Hear how Abbas Kudrati shares actionable insights on tackling ransomware, navigating AI challenges, and embracing Zero Trust strategies to strengthen cybersecurity foundations in the Asia-Pacific region. This engaging conversation also highlights the evolving role of AI in streamlining operations and staying ahead of attackers, offering practical guidance for today’s security leaders.
Guest: Abbas Kudrati, Asia’s SMC Regional Chief Security, Risk, Compliance Advisor, Microsoft [@Microsoft]
On LinkedIn | https://www.linkedin.com/in/akudrati/
On Twitter | https://twitter.com/askudrati
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
During the On Location series at AISA Cyber Con 2024 in Melbourne, a significant conversation unfolded between Sean Martin, Marco Ciappelli, and Abbas Kudrati about key cybersecurity themes and strategies relevant to the Asia-Pacific region.
Abbas Kudrati, a seasoned cybersecurity professional and cloud advocate, shared insights into the state of cybersecurity in the region. He highlighted that ransomware remains one of the top threats, particularly in Asia and Australia. This persistent issue underscores the importance of robust data governance and access control. Abbas emphasized that organizations must establish strong security foundations, including data classification and access management, to prepare for the complexities introduced by AI. Without these measures, companies risk exposing sensitive information when leveraging generative AI solutions.
The discussion also touched on data sovereignty, a critical topic for governments and defense organizations in Australia. Abbas noted the growing number of localized data centers built by major cloud providers to meet sovereignty requirements. While private sector organizations tend to be less stringent about data location, government entities require data to remain onshore. Frameworks like IRAP and Essential Eight are instrumental in ensuring compliance and guiding organizations in implementing consistent security practices.
Zero Trust emerged as a transformative concept post-pandemic. According to Abbas, it simplified cybersecurity by enabling secure remote work and encouraging organizations to embrace cloud solutions. He contrasted this with the rise of generative AI, which has introduced both opportunities and challenges. AI's potential to streamline processes, such as analyzing security alerts and automating vulnerability management, is undeniable. However, its unbounded nature demands new strategies, including employee education on prompt engineering and responsible AI use.
Sean Martin and Marco Ciappelli explored how AI can revolutionize operations. Abbas pointed out that AI tools like security copilots are making cybersecurity more accessible, allowing analysts to query systems in natural language and accelerating incident response. He stressed the importance of using AI defensively to match the speed and sophistication of modern attackers, noting that attackers are increasingly leveraging AI for malicious activities.
The conversation concluded with a forward-looking perspective on AI’s role in shaping cybersecurity and the importance of maintaining agility and preparedness in the face of evolving threats. This dynamic exchange provided a comprehensive view of the challenges and advancements influencing cybersecurity in the Asia-Pacific region today.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Data Sovereignty and Security Challenges in the APAC Region: Simplifying Security with Zero Trust and AI-Driven Solutions | An Australian Cyber Conference 2024 in Melbourne Conversation with Abbas Kudrati | On Location Coverage
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Marco Ciappelli: [00:00:00] Did you push record?
Sean Martin: I think I pressed record as well. Well, then we're good.
Marco Ciappelli: Then we're ready rolling. We're ready to roll. We're rolling already.
Sean Martin: Here we are. It's day one, Marco.
Marco Ciappelli: Day one of Disney. Fantastic conference the location.
I was just talking right now with the bus. How I want to live here on the river
Sean Martin: I walked the day I arrived. I walked to the beach beach has a good vibe. You'd recognize it has a very Santa Monica Venice Beach kind of kind of vibe. Maybe not as nuts and crazy and chaotic Yeah, but but very cool Santa Monica without the crazy
Marco Ciappelli: That's hard.
That's hard to imagine. Okay, sorry, Santa Monica. But here we are, not in Santa Monica, in Melbourne, Australia. We are covering this fantastic event so far. And if we're here, it's because of this guy, Abbas. So good to [00:01:00] see you.
Abbas Kudrati: for this. Absolutely, my pleasure. I wanted to bring the world here. You know, this is the happening conference of Australia.
So Glad you guys made it all the way. Very cool spots.
