Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
Cybersecurity Threats, AI Impacts on Jobs and its Role in the Future of Electric Vehicles
Are you prepared for the digital dangers lurking in your computer, or the profound impacts of artificial intelligence on our lives? This episode arms you with knowledge of the latest cybersecurity threats, from North Korean state-linked nation group hacking Mac computers, to phishing scams and vulnerabilities in class action lawsuits. We also delve into the importance of staying up-to-date with software and using malware removal tools. Plus, we explore the potential ramifications of a government-created website or portal for class action lawsuits.
You won't want to miss our engaging discussion on the future of AI, including its potential to replace jobs, and even the possibility of an AI taking over as the CEO of a company. As we trust more of our lives to digital intelligence, understanding these potential scenarios is more important than ever. Furthermore, we reveal how AI is shaping the future of electric vehicles and the safety considerations that come with self-driving cars. Stay ahead of the curve and join us on this enlightening journey into the future of technology and cybersecurity.
Support the show - Call 877-468-2721 or visit https://petronellatech.com
Please visit YouTube and LinkedIn and be sure to like and subscribe!
NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.
Support the Show
Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:
- YouTube PetronellaTech
- YouTube Craig Petronella
- Podcasts
- Compliance Armor
- Blockchain Security
- Call 877-468-2721 or visit https://petronellatech.com
Hello, hello. Welcome again to another podcast. Got Blake right.
Speaker 2:Hello everybody so today we're going to talk about some of the cybersecurity headlines that are going on right now. Which one did you see that interest you?
Speaker 1:The Google Calendar being targeted by hackers is interesting.
Speaker 2:I'm a huge fan. I don't know for something about it to me that North Korea has always fascinated me. So apparently there's a North Korean state linked nation group called Bluenora that's essentially been using Objective C commands to hack Mac computers. But you don't see a lot of Mac viruses out there. That's surprising.
Speaker 1:So is the quick version to protect yourself on a Mac is just update and reboot, or is there something else that people need to do?
Speaker 2:I actually use software called Clean my Mac, which essentially has malware removal on there, but of course you always keep your computers up to date, especially Macs. So I remember there was a rumor going on a long time ago that Macs can't get viruses.
Speaker 1:Yeah, that was a myth a long time ago.
Speaker 2:No, they can. Obviously, I think people just choose not to write Mac viruses because it's a small percentage of the computer market. So why are they going to spend all this time, energy, effort, resources creating software that affects a small percentage of the computer users? So, no, just stay up to date. Clean my Mac is a good remover. What else let's see.
Speaker 1:So let's look at this Google Calendar thing. It's called C2 or CNC. It refers to a hacker-controlled server that's used by cyber criminals to send commands to, and receive data from, computers that have been compromised by malware. So they're saying, in this case there's a new proof of concept exploit. So they're saying that Google has not observed this in the wild, but it's been shared recently on a bunch of hacking forums. I'm just trying to see if there's anything that people need to do. I don't know about you, but I've noticed maybe, with the holidays coming around, an uptick in phishing is a little bit of a problem. Maybe, with the holidays coming around, an uptick in phishing and smishing and all sorts of social engineering attacks around deliveries and just delivery notifications or there's been a problem. Or payment, ach payments. I don't know if you've gotten those, but yeah, they're basically praying that you're going to click on one of these things.
Speaker 1:The other thing that was kind of interesting. That I was going to talk about is a lot of these class action lawsuits that happen and a lot of times it's hard to distinguish if the email is legitimate. I'm talking about, like sometimes they'll send an email and say, oh, xyz company was involved in a class action lawsuit. If you want to claim damages you have to click this link. And the first thing I'm like I'm like I'm not clicking on those links and they register these super long domain names that are notorious for being used in hacking and phishing and stuff. So I don't know what about you? Have you ever participated in any of that stuff? I just avoid it.
Speaker 2:Yeah, realistically it probably isn't even worth my time, but I was a part of the Experian or one of those credit union issues. By the time you submit your paperwork and do all that, I mean, then you get like five or six dollars. Is it really worth it? There should be a higher cost associated with I mean they need to set some kind of minimum damages like clause. If you look at my customer profile from any company, my data is worth thousands of dollars because they can use my data to deliver ads to influence purchasing or buying habits. I mean my data is worth thousands of dollars. I mean every person's data out there, arguably, is probably worth the same.
