In this episode of the On Location with Sean and Marco as part of our coverage of SecTor Information Security Conference in Toronto, Canada, Christine Dewhurst and Dr. Thomas Lee introduce a groundbreaking model that predicts an organization's exposure to third-party data breaches based on staffing levels and certifications. Their innovative approach shifts the focus from traditional technical controls to the critical role of human resources in cybersecurity, providing fresh insights for both security professionals and business managers.
Guests:
Christine Dewhurst, Partner, NSC Tech
On LinkedIn | https://www.linkedin.com/in/christine-dewhurst-262867a9/
At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#christine-dewhurst-48706
Dr. Thomas Lee, CEO, Vivo Security
On LinkedIn | https://www.linkedin.com/in/thomas-lee-phd-b7766b10/
At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#dr-thomas-lee-48707
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
In this episode of the On Location with Sean and Marco as part of our coverage of SecTor Information Security Conference in Toronto, Canada, Sean Martin and Marco Ciappelli spoke with notable guests Christine Dewhurst and Dr. Thomas Lee. This episode centers on innovative approaches to assessing an organization's risk related to third-party data breaches. Christine Dewhurst and Dr. Thomas Lee present a compelling new people-centric model for determining an organization's exposure to third-party data breaches.
Dr. Lee, who holds a PhD in biophysics and operates in California's Silicon Valley, initially approached cybersecurity from a scientific standpoint. He explains that their research focuses on using empirical regression modeling to quantify and predict data breach probabilities based on staffing levels and certifications. His emphasis is on the importance of having enough trained and certified personnel, which includes CISSPs and CISAs, as key indicators of security posture.
Christine Dewhurst, based in Toronto, partners with Dr. Lee in applying these mathematical models in practical scenarios. She underscores the critical role of understanding the workforce's capacity to manage and protect data. Dewhurst explains that their model evaluates five key staffing metrics to predict data breach risks, emphasizing that having the right quantity and quality of staff is crucial for robust security. She highlights their unique approach which differs from traditional methods focusing solely on technical controls.
The discussion also touches on the surprising significance of audit certifications (CISA) being equally important as technical security certifications (CISSP). This understanding bridges the gap between cybersecurity practices and business management strategies, providing a holistic overview of enterprise security health based on human resources. Christine Dewhurst and Dr. Thomas Lee offer fresh insights into how organizations can strategically enhance their defenses against third-party data breaches.
____________________________
This Episode’s Sponsors
HITRUST: https://itspm.ag/itsphitweb
____________________________
Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S
Be sure to share and subscribe!
____________________________
Resources
A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach (Session): https://www.blackhat.com/sector/2024/briefings/schedule/index.html#a-new-people-centric-approach-to-determining-an-organizations-exposure-to-a-third-party-data-breach-41396
Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach | A SecTor Cybersecurity Conference Toronto 2024 Conversation withChristine Dewhurst and Dr. Thomas Lee | On Location Coverage
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00]
Sean Martin: Marco, I'm
Marco Ciappelli: John,
Sean Martin: really sad, man.
Marco Ciappelli: you are? Why? Why?
Sean Martin: Well, you're not going to be in Toronto.
Marco Ciappelli: Oh, I know. I was starting with this today.
Sean Martin: We're starting
Marco Ciappelli: I'm not, well,
Sean Martin: I'm going to point out that you're not going to be there. And I'm sorry, I shouldn't be smiling. No, I'm gonna wipe that out.
Marco Ciappelli: You love that. You love that. I'm not going to embarrass you when you're there,
Sean Martin: Well, you do that,
Marco Ciappelli: but I love the fact that I'm still part of the chats on the road, which is all the pre event conversation. And then you're going to have a lot of interesting people to have.
On the mic when you're there and off the mic. I'm sure you're not going to record everything, right?
Sean Martin: I, I, no. Well, let me record everything. And I don't have enough space on my phone anyway. But, uh, no, I'm, I'm excited to meet lots of new people. Of course, it's an international event. We're talking about SECTOR, which is the Security Education Conference of Toronto. That's what it's down to. And we've had a few chats already, but I'm [00:01:00] excited to meet new people from the Canadian region and from the Toronto area and kind of get a sense of what's going on in Canada or in relation to the U.