Sean Martin: And, uh, it's always great to see you. And if people check the, the social posts, we got an extra special gift. Yes, the Tim Tams. The Tim Tams.
Abbas Kudrati: Aussie's Tim Tams. Feminine of the world.
Sean Martin: Yes, exactly. And I'm gonna, I'm gonna quickly tell my story because I teased it in an earlier post.
Oh, that's true. So, very quickly. I don't want to bore everybody. I was building, uh Security Management, basically a SIEM product for Symantec. I know, it wasn't the SIEM, we were building an antivirus we bought from Intel. And there were some challenges with the delivery. And it was the team in Australia that said, this is not going to fly if we let this release like this.
And it was with their support and collaboration that we were able to change the mind of the executive team at [00:02:00] Symantec to say, we need to hold off, address these issues, and then release it. Best decision ever. Thanks to the team here in Australia. Their thanks to us back in Santa Monica. Was boxes and boxes and boxes of Tim Tams.
Ah, Tim Tams. That's the story of Tim Tams. So, for months I was eating, and the team was eating Tim Tams in the office. It was fantastic. So, I have a special place in my heart for the, uh, Tim Tams. Well, the Aussie team, and then the Tim Tams was a bonus. So, just same as you, special affiliation. Tim Tam was a bonus, so that's my short story, anyway.
Marco Ciappelli: That's a great story.
Sean Martin: It's good to be here, and, uh, yeah. A lot of smart people, a lot of good things taking place here in Australia. Um, thus far, for me, it's been a lot about, um, user awareness, the human elements. And, uh, yeah, [00:03:00] understanding how, not just that we have our own responsibility, but how do we actually connect.
With people to drive better outcomes in our security programs and privacy programs. And, um, I don't know, Marco, I
Marco Ciappelli: am just excited to be here. And I want to hear what a bus has to say because you've been involved with the association here, the ISA for a while. And so we just had a conversation with, uh, Jeanine Butch from Forrester on how she's been, she was member number 71 or 77.
She wasn't remembering exactly which one was, and I think you've been involved with them for a long time. So tell us how, how this event grew over the year and the association itself.
Abbas Kudrati: Absolutely. So I remember very well 11 years back when I moved here and I was looking to join some society or association and this one came to be the one of the best one.[00:04:00]
All the bunch of CISOs, as well as those who are ISC square, CISC people. And I think my membership number is around 1, 200, something like that. Not too far from, but around 1, 000 people, not many people in security. And this conference used to happen somewhere in Docklands, not too far from here, in a shade.
It was completely free. Not too many vendors as well. It was a one day event where people would come, and represent. Some talk and do a networking and a nice dinner at the end. It was a perfect place. And then they grew it from 500 to 1000 people to, they expanded this conference to one and a half day.
They moved to Sydney and they used to rotate Melbourne, Sydney. And today we see seven different tracks running. They're getting speakers from all around the world, from Hollywood stars to Captain Sully. Yeah. We did it a few years back, and we have Carl Penn coming in this year as well. Yeah. So it has grown as a big institute, one of the biggest not for profit organizations where the [00:05:00] membership has grew to more than 10, 000 people.
And what you see today, this has attracted more than 10, 000 people. I think we are trying to replicate what we do in RSA conference in the U. S. This is our mini RSA, including the RSA bootcamp which we had yesterday. That's right. Yeah. So a lot of learning. You guys are
Marco Ciappelli: working with them. Yeah.
Abbas Kudrati: From lock picking to ethical hacking to carrier village run by a few of the people here and it has gone big covering GRC, governance risk, compliance, security, legal.
So it has gone not just for security purpose, but it is now covering all the phases of security and what you can think about. From physical to the legal part, governance risk and compliance.
Marco Ciappelli: I have to say, you can tell that it is already a bigger size. Yeah. But it's still, for me, from what I've seen today, I still have that feeling of you can talk with everybody easily.
It's not that big conference, there is still that community feeling. Everyone knows everyone. Exactly. That's the best part of Australia.
