Welcome to Cash in the Cyber Sheets. I'm your host, James Bowers, and together we'll work with business leaders and industry experts to dive into the misunderstood business of cybersecurity and compliance to learn how to start making money from being secure and compliant. Welcome to Cash in the Cyber Sheets.
Today we have Brian Barnhart with Infiltration Labs on with us again. It's been a little bit since you've been on with us. Been on the show. It's been a little bit since you've been on the show.
There, that fits better. So I think we got a few cool things to talk about today. One, definitely, we talked about it yesterday, last episode, but the CTA, Corporate Transparency Act, getting squashed or at least getting a pause with the injunction.
I want you to tell a little bit about what you do because there's been a lot of new subscribers, I think like four, since you've been gone. Okay, that's, wow. Yeah, we're growing.
That's, I'm excited to say that's actually exponential growth. It's, you're like, wow. Yeah, like I think in double digits, I think we're at 12, maybe lucky number 13.
And then talking about, you had brought up some changes possibly with the Florida bar around information security things that they're doing. And then had had a conversation with somebody else, but would really like to get your insight about the privacy, all the privacy laws that are changing, that kind of right to be forgotten. And honestly, it seems like a lot of smoke and mirrors that is just creating a lot of extra costs and loopholes for businesses, but they can't really actually support.
So I want to, you know, more about that and, you know, the forensics and getting into things. So real interested on your insight. I've got to say it every time before we get started, click that, like, click that subscribe, follow us, whether it's Apple podcasts, whether it's Spotify, if you're watching this on YouTube, you get, you can get us practically everywhere.
Subscribe, follow, let us know some things you want to talk about. And would also love to have you on the show too. So with that said, Brian, I want to kick it over to you and, you know, tell, tell us a little bit about what it is you do.
There's new people on. It's been a little bit since you've been here. You know, talk yourself up.
Yeah, no, thank you. Thanks for having me back. I thought maybe I'd been banned.
I've been, I've been, I've been calling and you keep, you keep. No, I think you've been leaving me at the altar. That's how that's been working.
But that's entirely, that's what you're going to keep telling yourself. Okay, gotcha. That's not you.
It's me. I'm the victim here. Yeah.
So in a nutshell, Brian Barnhart company is infiltration labs and our primary focus is digital forensics and incident response. The longer version of that is doing the digital forensic side, which is extracting. Evidence, right? Electronic data from mobile devices or computers in the cloud and helping attorneys identify and kind of analyze that data and understand what's going on there.
The bigger piece, the sexier side of all that is doing the incident response, which is coming in and helping companies that have been hit with some sort of a cyber incident and helping them understand the full scope, what happened and kind of getting them, you know, picking them up, dusting them off and getting them back on track. All right. So when it hits the fam, that's normally when you're coming in to figure out exactly what happened, what people got access to and really digging in deep into all of those logs that everybody should be keeping.
Yes, absolutely. Trying to, you know, so the analogy that I always use is it's a puzzle, right? We have a, we'll call it a crime, right? We have something that happened and you need to kind of come up with some answers as to what happened. So I'm putting that puzzle together.
There's always going to be missing pieces to that puzzle. So we're hoping that there is just enough there that we can paint a clear enough picture to give you an idea of exactly what happened. Right.
And one of the questions that I always get is, why would we want to do that? Right. What's the importance of, right? If we've been hit by an attack, why wouldn't we just start from scratch and go? It's kind of hard to protect something if you don't know exactly what happened. So kind of identifying all those pieces.
And, you know, I'm curious. So on the, kind of on my side, the more prepping, the planning, you get a lot of people not wanting to do it. Either the teenage mentality, it's never going to happen to me.
Or you sometimes on our side get the lightning never strikes twice mentality. We already got nailed once. We're done with that.
It's not going to happen again. Is it any different on your side that when somebody is in the middle of a breach? Is it, I don't know, I guess, is it like an easier sell or are you still having to fight against, I don't want to say ignorance, but people not wanting to spend the money or to really dive into figuring it out and getting things fixed? Yeah. So a little bit of both.
I would say most of the time during that panic stage, right? We're going through, right? When I first get that phone call, that's usually when companies are willing to spend money, right? That's when they recognize the fail in their processes and they are willing to spend money. Unfortunately, a lot of times once we've gotten everything figured out and they're back on track and they're back operational, a lot of times I get the, I get the communication where they go, okay, going forward, we want you involved or going forward. We want to do X, Y, and Z. And I think what happens is out of sight, out of mind, because I've gotten phone calls from those same, we'll call them victims, months later or a couple of years later, they're like, hey, I got hit again.
