Transcripts

This Week in Enterprise Tech Episode 549 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.


Lou Maresca (00:00:00):
On this week. And then Brian, Zach, we have Mr. Curtis Franklin back on the show with me today. Now, as use cases continue to expand for ai, cybersecurity continues to be one of the big focuses. The question is, will AI have the chops to keep up with hackers? We'll definitely talk about it. Plus say we have Veritas as our guests. They're gonna talk biometrics and how it's transforming security. As we know, we have Alfonso Santos and Larry Longhurst from Veritas. We're talking about security theme of the month. That's right, digital identities and how you can utilize them. You definitely should miss it. It's why on the set

TWIT INTRO (00:00:34):
Podcasts you love from people you trust. This is twit. This is twit.

Lou Maresca (00:00:48):
This is Twy this week at Enterprise Tech. Episode 5 52 recorded July 14th, 2022. Keyless is the key. This episode of this week in Enterprise Tech is brought to you by Thanks Canary. Because thousands of ignored alerts help nobody get one alert that matters for 10% off at a 60 day money back guarantee. You go to Canary tools slash twit, enter the code TWIT and the how do you hear about US Box. And by aci learning companies agree that attracting and retaining talent is critical with an average completion rate of over 80%. Your IT team deserves the entertaining and cutting edge training that they want. Fill out the form@go.acilearning.com slash twit for a free two week training trial for your team.

TWIT INTRO (00:01:39):
Welcome

Lou Maresca (00:01:40):
To twy this week in enterprise tech. The show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know are those worlds connected. I'm your host, Louis Murky, your guy who, the big world of the enterprise. You know what? I can't guide you by myself. I need to bring in an expert and a professional. He's our very own Mr. K Franklin, principal analyst at I'm Dia and the man who knows just about everything that's going on in the enterprise. Curtis, welcome back from the high Seas. What was waiting for you this week in the enterprise?

Curtis Franklin (00:02:09):
Oh, I had a mountain of email waiting for me. Lots of messages. And I have been digging hard because oddly enough, I'm back out again on Monday, heading out to a vendor conference where I'll be in Las Vegas next week. And the thing that I'm really looking forward to, the thing that always makes me excited is knowing that the day I arrive in Las Vegas, the high is supposed to be 117 degrees. And, you know, nothing makes me look forward to travel. Like realizing that my face could just melt right off like the villain in a Indiana Jones movie. You know, so I'm looking forward to that. In the meantime, trying to get some things written, trying to get a bunch of interviews done and setting up my schedule for Black Hat and Defcon. You know, those are right around the corner,

Lou Maresca (00:03:02):
Right? They are, they are. So speaking of that movie, did you see the new one? The new Indiana Jones?

Curtis Franklin (00:03:06):
Have not seen it yet. I've heard, heard a lot of people who have seen it and they say it's fabulous. So that may be on the docket for this weekend because I understand that most air con most movie theaters these days come with air conditioning, so we may go take advantage of that one day this weekend.

Lou Maresca (00:03:24):
They do. Well, it's great seeing you. Well, we'll definitely have to talk a little bit bit more about the movie after the movie, after the show. Cause it's actually pretty good. But I have some quals with it. Have some calms with it. Well, we have, we should definitely get started cuz lots to talk about. Now, as use cases continue to expand for using ai, cybersecurity continues to be one of those big focus areas. The question we all have in our minds is, will AI actually keep up with the hackers and the ever-growing threat surface? Well, we'll definitely talk about that. Plus today we have Veritas on as our guests and we're gonna talk about biometrics and how it's transforming security as we know it. Now with Alfonso Santos, director of Business Development and Larry Longhurst, he's director of Partnerships. On this week, we're gonna continue the theme of this week of security and this month of course, and talk digital identity.

(00:04:08):
So lots to talk about. So definitely stick around. Also remember, go right now to twit tv slash twy. Hit that subscribe button cuz you know what? We need you to subscribe and support the show cause that's how we continue to do it. Of course, we also have club twit twit tv slash club twit at $7 a month. It includes ad free podcasts of all our podcasts. And of course it also has a bunch of special events and that discord server that has amazing people on it, that's exclusive to just use. So definitely check that out at twit tv slash club twit. But first, like we always do, let's go ahead and jump into this week's news blips. If you're familiar with FA or serverless technology, you know that there can be some drawbacks as well. That's where Amazon Web Services has made some updates to its lambda function life cycle documentation, revealing that it can now proactively initialize functions even without invocation.

(00:04:58):
Now, as you know, one of the largest selling points to serverless technology is the fact that you can activate inate and compute only when you actually need them. While this development actually reduces the impact of the frequency of cold starts or cold boots, I guess you can call them, leading to, to really smoother experiences for your users. Now, AWS is essentially warming functions on demand. The company further explained that pre initialized execution environments can replace environments about to shut down or can be used if available during the initialization of new environments. So the proactive initialization was actually first discovered during a distributed trace showing a significant time gap between function initialization and the execution or invocation of it hinting at the existence of proactively initialized lambda sandboxes that could actually help with that. Now the Lambda function sandboxes are initialized without pending invocations, meaning fewer cold starts.

(00:05:48):
And the AWS Lambda team actually confirmed that they used proactive initialization during deployments and eager assignments. Now this optimization actually aligns with AWS's intent to run as many functions on the same server as possible. And the developer's desire to make a cold start less frequent and faster. However, that might not be the only challenges you actually face when it comes to serverless technology like Lambda's. And when running Lambda scale, one of the biggest challenges is actually managing the increasing number of functions and monitoring their performance. Of course, this could actually lead to resource, higher resource utilization and of course could also lead to a lot higher costs as well. In fact, monitoring and debugging service applications can be more complicated and time consuming than even traditional architectures as it requires tracing the functions in vocation from that event that started it to the final output. And as a result, developers need to really have proper monitoring, logging, tracing, and debugging tools in place. Now another challenge is fine tuning the Lambda environment to optimize performance. So this could include adjusting your memory and timeout settings, container reusing in, in fact even some other performance tweaks. So while AWS proactive installation helps add address some of the scaling challenges facing Lambda functions, developers still need to carefully manage and optimize each function's performance to ensure seamless scaling.

Curtis Franklin (00:07:09):
Well, you knew this had to be coming according to report from slash next, cyber criminals are leveraging generative AI technology to aid their activities and launch business email Compromise or b c attacks their tool of choice Worm G P T Black Hat alternative to G P T Models like chat. G P T specifically designed for malicious activities as with other large language model AI engines. Worm G P T was trained on various data sources with a focus on malware related data. Now, worm G P T generates human-like text based on the input it receives and is able to create highly convincing fake emails according to an article on dark reading. The research team also conducted an evaluation of the potential risks associated with thorium G P T with a specific focus on these B e C attacks. To do so, they instructed the tool to generate an email aimed at pressuring an unsuspecting account manager into making payment for a fraudulent invoice.

