the west coast or on the west coast.

Eric Taylor:

He's a slacker, slacker.

Shiva Maharaj:

It's not a 9am. They're

Brian J. Weiss:

major slacker. Don't

Eric Taylor:

tell us he was late to the actual meeting. Right. So

Brian J. Weiss:

So I'm curious couple things. Number one is when you do your threat hunting, what do you do you rely heavily on the sim? To to where you're kind of building this mousetrap to identify things that you need to hunt further right? And look for threats?

Jimmy Hatzell:

No, the answer's no. We have suffered data leak that sets parallel to our seven. So we're hunting in that daily.

Brian J. Weiss:

Okay. And then do you have any analytics that you over metrics that you track as far as average time to stop a known threat? That's found?

Jimmy Hatzell:

Great question. I don't know everyone wants a metric from their SOC, I don't know them off top my head. For high alerts, our SLA is our internal time that we get back to someone is under five minutes. And 30 for for minimum medium is a little longer for low alerts, what might be helpful and is not totally answering your question. So you can stop me if it's if it's not, it is the process of what happens when we identify a threat. So basically, immediately verify it send the actual alert. And if it's, you know, high, we're going to call and try to get someone on the phone at the organization. So we have the contact list, who we call first. And then as I said before, it gets escalated to a senior analysts and someone from the incident response team as well. And they'll open up communication bridge. And we actually have those two people at least they're running it, they're assigned on our side, we'll have other resources from the SOC as well work directly with the with the partner Endor customer, on some cases, it's one of the other in some cases, both most of the times is usually just the MSP until we can get that actually stabilize. And sometimes that'll be 12 hours, 20 hours. I mean, we're just staying on. It's not like we're just sending here's what you do, you know, good luck. And then after that, we write up the incident report, which can be used for any number of reasons you would need an incident report, including legal insurance, verification, things like

Brian J. Weiss:

that. What percentage of threads do you run into that, that scouts able to stop on their own without involving MSSP versus alerting and MSP and relying needing to rely on them to help stop

Jimmy Hatzell:

it? Great question. And this is just back to basic cyber 90 plus percent of generic cyber threats that turn into a big problem can be solved with good cyber hygiene. And what I mean by that is good email protection, good Endpoint Protection that's actually gonna stop things MFA, and some form of authentication monitoring, whether that's network log or whatever. So yes, we do have, you know, sim services, we have all this stuff. And that's going to stop that last 10 or 20% of threats and help detect them when they're actually happening. Or if like, it's, you know, larger scale attack, but for the most case, the email driven attacks, RDP driven attacks, ransomware driven attacks, good email protection, good, you know, best practices for disabling ports and two, fa MFA, good Endpoint Protection, email protection, going to stop those.

Brian J. Weiss:

Do you have your own EDR? Agent? Silence? Okay. So do you have? Do you have the ability to run scripts yourself? Or do you have to rely on the MSP for that?

Jimmy Hatzell:

I'm not sure. We totally honest with you. I don't think that we do in all clients. So I don't I don't know.

Shiva Maharaj:

Well, if you have if it's a managed silence provided by Scout, I think it might be a fair assumption. not born to mouth that you probably could. Yeah,

Brian J. Weiss:

yeah. Okay. Yeah, I'm just trying to get an idea cuz I, you know, it seems like I've kind of, you know, when I look at someone calling themselves a sock, I really just put them into containers. There's a sock that alerts you of issues. And there's an actual actionable sock where you've given them a playbook and said, Hey, if you find XYZ, you stop this on your own don't even bother, you know, contacting us for approval first, right, because 24 seven SOC. I mean, if there's something especially happening after hours that you know, 100% is suspicious behavior. You know why? Why create an alert and wait for the next morning for the MSP. to address it, I just tried to get an idea of of how actionable scout actually is, as far as being a sock, or how much do you rely on the MSP to actually help stop these threats once