Abbas Kudrati: We are far [00:06:00] off, we are a big country, but not that many people. And security is a very small community. You'll bump into each other, you'll say hello. You know them, if you are here in the industry.
It's really nice. You like that human touch.
Sean Martin: People from Sydney and Canberra, Adelaide. Yeah. I don't know. All over. All over the
Abbas Kudrati: place. Yeah. New Zealand, Tasmania, people coming all the way from everywhere.
Marco Ciappelli: Very cool. So, Sean, you were curious, I remember, to ask him, what's going on in this side of the world? As a CISO, as a person who's been involved at the business level for a long time.
Sean Martin: Yeah. So, Obviously, I care deeply about security operations. What I often sometimes refer to as the business of security. How do we drive business value? Looking and leveraging security and security information. Um, so what are some of the things you're seeing and hearing from attendees? From companies you work with?
Yeah.
Abbas Kudrati: Absolutely. So every year we have some sort of a theme. And, uh, [00:07:00] Being been working for a big cloud company here and all I see a lot of changes happening around the region in terms of the various threat actor. So I want to share in terms of one of the various threats we see in Asia and Australia as compared to what we see in other part of the world.
You know, here the ransomware is still one of the biggest threat. What we see in this part of the world as well. We are seeing the concerns from the sea. So he's apart from the ransomware. What we see is concerned about the AI. Everyone's talking about a I got Jenny. I And the challenge they have right now is every employee wants to try the AI.
But companies are not fully prepared to embrace this. And the main reason is the data. AI loves data. Gen AI loves data. And if you haven't done your homework in terms of securing your data, in terms of governance, your classification, if you haven't done the right access control on your SharePoint in terms of who access what, AI is going to go and detect everything and answer you everything if you ask them what's my CEO scenario, where is [00:08:00] the confidential data is gonna come up, which is the top most concern today for the CSO in this part of the world?
They need to do the basic hygiene of security first. That's what I see here. Uh, people are talking about, I mean, every vendor is saying AI is, is the biggest thing. Right?
Sean Martin: So is the, the DPA a is a recent, uh, recent act, right? The Data Protection Act? Is that correct?
Abbas Kudrati: Data protection? Uh, data privacy Act data is been there for a while.
Yeah. Uh, and now, very soon we will be seeing more legislation coming up on AI as well.
Sean Martin: Usage of ai. And being deeply involved in the cloud as well. For years I've heard rumblings of sovereignty. And we just spoke with an organization on the show floor from the UK talking about connections with Australia and the UK and relationships of a sovereign nature.
Maybe technology not physically on Australian soil but in connection with. Friendly or friendly country. [00:09:00] Your view on sovereignty and kind of where that sits relation to Australia specifically and maybe other things.
Abbas Kudrati: Absolutely. When it comes to data sovereignty, government and defense are very particular and there's a reason all the big cloud vendor have multiple data centers here.
We see data centers specifically designed for these kinds of customers who wants to make sure that data is on the soil. So. Similar to GDPR, of course, we also have the customers who are very much working in a multi national kind of environment. And when it comes to keeping the data or the cloud services, there are specialized organizations or data center providers who, uh, design their control so that data can be here.
Similar to Microsoft as well. I mean, they have multiple data centers, one dedicated for federal and defense as well. So it is a thing. But from the private sector point of view, they are not too much particular, because they get the service mostly available here in the region. Apart from some service which are being delivered from larger data center from the [00:10:00] country like US and all.
Sean Martin: What I'm thinking is, just in your AI example, like a Chad GPT. I don't know, is that, is that considered sovereign?
Abbas Kudrati: No, it's not. Yeah, it's not. Right now, it's more of an open thing, uh, not much visibility, and that's why there are, you will see some of the vendors on the floor who are providing that kind of a solution which which can do the governance part on the, uh, publicly available A.
I. Like Gemini or name it or judge. You pity name it or made the many hundreds of them. We are seeing every day. That's one of the concerns with Cesar has today. No,
Marco Ciappelli: I don't. One of the thing I always wonder, and I bring this up a lot. It's like legal and government, of course, getting involved. Some less, some more, depending where you are, which side of the Pacific or which side of the world, but then there are company like Microsoft, Amazon, and all of that, that they're like international, international [00:11:00] company.