And I always ask, did you put, did you put some of those recommendations in place? No, I've been meaning to, but you know, it just got away from me. So it's kind of split down the middle, but I would say the vast majority of time, sadly, honestly, no. I think a lot of people, like you said, they don't think that lightning is going to strike twice where they think that they've, like they put in the bare minimum of effort.
So they think that that's, that's good enough. And it's probably a whole different discussion and not to, you know, go down the rabbit hole with it, but you think some of it just comes into, I mean, it sucks spending money on forensics. Like, I like you, but I don't, I don't want to spend any money with you.
I mean, one, it means that things have gone completely sideways. Two, it normally doesn't seem like it's a, like there's an ROI, like there's a benefit. Like I'm just, I'm just throwing this money away.
And I think that there's a lot of that perception too on the security and compliance side. Like I'm, this money's just going down a hole or to check a box and it's not helping me with sales. It's not helping me with anything else.
It's not sexy. That's not fun. Yeah.
Yeah. Right. So I think of it this way.
Just a few months ago, we had to replace our garage door and it was really expensive. It was way more expensive than I expected it to be. And that was not a fun spend, right? Because there's nothing cool about it, right? Like when people come over, I'm like, check out my new garage door.
Like, oh, it looks just like the last one. Like, I know it does, but it sounds just like the last week. It moves just like the last one.
I know it, it was not a fun spend. So I get it from digital forensics perspective, even if right. And we're technical guys.
So from our perspective, it may be a good spend and it may make sense, right? Because we're getting some, some valid technical answers of how do we prevent this going forward? But your average business owner, they don't see it that way, right? And usually what I say is there's two outcomes. Typically, there's two outcomes from a digital forensics. Either it's a, I shouldn't say a good outcome for me.
That's not the right way to say it. It's a more exciting outcome for me in the sense that I find the evil, right? Like I find a lot of things and I have a lot of findings that I can report on, but that's usually not good for the client, right? Ultimately, they don't want it to be full of findings. The flip side of that is there's times that I come in and there's really not much to find, right? In the sense that let's just use some sort of an intrusion.
It was pretty straightforward, right? We identify, hey, here's how they got in. We expect that this is how they got in. Here's what they did.
This is kind of what we expected, you know, have they been evicted? Yes. And that's more of a due diligence, right? I can imagine that if you already knew this is likely how it happened, it's not fun to spend money on that. But again, the way I look at it, it's like due diligence.
I'm trying to think of a good analogy, right? It'd be like knowing that you have a certain- It's like going to the doctor. I want to go to the doctor and find out that it's gas. I don't want to go in and find out that either A, it's something super serious, you know, your stomach's rotting out, or what also sucks is finding from the doctors, we don't see anything.
Have you considered that maybe this is all in your head, that you're making up the pain? Yeah. And that sucks too, because now it could be anything. Anything.
I don't have an answer. But I think when you come in and say, here's what they got, and really more importantly, here's what they didn't get. They got into this little spot right here.
None of your important stuff is impacted. None of your client stuff was. Now you don't need to report.
I think that's where the ROI comes in. And maybe it's a marketing and a conversation shift or change, especially on our side of how we approach things and talk about things, to help shift some of that perspective. That this isn't just a preventative in the sense that hopefully nothing happens, but this could be, say, a $250,000 impact to you because all of your client files get nailed.
Or it could be however much Brian charges, which is very reasonable. Whatever that is. I know.
Absolutely. Yeah. And below $250,000.
Yeah. Not $250,000. Not even close.
You know, perspective. Whatever it was you just said just made me think of perspective. So in the past couple of months, I've had two that I'm thinking of.
I've had two very similar cases. In one instance, we had very minimal findings because they just didn't have... They waited, right? They didn't have a response plan. They delayed on the response.
They didn't have the right telemetry or logging in place. So we just, we had very minimal findings. Both cases, almost identical.
In one case, the client... I won't use the word upset because I've never described a client as upset, but they were, I guess, just to call a spade a spade. They were disappointed, right? They're like, well, this... We thought you were going to find all of this great stuff. I'm like, I did find stuff.
I found a lot of things that you don't have in place that you really need to have in place. But the switch there, the flip is the other client, which was in the exact same predicament, they were extremely grateful. They were like, we wish that we had obviously had all of the answers, all the puzzle pieces, but you identified all of the missing puzzle pieces, right? You identified what we need to put in place.
