listeners i have important news before
we dive into today's episode i want to
make sure you all know that we have a
lot more than weekly interviews about
cyber security careers to offer you you
can actually learn cyber security for
free on our infosec skills platform if
you go to
infosecinstitute.com
free and create an account you can start
learning right now we have 10 free cyber
security foundation courses from podcast
guest kitron evans six cyber security
leadership courses from also podcast
guest cicero chimbonda 11 courses on
digital forensics 11 courses on incident
response seven courses on security
architecture plus
courses on devsecops python for cyber
security
javascript security ics and scada
security fundamentals and more just go
to infosecinstitute.com
free and start learning today got it
then let's begin today's episode
today on cyberwork andrew howard ceo of
kudelski security returns to give us his
cyber security predictions for 2022.
how will cyber security protect the
supply chain why is quantum computing on
all his clients minds and how would
andrew rewrite security from the ground
up if the genie granted him three wishes
find out today on cyberwork
welcome to this week's episode of the
cyber work with infosec podcast each
week we talk with a different industry
thought leader about cyber security
trends the way those trends affect the
work of infosec professionals and offer
tips for breaking in or moving up the
ladder in the cyber security industry
as the ceo for kudelski security andrew
howard leads the global cyber security
business focusing on the global
expansion of the group's cyber security
activities as well as broadening
kudowski's security solutions andrew joy
joined kudeski security in 2016
as the chief technology officer and
that's when we last saw him he was on
our podcast a couple years back as cto
andrew led kudelski securities technical
strategy product development engineering
and research oversearing overseeing in
particular the launch of the group's
internet of things security center of
excellence its managed security services
platform and the delivery of secure
blueprint the group's cyber business
management platform in 2019 he was
promoted to chief executive officer to
scale the business out of its build
phase and into a leading global cyber
security provider andrew is also a
global futures council member for world
economic forum and holds information
security certificates from isaka and ise
squared uh so last time andrew was on
the show we talked about uh the security
implications of the mass migrations into
the cloud uh which at that point was
still
um something that a lot of people
thought was a little bit down the road
now obviously we've gotten a lot further
along uh and andrew has come back to
talk to us a little bit about some of
his predictions for 2022. uh andrew
welcome back to cyberwork hey thanks for
having me
uh so i don't remember if i asked you
before and certainly if people haven't
heard your old episode they should go
back and listen to it but can you give
us your security journey where did you
first get interested in computers and
tech and what
drew you to it
it's a good question
my mom has a photo on her desk from when
i was five or six taking apart a radio
and uh
so as a kid i was taking things apart a
lot and was kind of a fiddler one to
understand how things work
then uh sometime in the 90s i saw the
movie sneakers oh yeah dan aykroyd
sydney poitier
robert redford
great movie and that
uh i didn't know what i was getting
interested in at the time but that movie
definitely got me interested in the
security space
and then ultimately uh when i was at
university i
took an internship with a
u.s army r d organization okay they
needed help making sure these systems
didn't get accessed by people they
shouldn't be accessed by and at the time
they didn't call it cyber security but
that's what it is today and right in
ever since
okay so um the last time you were on the
show as i said we discussed security
issues related to migrations into the
cloud uh so obviously a lot's changed
since then considering the changes in
the world uh due to changing work
environments and the need for an
accelerated move into the cloud uh how
do you think the process has involved uh
uh evolves like where did you think you
saw it back then and and how is it how
has it uh
been on kind of a little global scale
now
so i think uh the last time we talked i
think i told you that
most companies are looking at the cloud
and
uh will be there one day i think was
yeah if you're not there now you're on
your way right or you're on your way i
mean at the time i was meeting i was
meeting with cios and it was certainly
on their roadmap for where they were
heading
today
if i look across our client base and all
the cios i've met i haven't seen a board
deck yet that doesn't say we're getting
out of our data centers if we're not
yeah we won the second thing i think is
true
is we see a lot more born in the cloud
companies than ever before since
uh and i will say working with them is a
very different challenge than working
with a legacy company they tend to move
at much greater speed and velocity than
the legacy player will just because
they're dealing with the old and the new
and the third thing i'll say that i
don't know that i anticipated
back then is that everybody seems to be
hybrid cloud even if they don't even if
they don't know it i mean they might
tell you they're always us or they're
all azure but what you find once you get
in is that they've got things everywhere
i mean azure google cloud every sas
platform you can think of so