And then there is the smaller business to use your clouds, your clouds. Kind of my brain explode at that point, because how do you silo? Regulation for one country, but at the same times then the data comes from all over the world. I mean it
Abbas Kudrati: yeah Is
Marco Ciappelli: there a secret formula?
Abbas Kudrati: So customer have a choice when if you I'm sure you know how cloud operates or whenever they fire up a cloud service The option has been given to them.
Where do you want this service to be hosted? You can pick and choose. Of course, if you host it in the US, it's much cheaper for them If you host it in Australia, if you select Australia as an option, Australia East, Australia West, whatever, there's a plus minus variation because of the dollar value and all, but you have an option.
So the option has been given directly to the end user itself. UP can choose. If you don't have that service running within the country, we qualify the same that this service is available or been sold to you from Singapore or from the larger [00:12:00] regions such as US, but not from Australia. But data, you can keep it here.
Services offer from there, but data you can keep it here because your tenant is where you define your tenant is.
Marco Ciappelli: So they have the freedom to do that independently from where you are located.
Abbas Kudrati: I think all big cloud providers provide you that option and gives the honest back end user. And you pick and choose where you want to keep the data.
Sean Martin: In the U. S., many states. Some states have privacy laws. There's no national privacy law in the U. S. California, for example, yes. What's the state of affairs in Australia? Does each Nah. Does each state operate differently, or is it a national From
Abbas Kudrati: the, no, from the Australian Signal Directorate point of view, and from the national point of view, we have frameworks like IRAP.
We have frameworks like Essential Eight, which most of the organizations, small, medium, and large, especially in the federal and local government, they all follow [00:13:00] that. There are few specific, uh, requirement for industry as well and for, uh, local government. For example, Victoria has something called VPDSS.
Victoria Public, uh, some full form, uh, directory services or policy services. So, some states have their specific requirement for that particular state. New South will have a specific requirement for their government institutes. Victoria has something like that and other states may have it. But they all at the end of the day follow the glo uh, national one.
Which is IREP, which is the single, uh, certification for anyone who wants to operate in that area. They get audited as well, they get certified as well, so you can certify your data center or service against IREP. Which is a detailed set of requirement, uh, derived from frameworks such as NIST 853 or NIST CSF.
It is derived from there, but we have localized that version in the country as well.
Sean Martin: And so, what does that mean? I'm thinking in terms of policy and controls and audits. Is the national like [00:14:00] the strictest level and then there's just who you report it to at the state level? Absolutely. So I used to
Abbas Kudrati: work for Victoria government before joining KPMG or Microsoft.
And we used to get audited by a body called VEGO, Victoria Auditor General Office, which is specifically to Victoria, which is Melbourne as a city and Victoria as a state. So they would come and audit us and make sure our controls are in alignment with their requirements. Similarly, New South Wales also have something similar, which local, uh, council have to abide with.
Got it. Uh, so, there are local level, but the country level, uh, we have essential aid and, uh, uh, things like, uh, for FSI industry, we have something called APRA. Okay. Uh, Australia Provincial Financial Security, or APRA, CPS 234, and there are quite a few couple of other standards from APRA, FSI point of view.
Okay. Healthcare also have, for example, Victoria or Australia, have a specific requirement for healthcare, especially if they're using the cloud services. So, there are many such [00:15:00] small versions of it. But at a bigger level, it's all essential aid. Okay. And, uh, Australia's single directed or IREP requirement, which they can follow.
Alright.
Sean Martin: So, it's all soup. Mm. you have different flavors of soup. Yeah, definitely. Ha, ha, ha. Ha, ha, ha. Ha, ha, ha. Ha, ha, ha. Absolutely.
Marco Ciappelli: Listen, I want to do a little flashback. Oh, yes.
Sean Martin: You know, we're missing a party in 2000.
Marco Ciappelli: Yeah. 2019. We were, we had another escalator on this side and we, we were in Singapore. Not here, but we kinda want to recreate Yes.
