Guest: Ravi Nayyar, PhD Scholar, The University Of Sydney
On LinkedIn | https://www.linkedin.com/in/stillromancingwithlife/
At AISA AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ravi-nayyar-uyhe3
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
The discussion begins with a unique and lighthearted analogy: comparing cybersecurity professionals to superheroes. Marco draws parallels to characters like “The Avengers” and “Deadpool,” describing them as defenders of our digital world. Ravi builds on this playful yet thought-provoking metaphor, likening the fight against cybercriminals to epic battles against villains, highlighting the high stakes of cybersecurity in critical systems.
The Cyber Zoo: Ravi Nayyar’s Research Focus
Ravi introduces his research, focusing on the regulation of cyber resilience within critical infrastructure, particularly the software supply chain. Using the metaphor of a “zoo,” he paints a vivid picture of the cybersecurity ecosystem, where diverse stakeholders—government bodies, infrastructure operators, and software vendors—must coexist and collaborate. His work delves into how companies can be held accountable for their cyber practices, aiming to secure national and global systems.
The Role of Humans in Cybersecurity
At the heart of cybersecurity, Ravi emphasizes, is the human element. His research highlights the need for incentivizing all players—critical infrastructure operators, software developers, and even end users—to embed secure practices into their operations. It's not just about rules and frameworks but about fostering a culture of responsibility and collaboration in an interconnected world.
The Case for Stronger Cyber Laws
Ravi critiques the historically relaxed approach to regulating software security, particularly for critical systems, and advocates for stronger, standardized laws. He compares cybersecurity frameworks to those used for medical devices, which are rigorously regulated for public safety. By adopting similar models, critical software could be held to higher standards, reducing risks to national security.
Global Cooperation and the Fight Against Regulatory Arbitrage
The discussion shifts to the need for international collaboration in cybersecurity. Ravi underscores the risk of regulatory arbitrage, where companies exploit weaker laws in certain regions to save costs. He proposes global coalitions and standardization bodies as potential solutions to ensure consistent and robust security practices worldwide.
Incentivizing Secure Practices
Delving into the practical side of regulation, Ravi discusses ways to incentivize companies to adopt secure practices. From procurement policies favoring vendors with strong cybersecurity commitments to the potential for class action lawsuits, the conversation explores the multifaceted strategies needed to hold organizations accountable and foster a safer digital ecosystem.
Closing Thoughts: Collaboration for a Safer Digital World
Sean, Marco, and Ravi wrap up the episode by emphasizing the critical need for cross-sector collaboration—between academia, industry, media, and government—to tackle the evolving challenges of cybersecurity. By raising public awareness and encouraging proactive measures, they highlight the importance of a unified effort to secure our digital infrastructure.
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
The theory of saving the world: Intervention requests and critical infrastructure: https://melbourne2024.cyberconference.com.au/sessions/session-eI6eYNrifl
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
The Theory of Saving the World: Intervention Requests and Critical Infrastructure | An Australian Cyber Conference 2024 in Melbourne Conversation with Ravi Nayyar | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: Yeah.
[00:00:01] Marco Ciappelli: Go. Marco. Sean. It's movie time. Yeah. The Avengers. The Avengers. Or the new one, which is the Thunderbolts. We'll see what happens.
[00:00:11] Sean Martin: Or is it Deadpool Wolverine? Or that too. I don't know, you love that kind of Superhero.
The best style. The goal
[00:00:17] Marco Ciappelli: here is to save the world from the cyber criminals. Is that, is that the, any, any, is that the bad guy We're talking about
[00:00:25] Ravi Nayyar: any cyber batty, any cyber batty, or even, or even ourselves given how, you know, complex how, how we've built a house of cards for ourselves with cyber .
[00:00:35] Sean Martin: There you go.
There you go. Yeah. It's one slam of the door in the whole new Yeah,
[00:00:37] Marco Ciappelli: I'm already excited. So I don't know if I will participate much in the conversation, but I will listen. Absolutely.
[00:00:44] Ravi Nayyar: So, well, you, you were telling me, um, this before you jump in. That you come from a sociological background, I come from a legal background, and law is essentially a branch of sociology.
It's all about looking at how living things interact with one another.