Jimmy Hatzell:

found? Yeah, great question. I will say that our whole roadmap is moving in that direction. We do sell on this stuff. Right now we've integrated some things like the ability to reset passwords and close off accounts, in our dashboard. And then our analysts can actually do that. So like, that's where we're going. I will say a lot of that, like, people always say, Well, you know, this product actually does the remediation. And it turns out the remediation is the endpoint protection software has some feature that praises or rolls back or something like that. So like, I think that a lot of people when they're comparing these things, they are comparing them apples to apples, we'll take a software feature that's integrated in a managed security service. And then that software feature is the remediation. And then they go to another MSSP and say, do you do remediation, because this company does, and they're actually talking about the software and not and then MSSP is thinking like, actual like IR remediation. I think like a lot of this gets muddied up just in like, people are just talking about different things, definitions, like definitions and context is always so important. I don't know. That's my little rant about it, because I hear that a lot.

Shiva Maharaj:

Hey, Jimmy, can you walk me through what onboarding with you guys is like in terms of your SDR product, and any playbooks that maybe need to be filled out, if at all by the MSP or the clients or on behalf of the clients that I think that's where you're going with, right, Brian?

Jimmy Hatzell:

Yeah, a lot of it's recently changed. And I haven't gone through it like, years ago, I went through the actual onboarding process to understand it. And now a lot of it's more self service more automated. And

Shiva Maharaj:

so I guess, not necessarily the onboarding process, but more focusing? Well, let me I guess, let me break it up into a couple different questions for you Do you guys ask or playbooks from your partners and their customers for remediation playbooks? So we're like, as Brian said, you know, if XYZ happens, or it's this type of incident, go to town on it, don't call me just do what you can with the software I'm buying from you to take care of my crop.

Jimmy Hatzell:

Yeah, we have a couple of knock partnerships that if someone wants that level of service, we will steer them that way. So we are like we're trying to stay in the dirty realm, though, when it comes to making a lot of changes in people's environment. Like, it takes a lie. Like you have to have access to the documentation, you have to have all this stuff. So right now we are moving that way. We're moving that way software base. That makes sense.

Shiva Maharaj:

Okay. But if it's an incident, I mean, wouldn't you guys have and you're doing xDr? Aren't you supposed to have a playbook saying, you know, if there's a ransomware outbreak, go in there start shutting things down isolating, and you know, at least stop the spread? or, or, or is that something you guys are going to and not there yet?

Jimmy Hatzell:

Yeah, I mean, it really depends on the client like most like it, our msps, giving full access and remote logins and everything to their entire network to their security partner, and are comfortable making those changes, like with permission ahead of time, that's like another area. So I don't know, I don't have like, we managed to stop them when they're happening. I will say that, but if a ransomware attack is happening on a network in real time, and no one from the MSP is doing their job. Yeah, it's just a knock partnership probably makes sense for them. To have someone to have that level of service.

Shiva Maharaj:

You know, speaking of knock, I read somewhere, maybe sometime in the last year, and I could be going crazy, because I just worry too much. Perhaps you guys have a knock partnership with a company here based out in Jersey. I don't know if it's public. So I don't know if you want to go into that. And tell us public is UI design. Okay, yeah. And what does that partnership entail for you guys?

Jimmy Hatzell:

Oh, yeah. So so it by design has what we call what they call the snoc product. So it's not plus SOC. So you can actually get we work? Yeah, I know the acronyms getting out of control.