Recreate that feeling. 'cause that's when we met you. Thanks to Diana. Kelly. Kelly. Hi Diana. Hi Diana. Miss I miss you here. Miss. Shout out to you. You're amazing. And uh, and. So I want to go back to, I think we had kind of a similar conversation asking you what you see in the region. That was, you know, five years ago.
A lot happened. A
lot
happened. Um, did you predict something that didn't happen back then? [00:16:00] Or something unexpected that you see maybe throughout the pandemic that kind of changed the course of what cyber security has been going?
Abbas Kudrati: I do think it surprised me since our last talk. First one is on a zero trust after pandemic zero trust concept, which was again, Gene and myself have spoken to you from Forrester.
That's a gift from Forrester that zero trust, uh, Dr. Chase Cunningham, as we call it the Dr. Zero Trust, uh, gave it, gave it to the industry. So Zero Trust has taken a bit of a market in terms of everyone talks about how we can, you apply those principles of zero trust. That was one, uh, which I never thought people would think about working from home.
And it could become a norm as such. Although when I joined 2018 in Microsoft, I was a home employee from the day one. But the whole world changed after pandemic and after we met in 2019. And after that, RSA never had any RSA APJ version. So that's why we couldn't see you after that. That's why we're here.
That's why I had to call you here. Hey, you
Marco Ciappelli: guys.
Abbas Kudrati: That was the first aha [00:17:00] moment. And the second one, I never predicted or seen that AI would go such a mainstream. Yeah. Everyone is talking about every kids are talking about my kids now using AI as a day to day work for universities and writing theses and projects report and everything, including myself.
I mean, look at where we are, how AI has become a such as general commodity item and everyone is talking about. But these two things I never predicted which could come so early. People are talking about the metaverse and digital twin and quantum. We left everything behind and focus has moved completely on J and A, I think of it now, quantum coming up and catching up slowly.
Let's see what, how and it's going to make the next year look like, right? And do you
Marco Ciappelli: think these two events complicated cyber security or just changed it?
Abbas Kudrati: Not too, but I would say, uh, zero trust simplified it. It made everyone think that, hey, I think There is a way to work remotely and to [00:18:00] secure organizations also in a remote fashion.
You don't have to worry about everything, keeping on prem and leverage cloud and leverage this concept of zero trust. That's simplified things. What is complicated is now AI. So, and I'm sure it over the time it will simplify as well. Now, more and more companies are investing in this technology. They can make, they are making it more usable on the, but people have to catch up.
I just gave the example. Yeah, the
Marco Ciappelli: bikinis is always Bikinis is always tough, you know. Let's
Abbas Kudrati: freak out. Data security, access control, identity is the future as well. So once these two or three things are managed, access control, identity and data, then it will be easy for everyone to leverage AI on a day to day life, you know.
Sean Martin: Yeah, yeah. And looking at those two, right? So zero trust to me is well defined ish. Yeah. In terms of, you know what to do. You set the boundary and you operate within that boundary. You operate within the boundary, yeah. Set of principles. Whereas AI is completely the opposite, right? Where before, I often talk about this on some of the episodes that I've recorded, where [00:19:00] when I was in QA, you could write use cases and test cases and again set boundaries of what was acceptable and what wasn't.
With AI, it's a free for all. It's endless, boundless, and it's going to be hard to put a box around it and say this This is what is acceptable. This is what not acceptable. Well, not
Marco Ciappelli: only is it hard, but you limit
Sean Martin: the AI. Yeah. If you then box it in, then you're limiting it. Yeah.
Abbas Kudrati: You can't block it. You have to educate people on how to write the right prompt.
You know, when CISO's asking me, what can I do? Can I block the chat GPT and co pilot? I said, that's not an option. People will go home and try it. Better give them a user awareness. Better teach your people how to ask the correct prompt. Prompt engineering is something we need to teach, which is what Microsoft did to their employee.
Here is how to write the prompt. We have created the library of the prompts. Use this prompt to ask these questions and get your life easier. Awareness and education is the way to go, rather than blocking things in your [00:20:00] computer.
Sean Martin: From a maybe as we wrap here from an operational perspective, I love this.