So in their instance, I guess the glass was half full and they recognized that, okay, right? We didn't get the answers, but we didn't get the answers because of our doing, not your doing. And all of your recommendations were taken to heart. We're going to put those in place for that going forward, right? I guess kind of like going to the doctor, right? Or going to the dentist and they give you a bunch of bad news.
You don't blame the doctor. You go, oh, okay, well, maybe I should, you know, I got to stop eating sugar and maybe cut back on my fats and sweets and whatnot and exercise a little and get back in shape. That's the doctor's fault that you weren't doing these things prior.
I think that stuff is going to, that conversation is going to tie into the privacy and getting into the Corporate Transparency Act in a second here about what you need to do and how you can get in trouble with it. I think I'm kind of closing up this side and from what you see, are you seeing where clients, where you haven't been able to perhaps identify what didn't get impacted? It's still up in the air if maybe the client files did because they don't have enough logs. They didn't have enough stuff in place.
You can only find stuff and what you can actually search and sometimes there's just nothing. Loaded by the evidence, yes. Yeah, so not anything against you.
But in those cases, are you seeing where the clients are saying, well, we couldn't find it. We've got to assume that something bad happened. Let's send out the notifications.
Let's do everything that we have to do to protect the clients. Or with not identifying any of your clients, not listing any of them, do you see more on the side of, we dodged a bullet. We're just going to sweep this under the rug or act like it didn't happen.
Let's tidy some stuff up and not really do what it is we're legally supposed to do and assume the breach, assume the impact. Yeah, I need to be mindful of my response on that one. Walk through this minefield carefully.
So I would say most of the time when it comes to that point in the investigation or that point of the case, I refer them to a data privacy attorney or a breach attorney. Because though from a technical perspective, I know what I think that they should be doing. I know that there are a lot of legal nuances.
Yeah, I just kind of drew a blank there. I refer them to an attorney to deal with those pieces. So in the past, I have said like, hey, if it was HIPAA data, I've sent them the link to the, I can't remember, the health or the HHS.
Yeah, HHS. And told them, you know, this is reportable, you should report this. In hindsight, I look back and I go, I really don't know that, right? I'm not an attorney.
So I don't know all of the details of, is there a certain number of records? Is there, right? Are there other factors impacting whether it's reportable or not? So that was kind of a lawyerish response, right? I'm punting on the liability there. But in all honesty, with speaking more openly, no, I tell them what I think. And I tell them that, you know, you should probably contact counsel and find out.
I think it's reportable. Here's what I think you should do. But an attorney may have a different opinion.
It was good tap dancing. That was good. It was a lot of words to say just a few things.
Some clients have done some things, some that are good, some that I don't know wouldn't be not good. But it's, you know, I think it falls in the same spot. We're not lawyers.
At least on our contracts, everything is we don't give legal advice. So it seems like you may have this kind of issue. You should go after it.
So probably not in a place to be able to answer it or probably shouldn't. But I guess I wonder, I'll throw it out there into listeners too, if that's why there's that perspective or that feeling that this stuff is blown out of proportion. You know, all the stuff I see is that it's going to be millions of dollars and that it's going to close my business.
And I've had like four breaches. I didn't put out this fictitious client. Yeah, I had like four breaches and we're still in business.
Nothing happened. Well, because you didn't do what you're supposed to do. Yeah, I've gotten a few that have said that where they go, ah, you know, my email got hacked on my computers.
I got ransomware. You know, we got back up and running. I changed passwords.
And those are the dangerous ones, right? Because the analogy, I say that a lot, right? I use a lot of analogies. The analogy, you know, and I ask, have you ever accidentally run a stop sign or a red light and nothing bad happened? It doesn't mean that something bad might not happen next time, right? You got lucky. And I feel like that's it with these breaches.
I think those are the more dangerous people, the people that have had some sort of an incident and they really didn't feel trauma from it. And I hate to say it like that, but they didn't, right? They were maybe changing the password did fix the problem for them in this particular instance. I think it sets bad precedent for them.
And it opens the door. Unfortunately, right, when we talk about victims, I don't think it's the victims, not really the victim. It's the information that they have.
Those are the victims, right? So if we're talking about lawyers, the lawyers email gets compromised or their computers get compromised. Yeah, I guess at a 50,000 foot level, the attorney or the law firm, they're the victim. But really, they're not the victim.
