Redefining Society and Technology Podcast

How Do We Make Decisions in Cyber Security? Operational, Tactical, and Strategic Decision-Making in the Age of AI | An Australian Cyber Conference 2024 in Melbourne Conversation with Ivano Bongiovanni | On Location Coverage

Episode Summary

Discover how Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer at the University of Queensland, unpacks the complexities of cybersecurity decision-making, data governance, and regulatory accountability. This episode offers actionable insights into navigating organizational challenges while leveraging cybersecurity for strategic value creation.

Episode Notes

Guest: Ivano Bongiovanni, General Manager / Sr Lecturer, AusCERT / UQ

On LinkedIn | https://www.linkedin.com/in/ivano-bongiovanni-cybersecurity-management/

At AU Cyber Con | https://melbourne2024.cyberconference.com.au/speakers/ivano-bongiovanni-ibtpp

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

This AISA Cyber Con 2024 On Location podcast episode recorded in Melbourne spotlights critical discussions led by Ivano Bongiovanni, General Manager for AUSCERT and Senior Lecturer in Cybersecurity at the University of Queensland. The dialogue centers on pivotal issues shaping organizational approaches to cybersecurity, from decision-making factors to data governance and regulatory influences.

Bongiovanni discusses his research on decision-making in cybersecurity, conducted across six large organizations. By interviewing professionals at operational, tactical, and strategic levels, the study examines the multifaceted factors driving decisions, such as configuring security systems or choosing cyber insurance. The research identifies four primary influence levels: industry, organizational, team, and individual. Key drivers include regulations at the industry level, organizational culture, and access to collaborative professional forums. These insights aim to provide decision-makers with a reflective framework to ensure comprehensive and informed choices.

Another prominent focus is data governance. Bongiovanni emphasizes its role as both a foundation for robust cybersecurity and a potential avenue for organizational value creation. He highlights the challenges organizations face in mapping, managing, and securing their data. While traditionally viewed through a lens of loss prevention, he argues that effective data governance can unlock operational efficiencies and new business opportunities. This aligns with a broader industry shift to link cybersecurity investments to strategic value creation, rather than purely protective measures.

The episode also touches on evolving regulatory landscapes. Bongiovanni outlines the increasing scrutiny on board members and CISOs (Chief Information Security Officers) regarding cybersecurity accountability. While Australia is still catching up with global trends, parallels are drawn to the U.S., where regulations like the SEC’s proposed cyber disclosures link leadership liability to organizational cybersecurity practices. In Australia, existing duties of care under the Corporations Act are becoming focal points for regulatory expectations.

Information-sharing frameworks, such as ISACs (Information Sharing and Analysis Centers), also feature in the discussion. Bongiovanni underscores their importance in fostering collaboration, particularly in sectors like higher education and healthcare. He notes the ongoing cultural shift encouraging organizations to share threat intelligence securely, which is essential for collective resilience.

Through Bongiovanni’s contributions, this episode highlights both the challenges and opportunities in cybersecurity decision-making, emphasizing a nuanced understanding of regulatory, cultural, and technical dynamics.

____________________________

This Episode’s Sponsors

Threatlocker: https://itspm.ag/threatlocker-r974

____________________________

Resources

Future is now: Cautious reflections and bold predictions on cyber security in the years to come (Session): https://melbourne2024.cyberconference.com.au/sessions/session-FsEVnuge9u

How do we make decisions in cybersecurity? Operational, tactical, and strategic decision-making in the age of AI (Session): https://melbourne2024.cyberconference.com.au/sessions/session-BdOGZjahUe

The executive playbook: Elevate your cyber security through data governance (Workshop): https://melbourne2024.cyberconference.com.au/workshops/workshop-rxAAQPTLUJ

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story Briefing as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Episode Transcription

How Do We Make Decisions in Cyber Security? Operational, Tactical, and Strategic Decision-Making in the Age of AI | An Australian Cyber Conference 2024 in Melbourne Conversation with Ivano Bongiovanni | On Location Coverage

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.

_________________________________________

ean Martin: [00:00:00] Shall we?  
 

Marco Ciappelli: That's it. Here we are. Marco. We came all the way. from LA for this, shall we? I mean, what kind of question is that? Que Domanda? What's the matter you? What's the matter you? We could go for a coffee rather than a podcast.  
 