you know so i think the story in 2017
was right people are moving that
direction but the story today is they're
there and they're getting them and
they're expanding
yeah now
were you surprised at sort of how much
dragging of the heels there was i mean
it seems surprising that people are
still like at this point considering
whether or not to do the cloud or oh
yeah we're on our way or this is the
year where we go completely cloud are
you are you surprised at some of the
outliers and the people searching i mean
i can tell you we have
four to 500 fairly active clients
meaning we're doing a lot of work with
them and there is certainly a percentage
of them that desire to stay
on premise for some component it's
almost always driven by regulatory
concerns it's not a desire or a cost
reason right yes
they're being forced to for one reason
or another i also think that environment
is changing i mean as
azure and aws have started open regions
and different countries i mean that
removes some of that concern
but there are clients that are still
kind of in the slow moving atmosphere
but that's a it's a rarity yeah that's
why it's why it's a bell curve there's
always a couple of folks at the end
there yeah i would just say the tails
it's a one-sided tail
belker for sure yes yeah okay so for
today's episode andrew uh as i said
wanted to discuss some predictions and
opinions on trends for cyber security in
2022 uh but before we get into that i
wanted to ask you about this past year
i'm guessing you made predictions
similarly at the start of 2021 how did
the year shake out in terms of security
compared to what you imagined
uh so what i love about this prediction
spaces is that it's easy i mean i can
basically just take the predictions from
in a year
and
uh just make them sound worse and then
apply them to the next i mean that's
basically how this market works sure
they don't change i mean so the
predictions we made last year were
ransomware is going to get worse you're
going to see
cryptocurrency oriented attacks we were
right on those i think we were wrong
about what was going to happen in the ot
space
uh i think we thought there'd be more
kind of
operational technology attacks than
there were
but overall i think our predictions were
pretty right but i think again i think
it's uh a low target because yeah the
reality the cyber security market is is
that um
uh the attackers are getting better and
the defenders are only getting
marginally better right yeah yeah i was
gonna say i've talked to a few guests
who said that like you know even more
depressive like things haven't really
changed that much in 15 years let alone
one year you know you're still i mean
yeah i could make a pretty good argument
that there hasn't been a major
cyber security defensive innovation in
40 years since uh
public key cryptography doesn't mean
we're not doing a good job and it
doesn't mean that we're literally
improving
but uh the attackers are are
are financed well and are moving fast
do you can you see in your mind whether
it exists or not what that next you know
that next huge innovation would even be
or if it's on the horizon i think it's
this quantum computing topic
uh five or six years ago
and even a year ago we were saying it's
coming someday i mean it's been
something that we've been hearing about
we are getting to the point that it's
more real i mean
we have clients that are in the more
regulated space that are are starting to
to worry about it i mean uh nist is
about to publish their quantum
algorithms
yeah i think it's time to start paying
attention i don't know that it's time to
start getting worried
can you talk a little more about that i
i don't know if i actually have had the
question in my question set but what
what are your thoughts on on where
quantum community computing is going and
what's what's the end
not endpoint but what's the what's the
sort of terminus point of
this work
most cryptography today is based on hard
math typically around factorization
number factorization uh a quantum
computer
uh if large enough and in existence can
theoretically crack these
factorial based algorithms very quickly
such that all current encryption
could be at risk
there are quantum safe algorithms out
there they have trade-offs that quantum
computer doesn't exist yet theoretically
it does in some form but not a big
enough size that we're aware of to crack
current cryptography the concern right
now is that and what i would be worried
about if i was a regular regulated
entity would be
uh is the data that i'm creating today
which is being encrypted with current
algorithms being stored somewhere for
later decryption once this computer is
available i'll also say that this
computer will probably be available to
those who need it to do
nefarious things well before the public
knows about it so it's coming we're
probably not there yet if you'll get the
latest and greatest research you know
five to seven years away my guess is a
little sooner what what are the concerns
that you said your clients are are
concerned about are they just concerned
that they're they're not ready to uh
like is it the cost element or the what
what they're concerned about the
the
safety of the data that they're
encrypting today because could be stored
put offline
brought back online and decrypted
and they're also worried about the
future of their communication algorithms
theoretically i mean as a general
statement trading out your cryptography
is not something you want to do
and so
especially at large scale and so it's
time to start thinking about it not
necessarily take action
okay so uh my previous guest uh last