Eric Taylor:

Demo. I'm literally does internet demo. We are working on a doing a threat hunter right now trying to figure out why workstations beginning to some cPanel in Canada, and that your hosts not going like what

Shiva Maharaj:

I thought we were getting snacks, but Okay,

Jimmy Hatzell:

so we work directly with their team. So we have you know, we know how to work together. We have a lot of joint customers partners, so they are able to do all that hands on stuff. We also have worked with other NOCs in the past and the majority of outsource knots that you can go to has some sort of relationship with us unless they're standardized and will not allow us just because their customers have scalp and you know, we've worked with them. Are you

Shiva Maharaj:

guys using any rmws internally your own systems

Jimmy Hatzell:

for our own systems, we are not doing any RMM on any. Okay, so we're not deploying RMS and Many of our customers, our IT help desk has, you know, their own services that they use. But that is completely segregated from the SOC network. So the SOC network as a network that I'm a part of, and the it access that, you know, they have on my computer, they don't have that at all on any SOC computer, any SOC network, it's completely segregated.

Shiva Maharaj:

So you guys are not using an RMM. Internally, not for your clients, but your own like yours, your boss,

Jimmy Hatzell:

I don't know exactly what our IT help desk is using to be totally honest with you. I'm pretty tactical, I never filed tickets for anything.

Shiva Maharaj:

So the reason I ask us, because with all the breaches that have happened in the last three or four years, I'm wondering if a sock or a managed sock would weigh the risk of having an RMM and just go down the road or something else and just not using RMM? Yeah, I

Jimmy Hatzell:

mean, it's great question. Again, it's like, when you look at security in general, like, you know, availability is is a big part of it. So whether or not you can do your job without that, you know, that's something to consider as you're weighing the risk of things. So it's, it's not whether, like, yeah, I could have no secure computer ever if it was disconnected from the internet, but I need the internet to do my job. So we're constantly so where we are in that level of, you know, availability and being able to do your job versus the security risk of our memes in general. I don't think To my knowledge, people aren't saying disable all our memes and don't use them on your network anywhere. Maybe certain software's. But I don't know. Maybe we're heading in that direction. I don't know. I don't know the answer.

Eric Taylor:

So Blizz, he's out there saying arms dead, you should pull it off. If you run on premise RMM that you're pretty much a damn idiot.

Shiva Maharaj:

What are you guys using figure threatened tell feeds? Are we talking CrowdStrike elene. Ball for future?

Jimmy Hatzell:

Great question. We have 76 feeds, I think we're part of the Department of Homeland Security's threat sharing program. So we get all of so basically all the government, I don't know how familiar you are your audiences, but the government agencies used to all have their own threat Intel, so the CIA, NSA, FBI, they'll have their own threat intelligence, and then department Homeland Security went and aggregated all of them to create one feed for the federal government. And then they partner with private providers to increase that feed. So we are feeding, we're part of that two way. So we've actually found things in the wild and reported it that actually gets ended up being a DHS threat Intel report a couple of times, and we get the majority from there. And then we have a number of threat Intel private providers, their SOC is constant changing them, I will say a big part of our Barracuda partnership is Barracuda cyber company. They've been doing cybersecurity long time, they're very big company, and their cyber company and their core. So like when you look at the other channel, only providers, a lot of them are partnering up with channel companies or MSP software vendors, if you will, rather than cyber company. So one major benefit that we have being acquired by a cyber company is greater access to threat intelligence feeds and you know, their own internal threat intelligence. So more on that, to come in our sock is super excited about the acquisition because of you know, that's the threat Intel that comes with it is a big part of it. So

Shiva Maharaj:

if you can make some recommendations and ask me this, because I saw you have a technical background, before you got into the land of marketing and make believe that the dark side or the I wouldn't call it the dark side of you need marketing to make money, you don't have money, you can't keep the lights on? Yeah. And you seem to not be spewing the bullshit that I get in this channel.

Jimmy Hatzell:

So I didn't come in and say, the AI machine learning, blah, blah, blah, oh, we

Shiva Maharaj:

would have just canceled. Like, let's go get something to eat. Other than obviously, buying scout services, what would you say the top five things are for any company out there to do to baseline their security to put them in a better position?