Speaker 1:And I would argue that it's probably worth more than that. I mean depending on how detailed the data is. I mean, companies would be willing to pay, I would say, tens of thousands of dollars if they can get certain data points.
Speaker 2:Exactly. So there you go. But yeah, you know. So it's kind of offensive when, like my social security number or you know my credit, you know information is compromised and they give you five dollars.
Speaker 1:Yeah, well, I think also, my point is that the mechanism or, in this case, the email, obviously email insecure, so email is so relied upon as the vehicle to transmit this information and I feel like there should be a government website and like a portal. Hey, you've been involved in this class action lawsuit. You know you can claim damages of $20 or whatever, and then you should be able to log into the dashboard of the government website and then claim you know your damages or whatever. You shouldn't be going to weird email or responding to a weird email address that you've never seen before and then clicking on links. I mean that's just a recipe for disaster, like you said. I mean oftentimes going to lead you down a rabbit hole. You're going to fill out a bunch of paperwork and you're going to get five bucks.
Speaker 2:There's been one for my car there recently. I got an email like a few days ago, my pressure cooker there was some lawsuit. My pressure cooker and they're like, oh, like the gradient levels on the side of it like aren't marked properly, like it could expose you to like boiling, like burns, like don't use your pressure cooker, and then, but the remedy is like click here and register your pressure cooker and they'll send you like a new gradient or so yeah, I've been a part of a few of them and yeah, I definitely think the government should have some type of resource to like step in and mandate these recalls, because they're the ones that are forcing these recalls. Like the companies don't want to do that, like they lose money. They lose, you know.
Speaker 1:Well, it just goes back to there's just no standardization, there's no like, it's like a free for all, and then everybody's just kind of on their own. I mean, like I was talking to one of our partners and he's a CMMC register practitioner and he was saying that the CMMC, or CyberAB now it used to be the CMMCAB, you know it's the CyberAB they changed the requirements that if you're an RP you need to be associated. You can't just be an RP on your own anymore, you have to be associated with an RPO. And obviously we're an RPO, we're both RPs and we're associated with the firm, the RPO. Well, anyway, since we're good partners, I allowed him to join we're partners anyway, so might as well join our RPO, so that gives him access to some of the training or whatever that the CyberAB has come out with. And I heard that basically CMMC is on Biden's desk right now, just needs to be signed. So that's good news. I feel like it's so important for standardization. And there's also a new track now. I don't know if you're aware of this, blake, but there's now a registered provider advanced track. So fun stuff for us. Now we gotta take another training, but I mean I guess that I haven't done it yet, I haven't looked through it.
Speaker 1:But long story short, I went to try. I haven't logged into the portal in a long time. I go to log into the portal and of course it doesn't like the password that I saved, my password manager. So then I go to the password reset and it's like, oh no, this doesn't work. You need to email. Blah, blah, blah. So I email and then I'm like waiting, I don't have access to it. So it's just like. It's like one thing leads to the next. But my point at kind of bringing it full circle is for just to kind of close the loop on the class action lawsuits and things like that.
Speaker 1:Lawyers in general, I feel like there's just not a lot of standardization, too much emphasis placed on insecure email. I mean, I was doing some stuff with a law firm and they're like, yeah, I fill out this paperwork, whatever. And I'm like, well, do you have an encrypted email or a portal? And they're like, no, no, we just use Dropbox. Like no, I'm not using Dropbox, sorry. I'm like here's my encrypted email. But my point is that we're smart enough to kind of to see that and then react and provide a solution. But what does the average consumer, do Average consumer. They're relying on the company or the vendor or the government to provide these resources that are supposed to be secure. But it's like I feel like we're in the wild west now where everybody's got to have their own solution. You know what I mean. It's just like there's just no standardization on any of it.
Speaker 1:So I hope that the CMMC bringing that into this will help streamline regulation and reduce confusion, because in my opinion, it's been quite the bumpy road. I mean it's been expensive, super expensive, for us to participate in the ecosystem. I mean we've helped a lot of great clients, but I still feel like there's just so many clients out, potential prospects and clients out there that are just really doing nothing, just kind of waiting on the sidelines. And if this thing gets signed which I really do hope that it does get signed I feel like that's gonna be almost like a gate lifted for people needing help and finally coming off the sidelines. Maybe I mean I'm trying to be optimistic around that, but I don't know. I mean I feel like it's just been. What has it been?