Sean Martin: We need, we need a coffee for sure. I've only had three this morning. Oh, yeah, you're  
 

Marco Ciappelli: way behind. 
 

Sean Martin: So, uh, now it is, it's an absolute pleasure to be here in Melbourne for, uh, Australia's CyberCon. Hosted by Eissa and, uh, pleasure to meet you, Ivano.  
 

Ivano Bongiovanni: Thanks. Thanks for having me. Pleasure to meet you guys.  
 

Sean Martin: You're a busy, uh, busy person this week with a few sessions.  
 

Ivano Bongiovanni: Yeah, a few. Just a few. at one now and two more coming tomorrow, but it's, it's all great. 
 

I love it.  
 

Sean Martin: It's all good. It's all good. And great to, uh, great to be in, in, uh, Australia and the APJ region. We're going to learn about some of the work that you do and some of the things you've been talking about this week. Uh, perhaps a few words about what you're up to, um, the, uh, the [00:01:00] offserts and, and, and some of the work that you're doing and other things, anything you want to highlight would be great. 
 

Ivano Bongiovanni: Of course. Not a problem. Um, so as I say, thanks for, for having me. So my. My name is Ivana Bongiovanni, as you can tell from my name and my accent. I'm, I'm Italian, uh, but been in Australia for a while now. Um, I'm currently the general manager for forer, which is the one of the Australian, um, certs, computer emergency, uh, response teams. 
 

We're actually the second oldest cert in the world after your cert, the Carnegie Mellon one over in the US US Cert. Uh, been operating for 31 years. No, I cannot claim any bragging rights or anything because I've been in the role for seven months only. So I have just joined, uh, and it's been an amazing seven months. 
 

Um, uh, you might not know. Also it is closely associated with the University of Queensland over in Brisbane. So we're effectively parts of UQ. And I also mentor. An academic [00:02:00] role as a senior lecturer in cyber security at UQ. So I got this interesting double role where I still got to do research and part of what I'm talking tomorrow is based on my research. 
 

But I also have this task of managing the OSIR team and, you know, trying to see what's next for me.  
 

Sean Martin: I'll ask this question quickly. Do some of the students get to participate in the, in OSSERT? Do they get to be part of it, contribute to some of the research to what the team does?  
 

Ivano Bongiovanni: Yeah, OSSERT is more like a stand alone entity, if you want, within UQ. 
 

UQ has this big research center called UQ Cyber. So students It's typically participating in UQ cyber, uh, having said that we do have, uh, um, graduates that transition from, um, the University of Queensland into a certain common work for us. So it does happen. Obviously the proximity with the university, um, makes it a little bit easier [00:03:00] to have access to talent, which is, as you know, very well, especially in Australia is a big issue these days. 
 

Marco Ciappelli: Yeah. So we say you're a busy guy here in these days and, uh. Tell us a little bit about the presentation that you have in here.  
 

Ivano Bongiovanni: Yeah, so I'm having two presentations tomorrow. One is a more traditional presentation. The other one is a workshop. So in the presentation, I will be talking about a piece of research that I've done with my team at the University of Queensland on the factors that affect decision making in cyber security. 
 

The workshop will be more around, Uh, data governance practices. So maybe I'll say a little bit about the first one and then, uh, the second one as well. So the, the piece of research was, um, conducted with, uh, six large organizations across different, um, industries. Uh, what we did, we interviewed. six cyber professionals in each of those organizations. 
 

We looked at people at the operational level. So your [00:04:00] typical sock analysts, uh, at the, um, tactical level, which is what we define, um, you know, GRC space. So really risk and compliance and support, uh, to operations, uh, and then at the strategic level, uh, being that your size, though, um, your, your C suite board members and so on. 
 

And what we asked them was to try and unpack when they make some. Cybersecurity decisions at all of those levels. So from, uh, how do I configure my, my SIEM into, um, am I, how am I gonna write my incident response policy? What are the contents that I'm gonna put into it, uh, into, shall we take cyber insurance or not? 
 

Uh, try to figure out what are the factors that drive those decisions when you have to, you are in the moment where you and your team have to make this. you thinking of? Because we thought that, um, if we were able to map all of that out, it would be a great, um, reflection tool for, um, decision makers in organizations to go, Hey, [00:05:00] um, I know what the evidence is telling me. 
 