week was infosec instructor and chief
security researcher keytron evans and we
talked about some of the major breaches
uh that happened this year i mean some
were hacked some
uh or originated in social engineering
we got quite a lot of ransomware out
there in the world um where do you see
the the ransomware threat vectors coming
from next what's what's the state of
ransomware right now
ransomware is the money-making tool of
choice today i would say that it is a
symptom of the problem not necessarily
the problem okay ransomware has allowed
bad actors to do is to monetize their
threats
in the past they would have just
deployed malware take systems down steal
intellectual property
threatened to steal intellectual
property or take systems down today
they're just using ransomware to extract
payments so they found a way to make
money fairly straight in a fairly
straightforward manner uh
i will say that the bigger issue is how
the ransomware is getting in which is
today typically through email so bad
attachments bad links
malicious links uh you know one of our
predictions for 2021 shark 22 is that
ransomware will
uh double if not triple i think that's a
pretty safe bet just to be honest yeah
yeah i probably could have said that
last year so but i do think that for the
time being this is the threat of choice
and if companies haven't gotten their
act together around this topic it is
time to get your act together
what recommends recommendations do you
have along those lines
uh it requires a holistic approach for
sure i mean there's no silver bullet
here you know we have clients who just
want to buy a solution that's tough yes
want you to make it go away for them
they could go away for them i mean there
are
easy things you can do but it requires a
holistic approach it's going to require
backup solutions strong security
identity solutions
we would probably recommend an incident
response retainer with some with a firm
that can respond
there are also just
you know straightforward things that can
be done that can limit your risk such as
deploy some kind of endpoint technology
tool
but uh it's not one thing it's uh tends
to be a variety of things
okay uh so by the time this episode airs
in early january we'll be through the
end of the end of year holiday season
and and certainly the two big words that
hung over everything were supply chain
we were told to buy gifts early because
of the supply chain stock up on supplies
because of the supply chain prepare for
inevitable disruptions of all types due
to the supply chain can you speak about
supply chain issues from a security
perspective and and what improved uh
security can do to either ease the
bottleneck around it or how we can move
into whatever the next phase of delivery
of goods and services is
sure so i'm going to take this question
from two different viewpoints okay so
when you talk about supply chain the
first thing people talk about typically
is chips and product manufacturing i
mean that's what most people mean this
is the new frontier in security
we have matured greatly on the
it side of the equation i mean the
average enterprise is a lot more secure
today than they were a year ago or and
and the high-end companies with the big
revenues who are spending a lot of money
are much more protected than they've
ever been
however
the operational technology environment
you know plant production lines
elevators
manufacturing equipment vehicles
iot iiot all these topics i mean this is
the new horizon in security because
these environments have typically been
avoided from a security perspective
they've typically been
disconnected from the internet that is
no longer the case
and third they're hard to make
improvements in uh because they tend to
have big uptime requirements which slows
security professionals down
i think this is the new frontier from
security and there is a lot of
opportunity out there for
both nefarious actors but also for
improvement
you can also look at this problem from a
an access or a
data management perspective meaning that
we've seen a lot more attackers move up
the chain and instead of attacking an
end customer instead attacked their
software providers or their data
providers or their isps or their msps
because why attack one customer when i
can go attack an msp or a software
provider and attack just them and get
access to a thousand of their clients i
also think this is another
not just emerging but uh area requiring
a lot of focus and it's impacting these
supply chain topics
uh and companies need to be aware of
their
reliance on third parties and the
potential risks they're inheriting
now
uh you said that there's a lot of
opportunities opening uh not just for
bad actors but for for us to improve
things is this uh an area i mean
obviously all security is area of growth
this is area of growth for people you
know we're always looking for uh
opportunities for people just getting
started in their security journey to
look for new career directions is this
strengthening the supply chain is that
something that uh people can start
looking towards as as a future career
i think so i would probably categorize
it more as physical device security okay
also and you know i think there is a
super need for
young talent on the
traditional i.t side of the equation
there is about to be a equally large
need on the
kind of manufacturing side of the
equation as well because
it's not just your laptop anymore it's
all your iot devices it's your
thermostats and it's also your nuclear
plants so there's opportunity
yeah um now a great deal of questions
addressed above especially supply chain
pertain also to uh you know the 900