Speaker 1:It's like almost four years now, right, yeah, yeah, I mean, I remember it was signed a long time ago, yeah, I think, well, the executive order was signed, and then there were updates, but the CMMC was just kind of in beta, then it went to 1.0, then it went to 2.0. So anyway, hopefully, maybe by the time this thing airs, you know, we'll have a signed off CMMC ecosystem and program, and I think, once that happens, I think that not only people and companies will maybe take it more seriously, but maybe vendors will take it more seriously too, cause I feel like vendors are again another free for all. It's like, well, we're not really compliant with that, but we have this and it's not even the same thing, like it might be CSF or some version of NIST, but not quite 800, 171 or 172 and not near CMMC, and then the same thing with HIPAA compliance. So I think that you know, just all this would get simmered down and simplified.
Speaker 2:Yeah, I mean, obviously there's so many mandates that cybersecurity and compliance mandates that one company has to jump through. I would like to see it kind of centralized, you know, like CMMC, you know could be used in all businesses, you know.
Speaker 1:Yeah, that's kind of my point and also to kind of come off of that, the reason why it's beneficial for all businesses, in my opinion, is because of the maturity, the structure you know you really need the documentation, the policies, the procedures, the organization of all of it. It's only gonna help your business grow.
Speaker 2:Right, yeah, I mean, if you have the ability to take somebody's money, right, you know you should have the ability to protect their information that they give you. You know, I mean, it's just like I mean if you have kids, right, you know, and something happens and somebody breaks into your house, you know, I know this is the worst analogy, but you, as a father, are expected to defend your family, right? You know, a lot of these companies they take your money but they don't defend your data. You know, they're just like, oh well, too bad, sorry. You know, I mean, all the big players do it. You know, I mean, there's no, you know there's no regulation, right? So if you're taking somebody's money Well, not only is there no regulation.
Speaker 1:There's no. I guess the better way to put it is there's no clear rules and guidelines, there's no clear blueprints on this is how you do this, and then there's no clear supporting boots on the ground for enforcement. So I think that's the kind of the big mess I feel like with the way things have been for a while. It's just like oh yeah, we're regulated, we need to comply with XYZ compliance, and then really I feel like in my opinion, the only ones that really play ball are the ones that get pressure from a vendor. Like the vendor's like oh, you want to do? They're the bigger company, typically they're the more mature company. They're like you want to be our customer?
Speaker 1:Well, where's your cybersecurity pen test evidence? Have you done a third party audit? Where's your gap assessment? Where's all this stuff? And then the vendors like asking for all this stuff. And then small business typically is like what's that? And then they go on these rabbit holes of like how do I answer this question? And it usually starts with cybersecurity insurance or some questionnaire there. And then that leads to something else, maybe with the vendor that requires supporting evidence of certain things being done. So my point is it's usually this kind of journey that happens.
Speaker 2:Yeah, I mean that's not the way to secure your business, that's not the way that you legitimize your business. Like if you are taking money from somebody, like there is an exchange, you're getting compensated for your work, your effort, your security, your compliance. Like you're getting compensated for that. It's a weird world where people just say, oh, I can get X money from the government and do nothing for it. I mean, we live in that world where people think that they can take money for nothing.
Speaker 1:And we talked about this on the last episode. I think we also live in a time where everything is so trustless and you can't trust anyone, can't trust any company. Everything needs to be verified on so many levels, and I mean, just look at the headlines. I mean banking I don't know if you remember back in 2008, with the whole crisis and banks and over lending and overstretching with credit. That's all, in my opinion, the writings on the law. It's all pretty much happening again, and I think this time around, people are starting to catch wind around. Hey, maybe this isn't the best system anymore. So I think people are getting smarter and there's different perspectives on things, but a lot of people don't really understand how it all works and there's a lot of misinformation out there. So we're in this time period where there's so much overload, I mean with everything like AI, artificial intelligence.