[00:00:59] Marco Ciappelli: That's right. And you know, that's why we created ITSP Magazine. Not much about the living thing in general, but society. You know, like, we're not into Yeah, humanity. Yes. And how cyber security works. Cybersecurity has become a big part of who we are and the digital life, it's real life to me at this point.
There is not, you know, there's no clear delimitation anymore in cybersecurity. We need it. Otherwise it's, it's the far West. So there you go. End of the podcast right here. This is going to be great.
[00:01:36] Sean Martin: Well, Robbie, we, we connected on LinkedIn. I think I saw a post. I said, I'd love to meet you. Yes. Saw your session.
Let's have a chat. So here we are. Thank you. Maybe a few words about, uh, what you're up to at the University of Sydney. Yeah. Some of the things you're working on there so folks know.
[00:01:51] Ravi Nayyar: Yeah, so, um. What's going on? Well, look, uh, thank you, Sean. Thank you, Marco, for this wonderful opportunity. Hi, everyone. My name's Ravi Nair.
I'm a PhD scholar at the University of Sydney. Uh, my research is looking at the regulation of, uh, critical infrastructure cyber resilience with a focus on the software supply chain. So I look at both the regulation of the, um, actual operators in terms of, you know, how they deploy, um, what is called critical software, which is security, roughly speaking, security critical software.
But I also look at how do we regulate the vendors for this critical software. So it's sort of like a, an end to end sort of solution. So that's me in a nutshell in terms of what I'm up to. How's this movie end?
[00:02:34] Marco Ciappelli: We don't know. Well you tell me, you've been in the space longer than me. No, we don't know. I've been here a few days.
We don't know, there'll be like at least 10 movies. We're
[00:02:41] Ravi Nayyar: still doing it. Well, we have to milk this after all. Exactly, exactly.
[00:02:45] Sean Martin: Yes. Alright, so, I guess, all the players that you consider, so you said you're focused on the software piece. Yes. Um, how does that, I mean, I can kind of paint a picture, but there's like cloud and there's, There's software in the organization, then there's third party services.
Yes, yes. So how, what, what's the scope of this stuff that you look at?
[00:03:09] Ravi Nayyar: Who's who in the zoo and all that. Who's who in the
[00:03:10] Sean Martin: zoo.
[00:03:11] Ravi Nayyar: Well,
[00:03:12] Sean Martin: that's it. Who's who. Who's feeding the animals.
[00:03:14] Ravi Nayyar: Yeah, that's right. You know, hunter versus hunter, if we want to extend that metaphor. Um, well see, that's the beauty, Sean. I mean, like, cyber itself is so multi stakeholder by design.
And yes, in my case, the big two, well, let's break it down. We've got obviously government. Yeah. That includes the regulators, like the, the CIS in Australia or your sectoral regulators, like your Asics, your Aras, um, as well as your, um, Australian energy market regulator, what have you. But you also have the non regulators, like the sig, the Australian Signals Directorate, the Australian Cybersecurity Center, which is part of that.
Uh, and of course other parts of government that liaise with other stakeholders to help figure out, okay, how should we make policy? How should we make law? So that, you know, they're in line with technical realities. Um, so, and of course, that's just the government. I mean, you've got the parliament as well that you've got to look at, because they enact most of the, they enact THE legislation, while agencies do, um, that rule making underneath that.
So that's just government. Now we talk about industry, right? We've got critical infrastructure operators, whom I'm particularly interested in, obviously, because that's called my topic. We've got your critical software vendors, um, and then those are like the big two for me, but then of course around them you've got service, uh, cloud service providers you were saying, you've got security companies, uh, some of whom are critical software vendors because of what the, the nature of what they sell.
You've got pen testing firms, you've got third party certification bodies that are businesses, um, and those are just examples of people in industry. Then you've got Civil society. You've got standards bodies that bring stakeholders together. You've got independent researchers. And, of course, you've got think tanks and universities to ruminate on, you know, how do we, how do we solve a little problem called cyber.
So, um, in a way, uh, let me just think. Um, I think, yeah, I think I've covered roughly the zoo and its occupants.
[00:05:23] Marco Ciappelli: And then there's the people that go to the zoo, which is the users. I forgot them, yes, that's right, yes. And then if there's not the, and the bar is not strong enough, they're going to be eaten by these players.
So how do we, how do we protect them all, right?