Have I looked at all the different things that could impact my decision? Have I thought of everything, uh, before I made the decision? Um, so the findings were, um, We're quite, uh, we're quite interesting from that perspective. And tomorrow's presentation is gonna be mainly about what those findings are.  
 

Marco Ciappelli: I'm gonna guess money. 
 

Ivano Bongiovanni: Uh, yeah, that's one of the big ones. Yeah, that's, that's a good guess. Um, possibly the, uh, so we actually identified four levels. What happens at the industry level as an impact? What happens at the organizational level? What happens at the team level? And what does happen at the individual level? So those are the four slices that we have identified. 
 

Certainly, mine is a big one. That's at the organizational level. At the industry level, probably stronger than that, and even more stronger, is regulations. All right? So obviously, Uh, compliance. We know that it's not perfect. [00:06:00] Uh, it doesn't really drive performance, but at least we, we, we found out that is a good first input for companies to do something right about their cyber security controls. 
 

And then there's other, um, interesting factors that go down to the organizational. I'm thinking of organizational culture. Are we resilient? Um, down to the more individual level. So things such as, um, access and exposure to fora like, for example, ASA. So access to knowledge and, and, and being part of a group of professionals that work in the same profession as a strong impact in how people make decisions. 
 

Because obviously if you have heard somebody talk about something in their own experience, especially when you don't have other. evidence to make your decision, you're going to probably rely on that, right? Uh, and good or bad that that can be, because in some cases, you know, might lead to, um, suboptimal decisions. 
 

Uh, but, but we thought it's important to at least have an [00:07:00] understanding that that's what happens in people's brain and obviously then there's There's biases because at the end of the day, we're all humans. We are all affected by, by our biases and I'll make, we make decisions and we need to be conscious of those at least. 
 

Sean Martin: So two, two questions for you on this. So, and we've heard referenced, uh, here in the last couple of days, FS ISAC having a presence here, which ISACs, ISALs are US rooted initially. Are there? Are there extensions here from the U. S. and does Australia have their own info sharing orgs?  
 

Ivano Bongiovanni: Yeah, we do. So there's a lot of ISACs across Australia, across different industries. 
 

One example, for example, is in the higher education sector. I'm thinking of universities. So in Australia we have, uh, uh, 43 universities, if I'm not wrong, and there's an ISAC that is set up by an overarching body that actually facilitates, uh, information exchange within, uh, that specific industry. Uh, [00:08:00] we also, um, I know that Australia is in the process of setting up a healthcare ISAC. 
 

It's obviously dedicated to, um, organizations that operate in that specific industry. And, uh, needless to say, Um, we know information sharing in cyber security is, is essential. Um, so there's a lot of work that is currently being done on trying to raise awareness on the fact that, Hey, it is okay to share things such as your, your, your IOCs or, or, or, uh, dynamics that you're seeing in your environment. 
 

Um, certain containers where it is safe, uh, to do so. And even in terms of the, the, um, the recent regulations, I'm thinking obviously you guys are aware of the cyber security bill and are aware of the fact that, uh, there is now, um, a mandate to disclose ransomware payments, obviously that speaks to the fact that even the regulators is saying, don't worry about sharing. 
 

We're not going to come after you because you have shared. Um, [00:09:00] so that speaks to this willingness to create safe, safe conditions for sharing. And again, I can, I can speak about the higher education sector. Uh, it is a great industry from that perspective because there's this, uh, willingness to really collaborate because people know that, you know, today's me, tomorrow is you, tomorrow is you, right? 
 

So we need to kind of make sure that we are across the, the threats that we're facing.  
 

Sean Martin: Yeah, absolutely. The second question I had. Um, is around data, but less about the threat and attacks and IOC and indicator of compromise and more about what's inside the organization. Um, so I, I have a belief that there's security data that can help define a business opportunity or at least unlock opportunities within the business, um, which is kind of the strategic level of maybe some of the research you did. 
 

Are we starting to see See where security can help define where business [00:10:00] should focus and to unlock new opportunities. Have I got a couple of hours? Sure, come back.  
 