S. and the rest of the world. And no better way to do that than show up in person, actually shake some hands and meet some folks. folks we're meeting today is part of, as you mentioned, Mark, a part of our chats on the road to Sector. We have Christine and Dr. Thomas Lee, and, uh, they are both presenting on the topic.
Let me get this straight here. It's a new people centric approach to determining an organization's exposure to a third, third party data breach. That's a mouthful, just like some of our programs are in security. Um, Christine, Thomas, great to see you.
Dr Thomas Lee: Thank you.
Christine Dewhurst: Fabulous. Great to be here.
Sean Martin: Great to have you on and maybe a bit of bit of background for folks, things you're working on at the moment to kind of set the stage for how this came together. Uh, Christine, you first.
Christine Dewhurst: Fabulous. So, uh, [00:02:00] Christine Dewhurst, I am here, uh, in Toronto, and it was, you know, I sit back to the first time I met Dr. Lee. It was a dark and stormy COVID night in March. There was a snowstorm outside, uh, here in the wonderful world of Toronto. And Dr Lee presented a mathematical model to be able to determine the probability of data breach, and I was mesmerized the whole time.
So many neat and exciting things, and I had to to reach out right after the meeting to be able to sit down and work through some of these things together. So we met about two years ago, I think maybe even be two and a half years now, and we've spent every Monday together for the last two and a half years, going through discoveries, looking at the math models, attempting to determine.
Um, how we could potentially use this in a practical sense, because when you sit there and you talk about the third axiom of mathematics of probability, a lot of people just kind of go, uh, but if you sit back and talk about some of the discoveries [00:03:00] that we're going to share today, um, at that point in my career, I was very much sitting back and thinking, you know what, all of the ways and everything that we're doing in cyber isn't working.
Um, and I was really taking a, uh, an introspective and, and external view of. Of everything and we need to find new ways to do things. And so today we're really happy to present, um, some of those new ways and new techniques that cyber professionals people can, uh, people can use that aren't necessarily cyber professionals, um, to be able to determine who has your data and how to protect it.
So happy to be here and looking forward to sharing that new perspective with the world.
Sean Martin: I love it. And there are a few moments in time I can look back and think that presentation or that panel, whatever the conversation was really means something. And, uh, yeah, I'm glad you two connected to, uh, to bring together the connection that you had just from hearing each other. Uh, Dr. Lee.
Dr Thomas Lee: Um, thank you. Um, well, first, let me explain. [00:04:00] Um, I'm a scientist. I'm not a cyber security person at all. I'm not a cyber security person. Um, uh, several years ago, just explain why on earth the scientists would be here at black hat. Um, several years ago, um, I started a company. I'm in California. I'm in Silicon Valley.
And we thought we'd, I'm a, I have a PhD in biophysics. So, um, just selling me, I thought we could design an immune system for the computer. And, um, we came up with some ideas and, and things and, um, people that I ran into said, Oh, that's a really interesting idea, but it would be much more interesting if you could calculate risk.
And, um, It took us quite a few years, but we discovered we could. We developed a model for the cost of a data breach. We presented that to the Federal Reserve. Um, and then just several years ago, we discovered how to calculate [00:05:00] probability for data breach. The reason I'm here is, and the reason, uh, Christine heard my talk is we've been explaining what we've discovered through empirical regression modeling, and I emphasize that I'm not a cyber security person, I think, because I'm a scientist, not a cyber security person.
So we cracked the code in how to figure this out. We had to find something we could measure for all companies. And it turns out, as Christine says, staffing levels was the one thing that we could measure. So, so we figured out how to calculate probability, but that doesn't mean we figured out how to use this information.
So sort of the wonderful thing, if it was two and a half years ago, time flies, but it was running into Christine. who could teach me how, how something like this could actually be used. And I'd just like to correct her. She said nothing's been working. In fact, what we [00:06:00] found is how effective cybersecurity people are.