pound girl in the room uh covet 19 and
the way it's changed society and
including work and and the way
everything sort of uh you know travels
it's uh looking from this vantage point
that for the time being at least hybrid
work uh you're working some days in the
office and others from home is here to
stay so how will these new trends in the
way uh and the places we work change the
cyber security landscape if at all
so
we've been in this pandemic for 18
months now 20 months now first six
months
absolutely it was remote system access
yeah employees were not in the office
anymore now they're at home all the
remote systems are potentially
vulnerable i mean that is where all the
attention was early
now i don't see that as the biggest
issue i think
the most pervasive issue at this point
is employee trust
because we now lots of companies and uh
have employees that they've never seen
in person
yeah
and employees that are not in the office
might have a more transactional
relationship with their employer
and i think this is where cyber security
issues are being generated it's harder
to keep track of employees
there's a less of a trust relationship
between the employee and the employer
and i think this is leading to a lot of
challenges from
the overworked if you've read about that
to oh yeah uh and and just people making
um
things that used to happen in person
from a cyber security perspective are no
longer in person so i trust to me is the
new issue
but i mean
there's
i don't see the situation getting any
better
i just think yeah
okay so so while we while we get to know
our
our new remote employees are there other
sort of mitigating things that we can do
in the meantime is this like an access
control issue or or what you know what
can what what can you do if you're like
i'm not sure these people are here do
you like give them more limited access
to things and and hope for the best
until they sort of prove themselves or
what do you think so we have a
surprising number of clients reaching
out to us
on insider threat programs
as well as
access control programs so to
more carefully distribute data access
rights and i will tell you these
programs are not easy to put together i
mean i've been working as myself
personally for a long time and these
programs are difficult and complicated
but they're necessary now more so than
ever before
just because of the remote work
yeah
uh so moving on to another uh prediction
for 2022 cyber insurance has been a big
topic this year uh you know and although
i know it predates this year this seems
like kind of a year zero in terms of
tracking its effectiveness and its
issues and specifically things like the
regulation of it and the why and how of
of payouts and who you know who who pays
the money when when someone you know
calls in a problem that they have do you
think that cyber insurance uh as an
industry will be able to work out the
kinks and be a viable backup when the
worst occurs and if not how would you
change it
uh my answer is no this is a general
statement
i think cyber security insurance is part
of the bigger picture and part of a
program but
much similar to other topics not the
panacea
you know most companies are trying to
get cyber security insurance it's
probably a good idea it is getting more
difficult to get it because i think the
underwriters are getting smarter about
what the real risks are yeah also
companies need to go read the fine print
uh because often the exclusions
will eliminate the purpose of the
insurance altogether you know a lot of
insurance policies are now starting to
exclude ransomware that's problematic
yeah
is it just because it's so easy to get
in or because it's i mean it's such a
gnarly payout oh okay
the other issue is these policies are
rarely large enough to really deal with
the ultimate problem so i also think
that they're it is going to get more and
more complicated to get because again i
think yeah waking up
yeah yeah i mean it it does i'm sure
there's a point where it'll work itself
out but it does feel sort of like like
buying magic beans at this point yeah so
my advice is to most clients is go get
it for sure you need it read the fine
print yeah sure and and still don't and
don't lean on it
so um can you speak about president
biden's directives on immediately
addressing and patching vulnerabilities
and federal and government servers i
mean we've had guests speak a lot this
year about the importance of
prioritizing vulnerabilities and you
know the ones that are actually
exploitable rather than just working
around the clock to close everything
that can't be exploited anyway uh do you
think that what do you think about the
implications of of this directive to to
go close the close the gaps
i'm not surprised that department of
defense and government systems have
vulnerabilities yeah that is to be
expected sure you know i think the
the overall theme of the executive order
makes sense i mean the government should
go priority in these cyber security
topics yeah i don't think there's
anything new here to be honest i think
the um
it's not a surprise that an enterprise
is big as the us government has issues
and i think the executive and the ceo
for all intents and purposes is putting
pressure to close motorbike close holes
it's probably
are there legacy issues involved in that
as well is there is there like a large
hierarchy of like very old systems
versus more recent stuff
not only that they're unbelievably
complicated and
uh in many cases the us government
doesn't even know who built the system
because it's so old yeah or or yeah or
can't take things down long enough to