Ivano Bongiovanni: It is, um, it is a great area of passion for me what you just mentioned. Uh, and actually it's a great segue to my second presentation, which is this workshop on data governance. 
 

Uh, my answer to your question is yes, uh, and we actually, and it's not just me saying it. We heard of it from, from Joe Solomon's presentation, uh, and I, I attended a couple of other presentations where there were people saying the amount of data that security as a function has access to is unbelievable. 
 

Right now, data governance is a tricky one. Um, because as, as, as we say, it's not a sexy topic, it is extremely difficult to do. Um, because, you know, for me, For some of those larger organizations, just even knowing where your data is, who has access to it, under what conditions, and what are they doing with it, is that personal identifiable information or not, all of those questions are incredibly difficult to answer. 
 

[00:11:00] And I do have a feeling, this is not evidence based, but based on my conversations, I do have a feeling that It's a lot of the too hard to do basket, right? And that's why I think that there's been such a strong drive on cyber security investment. And I always use the analogy of a pyramid by overinvesting in cyber. 
 

We're really patching the top of the pyramid, but oftentimes we forget about the foundations. Which is data governance. Where is the data was access to the and so on and so forth. Now, in my opinion, this shift is exactly what you said. Um, justifying investment in cyber and data governance is difficult because it is about loss prevention. 
 

All right, I'm a ceo. I don't want to spend money for something that in the best case scenario doesn't lead to absolutely anything, right? I want to create value. I want more customers. I want to expand my market. I want all of those. Now, if we can shift the narrative around the fact that a, it's not just about loss prevention is also value creation. 
 

And an example [00:12:00] is business intelligence, right? If we can find ways to structure and structure data, we're gonna a, know where the data is. is what and who has access to it, plus prevention, but also be understanding such as, um, are we being efficient with our operations? Uh, are there parts of our business or, or our infrastructure that, that should be decommissioned that are just costing us money in maintenance and are not delivering value to all of those I think the second bit I think is a much stronger argument to go and knock at the door of the CFO and say, Hey, I did investment in data governance, cybersecurity, call it as you want. 
 

I'm not a big fan of the concept of data governance because I think it's difficult to understand, but something along those lines. Okay.  
 

Sean Martin: And I know Marco, do you remember the conversation we had with, it was a film company?  
 

Marco Ciappelli: Oh, wow. Yeah.  
 

Sean Martin: It was a long, long time ago, but this, This is kind of the inspiration for me, where, back in the day, the films would be captured and then physically [00:13:00] transported from on location to production and then to, all these things. 
 

And this organization said, if we securely find a way to do this digitally, we can change the way we, change the way this, this industry works, and we'll have a first, uh, first First run that this new opportunity and they were very, very successful with that. So it was a secure led by a secure method. Of course, it's cloud and data storage and all that. 
 

Um, but for me, that was the inspiration of using data security. Well, for me, that's 
 

Marco Ciappelli: what I was going to ask. Which is the use of technology and how new technology comes into play in the decision making. So, AI, but also kind of like a vendor driven investment, right? Like the marketing, the buzz, zero trust or whatever it is. 
 

Does this become a factor in [00:14:00] the decision making itself?  
 

Ivano Bongiovanni: Yeah, look, um, there is one thing, without wanting to be too academic, there's, there's, uh, a phenomenon called, uh, mimetic forces, in action when companies make decisions. And this is not just a theory. But this is any decision. And it kicks in, in particular, when decision makers don't have enough information about where to go, if they should go A or B. 
 

The default approach, when you don't have enough information, is what are our competitors doing? Follow, follow. Exactly. Follow, follow what everybody else is doing. To be honest with you, in cyber security, considering how nascent our industry is compared to, say, HR, finance, marketing, whatever, it's quite understandable, right? 
 

So vendors obviously drive a lot of that because one vendor has exposure to a number of other organizations. So they do know what the different organizations are doing, and they are actually [00:15:00] able to replicate some of those things across the different organizations. So a lot of times companies, um, approach vendors and ask the question, Hey, what are you seeing in my industry and what is best practices? 
 

The problem with cyber is that defining what best practice is. challenging. And if that is missing, people just try to look at what everybody else is doing. Hopefully you can get a little bit higher than what the average is. Um, but again, it's, it's not perfect. It is what it is at this stage. And  
 

Sean Martin: you mentioned two, two other column service categories, HR and marketing. 
 