(00:08:16):
The results revealed warm G P T could not only execute a persuasive tone, but was also strategically cunning an indicator of its capabilities for Mount ca mounting sophisticated phishing and B e C attacks. Now, one of the advantages worm G P T seems to have over human collaborators is an absolute lack of ethics, human emotions or limitations. Another advantage is brings is the ability to help even novice or unskilled criminals generate highly convincing messages. Now, going beyond the collaborative uses of ai, cyber criminals are designing jailbreaks. These are specialized prompts designed to manipulate generative AI interfaces into creating output that could disclose sensitive information, produce inappropriate content, or even execute harmful code, some ambitious cybercriminals or even taking steps. Another move beyond by crafting custom modules like those used by chat G P T, but designed to help them carry out an attacks. Now this is an evolution that's going to make the job of the cyber defenders even more complicated. Researchers say the threat of AI aided b E c malware and phishing attacks can best be fought with AI aided defense capabilities. From this perspective, organizations will ultimately become reliant on AI to do the discovery detection and ultimately the remediation of these AI-based threats because there's simply no way to humanly get ahead of the curve without the assistance of an ai.

Lou Maresca (00:10:05):
Back on twit, episode 8 68, Alan Malano. Leon and I actually talked about Microsoft direct storage and how we can actually get started in the real world scenarios, use cases for the tech to actually improve hardware and hard drive performance. Now the exciting news from the gaming community from this Verge article, Microsoft actually rolled out version 1.2 of its direct storage s stk enhancing support for the legacy. That's right, the, the old spinning discs hard drives initially as designed to actually streamline data from high speed. M V M E solid state drives straight to your G P U Without C P U interference, direct storage now caters to the needs of older hard drives as well. That's right now, in the past, developers had to actually juggle between different methods for SSDs and H STDs, but not anymore direct storage 1.2 unifies the code for both SSDs and HDDs.

(00:10:55):
And while this SS d employ an UNBUFFERED mode for rapid data transfer to the G P U, A new buffered mode now caters to the traditional hard drives. As Microsoft Direct X team actually explains. Legacy hard drives require buffer IO to offset those long drawn out seek times. By enabling this mode, games installed strictly on slower hard drives can actually capitalize on OS file buffering features for speed boost. But don't, it doesn't stop there. That's right. Microsoft has also fine tuned its GPU decompression of textures, making it even faster in direct storage 1.2. Now this feature introduced in version one 11 delegates asset decompression into the graphics card rather than the CPU with big name tech companies like Nvidia, A M D and Intel ready to back direct storage's, latest GPU decompression techniques. Now I for 1:00 AM eager to see companies like Autodesk, Adobe, and other graphics accelerated applications, as well as more gaming developers to actually hop on board here. Particularly now that the technology benefits the older hard drives as well.

Curtis Franklin (00:12:01):
The Biden administration has just released a 57 page National Cybersecurity Strategic Information Plan, or N C S I P, which describes more than 65 initiatives that various federal agencies will implement over the next several years. These include strengthening US critical infrastructure against cyber threats, establishing enforceable liability for software products and services, and devising more effective ways to disrupt and disable threat actor operations and their infrastructure. While many security professionals see the N C S I P as important for the administration's cybersecurity strategy to move forward and believe its aggressive deadlines, send the right message of urgent urgency to stakeholders. Some wonder about how it can succeed with without adequate funding and bipartisan supporting Congress. As an example, while the implementation plan calls on federal agencies to eliminate legacy systems, funding for the Technology Modernization fund, which was approved in 2017, hasn't yet seen a line in a budget.

(00:13:06):
The documents executive summary described this week's version of the document as the first iteration of the implementation plan and calls it a living document that will be updated on an annual basis. Now, just in case you've forgotten the objectives of the cyber strategy are grouped under five separate pillars, defend critical infrastructure, disrupt and dismantle threat actors shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships. This week's document provides high level plans and initiatives for meeting those objectives. Now, the document certainly isn't perfect. One problem with the plan is that it lacks any path to coordinated standardized enforcement and leaves individual sector-specific agencies in control, putting together a framework, a set of agency guidelines in the currently current political climate and with only 16 months before a national election seems unlikely at best. With that said, the N C S I P does seem to move the ball forward on National Cybersecurity. One significant factor is that the implementation plan has a role for the cybersecurity and infrastructure security, security agency or csup to provide cybersecurity training and incident response for the healthcare sector, which is a major target of ransomware attacks. Issues like forming a private sector core of cybersecurity professionals to act as rapid responders in the event of a major critical infrastructure attack. Well, those will have to wait for agencies and others to figure out little details like credentialing and indemnification against lawsuits.

Lou Maresca (00:14:53):
Well, folks that does it for the blips, next up we have the Amazing Bytes. But before we get to those bytes, we do have to thank an amazing sponsor of this weekend Enterprise Tech. And that's Thanks, Canary. Now, if you want super early warnings of intrusions to data breaches, you need Thanks Canary. Deploy your birds and forget about them. They remain silent until you need it. And get one alert. That's right, one alert, whether it's email, text, slack, webhook, or even Syslog only when it matters things hardware, VM, and cloud-based canaries are deployed on all seven continents. Canaries can be set up in minutes, pretty easy to set up with no ongoing overhead and nearly zero false positives. You can detect attackers long before they actually dig in. Now the canary triggers are simple. If someone ex accessing your lure files or brute forcing your fake internal SSH servers, you have a problem.

(00:15:43):
That's right, Canary uses deceptively simple, uncomplicated, high quality markers of trouble on your, on your network. And here's how it works. Listen, simply choose a profile your Canary device, whether it's a Windows box or a brand name router or even a Linux server. And if you want, you can further tweak the services that actually runs in your canary. You can make it either a specified version of ISS server or open SSH or Windows file share with actually files constructed according to your naming schema. Now lastly, you could register Canary with the hosted console for monitoring and notification. And you lie and wait Attackers who have basically breached your network, malicious insiders even and other adversaries make themselves known. By accessing your canary though there's little room for doubt. If someone browse a file and opened a sensitive looking document on your canary, you'll immediately be alerted to the problem.

(00:16:35):
It's pretty rare to find a security product that people can tolerate, and it's nearly impossible to find one that's customers actually love. If you go to Canary Tools slash Love, that's Canary Tools slash Love, you'll find a selection of unsolicited tweets and emails full of that customer love. For thanks Canary visit Canary Tools slash twit and for just $7,500 per year, you'll get five canary your own hosted console, upgrade, support and maintenance. And if you use Code Twit and the hat I hear About Us Box, you'll get 10% off the price for life. Thanks Canary adds incomparable value, but if you're unhappy, you can always return your Canaries with their two month money back guarantee for a full refund. However, during all the years Twit has partnered with Thanks Canary, their refund guarantee has never been claimed. Visit Canary tools slash twit and Edge, enter the code twit and the how do you Hear About Us box.