update the dimension right i mean this
is a complex environment i mean like i
said i mean the us government is just a
big enterprise it's just it's just a
heck of a lot bigger than anybody else
out there so yeah yeah so i mean do you
do you see it being um you know because
i gdpr was a good idea but it seems like
it's been implemented oddly you i mean
do you think this if this is a good idea
do you think that it's uh it's going to
do what it intends to do
i think it'll have uh marginal
improvement i mean
you're going to get a lot more benefit
out of having the right leaders in place
driving these programs and you are out
of any executive order got it
uh so now here's the part of the show
where i hand you the the magic wand or
the genie with three wishes and let you
make the pie in the sky changes to the
cyber security industry that you'd like
to see so where where do you start
so first thing i would do is uh get my
delorean
okay back to the future reference yeah
absolutely get that flux capacitor going
get the capacitor rockin
go back with marty mcfly to about
late
1980s when all these protocols are being
written
uh ftp http
and uh basically slap them in the face
and say don't build any of these that
you know
have security built in so i think that
kind of underlying protocol model of the
internet has been foundationally broken
for a long time
and a lot of the issues we see today
less so today maybe than five years ago
because a lot of the secure protocols
have taken over
but
that would have saved us a lot of uh bad
heartache i think secondly
uh i would go if i could do a magic wand
i would fix the authentication behind
email is where a lot of our challenges
come from today
it's driven by a lack of authentication
on the other side of the equation and
it's not that uh
it's not that the technology doesn't
exist it just isn't usable
uh and you know if my mom can't figure
out how to send an encrypted email then
it just isn't going to work
yeah yeah absolutely and probably you
know third i would
uh i would really if i could go fix
anything it would be i would really
encourage organizations to
not rely on security training awareness
so much
i think i i visit with a lot of clients
where
their solution to all problems is
security training and awareness
and and my view on that is there's a
place for security awareness and
training but it is a last line of
defense not first line of defense type
solution
and most security problems are the fault
of people like me i mean there needs to
be i blame security practitioners for
not creating good usable solutions to a
lot of problems you know a good example
would be fishing you know okay this is
just a place that security practitioners
have failed i mean flat out and
we should not be counting on
you know fishing for anti-fishing
programs or phishing training programs
and companies
to solve this problem i mean this is a
tech this needs to be a technology
solution that takes it out of the hands
of accounting or hr or an admin or an
i.t person it's a fallacy that is
created by our profession and it needs
to be resolved
do you feel like that's that's something
that the security industry has has sort
of kicked that can down the street by
putting it into the laps of the end end
users
i i i yes i'm a big believer in not
blaming the end user okay
an end user goes and clicks on an email
and that leads to a breach is that the
end user's fault or is that the security
leader's fault and and the answer is
this is the security leader's fault and
you know the security research world and
the security practitioners we have to go
give organizations the tools to not
blame the end user
i see lots of companies taking action on
employees who
you know make a
stupid move on their computer that leads
to
data exposure
and i just think that's probably the
wrong way to think about it
that's why i don't like these fishing
programs
as much as maybe someone might think i
would
can you see uh sort of
what what does the technology look like
that would sort of like put phishing
completely out of mind for for an end
user like does it exist in the world is
it something that's that's yet to be
built or is it just the will to
implement it
i um i think it's a complex problem i
mean uh yeah it requires
the right email solutions the right
authentication and the right data
analytics
to go do it but there's
in my mind
theoretically i mean obviously i would
have built this myself right this second
if i knew the solution
i think we as security practitioners
this is one area
that we have definitely failed i mean
there is opportunity for improvement
here
um and it and
and most security practitioners would
tell you that email is their biggest
threat vector and so this is something
that needs to be resolved and by the way
that's been true for 15 years
yeah
yeah it's it's more true than ever so
i can include it might can i make one
comment on the fishing thing please
i haven't you know so
running and you know running a phishing
campaign where you measure how many
people click the phishing email
i i think that's just a mistake because
i think that you're running after the
wrong metric what i would much rather
see organizations do is instead of
tracking who clicks on the email go
track who reported it okay so
you deploy a training email around
phishing and 15 of your employees
reported it as phishing to security that
is amazing you've just you've just
increased the number of people in your
sensor network helping defend the
network by fifty percent of your
employee base
right so i would much rather focus on
who recognized it and didn't click on it