Jimmy Hatzell:

Great question. So I'm going to give an answer twice. So I'm going to give a high level answer on organization, how you look at that, and I give practical answers. So the first thing, so the high level, first thing you need to do is figure out what critical data you have and what you want to protect. So if you don't know what you're trying to protect, you're gonna have a hard time actually setting up any sort of security program. That's the first thing. The second thing is taking layers of protection around that data. So let's say that the thing you want to protect most is, you know, some trade secret or your actual product, then you're gonna want to build the layers around that. So I talked about that layers in my second answer. The third thing you want to do is you want to have a way to figure out if you have a problem. So in addition to the layers, you know, you need the endpoint protection, you need all that stuff, email, filtering, blah, blah, blah, but you need something to actually monitor that. So you need to actually monitor that data then you need To have a plan for response. So the difference between a contained threat that happens internally, and it's just, you know, an exciting Friday, and a very public problem is the is the time it takes to respond to the threat. So you need to have a way to bring that response time down. And then the last thing is you need to pick standard and work towards it. So you know, if you don't have anything, Mr. C is just, you know, pick it and start falling things and start aligning to it. So that's my answer for organizations. The other answer, which is probably what other people would say, is good Endpoint Protection, good email protection to FA fast time to patch. So a key indicator of how mature a cyber organization is, is meantime to patch so need to have things patched and updated. So endpoint email, to fa, time to patch and then least privilege leave at least privileged access?

Shiva Maharaj:

What's your ideal time to batch? Personally, because I know you'd probably don't want to put scout on there. What do you think as a former it practitioner?

Jimmy Hatzell:

So So it depends? It depends on a number of things. One is this an internal system that is highly critical on like, has highly critical data. So to look at two things, one, availability of the systems and then to how critical the data is. So if the data is super critical, you're gonna want it to be running patches as fast as possible, not immediately when they come out. And if it's a highly available system, and is not a, you know, seven or higher on the CVS or whatever it is, something's happening, you may want to do some internal testing on to make sure it doesn't break everything first. And maybe a five or higher or something. I don't know. But the answer is, it depends on who's using the system and what's actually protecting but the general rule is as fast as possible, that is not going to disrupt day to day work too much.

Shiva Maharaj:

I got one last question for you, then I'll turn you over to Brian and Eric, do you think the vast majority of msps actually test their patches? Like they say they do in their sales pitch? Or are they just taking some default offset time from their RMM? This this, will this answer will get you in trouble with the MSP community?

Jimmy Hatzell:

Yeah, I don't know how I would know that I would say that are really good partners aren't having problems with zero did because they're keeping things patched. So I guess that's what I can say on it. If you're a partner with us, and you rolling out log and network security monitoring, or even if you're just a partner with us, in general, your security posture is probably higher than the average MSSP. So I guess I have one last question for you.

Shiva Maharaj:

There's always one more, who do you think should use a sock or sim x? Dr, whatever you want to call it? Because to me, it's all six of one half those the other? What type of companies do you think should be using a scout type service? Just the lump you and create that category of x? Er, SOC. And whatever?

Jimmy Hatzell:

Yeah, I think everyone should be using email protection and Endpoint Protection, I think, whether it's us or someone else, you definitely need that no matter what, and a managed version of it. If you are not a larger organization, that you have that 24 seven response capability would be highly encouraged for network and log security monitoring, it's going to be as the organization grows and what they're doing and what systems they have. So if there's no internal network, maybe network security monitoring isn't, you know, a great solution for them. But maybe some sort of blog security monitoring is, I would say, the majority of network and log two years ago, was compliance based, so as people who needed it for compliance, and now that is changing and changing fast, so as employee accounts grow past 15 2025, the usage is starting to pick up there, whereas years ago, it was, you know, 300 400, unless they're banks, or something, you know, that they were required to have. So I guess my answer is, everyone should be using, you know, your basic cyber hygiene stuff on a managed basis, unless you can really manage it yourself, and you know, you're doing and then second to that medium to, to, I don't want to say medium, because that to some people means 500 plus employees, but more mature organizations should be using those higher level services, the same services as well.