(00:17:29):
And we thank Thanks Canary, their support of this week and enterprise tech. Well Folks, it's time for the News Vice and this one's very compelling. In fact, it's a great segue from one of Kurt's blips and the world of cybersecurity reported by dark reading. A compelling report has just unveiled by Bugcrowd, a premier crowdsource cybersecurity platform. Now it's called Inside the Mind of a Hacker Report for 2023 provides insightful revelation, starting that with the fact that 72% of hackers believe that AI, as powerful as it may be, won't replace human creativity in managing vulnerabilities and conducting security research. This is very interesting because obviously generative AI is making its presence felt with actually 55% of the respondents stating they can actually already outperform hackers or it will do so within the next five years. But despite this, hackers remain confident, of course, with the majority of believing that AI can actually replicate their creative approach.

(00:18:27):
Now, gener AI top uses of among hack hackers actually include these. You can do task automation, you can do data analysis, vulnerability identification. You can find validations, finding validations and reconnaissance as well as they use this. The uses actually aligns with directives from the US Department of Defense and pre president's Biden's Cybersecurity Executive Order, emphasizing the importance of AI in cybersecurity demographics. Confirm some stereotypes here, which is actually interesting from the report. Most hackers are Gen Z and their male with 55% or 57%, excuse me, age seven, 18 to 24 and 96% Male hacking is mostly not a full-time occupation with only 29% considering it to be their main job. No surprise there. And they're motivated by personal development, whether it's financial gain, excitement and challenge, but alter also altruism is as 87% think reporting vulnerabilities is more crucial than profiting from them. Now, the state of hacking and vulnerability management is mixed bag because with perceptions of companies of awareness of their breach risk varies.

(00:19:33):
In fact, increasingly 84% of hackers report and increasing in vulnerabilities since covid 19. Yet the other 78% say that companies attack services are becoming harder to compromise, so actually move in the other direction. Now, hacking also serves as a career development tool with 42% of respondents forming long-term relationships with security decision makers. Over half said hacking helped them secure a remote job. DA Dave Jerry, c e o of Bugcrowd actually commented that the report showcases that diverse skills and expertise of hackers as global AI adoption reaches critical mass. Bugcrowd survey actually included respondents and responses from a thousand participants in 89 countries for deeper dive into the mind of hackers there, you can download the full report, you can discover how ethical hackers are an invaluable asset to any organization and they provide a significant return on investment in aiding digital transform. For sure. I want to bring Curtis in here because of course Curtis lives and breeds and enterprise and security. Given some of the revelations in this report, Curtis, what do you think it means for an organization? How, how should they adjust their cybersecurity strategy based on this?

Curtis Franklin (00:20:41):
You know, that that is the question that a lot of people are asking right now. And I I will tell you that I'm working on a report on that precise issue at the moment. So this, this is, is good because it's something I've been working on. The answer is that for virtually every company we talk to in virtually every field, generative AI is being seen as a, an employee amplification technology rather than an employee replacement technology. And I think that's really what this gets to when we're talking about the, the minds of a hacker. If you listen to what they said, they're talking about using generative AI to do one of a handful of things, either take care of rote tasks help them do research on a deeper dataset than they could easily do the research themselves or look for connections and correlations that might not be obvious to a human.

(00:21:54):
All of those amplify the efforts of the individual worker. They, they don't, as they say, it doesn't replace human creativity. It's not designed to, and the creative function is one where the AI really can't. You know, the, there has been a lot of talk about AI replacing writers, replacing journalists even in your world, replacing coders. And I think what we see in all of these things where people have tried it, is that the AI might be able to replace a human if you define replace with a really low bar because they tend to do writing that is really bad. They tend to do artwork that is pretty bad. I'm guessing, although I haven't really used it for this, that if you look at the code, if you ask one of them to generate code, it's code that might work, but it's not going to be elegant.

(00:23:09):
It's not going to be optimized, it's gonna be pretty ugly code. And it, it, I, and I hate to do this to you, but I, I make the analogy of being like 10 years ago when you could ask Microsoft Word to output a webpage, it would give you H T M L, but it was pretty bad. H T M L you know, no, no rational person would use that on their site. And I think that's where we are with, with ai. So what does this mean for the defenders? I I think it means that defenders should be looking at using generative AI in the same way that the hackers are using generative ai. Now, there are AI types, there are AI products that in fact do replacement that actually carry out actions. But if you look at them, these tend to be machine learning or AI models that are very, very, very tightly focused. And they do one thing, they just do it very rapidly. That's fine. We've been using that kind of automation for a long time. The broader based AI that chat G P T and the its ilk represent, they're going to be helpers rather than replacers for a very long time to come.

Lou Maresca (00:24:39):
I like what you said there. I like you, obviously AI can replace a lot of the mundane tasks or the tasks that require you to identify things you couldn't identify as a human. I think it could be almost on the flip side too, if you think about it, there's a lot of tools today that will sift through code. I've seen them in GitHub repositories and you know, GitLab repositories where they'll go and sift through code and they'll find credentials that are stored in con, you know, config files or, or YAML files or, you know, arm templates or whatever. And you know, and they will tell you and alert you and you have to go fix it. But there's also tools on the website for hackers that go, okay, there's some credentials inside this config file. Let me go in. Actually, you know, not, not nor normal human wouldn't be able to sift through all that data all at once and be able to identify the fact that that is actually a credential when it goes to a blob storage.

(00:25:25):
Right? and, and so I think there, you know, to keep up with this, this trend, the technology has to know that, that whatever it's doing for the, for its, you know, for the, for as a defense mechanism, it can also be used as an offensive mechanism as well. What, how does that change the landscape you think, Curtis, for organizations? Are they gonna just think that if they buy this solution, it's gonna change everything for me and I'm gonna be, you know, head of the game? Or do they not realize there's also, you know, people using it on the flip side?

Curtis Franklin (00:25:58):
Well, you know, the, the thing that I give companies credit for at the moment is that most of them are thinking about the repercussions of pulling generative AI into their, their system. People are thinking about issues like data privacy. In other words, if this is scooping up large volumes of data, what's it doing to personally identifiable information or p i i, which is what most of the privacy legislation around the world deals with. Does it violate any of that? How about company secrets? Does it are, are you going to feed it company information so that it can search it but feed it confidential information? And if you do, will it then give that confidential information to anyone who asks? These are very real questions and these are very valid concerns and companies are being a little bit slow to implement their own chat, G P T or other generative AI or large language model ai until they get this figured out.

(00:27:10):
Now, a lot of people are urging their companies to, to hurry into this saying, well, if we don't adopt it right now, we're going to be behind. I think that caution is called for, because this is one of those things where getting it wrong if, if you look at risk where you look at both the possibility of an incident occurring and its impact to the organization you end up with a risk that's pretty high when you're going into a new technology that eats data by the giant bucket full. You know, another thing that's worth pointing out while I did one of the blips was on using worm G P T A chat G P T thing, we need to keep in mind that these large language model AI systems are not just data hungry. They are also compute resource hungry and power hungry, electric power hungry.