[00:05:40] Ravi Nayyar: Well, I guess for me the users are the critical infrastructure operators. For my thesis, we're just looking at how they deploy critical infrastructure. Um, and I mean, can you think of a more important user of any piece of software than a critical infrastructure operator?
Right. The consequences.
[00:05:58] Marco Ciappelli: Exactly.
[00:05:58] Ravi Nayyar: Yeah, yeah. So, you know, yes, I mean, you and I can, if we're just an ordinary business and our, our Ivanti gets popped. I mean, that's bad, obviously, like for us, from a business risk standpoint, a cyber risk and business risk standpoint. But if a critical infrastructure operator's Ivanti box gets pwned, and that enables a threat actor to establish, you know, persistent access, um, uh, hypothetically, well, that's not ideal because of what they could potentially do if they could eventually get to the OT, though, you know, the operational technology having leapt from the IT via that Ivanti box, you know.
I'm making very broad generalizations, but yeah.
[00:06:41] Marco Ciappelli: I mean, Sean, you could, you talk about this a ton with NIST and
[00:06:49] Sean Martin: supply chain, third party risk and certainly no lack of standards and, and laws helping us find the way, if you will. Um, but ultimately it all comes down to operationalizing this stuff, right? So I guess the question I have for you is how, how do you, um, How do you see a program coming together where the zookeepers know that the animals are healthy?
[00:07:24] Ravi Nayyar: Well, I guess that's what the POC is trying to figure out, or indeed any regulatory exploration is trying to figure out. Because, yes, you have I'll put it a different way. Yeah, yeah.
[00:07:34] Sean Martin: You bring in a panda to the zoo, is that alright? Well, it's like deploying anything
[00:07:39] Ravi Nayyar: willy nilly on the network.
[00:07:41] Sean Martin: Or, uh, coming in from South Africa, that might, or, I mean, let's just talk about Australia.
Yes. The, the language and the messaging and, and the people and the dogs that you, that you encounter. Yes. When you enter the country. Yeah, yeah, yeah. Which is pretty significant in terms of, don't be bringing any bananas in. That's how I know I've come home from overseas. The quarantine vehicles. So I guess, using that as an analogy.
Yes. Yes. Yes. Is there. Are there things in the physical world like that, that we can leverage, take advantage of, to accomplish what we're trying to achieve in the software space in critical infrastructure?
[00:08:22] Ravi Nayyar: Well, I mean, there's one big part of the physical world that is core to operationalizing anything, let alone with software and infrastructure cyber resilience.
I mean, us, the people. We, the people, to use that phrase. Because, and I say this because, like, yes, my thesis looks at, you know, technical, like the regulation of fairly technical concepts, but a core underpinning of my thesis is regulatory theory and corporate governance, because after all, most of our critical infrastructure is operated by businesses that are for profit businesses.
Yes, of course, there are public, um, there are, you know, non profit corporations, there are state owned bodies that are Holy within government, but most of our essential services are provided by for profit businesses. Pretty much all of the software that is deployed by those businesses is made by other businesses, right?
So I guess you know to take a stab at your point about the physical world is We have to deliver it. We have to ensure that frameworks Influencing the conduct of the people at both the end users in my case the critical infrastructure operators and indeed The people at the vendors, the developers, the product security people, the overarching boards and senior executives.
We have to ensure that those people are incentivized. Legally or otherwise, not everything has to be done through hard regulation. But they have to be ensured that they are driven to do things like, Hey, we will have robust software development life cycles. Because if we don't produce software that is secure by design, it hurts our bottom line as a business.
Or we will be sued by our shareholders, as has happened in the US. Um, and indeed, if you apply that to critical infrastructure, I mean, this is what the SOCIE Act tries to do, where it basically says, Okay, corporate governance is the board and senior executives managing risks to the business. Okay, we're going to require you to manage risks to the business.
That is closely intertwined with other laws that regulate how those people make decisions. So I guess, you know, what you said, um, about the physical, yes, there's the, especially if you look at OT, uh, right? There's a lot of, you know, physical stuff like switchgear, hardware, appliances and all that. But, you gotta go, bring it always back to people.
Because people make the stuff, they break the stuff, they research the stuff, and they deploy the stuff. So, you need to ensure that they're incentivized the right way. So,
[00:10:52] Marco Ciappelli: didn't we just have, not too long ago, a conversation before the Toronto event? conference about the bill of software where you go and look back as if it was the provenance of the software where it comes, yeah, the S bombs.