There's no question. They're very effective. Um, and the data breaches occur more often because simply companies haven't hired enough of these people. Where, where we're failing maybe, um, is in managing third party risk. And then working with Christine, that's, that's our sort of our breakthrough figuring out how to do this.
And I just can't. Christine's a cybersecurity expert, but she also has a degree in mathematics. In fact, she has a bachelor's in mathematics, which to me is very scary. It means while the rest of us were, I don't know, studying literature and stuff in college, she was pure math. And so that made it very easy for her to understand the modeling that I was presenting.
I mean, she could just think in, in, in statistics. Manner that we needed and how to apply this. [00:07:00] So anyway, that's my introduction to me. I'm not a cyber security people, a person. Um, and I'm very interested in working with cybersecurity people to show how this model can be used, how this information can be used.
And that's what our talks about. I mean, getting into the talk itself.
Marco Ciappelli: So, Sha, can I just say something?
Sean Martin: Of course.
Marco Ciappelli: interesting what you said. And it's interesting the title because when I said, OK, we're going to talk to these two folks are going to present there. I'm thinking like from a sociological mind and people oriented mind myself to be like, Oh, they got a solution where.
People are really at the center of the solution, meaning, you know, cybersecurity is a human problem, as we've been seeing lately. But then now you're presenting this as, it's more of a number problem, more than, you know, it's a quality versus quantity. Get, you know, am I getting somewhere with this, Christine, maybe, [00:08:00] or Thomas?
Christine Dewhurst: Go ahead, Dr. Lee.
Dr Thomas Lee: Well, I mean, it just, you know, so we, we, it's simple, it's obvious. So, you know, that, um, that people would make the difference and, um, that you need enough of them, um, to get the job done right within your organization. It's that simple. And it's just, it's quite obvious. Um, we developed a regression model.
There's. And what we discovered is counting certifications, the number of people with certain certifications was very, very predictive. We could pick out a really small percentage of companies that were responsible for most of the data breaches. So just it's. Although cybersecurity people think in terms of sort of their training and the work that they do, which are controls and, you know, I mean, they sort of view the problem.
I know, Christine, you've taught me. Uh, I mean, you think about vulnerabilities and you think about threats and then you think about [00:09:00] mitigation. That thinking and that work, uh, if we want to step back and we're thinking about management, um, the answer is quite simple. You need to hire enough of those people.
They know what they're doing. They know their stuff. Um, and that just the very, the likelihood that you're going to have a data bridge, um, we can measure that. Did you hire enough of these people? And it turns out to be very sensitive when you get to very large data breach. Um, having sufficient staffing is, is, is really important.
Sean Martin: No, no, Christine, do you have insights into the type of staffing? Cause, uh, Dr. Lee mentioned a few things, right? But so
Dr Thomas Lee: She sure does.
Sean Martin: you start with risk, you build some policies, you, you, you put some controls in place, you run a program for detection and response, all of that takes people, it takes people outside of the, uh, the security team as well.
[00:10:00] Um, how do you figure out. What that looks like, what is enough, quote, unquote,
Christine Dewhurst: That's, that's a fantastic question, Sean. So when we looked at the beauty that COVID night when I met Dr. Lee is he actually looks at five things. He looks at the number of people in the organization, uh, the I. T. staff, CISA. C. I. S. S. P. And M. C. S. A. And from that he can based on how much data you're sharing with that company.
We can actually predict what the probability is of data breach. It's people centric. So instead of sitting down and looking at a questionnaire of do you have AES 256, you're looking at, do you have enough people within the organization to be able to fulfill the needs? Do you have a second line of defense with it, with the CISSP?
Do you have, um, a CISA that, that leads your internal audit function? It's looking at those things and shifting up from the data and from the controls to be able to [00:11:00] see, do I want to share my data with this company? So one of the, the items that, that we explore is if you sit back and you, you know, like, uh, A lot of companies right now are looking at translation services.