(00:28:27):
And that makes them really expensive. So if a an a P T group, advanced Persistent Threat Group is making use of truly sophisticated generative ai, it means they've got some truly massive dollars behind them. We know that some of the, some of these a p t groups do. But it also means that if a if a company decides we have to fight fire with fire, we have to have our own large capable generative AI engine to fuel our defense, they better be prepared to, to write some big checks for that because it's not going to be cheap. And just to give people an idea of the scale, we're already hearing companies like the chip manufacturers say that generative AI engines are going to replace crypto mining farms as customers for their GPUs because the same tool, the same hardware tools can be used, the same power is required, and we know about all the stories about the massive power that these crypto mining farms have have taken up. That's what we're looking at for a lot of the generative AI in the coming years.

Lou Maresca (00:29:56):
You brought up a good point. I mean, so speaking of dollars, the report mentions the hackers are motivated mostly by the greater good. You know, reporting vulnerabilities is seen more as an important thing rather than profiting from it. How do you think that maybe organizations can capitalize on this altruism to really improve things? What do, what do you think the best thing for them to do there is if they, if they don't wanna put out the big dollars for the ai?

Curtis Franklin (00:30:20):
Well it, it would be, it, it's gonna be a little bit self-serving for a company like Bugcrowd, but I will say that their model works really well. Bugcrowd tends to do things like in the same way that a lot of insurance companies manage self-insurance for large corporations, Bugcrowd is a company that will manage the bug bounty program for corporations. The bug bounty programs work, you know, basically you, yes, you're depending on the altruism and let's say now you're also depending upon the social prestige within the hacker community that comes from being the known person or entity that found a particular vulnerability that, that that is social currency and they trade on that. But, you know, a few thousands or a few tens of thousands of dollars thrown in as a kicker doesn't hurt at all. And I think a lot of these companies have recognized that it is a lot cheaper to pay bounties than it is to fight off lawsuits from putting out software that, you know, had some major flaws in it.

Lou Maresca (00:31:34):
Very true, very true. Well, I think that does it for the bytes because we have a, a really great guest coming up, so we definitely wanna get to it. Next up we're gonna talk with Veritas about digital identity and biometrics. So we definitely should get to that. But before we do, we do have to thank another great sponsor of this weekend at Enterprise Tech, and that's ACI learning. Thanks to ACI learning, the days of boring, archaic training methods are finally over. Thank goodness. Lack of meaningful impact shows up as low engagement, which translates to really suboptimal performance. If you think about it now, if you're, you and your team deserve to be entertained while you train and be empowered to keep your organization safe and secure, it's really simple. If your IT training isn't raising your team to the level you aspire to be, you need ACI learning.

(00:32:19):
And while the training industry really completion rate is barely 30%, ACI learning blows its competitors out of the water with an over 80% completion rate. This is the format that IT professionals want. Now in today's IT talent shortage, whether you operate as your own department or part of your A team, your skills must be at a bare minimum up to date, right? 94% of CISOs and CIOs agree that attracting and retaining talent is increasingly critical in their roles. A c i learning helps you retain your team and in entrust them to thrive while investing in the security of your business keeps your skills up to date. With over 7,000 hours of content available and new episodes added daily, your enterprise needs cohesive cutting edge training to keep your team compliant and ahead of the pack. Choose an existing course, let a c l learning combine modules for even a tailored solution, or let them custom design a course to address your specific needs.

(00:33:20):
A c i Learning's Private Bootcamp will train your team alongside the most passionate and best subject matter experts certified in the latest version of each certification. Full access to advanced reporting via a c i Learning's Pro portal help you track and manage your team's results, manage seats. You can unassigned or assign team members for customized courses relevant to their position. You can access monthly progress usage reports. In fact, visual reports provide immediate insight into your team's viewing patterns and progress over, over any period. A c l learning trains thousands of aspiring tech and cyber professionals annually, including providing scholarships to individuals from diverse backgrounds and those transitioning out of the military service into civilian careers. Join the always on tech training solution and a really in a rapidly changing world of technology. ACA Learning is in the studio every day to record and share relevant content that impacts your business.

(00:34:17):
Be bold, train smart, learn more about ACA learning's, premium training options across audit IT and cybersecurity readiness@go.acalearning.com slash twit. For teams of two to 1000 volume discounts, start at five seats, fill out the form, go dot aci learning.com/twit for more information on a free two week training trial for your team. And we thank ACI learning for their support of this week and enterprise Tech. Well, folks, it's my favorite part of the show. We actually get to bring in a guest to drop some knowledge on the TW riot today. We have two guests, that's right, two guests from the same company from Veritas. We have Alfonso Santos, he's the director of business development, and of course, Larry Longhurst, director of Partnerships. Welcome to show guys.

Alfonso Santos (00:35:06):
Thank you. Thank you. Great to be here.

Lou Maresca (00:35:09):
Now, before we get going, we've never done this before for two people, so we'll try to do this, we'll try to make it brief for the audience, but our audience loves, they were a huge spectrum of experience, whether they're starting out entry or they're CISOs or CTOs. And so some of 'em love to hear people's origin stories. So can you maybe take us through a journey through tech and what brought you to Veritas? Maybe we'll start with the Alfonso first.

Alfonso Santos (00:35:31):
Okay, perfect. Thank you. Thank you very much. As you can see, my, by my accent, and I note from the, actually I'm European, come from Spain, so my background is in the engineering world, so we share something here. <Laugh> I'm mechanical engineer. And I began working in the startup world as well in, in, in Europe in a completely different field. So I began working for for a small company building storage, storage meaning that we repurpose batteries coming from EVs, some from electric vehicles to you know, to build big storage containers and then install them in in renewable plants you know, to to, to start all these energy coming from the sand or the wind. And then you know, I, I was more problem year, then I moved to more sales part and and then I, I shift to, to another completely sector completely different sector is security. And then I you know, I knew Verda and I thought, you know, what we are doing and we will talk more later changing the world and changing we, how we interact in the data space. So that's why I, I, I began working for, for Verda in this case.

Lou Maresca (00:36:50):
Fantastic. That. How about you, Larry? How did what brought you to Veritas? What Veritas, sorry, Veritas and and what kind of, where'd you get started?

Larry Longhurst (00:36:59):
Yeah, no, thank you. I appreciate it. You know, my background in, I've been in the fi i space for about 20 years. So I worked, w worked, I've worked for a number of the different players in the FI technology space Dbol US Bank Divi Elon, which is a division of US Bank, and then Fiserv. And so, so I've been around for a while in this space. And I, and I, before coming to Veridas, I really made a conscious decision that I really wanted to focus on the software digital aspect of the space. And when I, when I had discussions with Veritas, I, I was really impressed with kind of their focus on, on, on changing the dialogue around, around identity and, and, and, and how to approach that. And so I'm excited to be here. It's great great, great space in the, in the, in the industry and certainly growing. There's a lot of opportunity here.