Yes. And now, so there are certain entities that are proposing that, there are certain countries that are proposing that. Your regulatory theory, is that a global theory or, or you think that each country can actually. develop its own. Oh,
[00:11:27] Ravi Nayyar: yes,
[00:11:27] Marco Ciappelli: yes. Make your own adventure. We were talking about movies. So, yes, is there like an Avengers for each country and then eventually they do initiative, they take initiative that are different.
Yes. Maybe they reach the same goal. Maybe some win, some lose. There's like a global task force that you are envisioning here.
[00:11:47] Ravi Nayyar: I mean, look, if you look at the idea of a global task force, well, we already have that sort of thing with the. The standardization bodies like your ISOs, your ISA, IECs, who do, you know, the standard 62443 series for OT security.
Um, and of course, within that, you've got people like NIST participating. So, and of course, there are formats, established formats for, you were talking about S forms. There are accepted formats for S forms out there. Like, um, uh, I think it's SPDX Those are two examples. So the point is that. We are making efforts in that direction.
Ideally, we want a coordinated, uh, approach. Because we want to minimize regulatory arbitrage where one software vendor says, Hold, you know, uh, Australia is, to take a hypothetical example, Australia has weaker standards for software security. Like, oh, Australia, you know, uses, doesn't require SBOMs. But the EU does under the Cyber Resilience Act that just, uh, became law.
Um, over there. Okay, I can dump my, uh, Right, let me go sell it where it is. Like, it's, and, and, and, and, and go back to your example about the physical. An example of that arbitrage is how, uh, the world's major car makers dumped their more polluting, uh, combustion engine vehicles on us because we didn't mandate the same emissions safety standards as, say, the EU did.
Okay. There's a reason clothing
[00:13:23] Sean Martin: is made in certain parts of the world. Well, exactly.
[00:13:25] Ravi Nayyar: It's, again, regulatory arbitrage. So, yes, I agree. There has to be that coordinated approach because we are all affected by the same phenomena.
[00:13:33] Marco Ciappelli: Right. So, with your thesis, you're proving what?
[00:13:39] Ravi Nayyar: I'm still trying to figure that out, by the way.
I'm still
[00:13:42] Marco Ciappelli: figuring out my thesis that I already discussed many, many years ago. Oh, yes? Well, yeah. Very good. But it wasn't anything new. No, my
[00:13:50] Ravi Nayyar: point is, you know, I mean, what is, what am I arguing? Yeah. What are
[00:13:54] Marco Ciappelli: you arguing?
[00:13:56] Ravi Nayyar: Well, the, the overarching thrust is that when we look at, um, if we, okay, we break it down to say critical infrastructure and critical software.
So if we look at critical infrastructure, well, we have great laws already in place. Uh, countries have, around the world, have started implementing such laws. We have obviously advanced economies like us got a sort of got a head start because of you know, our Our regulatory culture and our ability to design these laws in partnership with friends But if we look at say critical software or software security generally We have thoughts Indeed and it sucks because I think Jen Easterly, you know, I really feel for her like she's been jaw burning For the love of God For several months that we have, governments around the world have followed a historically neo liberal approach that will let the market decide.
We won't take an interest even in regulating the security of software, of enterprise software generally. Yes of course there are exceptions like medical devices having their own particular standards or your, if you're selling something to say the electricity grid and I think the US those are specific standards you have to meet.
But if you look at the security of software generally, I'm arguing that, generally, it sucks, right? That we, there is a need for the state to be proactive in managing national security risks from insecure critical software because, you know, look at what's happened when the state has been highly passive all these decades.
You know, there's that quote about how computers are basically palimpsest, build atop ruin, you know, layer upon layer upon layer of technology dead. And complexity, and of course, insecurity. So, yeah, that's essentially what I'm arguing. That, hey, we've tried being laissez faire all these decades with respect to software development.
Uh, in my case, critical software development. We need to do what, you know, along the lines of the European approach, which is we need to actually enact a law to bring Let me ask you this. Yeah.
[00:16:04] Sean Martin: Let me ask you this. We've had this conversation many times. Yes. Even twice this week already. Oh, wow. Software liability.