So when you go on a call with somebody, you can actually hit the record and it'll do all of your minutes and it'll do everything. And Dr. Lee and I were in one session and they said, can we record you? And so Dr. Lee and I furiously went on LinkedIn to determine the CIS and CISSPs and how many people worked in the organization.
And within five minutes, We went, Hmm, I don't think we want to do that because they don't have any CSIS or CISSPs in the organization. So they're collecting all of this data from all of these people all over the world. And how are they securing it? If they don't have a third line and they don't have a second line and they don't have qualified people.
So I said a lot there, but it's, it's super exciting because it's a way. It's a way that anybody can can sit back and look at an organization and say, do I want to give them my [00:12:00] SIN number? Do I want to give them my driver's license? Um, am I comfortable as a company who is the steward for my customer's data?
Do I want to share their data? So I'll stop there. Dr. Lee wants to jump
Dr Thomas Lee: yeah, yeah, I do want to jump in, you know, and I'm sorry, Christine, we're not following our plan and what we were going to talk about that. Um, but that's okay. I mean, this is how our sessions went,
Sean Martin: how we roll.
Dr Thomas Lee: we met weekly. Yeah. But, uh, so that, um, it mostly was her teaching me. Um, but, but I think, um, so we did empirical regression modeling.
Empirical means that, uh, we discovered what's predictive. So it's not based on theory. Um, it wasn't based on an opinion. Um, we tried, by the way, a lot of different kinds of certifications. We found that, uh, Simply counting the number of people with, um, certifications is really predictive. Um, so you asked what kind of people and so forth.
One thing we found [00:13:00] is that people with certifications were way more predictive. Um, and so this teaches us one thing. It teaches us, um, that these certification bodies, I'm not saying everybody, but But generally, every certification we tried was really predictive, and more so than simply counting people that say they work in cyber security. This is teaching us that these certifications are really important. Whatever that, what's ever going on, and I have my opinions, I think it's the ongoing training. Just like this Black Hat conference, um, and people need to, uh, Keep up with this ongoing training or they lose their cert. Um, so that's one thing.
The other thing that I think was a really big surprise, it wasn't for me because I didn't even understand what the certs meant, but I do now. And I think a big surprise. is that we discovered that a CISA, which is a audit certification, was just as [00:14:00] important as a CISSP, which is kind of the more technical aspect of cybersecurity.
And what most people would say is cybersecurity certification. The discovery that audit was so important, it was just as important. Um, I know that's a surprise because we know the hiring ratios of CISAs and it's much lower, much lower. Um, and so that, that's one of the big discoveries is how, how important audit is.
And I don't think people recognize that. Um, and then Christine taught me why. Um, all the things that audit does in the checking the verification and things really began to make sense. Um, at that point. So that's 1 take home. Another is the she mentioned the M. C. S. A. Um, uh, that is a Microsoft certification.
It's now being replaced. Microsoft has changed that. new certifications. But why on earth? This is not a [00:15:00] cybersecurity certification. Why would that be important? And, um, you've got to read a bit between the lines with empirical regression modeling. I think it suggests that, um, training people in I. T. In the systems that they support.
To the extent that they actually get certified, I think that's important. I think that's what the modeling is teaching us. And I've had some CISOs use this, um, to encourage IT to get trained up in the systems that they support. If, if you've got AWS, if you're using it, maybe your team should be trained in AWS, certified in AWS.
Um, maybe this should be certified in your firewall and so forth. Well,
Marco Ciappelli: probably. I mean, as a cyber security person, a lot of our experience and I'm not, you know, I'm not saying this is not correct. This is definitely correct, but I'm [00:16:00] thinking all the people that we know that are in the industry, they come from the hacking community, for example, they may not have certification, but they are.
recognize really incredible people in the industry that are actually the one that oftentimes think outside the box, which is what we need to do in cybersecurity. So I'm wondering how do you guys factor these non certified people, but also extremely qualified for what I know? So I'll love your opinion on this.
Christine Dewhurst: I will kick off and I will hand over to Dr. Lee. I don't know if you two spoke beforehand because this is one of his favourite questions and he's going to
Marco Ciappelli: No, we didn't.