Speaker 1:Elon Musk announces that he put out Grok. Did you see that? No, so he launched Grok, which is the competitor to ChatGPT and Google Bear. So it's Elon Musk's take on. Hey, these guys made a chatbot, so I want an AI chatbot and supposedly it's more, I guess, less censored. So certain topics that were kind of off the table, where the maybe open AI won't respond, or ChatGPT won't work, or Google Bard won't work. This is supposed to have more of a almost like a humor to it or a sarcasm to it. I haven't tried it yet. Apparently there's a waitlist, so I got on the waitlist to play around with it, but it's just like there's just so much information and it's hard. I feel like it's hard to pick apart what information is trustworthy and what's not, because what a lot of people don't realize too is a lot of the media is paid off by certain groups too, and there's bias and influence, so it's really hard to get the truth. Anyway, we're going on a rabbit hole, but that kind of deviated.
Speaker 2:I know, I know AI has been like a buzzword. Like you know, it was like crypto for a while, and the now is AI. And Did you see there is a company that appointed a CEO, like appointed an AI bot as their CEO? Did you see that? No, yeah, so I saw this article on Bloomberg, or whatever. I mean is that like fabricated or is that like I think? I think it's just a PR stunt.
Speaker 1:Yeah, that's what I was just gonna say. I mean, I feel like that's something that just kind of gets press.
Speaker 2:Exactly that. That that's the buzzword, right? So it's a Colombian rum company I'm not gonna say their name because clearly they're getting all the free press right Appointed an AI robot as the company CEO. Oh, mika is a research project between Hanson robotics and a Polish rum company, who customized the CEO to represent the company and his unique values. Mika said that with advanced artificial intelligence in machine learning learning algorithms I can swiftly and accurately make data-driven decisions. Okay, cool. We'll see how long that lasts.
Speaker 1:Yeah well.
Speaker 1:I know Elon, when he launched grok, he was basically saying that he sees AI as like the future, where it's gonna basically take everybody's job and we're all gonna live an elevated lifestyle, and I Just don't see that. I mean, I understand like the whole terminator thing and you know I've taken a lot of AI Certifications and things like that. I do think that there's a use case for a lot of it. I think it's helpful. You know, I think that I used to.
Speaker 1:I think one analogy is it Amplifies your skills and gives you almost like superpowers to do certain things, and it does more of the grudge work that a lot of people Don't want to do. You know it's really good at that, right, but I don't really see that it's gonna completely replace a human, especially, you know, at the higher levels. I do think that you know, like sorting data or data classification, things like that, that you know it's just really just mind-numbing work. I think that's great for AI, but, and I do think that it'll eliminate some of the you know, the quote-unquote jobs in the, the lower bracket. But it'll also create new jobs, and I think it's gonna create new jobs that are different, that either don't necessarily exist yet or that are brand new and Just you know, like I said, that those mundane tasks will just completely, just get, keep getting distilled and drilled down.
Speaker 2:Yeah, I mean I think that there has to be a human element of everything, except for, like you said, like data sorting, like I mean there's a lot of jobs out there that people don't want to do Right, and AI may fill the gap for those jobs. I mean they're not gonna, you know. You know, be your your dumpster like your your your trash pickup on Saturdays. You know, I mean AI is not gonna do that. Maybe, maybe.
Speaker 1:I mean, I do think that I think that might be a bad example. I do think that one day there could be probably a Reinvention of trash pickup where you can have an autonomous vehicle, you know, pick up your trash right and you know who knows. Maybe that'll work out Well. I think that there's gonna be, like I said, good use cases and bad use cases. I think, like in our world for compliance.
Speaker 1:I do think that in the future, when cmmc is law and cmmc then puts on a lot more pressure to vendors like Amazon, aws, govcloud, microsoft Azure, I think that there will be push button compliance From a security control perspective. Now, does that? Now? What I mean by that is you may be a defense industry based contractor and you know who knows, in 20 years you may be able to sign up for Microsoft's GCC high and click a button you know it or fill a questionnaire and it'll auto harden the environment.
Speaker 1:I could see something like that, but our jobs wouldn't be eliminated. I mean, we, we as humans and cyber experts, would still be needed to work with the humans and the, the other aspects outside of the configuration of the endpoint or the system level. Does that make sense? Like so? It's like like the, the security, hardening the manual process, all that stuff that has like detailed instructions you can program to do, you know software to do that, but when you get a you know a higher level discussion or a tabletop or simulations, you can't really automate all of those things, especially the more complicated ones.