then who didn't recognize it and did
click on it because i think in that
instance
training is only gonna get you so far
yeah yeah so is is that
mean that there's more of an issue for
people who maybe recognized it but
didn't do that extra step of reporting
it
yeah i mean i think there's a need for
people to report it
i also say that the people writing these
spear phishing emails today are very
good
very good yeah they're very good so
stunningly so this is part of my issue
with this
with with only counting on the click
metrics is yeah with enough time and
energy
i can write an email that everyone in
your company will click on
uh
just how much energy does it take and
you know i would rather put my energy
into defenses than necessarily
identifying it right
uh so speaking from a work perspective
um what advice would you give cyber
security students who are getting their
knowledge and experience in 2022 what
what trends or innovation should be they
be watching for in the new year
um
you know so what i see happening in the
security environment is
security as code i mean this is
basically the trend uh and it's driven
by the earlier conversation around the
cloud
the security the security leaders of
tomorrow are software developers today
i mean i i i'm
pretty sure about because what i see all
of our clients doing is trying to
automate the security process and
they're doing it because they can't find
enough people plus they want better
efficacy so by automating they could
have more confidence in their their
their mitigations more confidence in
their controls
and it's it's faster better smarter
well that puts a huge amount of demand
on people that understand how to
automate and how to
take a complex problem and turn it into
a simple solution that can be done over
and over and over again so i mean what i
tell
more junior people that are interested
in getting in this space problem solving
this rule number is is requirement
number one very interested in solving
the problem and then two is some data
analytics skills and some
scripting automation programming skills
even if it's just basic perl and python
are super valuable to the average
employer
nice uh so as we wrap up today andrew
could you please tell me or tell our
listeners about kudelski security and
some of the projects and productions
you're excited to about going into the
new year
sure so we're a
swiss based uh as you can see in the
factory there we are
live from switzerland matt horton uh
cyber security firm we focus on
enterprises big and small
we have been on the market since 2013
uh with major presence in europe and the
us and we help enterprises get ready for
uh the
attack that is inevitably coming so we
provide
advice
on how to protect your network we
provide evaluation of your network
and your controls that protect that
network and then we'll secure the
network on your behalf either
secure it and let you run it or secure
it and let us run it
in addition we
work in a lot of spaces to develop
strong security solutions everything
from blockchain which is a
fast-moving market yeah a lot of
security demands to operational
technology
and how that space is evolving and what
tools are required we like to think of
ourselves as a partner to our clients as
they move their business we like to
protect their business models
uh so we'd appreciate the opportunity to
talk to anyone that has needs
uh
i was just about to wrap up here but you
mentioned blockchain security can you
talk about that at all going in 2022
what's what are the what are the the
concerns going around that right now
this is our fastest
growing business segment foreign
and
our company historically has been
engaged in
cryptography a lot of cryptographers on
staff and uh they're in hot demand in
the blockchain space okay is the amount
of venture capital being moved into the
blockchain space to develop
decentralized finance apps and exchanges
new cryptocurrencies uh is at a pace
like i've never seen before i mean the
number of apps being developed uh is at
a crazy crazy pace and all of those apps
have security vulnerabilities that need
to be mitigated all those exchanges want
to be secured all those crypto
algorithms underneath the new chains and
currencies require validation so that's
where we play
we partner with companies that are
developing those technologies
and help them secure their business
models
all right one last question for all the
marbles if our listeners want to learn
more about andrew howard or kadowski
where can they go online
company website's always the best
kadelskiysecurity.com k-u-d-e-l-s-k-i
kadelski security.com great andrew thank
you for joining me today and talking us
through your predictions for the near
future it's been a lot of fun thank you
very much
uh and as always thanks uh thanks to
everyone listening and supporting the
show new episodes of the cyberwork
podcast are available every monday at 1
pm central both on video on our youtube
page and on audio wherever fine podcasts
are downloaded i'm also excited to
announce that our infosec skills
platform will be releasing a new
challenge every month with three
hands-on labs to put your cyber security
skills to the test each month you'll
build a new skill ranging from secure
coding to penetration testing to advance
persistent threats and everything in
between plus we're giving away more than
one thousand dollars worth of prizes
each month if you uh solve the puzzles
and let us know just go to
infosecinstitute.com challenge and get
started right now thanks very much again
to andrew howard and thank you all for
listening and watching we will speak to
you next week
[Music]
you