It's everybody's data that was just exposed. Those are the victims, right? Those are the people that, you know, their personal information just got exposed or, you know, whatever it may be. And, you know, attorneys, they typically have very sensitive information on their clients.
I think that segues good into some of the possible Florida bar changes. Now, right now, the Florida bar has a very ambiguous, very much like kind of GLDA used to be very ambiguous that basically you have to have controls in place to protect the information you've got. I'm paraphrasing poorly, but that's basically all that has been said.
And from what you've seen, and to dig into a little bit more, you're actually seeing in hearing talks that the Florida bar is looking at making an incident response plan explicitly mandatory for all attorneys. There were two articles put out. I don't have the links in front of me, but there was an article in October and an article in November.
I believe it was the November one where there was talk of making it mandatory for members to develop and have an incident, a cybersecurity incident response plan. Obviously, there was some pushback on that and, you know, making it mandatory. Nobody wants anything mandatory.
And I understand that. So I don't know where that's going to go. I haven't seen any updates since the November article.
But yes, to answer your question, I guess they are teetering on making it mandatory. What are your thoughts? You think you've got people's data that it should, that that should be a mandatory thing? I'll prime it. I think my knee jerk.
My knee jerk is yes. I just feel like making things mandatory and adding, we'll just call it regulations, like rules. Does that ever actually move the needle? Right.
Or does it just displace blame? Right. Like it just lumps it. I don't know.
I'm not sure if I'm saying that right. But I do. I do think that if you.
So I think we've had this discussion before. If you are inheriting by choice, the responsibility of having my information. Yes.
Right. If you're, especially if you're monetizing that information in some way, which is probably why you're holding on to it. I do.
I think that you should be responsible for investing the time and the money in protecting that information. I think at the very least a plan. Yeah.
That if we see something, here's what we're going to do. I think there needs to be something on that. I think that tied.
So in about moving the needle and shifting the blame. And is it really actually changing anything? I think segues perfectly into the privacy discussion. So obviously the data breaches.
Everybody's got my information. It's becoming more and more of a thing of talking about how to protect consumer's data or how to protect data subject information. Our PII.
All of that jazz. And especially in California, New York, they're pushing very much more stringent privacy requirements. And some people probably heard the thing coming out more and more of the right to be forgotten.
That's also with GLBA. And essentially, if a client reaches out to you and says, Brian, we've done some work before or I gave you my information for a lead magnet. I want you to delete all of my information.
That's what's getting pushed. And I think on the surface, that sounds great. Companies should do that.
They should delete the data. But then when you look at the logistics of it, with backups, images, email systems, which are backed up in other places, and geolocated data centers that are replicated and encrypted file backups and encrypted databases, is it actually even possible to delete somebody's data? From your systems. So I think the right answer is, is it possible? I think it's possible.
Is it feasible? Probably not. The reason I say is it possible or that I believe it's possible is, of course, we could put the effort in. There are ways to securely delete information, delete artifacts, delete it from memory or any artifacts on the computer.
But like you said, you have online backups, right? You have tape backups, whatever it may be. But you would really have to put a ton of thought and effort into where is that data, where else does that data exist? And how do we go in and remove it? So is it possible? I think so. Is it realistic? I don't think so.
Right. But I think that also goes back to, and I know we're jumping around, but that goes back to probably one of the tenants of cybersecurity is knowing where your data is at, right? Having a full understanding of where that data exists, right? I've been on many cases where we thought it was the web server that was compromised and it turned out that it wasn't the production server. It was a development system.
That they used production data on the test in the background, right? So we're spinning our wheels. They know that that data, right? They can see it. It's live, real data.
But we're just going, you know, there's no indication that this server is compromised. Only later to realize that, oh, well, wait a minute. We have a development server.
That data might exist there. Let's look there. And it turns out that's where it is.
But anyhow, jumping back on topic, I think that would be the core need or requirement is honestly knowing where does your data exist, right? Very granularly, right? So you have a desktop computer that a user uses and they have those files on the computer. Are there volume shadow copies, right? Does that computer backup locally? Does it backup to a drive? Does it backup to the cloud, right? You'd have to know where else does that data exist? Is it put in OneDrive, right? So even if you delete it from your computer, it still exists in the cloud somewhere. Like you said, there's so many different moving pieces to that.
But the core, from my perspective, the core part there is first knowing where does it actually exist, which realistically we should know. I mean, realistically, well, I don't know. I think there's so many things now being interconnected that are convenient, which we talked about.