Christine Dewhurst: cart. So, in math, when you've got When you've got a whole bunch of things that act the same way in your model, you can pull one of them out to be a predictor.
That doesn't mean, um, that there's not other [00:17:00] that will linearly or non linearly focus in the same way. And I'm going to, I'm going to just hand that over to Dr. Lee because he's going to talk about the shopping cart and we're going to have great conversations about cereal and milk.
Dr Thomas Lee: it's so hard to do the shopping cart without, um, doing the slides, but I do have a lot to say regarding that. So, um, uh, so first, I mean, so we,
Sean Martin: save some of it for your session,
Dr Thomas Lee: beg your pardon,
Sean Martin: save some of it for your
Dr Thomas Lee: Okay. Yeah. Well, you know, I, what I find is that people tell, tell me that by the time they've heard the talk, it's like drinking from a fire hose the problem from the perspective of the people and the idea that you're important and you've got to have enough of people like you is so different.
So, um, then people are used to cybersecurity people. It's worth hearing several times is what I want to say. It'll be easier for people to digest. Um, So when we model, just Christine says, um, you know, it's called [00:18:00] colinear in the, in the modeling process. You can, if you have several factors that, that turn out to sort of, uh, to be the same or similar pattern.
Um, in the modeling process, you remove the one, the weaker of them. So that's, otherwise you're just fitting random noise, not just talk about, you know, statistical modeling. So indeed we tried a lot of certifications. They were all very, very predictive. You need to know every one we tried, but we didn't need them in the model because it didn't improve the accuracy of the model.
And our objective was not to rate certifications. It was just to build a really accurate model. So when I say CIS has failed, It's a proxy for a whole lot of other things that are within the enterprise. It's a proxy for the size of your InfoSec team really in perhaps the training and experience of your InfoSec team, just that one cert, but it doesn't mean [00:19:00] another thing to keep in mind.
Is that, um, when we're developing a model, we're developing it in the night. We've developed it for U. S. Data initially. Um, there's 5 to 7 million companies in the United States. What we're really looking for is the difference between the companies that did and did not have a data bridge. And so we've got to think of something we can measure for 5 to 7 million companies and a lot of companies, most companies are small.
So the CISSP is a certification we can find even among smaller companies under 500 employees, for example. It doesn't mean that it's the best certification. It's just the most ubiquitous certification. Um, it is a very good certification, but that's how I would interpret it. Uh, Christine said the shopping cart, I give it, give that in, in, in the talk.
Um, I explain how we could maybe discover, imagine we could predict family size. By what you see in [00:20:00] somebody's shopping cart at the grocery store, and I use milk and cereal as an analogy, you know, both of them, children like, you know, children like milk, they like cereal, um, but I don't need both of them in the model.
Maybe I can predict family size by measuring how much milk somebody has in their shopping cart. And I could do that with serial too, but I only need one of those two factors, um, because they're, they're just the same. But, so to your question, all of these certifications and a full team size and all the different dimensions, are important.
And when you look at large organizations, you see them, all these other, uh, kinds of training. You mentioned hackers. Yes. Here's the thing to think about is, um, in the modeling, we had to be able to gather the data quickly without too much work. And there's lots of things that you could think of that would be really predictive, but it's just too [00:21:00] hard to get that information for five to 7 million companies.
Information on ethical hackers or even people's experience. I can't answer that. I can't gather that data quickly. And the, and the CISSP seems to be a good proxy, proxy, just regarded as a proxy for all these other things. So the comment that I
Sean Martin: also independently verifiable, right? If, if
Dr Thomas Lee: yeah, yeah. That's right. So, but, to the shopping cart, um, I say that this is a model that an expert like Christine can use, she understands all the other stuff that's in the shopping cart besides milk and, and, um, cereal.
So it's really a tool for the cybersecurity expert. Um, they can turn to management, they can compare a company to their peers, and they can make an argument for all the other things, too, that we just don't have in the model. [00:22:00] But, you know, they can make it from the perspective of sufficient staffing. So that's, that's the answer there.