Eric Taylor:

So I'll take it from an IR standpoint a little bit and just kind of pick your brains I want you to take your scout shirt off. Figuratively, not literally. I

Jimmy Hatzell:

have an undershirt on so I mean, yes, is not that.

Eric Taylor:

Yeah, it's gotta be fingered it, please. So, you know, talking to Jimmy, the person that's got representative when you know, like, we're a small IR firm, right? We know that even when we're doing this stuff, you know, we get stretched pretty thin, you know, trying to do all these things. When do you see a company an MSP or an internal IT firm, you know, really start bringing stuff internally and maybe potentially getting away from scout altogether. Just, I'm just kind of curious, like, when does a company look to actually bring that internal versus an external source?

Jimmy Hatzell:

I mean, we have companies that have 10,000 employees using scout. So I mean, it, like having a to be big enough to hire your own sock and be able to operate 24 hours is very, very difficult. And it's, it's, it's not very common outside of, you know, fortune 500 companies be totally honest. And there's a couple reasons for that. One, you know, this global shortage of talent that we all talk about, it doesn't mean that every cyber jobs unfilled, it needs cyber jobs that require experience in management, and seaso jobs, they're the people, there's not enough people to fill them, because we need a million and there's only 10,000 people with that experience, you know, and that gap is continuing to widen each year. So you have that problem. And then you know, the the increase of, of data like, is causing more and more stress to happen, there's a bigger attack surface than ever before. So with those two things, you need more employees, you need 24, seven support. And then you need to basically always be hiring because one of your analysts is always being offered a job somewhere else for a better pay. And you know, whatever. So I Good luck. You know, if you can't, that's great, but it's very difficult.

Eric Taylor:

Yeah, I'm right there with I'm like, What the hell but yeah, in the community, there's always, you know, talk of trying to share collaborative data share, you know, threat Intel feeds and things of that nature. Are you seeing, you know, from scout level, where you are starting to see other partners share threat Intel feeds, I mean, you take away from security, futures and aliens, all these other ones, but like MSSP, to MSSP, or SOC to SOC, or whatever, coveys, blackpoint.

Jimmy Hatzell:

I emailed him at 232 45, the day that could say, attacker said, Hey, john, let me know, if you wanna get in touch with our SOC, we're, you know, we're both here to help solve the same problem, purify back, disable everything, and we are already working on that. So now there's community we're trying to help same people, massive, bloated, like it's not when it's about security, we're talking about people's livelihood, we're talking about their business. So, you know, like, I think it's all about, you know, the more sharing, we can do great, but we need to do it, well, we need to be smart. But if there's a massive breach like that happening, you know, it's a beautiful thing, watching, you know, the Reddit thread come together and different channel focused, or channel only providers talking and saying, like, you know, let us know, if you need help, or let us know, if you see anything. And, you know, we didn't, we were already running in parallel, you know, similar playbooks and getting things taken care of our customers, but we have that sort of relationship where it's a small enough community, we all know each other, and we can reach out.

Eric Taylor:

So you, I asked one question, you answered a couple of different one that I didn't ask. Okay. So, you know, when you when I look at RSS feeds, and I look at, you know, io sees that are being put publicized out there on the internet, are you seeing companies like scout like blackpoint, and all these other ones actually sharing their IOC is that they're seeing for other sock analysts to ingest and bring it into their fold. in advancing us as a whole.

Jimmy Hatzell:

I think we're not there yet. But we're working on it, you know, can't come to is really taking that oversee of the ISOC or isol, that first started. And then or connectwise, slash purge started announced that it nation in 2018, fy 19, m t is sort of taking that. So I think that that is, you know, hopefully what will happen, but I don't think we're quite there yet, as a community,

Eric Taylor:

what do you think that might be a reality?