Lou Maresca (00:37:51):
Right, right. Well, we should definitely get started. Cause obviously this is an important conversation. We haven't really necessarily talked about the kind of the biometrics industry before we have talked about digital identity, but just kind of going into it, the concept of maybe, maybe I asked one of you or both of you, why move to the world of biometric security? What, what's the benefit of it? What, what are the traditional people who are using, let's say, traditional username, password, or even the, the standard SMS based MFA or tofa? What, what moving to biometrics, what do they get?

Larry Longhurst (00:38:26):
Yeah, no, and, and if you don't mind, I'll take this one, Lou, I think I, I'd just like to give a little background cuz that's a bit of a loaded question, right? There's a lot of baggage I guess that goes along with talking about biometrics. And so I'd like to just kind of kinda level set a little bit relative to biometrics. There's a lot of misconceptions out there, right? In our society especially here in the us. It's, it's, it's, you know, we're concerned about our, our identity being out there in the world, right? Our fingerprint, our iris, our face, our voice you know, what happens if that system gets hacked, right? We, we hear all the time systems are getting hacked, right? And, and, and passwords are compromised. What happens when my biometrics get compromised? That's a concern, right?

(00:39:10):
It's a valid concern. And s essence, what this question is asking is why should I not be concerned as a consumer? Wh how can I feel safe about, you know, my biometrics being out there? And so I, you know, I think the answer is you should be concerned frankly, but, but how having a better understanding of, of how biometric systems work and, and the fact that some, some systems are very robust and others less so kind of can, can help, right? First there are, there are, there's, there's been out there in the news a lot about systems that have been compromised, you know, in the recent, you know, this year, right? A lot of publicity around that. And so that validates consumer's concerns. So from an industry perspective, it's really incumbent on us to educate, to help consumers understand sort of, you know, how systems should be designed.

(00:40:08):
And, and, and as you mentioned, right? When you go out to a website today, you go out, you, you, you put in your username, you put in a password, maybe there's mul, you know, multifactor authentication, there's a one-time passcode, right? Those all work on something that's called presumed identity. It's presumed because yeah, it's something this person knows, but somebody who's hacked hacked your account can also know your password. It's, it's, it's presumed because a onetime passcode, it's, it's, it's presumed that you have, you're the one that has your phone in your hands, but it's not certain. So if I, with biometrics, there's, there's, there's much more certainty that the person on the other end is in fact, you right? It is a known entity right now, obviously. Then, then that brings into, into question, well, what about compromises? Right? What about the security aspect of how, how, how do, how do I know for sure that it's not a recorded voice, for example?

(00:41:10):
Well, that's where fraud controls come into place, right? So you've got, we, we biometric systems have to have, you know, a deep, deep con fraud controls relative to pro protecting against deep fakes, to protecting against re what are called replay attacks, using a, using a picture or a mask of a face to, to try to compromise the system. So, so that's, that's, that's definitely an a, a critical part of biometric systems that, that need to be in place and, and, and give confidence to consumers that they, that, that it makes sense to, to, to trust them. The other piece that comes into play is, you know, there's a concern that if, if the biometric system is hacked, I mentioned earlier, your face or your voice is out there, and it can be then used to compromise, you know, your, your other accounts potentially.

(00:42:01):
What's, what's important to understand is that in, in, in, in, in, in, in a, in, in a robust biometric solution, that data, that's your voice or your face is not stored as your voice or your face, it's stored as a mathematical vector, right? And, and, and it's an irreversible mathematical vector, and it's non interoperable. In other words, I, once I get that vector, I can't turn it back into your face. It, it, it doesn't work. And I can't go take that vector and use it to compromise another biometric system. So, so it only works on the system that it was created on. Right? go ahead.

Lou Maresca (00:42:44):
No, I, I, you keep going. I wanna, I, I wanna have another question about ai, but keep going for

Larry Longhurst (00:42:48):
Sure. Okay. Okay. So, so, so in the end, if, if, if that system is compromised, if your, if your mathematical vector does get stolen, it's useless to somebody there, there is not a value that they can go and use to get it. Because even if they, they find a, a, a, a, a customer, a company that's using, you know, the Veritas system, for example, and they, and they put your mathematical vector up there, that system is also going to ask to see your current face, right? And it's gonna look at the face and know that that person who's trying to compromise account isn't me. And, and, and, and so you're safe. So, so understanding that helps to, to, to kind of put, put to put to rest a little bit some of those concerns. And so, going back to your question, the original question of, okay, why should we do biometrics in the us?

(00:43:37):
We feel very strongly about rights, right? We feel strongly about the right to vote, the right to move about freely the right to own property. We believe that it is, it, it is a right to be identified using your biometrics, using your face, using who you are. It, it, that same should apply. It, it it applies in the physical world, right? When we go to the airport, we're, we're identified with our, by our physical self, right? With a, with an id, a, a, a driver's license that has our picture on it. And, and, and, and, and, and us as the individual standing there. Well, in the same way we think, we think that's what should apply in a logical world. That, that, that, that using your physical identity is the best way to secure that space. And, and not only secure, but also it makes for a better user experience. It makes it more efficient. So it's lower cost. So there's just, there's a lot of reasons why biometrics you know, makes a a lot of sense. But really those three things are, what we would emphasize is that, you know, reduce fraud, better user experience and, and, and, and more efficient kind of lower cost experience.

Lou Maresca (00:44:42):
Now, Alfonso wound to you, because I, Larry called this out a little bit. He kind of, I guess he started the, the conversation here around, you talked about a little bit about AI and DeepFakes and, and how does this apply? Like these, these seem like AI threats that could potentially reproduce potential biometric data about from people. Are customers worried about that? Are they worried about the fact that there's AI out there that could reproduce my voice and whatever I need to say? You know, it reminds me of the old sneakers movie where my voice is, my passport verified me, right? I think it's the whole scenario of like trying to reproduce by reproducing, using ai, whether it's deep fakes or deep fake audio, deep fake video. You know, are companies worried about this? Are they are worried that these things won't last if there's not other ways to authenticate somebody?

Alfonso Santos (00:45:27):
Mm-Hmm. <affirmative>? Yeah. Thank you for the question. First of all, I would say that you know, companies are concerned about this, but, but they tend to be also concerned about, you know, how passwords, letters, you know, numbers, uhs, a username name and a password actually are also, you know, more let's say more weak. So I weaker than, than biometrics. So that, that, that's the first point Okay. To, to, to have a clear discussion here. And then of course, they have you know, they, they, they tend to take into account how biometric and genes are developed. That that's the first point I would say. So. so first of all, they have, or they have to be or they, they, they want to have a conversation with the developer and the manufacturer that is actually training, you know, the engines in this case and, and, and, and, and doing it in a, in a safe way, for example.