Everybody's important and they all have their little piece in in preventing data breach. Data breach, by the way, is much more than getting hacked. It's also accidents, lost or stolen devices. There's militia, malicious insiders, all these other things cause data breaches as well. Keep in mind.
Marco Ciappelli: And it's not going to be in the shopping cart shop. Don't buy that stuff
Dr Thomas Lee: Well, it'd be in the shopping cart, but we don't need to. It's in the shopping cart, but my joke is that if I just buy milk, um, for my family, um, actually in the shopping cart analogy, we say milk and diapers. But my family will get sick. Well, the diapers are my analogy for CISA. There, there are something completely different.
Um, they're not covered by, you know, [00:23:00] diapers are for children too young to drink milk. And that would be a good predictor of family size too, but they'd be just the infants in the family. So,
Sean Martin: I love it. So, so many questions, so many questions. Um, even just the. Is there, is there value in, I don't know if there's a factor to look at that says, what happens after a breach? Do we have the right people to help with that? I don't know, I could go all over the place with this,
Dr Thomas Lee: yeah, that's a whole nother, that's a whole different talk. Yeah. But I can say. So one of the biggest costs is the investigation, just because we've modeled that cost as well. One cost is lawsuits, so you don't want to do stupid stuff and put stupid things on your website like, you don't want to say we have best in class security, just better to say you have good security, um, uh, so because that'll lead to lawsuits and that's half the cost.
Um, but one of the biggest costs we can see from modeling is that. the [00:24:00] investigation cost. And so what you can do for after the data breach, you can do this work before the data breach is do all sorts of things to speed the investigation. So that might mean turning on, um, Access logs, just all the things that you could imagine, you know, you're going to hire a company to come in and do the investigation, know ahead of time what they would do and do those things beforehand and you could speed the investigation and lower the cost of a data breach.
Sean Martin: some money.
Christine Dewhurst: I'm so happy to hear you talk about controls, Dr. Lee. You have no idea. After two and a half years, you're talking about controls of turning on logs. so much.
Dr Thomas Lee: you know, she's saying that because, you know, I, you know, we couldn't measure controls. So, you know, we found something completely different and then people say, but what about the controls? And, you know, um, the important thing is they're important, but they're sort of reflected indirectly when you measure [00:25:00] the people.
Um, and I, what I argue is, you know, if you do find a missing control, when you're looking at a third party. Most likely, the root cause is insufficient staffing. And the missing control, of course, is very important. It needs to be addressed, but you also need to address insufficient staffing. You know, they likely have an understaffed audit and security team.
Sean Martin: Uh, so many, so many interconnected things here to paint this web. Um, we're going to leave it here and hopefully folks are, are intrigued to, uh, come see you on, what is it? Wednesday, October 23rd, 2. 15, room 801B for a new people centric approach to determining an organization's exposure to a third party data breach.
There's that mouthful again. It's part of Sector Black Hat event in, uh, Toronto. 22nd through the 24th, the briefings on, I'm sorry, summits on the first day, briefings the [00:26:00] second and third day and, uh, Christine Dewars, Dr. Thomas Lee, thank you for joining us today.
Dr Thomas Lee: Thank you.
Christine Dewhurst: Thank you. Pleasure was all ours.
Sean Martin: And thanks everybody for listening and watching. Stay tuned for more coverage from Sector and other events that we're covering throughout the rest of the year and plenty in the next year as well. And, uh, please do subscribe, share with your friends and enemies and do the math, trust the science. You're muted, Marco.
Just like you're going to be when I'm in.
Marco Ciappelli: I was going to say it's all about the people. So the more people that subscribe, the more we're going to be having this conversation, the better it is.
Sean Martin: Nice one.
Marco Ciappelli: Sorry, I was muted. I should have done this before.
Sean Martin: You should I think you've done a few of these. But anyway, thanks. Uh, Thank you marco for being here. I'm missing it in uh in toronto, but uh, We'll see you soon and see everybody else soon as well. Thanks all
Christine Dewhurst: Thank you. Have a great day.