Jimmy Hatzell:

I don't know. I mean, we're getting it through. Like, it's difficult projects, because MSP are servicing so many different clients. So like, if you're an MSP, that's like, if you say a breach is a perfect example of why we need one specifically for msps. But if you're an MSP focused on manufacturing or industrial like those, there's there's threat feeds for that specific vertical already exist, and they're out there. So I think that's part of the problem where msps are all over the place. And it's sort of rare that something is specific only to that community and more specific towards where the vertical customers are. So I don't know, hopefully, soon,

Brian J. Weiss:

I realized now that you're actionable SOC is actually a partnership with it by design, which you call us snoc.

Jimmy Hatzell:

Is that? I don't know. So well, hopping on the video and getting all that done. That's all us. That's that's that that whole explanation I gave this is us only.

Brian J. Weiss:

Okay. But it sounded like you won't actually make changes to an MSP clients network without a knock service involved or a knock agreement in place is okay. Yeah, I think that's a big differentiator. that a lot of msps don't realize is that you know, either have a sock that's alerting you of things, or you've got a sock, that is finding things and stopping threat and without necessarily needing your involvement. So I'm hoping that we can get a better differentiator in our market on that, because one of them is kind of, in my opinion, glorified log aggregation and, you know, filtering of that of false positives and just alerting msps of things that may not be false positives, that they still have to interject with the other thing too, that I'm curious about, you know, which I've been encouraging a lot of msps to do as if they do have a SOC to actually put them to the test. Oh, yeah. You know, set up, set up an environment where you can deploy something and see how quickly they react. Do you have any of your clients doing that with your product?

Jimmy Hatzell:

Yeah, all the time. I mean, we have to catch pentesters. Like, if if our sock doesn't catch a pen, tester and user, you know, one of the big companies working at like, that would be a huge problem. So like we it happens, I would say it happens more often with pen tests than it does in MSP setting up a VM and making some noise downloading some malware, but both have happened.

Shiva Maharaj:

And I borrow your red team to test some MSP specific mannered SOC vendors i don't know i don't think so.

Brian J. Weiss:

That's actually a good point though. Right? I mean, that could be a sad that could be a sales tactic for scout is like hey, we'll we'll test your existing services you have in place and thinker protecting you.

Shiva Maharaj:

I mean, Eric did it for me with a managed sock provider I was using

Eric Taylor:

I'm gonna say stop trying to take away my job.

Shiva Maharaj:

I'm trying to get hired as a subcontractor to scout when they get too busy when Barracuda you know, Barracuda, Barracuda. Yes. Anything else?

Eric Taylor:

You guys have for Jimmy? Nah, man. Just Thanks. Yeah, Mommy, sorry, me.

Shiva Maharaj:

Thank you The Did you not read his LinkedIn post? It's Jimmy. Okay.

Eric Taylor:

Jimmy, okay. But it's it's hard to really get people who actually will talk the truth on a lot of these these matters and you know, really dive into things that most people just don't want to talk about. Right. So I really do appreciate the the conversation today.

Shiva Maharaj:

honesty and the transparency that you provided. Yeah, I enjoyed as well. You guys asked some good questions. Sometimes. We ask better questions when we're drinking. So how do people reach out to you

Jimmy Hatzell:

can go to our website, get Scott calm. You can add me on LinkedIn and connect with me there. Or you can email me Jimmy at gets gallup.com

Shiva Maharaj:

All right. You want to take us out? You know, do you know the website the stuff?

Eric Taylor:

So in the deep inner things, but anyway, thanks again, everybody for joining yet another podcast. We greatly appreciate y'all tuning in. If you're on Facebook, if you're on YouTube, let's actually get the social media platforms correct. If you're on YouTube, please like and subscribe. Leave us a comment and if you're on the podcast, please, please please give us a review. It helps us understand what you do like and don't like about this show. And for any and all things upcoming, please visit our website at amplified and intensified.com and as always, thanks for joining.

Shiva Maharaj:

Thanks again for joining us for the cybersecurity amplified and intensified podcast.