(00:46:25):
This is key. So first of all, we need to be sure, or companies need to be sure that their systems, the biometric systems are well trained, okay? And there are you know, are not a threat independent testing. So they are, they undergo through independent testing. Like for example, the nist, the National Institute of Standards and Technology, which is you know, depending of, of, of, of the us department of Commerce you know, they go some tests cyber securities tests. They, they have some certificates like the i o 27,000 or maybe they associate to, and of course, they are also concerned. And, and this is a a discussion we, we always have with, with the industry about the bias. Okay? So of course, when you have passwords and you have letters and, and numbers that's it.

(00:47:13):
You have letters and numbers. If you have AI trained biometric engines, if you don't train, well, you could have racial bias or gender bias behind, okay? So of course, you have to be sure that your biometric engineers, the ones that you're employing for, for the legal access as well as the physical access, have not racial bias and not, well, very well trained. And, and of course, there are some ethics behind, okay? So there is, for example, a framework that was created by, excuse by Google, Microsoft, and I B m and other companies that establish AI ethics principles. Okay? And actually for example, we, we are the only company in the world to have AI ethics analysis analysis in our system tested for, and to comply with this framework, meaning that you know, we care about data privacy no, not storage safety and security responsibility and accountability principle furnace transparency and so on.

(00:48:13):
And then they are very concerned. That's, that's the first thing. And then the second one would be, am I subjected to AI attacks? So deep face and anti spoofing techniques, and an anti and spoofing, actually. So you have to be sure as well that your systems are robust and resilient against this spoofing attacks. Okay? And as as you were mentioning before, when you have AI protecting your systems, you can have AI attacking your systems, but if you have ai AI attacking your systems, you can have also some learning about those attacks. So for example, we, we are present in more than 25 countries, and we see a lot of fraud, a lot of attacks coming from, for example Latin America and countries or maybe Europe. And these attacks are different, very different, okay? So we see attacks in, in Italy that are completely different than, than, than those attacks that are being you know trying to, to, to enter into a company in the UK or in Mexico. And, and we can learn from all those attacks to prevent them to enter in, into the systems that you know or, or companies were trying to protect in this case.

Larry Longhurst (00:49:31):
And, and the other thing, if I may, that I would add there, Lou, is that that it's, it's, it's important to have an engineering team that is capable, that is able to be nimble and, and, and, and, and, and, and adjust to attacks on the fly. So, so that's a, that's a, a critical piece of it, having proprietary systems, right? A lot of a lot of solution providers out there have multiple partners that they've worked with, but that does make it more difficult to, to respond in a timely manner when, when new threats come up. And so, so that's, that's, you know, a couple of things also that come into play as, as, as, as you look, as you look at, you know, how do we, how do you, how do you how do you adjust on an ongoing basis to this new sort of world that we live in?

Curtis Franklin (00:50:22):
Well, we've been talking about a, a number of things, and, and I want to, to get back to this idea of working with other things a little bit, because we know that ironically, complexity is the enemy of security. And as we get into these more complex systems, if someone is implementing Veritas, how complex is it to add it? Let's say someone is using a standard single factor authentication. They're, they're on username and password, and now they want to add Veritas. Does this mean that they've got multiple services they've got to attach to? Do they have multiple cloud instances they're gonna have to attach to? How complicated is it to make this happen?

Larry Longhurst (00:51:24):
You know, it's, it's, it's in a, in a very, in a very basic way, it's very efficient and very quick. It's not that complicated. The, the, the key is we, we are a technology provider. So often out the, the model is that we will be a partner with an identity platform, for example. And so we'll, we'll, we'll, we'll attach into that identity platform and, and, and that will then be, be, be what the consumer is using for, for, for this, for this tech. And, and it's, it's very streamlined, very efficient to, to add in to a new customer that, that you know, that instance, if you will it's, it's all, it's all, it is all cloud-based. We we're, we're, you know, AWS cloud-based offering. But, but so, so it makes it, it makes us nimble and, and be able to respond very quickly when, when, when there's a need. We can, we can deploy it in as quick as two, two weeks. So, so it, it turnaround time, there's, there's very little sort of coding that has to take place, very little customization. It, it can, it can happen very quickly.

Curtis Franklin (00:52:34):
And again, I, I want to, to commend because do you tend to deploy your solution in a way so that it is the factor, or is this an additional factor on top of that username password? So this becomes part of a multifactor authentication thing. And, and if it, if it is that second how long does someone have to hold their face still in front of a camera? You know, how much friction does this add to the entire process of being authenticated?

Larry Longhurst (00:53:14):
Yeah, that's a great question. So, so first to answer your first question, I would say the answer is yes. S some, some do it in single factors, some do it in multifactor. So, so it just depends, right? Obviously. I mean, no matter what it is, if you're gonna, you know, in security we talk about layers, right? And so you add, you add another layer, it's going to be more robust. How much friction does it add? It's very, it's very minimal actually. Typically, the authentication the ongoing authentication often will happen on, on a mobile device. That's the mobile device is, is, has the best cameras. And so it's able to, able to provide the best experience, i i, if you will. But, but it's, it's, it's, it's, it's, it's a matter of a second or two. I mean, it's very, it's very short, it's very quick. But again, it, it can happen with a computer camera, certainly on the onboarding process and the onboarding process and the, what we call I D V that, that is, we, we, we, we, we strongly recommend that that be done on a mobile device because of the, because of the camera quality. But on an authentication basis, on an ongoing basis, it's, that's less critical.

Curtis Franklin (00:54:26):
Okay. Now, one of the things, you know, we've been hearing four years that the holy grail of authentication is passwordless, you know, let, let's get rid of these things that people can't remember and that <laugh> are, are such a pain in the rear to come up with and remember, and store and manage and all that stuff, right? So are you seeing any deployments where people are using, I know that there are some companies doing things like behavioral analytics and, and so they're using behavior as a factor. You know, are we getting close to a place where someone can do multifactor authentication while still never requiring someone to type in a password?

Larry Longhurst (00:55:17):
Oh, I would say that's absolutely true. Yes, we are, we, we were there today that that could be done today, multifactor without a password. And, and, and frankly, we think that's, that's the dr that's the place we should be in. I mean, across the board, it's, it's, it's more like I outlined at the beginning. We, we feel like it's more secure. It's, it's, it's a better experience. It it, and saves money. I mean, everybody, everybody's happy there.

Curtis Franklin (00:55:43):
Now, I, I do want to ask a a back on the privacy question, because that's something that everybody I, I was flying a couple of times in the last couple of weeks in one of the airports where I was Orlando, they're using some facial recognition at tsa mm-hmm. <Affirmative>, and I know a lot of people have very real privacy concerns, and I know you have said that because of the way your system works, that you can steal an image and have that used to authenticate without the human face in front of it,

Larry Longhurst (00:56:19):
Right?

Curtis Franklin (00:56:20):
But is there enough identification or enough data stored so that someone could be identified from the data storage so that a face could be matched with an identity? Where I'm going with this ultimately is how Big Brother esque should people be worried about the facial recognition data that a system like yours stores in case someone could get into it and use it to keep track of them as they go about their normal entirely law abiding lives? Yeah, no, that's great. Alfonso, I'm gonna let you field that one.