Speaker 2:Yeah, I agree. And then something that I thought about too, whenever you're talking is like the older Terminator movie when, like it was like I think it's Terminator 2 with the liquid guy yeah, that's the second one, yeah, but but yeah, like you know, in the, there's a scene there where the young kid is like crying, and then he's like what's wrong with your eyes, you know, and he's like, oh, don't worry about it. And then you know, like the robot doesn't understand emotion, right, right. And the only reason why I say that is because there is a lot of decisions that have to be made emotionally, like in day to day operations. You know that that that businesses need to make. You know it could be hiring somebody, it could be firing somebody, it could be moving from vendor to vendor. You know, for the best of the business, you know for the best of the future of the company, like those are emotional decisions that nobody can, no robot, no software, no script can, can make. And you know these AI bots and algorithms are designed to perform, you know, tasks beyond that, right. So I don't know, I agree, I don't see them taking over.
Speaker 2:And I'm surprised that Elon was doing something like that because he was talking about. I thought he at first I thought he invested in chat GPT and then I don't know if that was just a rumor, but then he was talked about how, like chat GPT was like the worst thing ever. But you know, for being real, like Elon Musk is, he's obviously known in tech and he's known by everybody. But but yeah, I mean it took a lot of government funding to get him to where he's at, to build Tesla and to build these EVs and these solar panels and, like you know, he's secured a lot and developed a lot of his success off the backs of tech taxpayers, right, Like he had a lot of companies that that failed before PayPal, you know.
Speaker 1:Well, and there's the whole. I don't know if you've been following, but there's the whole kind of perspective on the whole electric car vehicle thing too, like there's a lot of like I heard recently in headlines that sales are down and that people are starting to realize that there's just a lot of gaps in the current market with EVs, where you know range, for example, infrastructure, lacking infrastructure, you know. So it's like you know the push to go this direction, to not need gas, right, like I looked at my fuel usage for like last year. You know my fuel usage. I don't drive a lot but you know less than $10,000. Okay for the year. And I'm like, well, I can buy electric vehicle, but an electric vehicle costs a whole lot more money than typically a gas vehicle and I'm restricted on.
Speaker 1:I always have to have in the back of my head well, where can I go, and what if I get stuck? Or what if I? People don't realize that if you go faster or if you're pulling something like a trailer or you're loading the vehicle up, you're straining the battery more, so your range reduces, you know. So if you go certain speeds or you do fast acceleration, things like that, you're draining the power faster, so then you need a charge, you know. So, yeah, it's getting better. You know, like hotels, partnerships are being created all the time. I envision a world one day where the vehicles may be charged themselves on the highways, but again, that requires revamp of infrastructure, right?
Speaker 2:There's solar panels now that you can. You can outfit I think is Tesla, but it's like a solar roof panel that will charge your car as well.
Speaker 1:But wouldn't I mean so like I would envision that Tesla just embed that technology into the roof of the paint of the car?
Speaker 2:Yeah, yeah, I think you know, I think that that's the direction you know but my point is that you know we're like.
Speaker 1:You know we see, or the you know the whole push towards EVs and less reliance on other countries, for I get all that. I support all that you know, but might not be the cure. All solution for all situations is my point. You know what I mean. Like there, there's a purpose. Maybe if you're going to use it as a you know, just a commuter car, take your kids to school or something like that, maybe that's a great way to use it. But if you know you want to go to the mountains or the beach or you want to take a road trip, it's a little risky in my opinion, because you have to kind of plan your route based on charging. And then what if you have a situation where you get stuck or something happens, or you know what I mean. Like so it.
Speaker 1:Anyway, my point is that same with AI. You know AI. Ai has been around before. They kind of amplified the whole marketing buzzword of AI. You know automations have been around for a while and just using, like junk mail filtering. You know Gmail labels and sifting and sorting of. You know auto, auto suggestions from Google. You know all that's AI driven. You know it's been around forever. So it's just kind of, I think it's just how you apply it and I think that there are good ways to apply it, but I don't think that everybody's, I don't think there's going to be a mass execution of jobs, you know, and nobody's going to be able to find work or anything like that. I do think that there are cool things being developed and I think that that will continue to happen and, you know, most will fail and some, will, you know, come to fruition and I think, overall, it's just like any other technological advancement.