Exactly. Yes. And so I'll go back to my entering, entering the country and I've seen shows in the states where they, they show the airport and they show the sniffing dogs and they show
[00:16:25] Ravi Nayyar: As in they show Australian sniffing dogs? Smugglers,
[00:16:27] Sean Martin: yeah, they catch a smuggler or something like that. But anyway, so I had a, I had a notion of what I might encounter Yes.
When I arrive. Yes. Um, I actually There was a line of people with the dog and it came up and sniffed the line of people. Not everybody got that special treatment. Of course, not me. You didn't get that,
[00:16:47] Marco Ciappelli: yeah. Nope.
[00:16:48] Sean Martin: So, my point is, my point is, I had a view of what might happen. Yeah. And if something bad was uncovered, it was going to be dealt with.
Yes. And whomever had the bad thing going, they were liable. So, my question to you is, there's no liability for software vendors. Specifically security software. Yes. We can talk about the broader software market as well. Yeah, yeah. Is it the government that's going to drive that? Hmm. To say, enough is enough?
If you want to do business with us, you have to have some liability, which then puts you on the hook to actually do a better job at securing the software that's running and building software that's secure. That can protect those things that are running software.
[00:17:40] Ravi Nayyar: Well, see, it's interesting. You mentioned, you know, you can't do business with us as in we, the government.
That's the thing. There are multiple ways to, to, uh, I'm going to use another animal metaphor, but there are multiple ways to build the cast, which is that you can go the carrots approach, which is we will dangle procurement dollars, uh, in front of you. Um, and the U S has followed this approach under the Biden administration that we will amend.
Um, Our procurement regulations that okay, you have to follow these certain practices with respect to the security of your software if you're going to sell to us. And you know, of course it's not perfect, I mean they have a self, they have a self attestation form which is far from perfect, but that is one route you can take.
The procurement route. And I think, um, and I've written about this as well, um, for the, for a German research institute when I was a guest fellow there. About what the quad countries are doing, which is Okay, we're going to use our collective purchasing power to, um, as a group of four, say, okay, we're going to drive vendors to do better that way by aligning our fulfillment standards to favor software security.
But then we go back to the other aspect of what you said, which was, you know, this is enough is enough. We need to take action. That is where you look at stuff like liability, regardless of who buys the product. That's where you look at. Yep. The U. S. has been, you know, certainly bearing fangs about, oh god, more animal metaphors.
The U. S. has been, uh, bearing fangs about, you know, they put out a, what was actually a pretty decently worded cyber security strategy last year. Where they said, you know, pillar three, it's about shifting responsibility onto software vendors for, um, insecure products that have silly bugs and what have you.
And, you know, the, the, the phrase duty of care was tossed about. Of course, unfortunately, nothing has come off it. Like, you know, so we look at, okay, well, the Europeans have gone ahead and enacted and amended their product liability directives to cover anything sold in the EU, including software. We have the Cyber Resilience Act, which covers all software sold in the EU, apart from stuff that is regulated under other frameworks, like, again, medical devices.
But in terms of, you know, what's going to work, I guess time will tell. Because if we look at the European stuff, that doesn't actually, um, the European nations have to transpose that into their national laws, and that will take a few years. I guess it's simply like a wait and watch approach. In terms of creating consequences, well, yes you can do procurement, but I mean, you know, you can also rely on shareholders to bring class action lawsuits against their companies that sell software.
Like, you know, I think SolarWinds was sued. A few software vendors have been sued. There are multiple ways to bring those consequences, obviously different ways have different levels of severity and rely on different stakeholders, but I guess the short answer is we'll have to wait and watch.
[00:20:41] Marco Ciappelli: So you you you part from the assumption that.
Right now. There is not enough control over the software used in to. The. The infrastructure for, um,
[00:21:00] Ravi Nayyar: Like frequent infrastructure.
[00:21:01] Marco Ciappelli: Yeah.
[00:21:01] Ravi Nayyar: Yeah.
[00:21:02] Marco Ciappelli: So, but you say some states, some country, they may do a better job than others. Europe's doing it, but nobody's perfect. And I don't mean perfection is the goal. You know, I mean, obviously something is going to come through no matter what if you want to keep using, right?
Correct. We live in a global world where it may easy to stop a border. Especially if you are an island, when you can download the software, how are you going to go through that? So there is, there is an entire thing, but I guess the point that you have is for critical infrastructure, which is, should be as important as medical devices or anything that you do in the medical environment, there should be a much stricter regulation.