Alfonso Santos (00:57:06):
Of course. So so first of all, we so how this works is that we, we, we don't store any data. So it's gonna be the, the client in this case, the company that is using this service, the one that is storing only this biometric template when it's used, okay? And this biometric template, which is as, as Larry said before subset of numbers of letters is gonna be particular for that system. And actually, we, we always say that this system should be private, secure, and, and voluntary. Okay? So we, we cannot force and, and, and people has not must be forced to use these systems, okay? But there are not a lot of, you know, legislation out there to be, to be able, I mean, to be protected or to protect citizens in this case or customers, okay?

(00:57:58):
Like GDPR in Europe, which is one of the most restrictive legislations regarding privacy, but also CPAs, so California Privacy Act and, and vipa the Illinois Privacy Act. And so if the systems are well developed and are robust you can comply with those, which means that if you have all the framework implemented to, to deploy biometric systems, then you can be sure that you are not under these big, broader you know systems. Okay? in fact, for example, we, we have hardware, we, we manufacture hardware also for, for facial authentication in, in the physical access. Okay? Because well, we, we, we are beginning to see that there is a merge in the physical or the logical, I mean physical and logical worlds or physical digital worlds. And with, with one enrollment, you can, can be entering your, your building and also your computer with your with your face, okay? And, and those systems can, can, can store only the biometric vector green a certain period of time, okay? And they can turn on only if you are you know very close to those systems. So camera will turn on only to, to, to take your face and, and, and don't be, you know, to avoid open field, biometric computation or video surveillance systems. So we are not in that, in that sphere. So it's everything about voluntary, secure, and private.

Curtis Franklin (00:59:35):
I like the voluntary, secure and private words that you're using there. I think those are all good. So as we get closer to to having to wrap up, I do wanna ask one about your, your customers. And that is, I know that you said that you are frequently partnered with another authentication and identity provider. Would you say that most of your customers are global 500 companies? Do they tend to be as small as say small engineering consultancies, or are they somewhere between, what kind of customer would you think is typical for solutions that incorporate the Veritas solution?

Larry Longhurst (01:00:27):
You know, it's a, it's a tough question to answer because there's a really broad, we, we play in a broad vertical space, right? A lot of different verticals as well as a lot of different SI sizes. What I will say in general is, is volume matters, right? So for the very small companies that are only gonna have a few hundred you know, verification authentications, you know, on a monthly basis, that's probably not a, this is probably a space where we're not gonna be playing in. So, so, so in the, in the financial industry, for example, financial institutions where I have a, a lot of experience, you know, we're typically going to be in the larger, you know, the top maybe 200 financial institutions in the country, two 300 kind of size is where we're going to be playing, as opposed to, you know, your small community credit union that has three branches, right? And, and Jen, again, it's just, that's that, that question just is really around scale. Let's see. There was another aspect to your question and now I'm forgetting it.

Curtis Franklin (01:01:31):
Well, just trying to, you know, you, you've begun to answer it when you talk about the scale, because it sounds like the, the issue is more how many authentications per month, rather than a specific either number of employees or you know, annual turnover in terms of, of dollar amounts. Mm-Hmm.

Larry Longhurst (01:01:54):
<Affirmative>. That's correct.

Alfonso Santos (01:01:55):
Yeah. May, may. Yeah. Maybe, maybe you can answer. So it, it will depend a lot on, on, on, on the use case as well. So what we see is that we have, you know the industry and then we have s upsets of technologies. We have voice authentication and facial authentication, which by the, by the way, they, they, they both can play as multifactor authentication as well. And, and we are seeing a lot of companies playing with those two factors to, to be extremely sure that, you know you're authenticating properly your, your customers that our technologies are easily scalable. So as, as I as as, as we told you before, we're in different industries like insurance companies like b fsis or banking, financial services, fintechs retail as well, telcos. And so there, there is a lot of, of, of industries in which we are deploying our technologies.

(01:02:50):
And then of course, mid-size and large size companies are the ones that are, you know, eager to adopt these, these technologies. But also smaller companies can also, you know, begin adopting one or two of these technologies. And, and also we have the physical, physical side. And, and you mentioned before during your your program as c i p, so the critical infrastructure and healthcare as well. So, so we are, we are beginning to implement those of physical access through facial authentication in those, those sectors. So you can begin with two as, as you said in the around airport with one or two terminals, and then scale, scale it up, up to, you know, 1000, 2000

Lou Maresca (01:03:30):
Be before we clo close up, I do wanna channel a little bit of our other co-host and producer, Brian Che. He loves to ask the, the famous looking glass or fortune telling question around the fact that, you know, obviously there's a rapidly changing landscape, whether it's digital identity or biometrics. Where do you see Veritas in the next five years?

Larry Longhurst (01:03:57):
<Laugh> we, we, we argue who's gonna answer? I'll start and then, and then, and Alfonso can finish. How about that? You know, we, we, we do see, we do see a significant move toward passwordless, right? We talked about that multifactor with space and voice with, with maybe some other behavioral things was were discussed. But we do see a significant move in that direction in, in the identity space. You know, all the studies show that, that that, that the growth in this space is going to be significant in the next, you know, five years. And, and, and, and we don't see any signs, indicators that are, that are gonna, you're gonna say otherwise. So, so yeah. It's, there's gonna be a, a significant move toward, toward this technology. Mm-Hmm.

Alfonso Santos (01:04:40):
<Affirmative>. Yeah. So we, we recently shared Google, you know making this announcement and, and a warning about the dangers of passwords and recognizing the benefits of using biometrics. So we are, we, we see that these are, you know, you is being with, with those sectors that are, are really compromised about, about passwords, like airports, for example. But then we will see that lot of companies will implement biometrics, not only those that are in the security, you know, world, but, but also those that want to, to, to trustfully improve the user experience. Okay? So we see a world in which biometrics will verify and authenticate users within seconds. No, no, not leaving the user frustrated as, as, as we are right now. Okay? which will be the case even if a password was involved. So so that's, that's where we are right now. And we will see that the deployment of, of authentic facial authentication, voice authentication, and also the data, the, the detail and physical merge, you know, so where only one enrollment will be valid for accessing your offices, your headquarters, and then also your computer. Okay. Or, or your intranet, your user area. And that's, that's, that's where we see the world going.

Lou Maresca (01:06:00):
Sounds interesting. Well, with any great show, time flies, of course. Alfonso, Larry, thank you so much for being here. We're, of course, we're running low on time, but wanted to give you a chance to tell the audience at home where they can learn more about Rados. Maybe they can, how they get started, how they can get in touch with you.

Larry Longhurst (01:06:16):
Yeah, so just our website is probably the best place. Veritas.Com. There's, there's a, there's a link on there you can ask for sales and, and just, just request to contact. And we'll be, we'll be in touch with you shortly. You can look us, look us up on LinkedIn as well. I mean, you know, we're easy to find on LinkedIn, so happy to, happy to connect with, with anybody out there that like to have some more discussion.