No, no,
Marco Ciappelli: it's your thing.
Sean Martin: Do you see AI helping with certain things? I'm thinking refining policies, keeping policies up to date, defining where controls need to be applied, helping with user awareness, um, setting configurations for cloud services. I Those are just things that come to mind. I don't know if any of them are working well or not, but what are you seeing and hearing in that
Abbas Kudrati: regard?
Let's pick one example of a security operation, right? Where your analysts are spending five, six dashboard looking at it. Thousands of alert, we call it alert fatigue. So AI is definitely helping them in triaging the incidents by asking them a simple English question. Rather than they're learning the Python and the scripting and KQL, they can simply ask the question on Copilot for security as an example.
What are the top threats in my [00:21:00] company? Even CIO can just simple prompt and they would get it. Okay, these are the five things you are targeting or these are the five top tickets open. So it's making it easier for everyone to enter the job market. Even a simple, uh, fresh graduate analyst can work in a security operation and be effective from the day one.
Because everyone knows English, in a way. Right. Uh, soon we will have other languages also on AI, but right now, English is the thing people can ask in a simple manner. So the way attackers are leveraging today, like we have seen, uh, Storm 558 and Midnight Bizarre and many other nation state actor leveraging AI for translation service, analyzing the code, you know, identifying the vulnerability.
Same things now, Defender are also using the security operation, how to analyze this vulnerability I have and quickly apply it using AI. Hey, just go and apply this patch on all my vulnerable server. One simple English line and it has done the job. So it is the speed and the agility which AI is giving to the Defender.
It's something enormous. I have [00:22:00] one statistics actually. It takes what, how much, uh, less than 72 minutes for an attacker to come inside your network and get out. Less than 60 minutes, as a matter of fact. Time is reducing. So we need Defender to also apply this and controls. All this attack within 60 minutes.
If it is more than that, you are, you are losing. So we need to be par or be better than the attacker in the space. And the only way to do it is leveraging AI. Yeah.
Marco Ciappelli: And the bottom line, you can't stop it. It's like saying you're not going to get fished if you don't use email. Yeah. Well, that's not going to happen.
It's not going to happen. And you're not going to use AI.
Sean Martin: I'm cutting you off email. Yeah.
Marco Ciappelli: I think you should. Absolutely. I am glad that we're here. I'm glad that we got to chat with you. We'll hang out a little bit more, of course, in the next few days. Yes. And, uh, I don't know. Maybe your next year again. Why not?
Why not? Why not? Maybe we'll be back in RSA [00:23:00] or in Canberra. Oh yeah, of course. Canberra. You're thinking of coming? Canberra. We'll see. Very government focused, but why not? Yeah. We will see, but I know we'll see you around. I'll be around. If not
Abbas Kudrati: here, then some part of the world. Absolutely.
Marco Ciappelli: The world is small.
It is. It is. It's amazing. Abbas, thank you so much. Oh, my
Abbas Kudrati: pleasure. It was so good to see you both.
Marco Ciappelli: Good to see you. After many years of creating the memory again. I know. I know. We always stayed in touch, which is the important thing. Yes, yes, yes. Thanks to technology. Thanks to technology.
Sean Martin: And thanks to Akash and Megan for making it happen.
Yeah, absolutely. Yeah. We're glad to be here. Grateful for the conversations and enjoy the team time. Oh yeah. We're going to be eating all those. They're not going to make it home. I don't think you can get it on airport.
Marco Ciappelli: Stay tuned. We'll still have conversation in our room. Well, conversation here on the stairs, a couple more coming up today, actually.
And then we're going to wrap and enjoy the day two and [00:24:00] day three. So the sun is out. Thank you everybody. Thank you. Yeah, we can show it. We can. You keep it a view. Shawn, you're the cameraman. Look at the river and the sun. There you go. Look at that. We need to go for a walk.
Sean Martin: Perfect.
Marco Ciappelli: All right.
Sean Martin: Just like that.
Just like that. Your old office about. Yes. KPMG. All right. See you everybody.
Marco Ciappelli: Not a bad place.
All right.