I think it's sliding the other way. But I get your information from a lead magnet and we start working together, right? So now your information's on our web server. It's gotten into our CRM.
And with our CRM, that's a SaaS product. So they're doing backups that are being geolocated. I've got no access to those backups.
So I can delete your data here, but however long they've got those backups, that data's staying there and I've got no access. So realistically, I can't do it with any of my SaaS products. Yeah, that's a good point.
That was a good question. Now my email, geolocated backups with those. Can I go through and scrub everything from the emails? And because I've got a good backup plan in place, I'm doing hourly backups and then daily backups, maybe a grandfather, father, son, or powers of boy, any type of structure, but I've now got all these backups over here.
Well, do I need to spool up every single backup and go and delete your data and restore all the backups? And with platforms like, no offense against Stato, they've got a great platform, but it's all encrypted. They don't have access to it. That's how it should be.
But that means they can't go in and delete any data. And I can't go into my backups and delete data without spooling everything back up. And in one month, I've now got at least 30 backups if I'm just doing daily.
And that's just my MX email, my CRM. That's not even looking at SharePoint files and data. That's not even looking at now if we're including AI, which how many people are really mapping out how that's using it, where it's going, how it's storing it, where it's... Yeah, you are not wrong.
So it brings up a good question liability-wise. How would that be viewed in the courts? If you, let's just make up a fake scenario. For whatever reason, you are required to delete some files from your computer and from your email, right? It was determined that you had proprietary data that you weren't supposed to have.
The court ordered that it was securely removed. So you did, you had those files securely deleted from your computer and securely removed from your email environment. Within 30 days, you have an email issue and you have your email backed up.
Those files are again in your email. Where does that fall? Now, this would be great to have an attorney on this one. I think that'll fall on the business because you were supposed to get rid of the data.
Now, what we've been putting into place with a lot of clients is you need to track this in some way that if we remove all of Brian's information, if we restore, we have to delete that information from that restore. It creates the issue of, well, now I've got Brian's name on a list of things I need to delete. And like how big and expansive is this list really gonna get? So I think this kind of comes to like two points.
One, small businesses can't manage this at all. Just absolutely not. They can do a cursory, but there's no way.
So is this putting kind of chess pieces just to hammer small businesses? Because big businesses can't handle this at all. But they've got the money to be able to get hit with the fines, it doesn't matter. So they'll be able to bounce back.
It won't really affect them. The other thing, is this just creating political or legislative luck to be able to say, look at all the things that we're doing. We're really working to protect you.
It's security theater. When you really look at it, no, there's nothing you can do here. This cat's out of the bag.
So I think it's getting more and more back to the point of, I don't want to share any of my data with you. You don't need my information. And just try to figure out ways to structure it there.
I don't know, I don't think it's, I'm not even sure it's feasible. Definitely not feasible. I don't even know if it's really possible.
If I really wanted to scrub out everything that I had on a particular person, could I do that? Yeah. Yeah. No.
I guess to roll back on my answer. I think that's more rhetorical. Yeah.
Is it possible? I missed the, what's going on with my head? I think kind of wrapping up with the time, this gets into the Corporate Transparency Act, which was the whole thing, kind of same thing on this privacy side of, we're going to collect all this information to help prevent money laundering. I mean, we're not going to collect it from the institutions that are typically used for money laundering, like nonprofits and managers of nonprofits. They're exempt along with everybody else making tons and tons of money, you know, $5 million or more a year.
But all these small businesses, you have to report everything that you own. Trust, businesses, stocks, all your financial data, all of your personal data, export all of it into one very secure corporate government system that's never going to get hacked because government systems never get hacked. And that was supposed to help with financial crimes, which I think we talked about it a long time ago, complete security theater, not going to help at all.
It's just going to make everybody have to subscribe to the financial crimes database, which a good analogy, I know you like these, Brian, is, but it's like going down to your local police station and saying, hey guys, here's a list of everything I have in my house. Here's a blueprint. Here's where I sleep.
Here's where I keep all of my weapons. Here's my safe code. And just in case I break the law, here's some extra keys to my house, just so you guys have this stuff.
I know you're not going to use it, but just in case I decide to break the law, you'll have it to help support the case against me, which even just talking through that is complete nonsense. Which is why the CTA just got squashed, not permanently, but there's the injunction against it. So if you haven't filled out your business ownership information, you don't need to right now.