To me, those are two Industries, whatever you want to call them, that have really dialed up. If we understand our employees really, really well, use all that data we have about them, we can keep them productive, we can keep them healthy, we can get the most out of them as a resource. Same for marketing. If we dial that up. 
 

We use all our sales and marketing data, we can get [00:16:00] the best leads to the sales, to the, right, the renewals, and it's all data driven, so I, again, I have this view that, that security data exists, where we can do that same kind of dial up. Um, I don't know if executive teams are ready for that, sounds like maybe they are. 
 

Ivano Bongiovanni: Well, I mean, there's, there's more and more, um, CDOs positions being that chief data officer, chief digital officer, right? Created. Now there was a big drive a couple of years ago. Um, it hasn't really been, um, up to speed as much and I don't really know why. But if you think about it, when you blend together loss prevention and value creation, as we said before, and just boil it down to, as you said, data, it makes a lot of sense. 
 

to have a CDO that does a little bit of both. Now, you also don't want to half cook loss prevention and value creation. So, you know, is there something that different parties need to do? So you want to strengthen your loss prevention while you're going to give a task to the CEO and the CRO. If you have a [00:17:00] chief risk officer, right, or somebody else in that type of role, um, it is, uh, it is still a lot of, you know, ongoing conversation. 
 

But I agree with you. At the end of the day, you boil it down to data, and then you decide where you want to go. 
 

Marco Ciappelli: Anything that inspired you in these days that you were here? You say you're so jealous, but we got to talk to him. We're actually in the same hotel, so we get to run into him, too. Great guy. We had him And we know the story went through, but yeah, we thought, uh, we, we heard some feedback.  
 

Ivano Bongiovanni: I'm pretty sure everybody was excited about it. 
 

Marco Ciappelli: Yeah, what do you think about it?  
 

Ivano Bongiovanni: I was, I was, I was, uh, very, very happy and it was incredibly inspiring. So I shared that kind of feedback. I think, uh, he was able to show the power of storytelling and I believe there is actually a couple of presentations on storytelling in cybersecurity, which is another interesting thing. 
 

Perspective that is not very common in the cyber industry. [00:18:00] So incredibly inspiring. Uh, I kind of, um, you know, looked at, um, it was good to for him to boil down his experience and then translating in actions for people. And I saw, um, a lot of people leaving the room really thinking about what they just, uh, taken part of because it was incredibly powerful. 
 

Yeah. And, you know, in general, the This is a great conference. Um, there's a lot going on. Obviously, as all of these big conferences, I think speaking with people, everybody loves the networking side of it, where in three days you can really get to meet a lot of people, have exciting conversations. I finally managed to see people in person that I've never seen in my life. 
 

Other than Zoom or Teams, right? Yeah, that's always a plus. It's great.  
 

Sean Martin: I haven't had a chance to ask this question yet. So I'm gonna give it to you first. And it's related to Joe. I'm lucky, I don't know. It's related to Joe's experience. We have a good friend, Tim Brown, who's also experienced [00:19:00] some challenges in the U. 
 

S. in the CISO role. And the reason I'm going to ask you this The question is because of the, the, uh, the new cyber law with the, uh, reporting kind of gives a safe, it enters the idea that there's a safe space to share, right? As you described. So my question is in Australia, and I don't know if You have a view outside of Australia. 
 

The role of the CISO in the U. S. There's a lot of pressure and now even some legal pressure as well. Um, how do you see the CISO role in Australia in that regard?  
 

Ivano Bongiovanni: Well, as you probably know, we're We're always a little bit behind what happens in the U. S., so we try to, um, play catch up. But what happens in the U. 
 

S. is a reasonable predictor of what's going to happen, um, over in Australia. Now, I was, um, um, quite surprised, to be honest. Uh, one of the topics I've been working on is, um, [00:20:00] board members, uh, liability in case of cyber security and data breaches. And as you probably know, I think it was March this year, 2023. 
 

I believe S. E. C. Proposed a piece of legislation that would actually, um, closely connect, um, sizes. Sorry, board members actions with potential liability in case of data breaches. Now that law was passed. Push back. It didn't go through. Uh, there's still obviously, you know, uh, instances where, where there could be personal liability for board directors in case of, uh, of, uh, of a data breach. 
 