[00:21:50] Ravi Nayyar: I love the fact that you said that, because that exposes The bizarre contradiction that we do stringently regulate, um, and I say we collectively, obviously countries have their own regimes, but if you look at, say, the FDA regulations for medical device cybersecurity.
[00:22:09] Marco Ciappelli: medical devices. Even if you
[00:22:11] Ravi Nayyar: look at, like, if we stick to software, I mean, those IOTs, medical IOT, the, the sheer, not necessarily the complexity, but the sheer stringency.
And if you are, if you're a medical device manufacturer and you want to just update something, you have to run it past the FDA, if I recall correctly. Um, because I'm not, I'm not an expert on medical IOT. Right. But you, there is very stringent oversight from the FDA in the US versus of course, you know, what oversight is, what direct oversight is there off an EDR vendor selling to a power station.
And we know what happened. Right. And that's exactly
[00:22:46] Marco Ciappelli: what I'm going with in my head. Yeah. Why not to bring to the same standard, something that is still affecting the health and the life of the citizen. I think it's, you do that for food, you do that for medicine, medical device, drugs, then do it for, The water that we drink?
Yes. Uh, yeah. The power plant that we may eventually breathe, uh, you know, atomic uranium, like uranium in the air? I mean, you need to be much more stringent in what could cause a health hazard. Anything deployed
[00:23:28] Sean Martin: in there. You got
[00:23:31] Marco Ciappelli: my vote.
[00:23:32] Sean Martin: We need, we need a crocodile.
That is a
[00:23:39] Ravi Nayyar: metaphor that has been tossed around, I think, for regulators.
[00:23:43] Sean Martin: I'm sure I'm not the first. Yeah, yeah. Well, Robbie, it sounds like you have a lot of fun ahead of you.
[00:23:49] Ravi Nayyar: Yeah, yeah. And
[00:23:51] Sean Martin: hopefully people are listening and you have some thoughts you want to share. I don't know, are you open to feedback?
Absolutely, yes. We'll include links to connect with Robbie. And if you want to share, I don't know, stuff you've written or reports. So you think our listeners would be interested in reading. Yeah, yeah. Um, we'll post a few links in the, in the show notes for you as well. I mean, if I can just,
[00:24:12] Ravi Nayyar: um, uh, let listeners know, I mean, I have a blog on technology law where I talk a lot about what I'm researching, um, called a techno legal update on medium.
Uh, and yeah, like feel free to, um, check that out folks and, yeah, we'll put the link. We'll put
[00:24:27] Sean Martin: the link to that. Absolutely. Yeah. Yeah. Yeah. Yeah. Yeah. Absolutely. for being here.
[00:24:30] Marco Ciappelli: Well, you know, I think there should be many people like you that, that brings this, this, uh, to the surface. I mean, we just recorded with the, the ambassador for cyber security.
Yeah. We literally just recorded an hour ago and, uh, and it is about putting together people for the interest of cybersecurity. For a global interest. That's what ambassadors do. Absolutely. But we also need those people that do it at the high level, and people like you that do it at the academic level.
And people like us, that try to take people like you, and kind of do our own service and share it. Bring awareness. If you have
[00:25:11] Sean Martin: ideas, as Sean said, get in touch and
[00:25:14] Marco Ciappelli: let us know. And I'll be happy to host you. Uh, even more conversational. So, thank you very much.
[00:25:22] Ravi Nayyar: Ravi,
[00:25:23] Marco Ciappelli: it was a pleasure. It was a pleasure meeting you and learning about what you're doing.
Thank you,
[00:25:28] Ravi Nayyar: and yeah, as I said, really, really humbled that um, you guys have interviewed me like this. I think this is the first time I've done any media in my PhD. So, a pleasure. Thank you so much, a privilege. I love it. And thanks
[00:25:39] Sean Martin: to ASA for hosting CyberCon. Absolutely. And bringing speakers like Ravi to bear and giving us an opportunity to chat.
So thanks everybody, stay tuned, we have a whole nother day. Another day. Coming to you. So, uh, stay tuned, subscribe, share with your friends and enemies, and, uh, we'll see you soon. Mostly enemies. Mostly enemies.
[00:26:00] Ravi Nayyar: Thank you.