You don't have to put all of your information into FinCEN, which is great for those of us that I guess we're procrastinators and not doing it yet. It's also great for any businesses that start up in 2025. If you've already put in your information, we'll see what happens with that.
I'm sure they'll get it deleted. But yeah, big news with CTA is this was actually just on, what's today, the 5th? It was just on the 3rd that they put the injunction. So if you haven't filled out your FinCEN boy yet, you don't need to, but keep watching it because that may change.
But yeah, I think that ties in just with the privacy and everything else. All of this is just security theater. It's just making it more and more difficult for small businesses, but not really providing- To go back to what you were saying about protecting the data, right, or the responsibility to delete the data.
If somebody asks, this may be a novel idea, but what if we just made it a requirement to collect the bare minimum of what you need? At that time? I think it comes in two parts. I think one is having a realistic conversation about your name and your email are not really private. If a company has your name and email and it gets out, it's already out 400 times over, live with it.
Or use a service that you can provide a pseudo email or a fake email. Don't provide your real information. Use a pseudo service for like a phone number.
You can even do that with credit cards. That's going pretty far, I think, on a client side. But I think there's some responsibility as data subjects.
Got to do better with sharing the information of what we share. Oh, yeah, no, for sure. Can't just throw it out there.
Although, with the companies that do the background checks that are just collecting it with all of the data brokers, that kind of doesn't matter. I think on the business side, those collecting the data, there's the responsibility of only what you need, which is good business practice. If there is no monetary value for it, get rid of it.
Well, it's also one of the tenets of cybersecurity, right? Least privilege, which kind of blends over or bleeds over into that. Just keep the least amount, only the data that you need. Right, but we know that money is data is money, right? It's valuable.
Everybody wants to collect as much as possible. Yeah, so I think with small businesses, more of them need to identify how are we using this data? What do we need it for? And there's probably not that much monetary value for a lot of small businesses, at least how they're using it. Because they just don't have a good email drip campaign.
They're not analyzing and figuring out exactly who needs what. No offense, most small businesses don't even know really how to position or sell their own product. So having customers' information isn't really helping them like it would a major data broker, big business.
So I think there's my point there, now that I've insulted everybody, it's just you probably don't need as much data as you have. Just delete it and scrub as much of it as you can. Yeah.
On the side where you do need to collect it, like you said, make sure you know where it's at. And that least privilege, restrict it as much as you can to different areas. And if you really can, fully encrypt it so that even though it's going all kinds of other places, it's that encryption key that you need to get to it.
And then I think that way, if you're ever in court saying, did you delete all of my data? Well, everything's encrypted. So even if it gets restored, it was fully encrypted. We don't have the key.
Maybe some way like that to where is it somewhere in there? Maybe we wouldn't even know where to find it. That's probably not a great thing to say in court. Again, not a lawyer.
Talk with your attorney. But I don't know what that answer is. But it's just trying to figure out how to structure some of this.
It's very difficult. It's not an easy fix. It's not as straightforward.
It's black and white. Brian, I really appreciate you coming on. I appreciate you having me.
Yeah, man. You've always got really good insight on here. Maybe we'll set one of these up at like a Houston's or go through, you know what I think we should do is create a list, a menu for different type of data breaches.
You've had a data breach and it's just gotten into your systems, but no client data. Have yourself a rum and coke or like a nice chardonnay. Take the edge off.
It's not too bad. The other side, if you've had a full data breach, we recommend these drinks and these employment agencies to get your resume out there. Like a mind eraser has got to be in there somewhere.
Yeah, yeah. An absolute mind eraser. I don't even know what's in that.
Here's some good tracks to listen to. Ain't no sunshine when she's gone. I don't know.
I think there's something there that could probably be sold itself. But again, real cool to have you on Brian Barnhart with infiltration labs. If you do have any data issues, feel free to reach out to Brian.
We will have the information in our description. And if you haven't had any issues, this is a great time to reach out to Brian because he can help get everything tightened up so that when you do, it's not a major, major problem. Brian, thanks so much.
Thank you. Merry Christmas to everybody. Merry Christmas and happy holidays.
Thank you for listening to Cash in the Cyber Sheets. See you all next week. Life goes up and it goes down.
Thanks for joining us today. Don't forget, click that subscribe button, leave us a review, and share it with your network. Remember, security and compliance aren't just about avoiding risk. They're about unlocking your business's full potential. So stay secure, stay compliant, and we'll catch you next week on Cash in the Cyber Sheets. Goodbye for now.