Lou Maresca (01:06:38):
Thank you guys. Well, folks, you've done it again. You sat through another another hour, the besting Enterprise and IT podcast in the universe. And I wanna thank sh everyone who makes this show possible, especially to my wonderful co-host. I wanna thank Mr. Curtis Franklin. Curtis, what's going on for you in the coming weeks? Where can people find you?

Curtis Franklin (01:06:55):
Well, next week they can find me in Las Vegas. I'm gonna be at a vendor conference then back home for a while, and then in August I'm back out in Las Vegas at Black Hat and Defcon. In the meantime, I'm writing, I've got a new piece up today on dark reading at the Dark reading slash AMIA tab. I will be doing stuff on the various social media fronts, trying to help people find me there. To be brutally honest, one of the places I'm being more active these days is LinkedIn. So people are welcome to go over and find me on LinkedIn Curtis Franklin on LinkedIn. But I'm, I'm staying busy, lots going on. This is paradoxically a busy season for us here in the US security industry while our colleagues over in Europe are taking August off, we are decamping to the desert and trying not to have a heat stroke while we learn about all the latest vulnerabilities, threats and hacks. So a good time. Follow me. I love to hear from the Twy Riot in various message forums. Let me know what you're thinking about and what you want to know about. Happy to engage

Lou Maresca (01:08:14):
At any time. Well folks, we also have to thank you as well. You are the person who drops in each and every week to watch and to listen to our show and to get your enterprise goodness. And we wanna make it easy for you to watch and listen and catch up on your enterprise and IT news. So go to our show page right now, TWIT tv slash twy that you'll find all of our amazing back episodes and all the notes of the show, guest information of course. But of course next to those videos, you'll get those helpful. Subscribe and download links. Get the support the show by getting your audio version or video version of your choice. Listen on any one of your podcast applications or devices, cuz we're on all of them. The best way to listen is definitely subscribe and be part of that movement.

(01:08:54):
Definitely do that. But of course you also may have heard we have Club Twit as well. That's right. I alluded to this in the beginning of the show. Club twit is an ad free members only podcast service with a bonus TWIT plus feed you can't get anywhere else. It's only $7 a month and a, a lot of great things you can get. Obviously the ad-free part of it's great, but one of them is also the exclusive access to the members only Discord server. You can chat with hosts, you got chat with producers, separate discussions, channels plus there's lots of special events, lots of fun ones, really good interesting stuff that you can't hear anywhere else. So definitely join club Twitter, be part of that moment. Go to Twitter tv slash club twit. Now they also offer corporate group plans as well. It's a great way to give your entire team access for to our ad-free tech podcast.

(01:09:38):
And of course the plans start with five members at a discounted rate of $6 each per month. And you can add as many seats as you like there of course. And this is really a great way for your IT departments, your sales departments, your tech teams to stay up to date with all of our podcasts. And of course, just like regular memberships, you can join the Discord server or even that trip plus bonus feed as well. And of course there's one other way as well. You can also do family plans, that's why it's a $12 a month plan and you get two seats with that. And then of course there's $6 each for each additional seat after that and they get all the advantages of the single plan as well. So lots of options there, Jeff. Definitely join Club Twit at twit TV slash club twit.

(01:10:15):
Now, after you subscribe, you can impress your family members, your friends, your coworkers with the gift of Twy cuz you know, we have a lot of fun on this show. We have a lot of great information and tech topics and I guarantee they will find it fun and interesting as well. So definitely share it with them and have them subscribe. And if you've already subscribed, we we're doing this show live right now. That's right. We have a live stream. You can just go to your website of live twit tv there. You'll see all the streams you can choose from. You can see behind the scenes how the pizza's made, all the banter and before and after the show, how we basically produce this thing live. You can see, come see all my mistakes, check that out, laugh at me. Of course. Oh, if you wanna be part of the live show as well, you might as well be part of our live chat room as well.

(01:10:55):
We have an IRC channel that you can get to just as a web browser as well. Go to IRC dot twit tv, there'll pop you into the Twit live channel. We have some amazing characters in there each and every week. Ripple Rider, reverb, Mike we have co-ops, we have Keith, we have everyone's in there this week, Wizz Ling. So check, check that out, be part of that. And of course get some amazing topics and, and show conversations in there. IRC tv. I wanna, I want you to also contact me because I love to hear feedback about the show. I love to hear just the topics you want to hear about when, when we, when we banter, you know, of course I also talk to a lot of people who are starting out in the industry where they should go. Even people who've been in the industry for a while around implementations and solutions.

(01:11:39):
So definitely hit me up whether it's twitter, twitter.com/m i I have a lot of messages on there. In fact, it's, I'm actually surprised I get more messages on Twitter in the direct messages than I do on email. People tend to use <laugh>, the direct messages more than email nowadays. So definitely hit me up on there. Of course, Lil I at twit Social for Macon, of course you can direct message me as well there. And of course LinkedIn as well. Hit me up anywhere you can, cause I love your feedback. Love to talking to you people. If you want to do, want to know what I do during my normal work week at Microsoft, definitely check out developers.microsoft.com/office. There it is. Latest, greatest ways for you to customize office, make it more productive for you. And of course, if you have Microsoft 365, just pop open Excel right now and check out the automate tab.

(01:12:24):
It's fun, actually Record macros, do all the things you wanna do in Excel records, it generates code for you. And then you can replay them back, whether it's in power, automate behind the scenes, you can integrate a whole bunch of different services or you can just run them right in the client there. It's a lot of fun. So definitely check that out and, and see if that can make your life more productive, more automated. I wanna thank everyone who makes the show possible, especially to Lisa and Leo. They continue to support this week at Enterprise Tech each and every week, and we couldn't do the show without them, so thank you for their support over the years. Of course, I'll thank you to all the engineers and staff at twit. They're always involved and always really helpful. And of course, thank you to Mr.

(01:13:00):
Brian Che. He's not only our co-host normally, but he's also our tireless producer and he does all the bookings and the plannings for the show. And again, we really couldn't do the show without him. So thank you, Bert. I know how hard your job is. I've, I've tried to do it and I failed. So thank you sheer for being there and being there for us. Of course, before we sign out, I also have to thank our TD for today. Mr. Victor. Victor, thank you so much for all your support. Anything special coming up today.

Victor Bognot (01:13:23):
Yeah, I'm glad you asked. Later club Twit members check come on to Discord later on for a hangout. And somebody told me there's gonna be ribs, so, Ooh, I don't know about, I don't know about eating ribs on camera though, <laugh>, so it, it'll be ant and some of our other staff who are here in the office just hanging out. So fantastic. Yeah, join us later. Looking

Lou Maresca (01:13:55):
Forward to it. Love it. Thank you. Well, thank you again Mr. Victor, and of course, until next time, I'm Liz Ska. Just reminding you, if you wanna know what's going on in the enterprise, just keep TWIET

All Transcripts posts