And the idea was more about having board members disclose what cyber security competencies and skills they have, because that's the assumption is that, well, if they do know something about cyber, Um, investors are going to be a little bit more, um, happy to invest in that specific company because a data breach, you know, might obviously might still happen, but you're going to have a, that top leadership buy in that is very much [00:21:00] necessary. 
 

Uh, now all of that to say that we actually, so, so some of the comments were in, in the U S where, well, um, board members have actually been. Let off the hook with with this change in cyber security regulation. And again, I think the more sophisticated comment on that was that that's not exactly true. What has been growing is more burden on sizes to produce the evidence for the directors that they're actually doing as a company the right things when And in, in Australia, we're seeing the same, uh, the same dynamic. 
 

It is. It is. It is a squeeze. It is a squeeze. And ASIC in Australia, the, the regulator in that case, It's the  
 

Sean Martin: SEC equivalent, right?  
 

Ivano Bongiovanni: Yes, exactly. Um, it, it's already, um, yeah, kind of, yeah. Yeah, because they do, they deal with, uh, with investment as well, so. They have already said that, you know, they're gonna, they're gonna hold board members accountable. 
 

Now, there is no specific regulation that connects [00:22:00] cybersecurity responsibility and personal liability with board members. In Australia, everything boils down to the Corporations Act that says that board members have to act with, um, duty of care and diligence. Obviously, if it emerges from investigation that the company has not invested enough in cybersecurity, we're, we're. 
 

Um, negligent in cyber security practices that could, you know, kick in this close of your duty of care and diligence because board members probably have not performed with within this duty of care and diligence. So all of these long explanation to say we're saying similar dynamics. Uh, things are squeezing in, uh, board members and, and top leaders in general have to be more accountable. 
 

They're going to become more demanding towards CISOs, which is going to increase the pressure on CISOs.  
 

Sean Martin: Hmm. Another reason not to be a CISO. No, I didn't. I didn't say that. Well, we won't say that. Reason number one. There's a reason I'm not a CISO. There's a reason I'm not a CISO. Yes. I have tremendous respect for them. 
 

A hundred [00:23:00] percent. Absolutely.  
 

Marco Ciappelli: I think it comes down to the fact that it's very complicated and it's, as you said, and as we know, it's a, we expect to be a mature industry. We talk about maturity all the time, but it's a young industry. We're still figuring out as we go. I mean, what, what about the responsibility of the vendor? 
 

Sean Martin: Well, they're off the hook. 
 

Marco Ciappelli: I mean, right? We saw a few things happen in the recent, uh,  
 

Ivano Bongiovanni: Well, and third party risks just to finish off. This is another massive topic here in Australia.  
 

Marco Ciappelli: Yeah.  
 

Sean Martin: Maybe we can have a chat on that separately. Absolutely. Yeah,  
 

Marco Ciappelli: you are definitely welcome to join us besides, uh, the regional event here, which we're happy to be. 
 

And, uh, hopefully we'll be back next year. I wouldn't say no. Of course. And then, of course. Course Australia is always good. Yeah. And you can enjoy, you can join us on one of our online episodes Yeah, absolutely. [00:24:00] On redefining cybersecurity with Shauna. I'll be part of it too. Um, thank you so much. Thanks guys. 
 

Yeah, thanks. Super fun. Super informative. Really great conversation. Absolutely.  
 

Sean Martin: Appreciate it. My, my pleasure. Yep. Enjoy the rest of the conference. Thank you so much. Thank you. 
 

Marco Ciappelli: And, uh. For everybody watching, you can get in touch with any of our guests just by checking out all the podcasts that we've been publishing. 
 

There is way many more where this came from because we're still in this room for, for a while.  
 

Sean Martin: It looks like separate episodes to you. It's one long episode.  
 

Marco Ciappelli: Exactly. But we will be fine. Filming on outside in the, in the, in the center, uh, expo center as well. So stay tuned, subscribe. And we got many more coming. 
 

Uh, I don't know how many,  
 

Sean Martin: I think 10 from today, something, something like that. So let's go. Fantastic.  
 

Ivano Bongiovanni: Thank you very much. Thanks.