Speaker 2:Yeah, I don't think the government's going to hand over the keys to the missile silos to AI like they do in Terminator. Not anytime soon. I don't think that's going to happen and yeah, yeah, I mean the future's here. You know, I remember again like watching a movie guy, but watching back to the future and I think it was like 2018 or whenever they traveled into the future and they had flying cars, you know, and that movie right, and it's like where are those at?
Speaker 1:Well, that kind of reminded me of remember. This was what I think five, maybe seven years ago now remember Amazon was really pushing drones. Yeah, yeah, drone delivery, drone delivery. I don't know about you, but in Las Vegas but here they have drone delivery for certain things. Now, do you have that?
Speaker 2:I think so. Yeah, I think so.
Speaker 1:Or you could order like lunch.
Speaker 2:Yeah, I think I don't really pay too much attention to that, but I think so. I mean they're in Vegas is self-driving cars. Have you seen those?
Speaker 1:I haven't seen them like face to face or anything, but I've heard of them and I've also seen them everywhere. Oh really, I heard of something that they were testing. I don't know which vehicle it was, or whatever, but then a woman got caught under it. Did you hear that?
Speaker 2:No, I didn't hear about that.
Speaker 1:Yeah, somebody got caught trapped under the car and it was like drug under the car and it was an autonomous vehicle, so it was a mess, it was horrible.
Speaker 2:Yeah, the ones that they're using here in Vegas are like Hyundai Equus or whatever. They're like little SUVs and they have like spider arms that come off of them from the top and then they have like cameras in every corner of it, I mean all across the bumper. They're camera up in every direction and I think for I've never ridden in them but they have to have somebody behind the wheel of the car should some incident happen.
Speaker 1:That's what I thought that the Tesla design was for. I thought that on Teslas you can have the full autonomous mode, but you have to be like there to make a help or whatever.
Speaker 2:As it should be. And then I have if you come to the convention center in Vegas, if you take an Uber or a rideshare and it's a Tesla and you're going to the convention center, they take you underground into these little Teslas and then the car just starts driving itself through these, like I mean they're like little slim, little tubes. I mean it's like you could like literally reach out and like almost like put your hand on, like I mean it's crazy, oh, that's wild. The experience you know for first time people going through it. Because it's like how is this car driving, I mean through here. Like it's like so narrow, it's like just barely big enough for the car to fit through it. That's crazy, and yeah, it's pretty crazy. And then the car does the whole thing, you know, drives the whole route, you know. So if you're in Vegas, try that out, Cool.
Speaker 1:What's that?
Speaker 2:So we should probably end on that one.
Speaker 1:Yeah, I was just going to say so. I think that's a good drop off point. But yeah, I think the summary is AI is not going to eliminate your job anytime soon, unless you're doing one of those mundane tasks that we talked about, yeah, which would probably be better for you anyway to not continue to do that and find some more rewarding work.
Speaker 2:Yeah, I guess the future will be an AI president, right, we'll see what happens with that, you know, see if this AI can do a good job at this liquor company. And then what, if I mean that could be the future right, where the AI make government based decisions. Who knows?
Speaker 1:I think AI is going to severely disrupt the legal industry. Yeah, the legal industry is really going to get upended with a lot of AI driven software and tools around like wills, trusts, all that stuff. I think it's going to be just huge around tools like AI, that kind of systematized that I don't think it's going to like mass eliminate the need to have lawyers. I just think that certain types of work like that will get eliminated.
Speaker 2:Yeah, yeah, I mean, I can see it. There's websites right now where you can get contracts written up. You know for nothing. You know using software, so you know I agree.
Speaker 1:Yeah, I wouldn't. So just kind of caveat, I would. I would consider using a tool like that, but I would never use it. I would still want a human lawyer to review it in the end. You know, because there's just so many things that I'd rather.
Speaker 1:I guess my point is if it costs $5,000 to for a lawyer or a group of lawyers to do like a will trust kind of thing, I'd rather pay some software $500 to do it and automate every, but then pay the lawyer another $500 or whatever their hourly fee is and then get them to review it and in the end I'm still saving money because I paid, you know, using that scenario, maybe $1,000 instead of $5,000. I would still have a power, so it's still a disruptor, but I'd rather have the peace of mind knowing that, okay, this has been reviewed and I think there's great value in that and I think that's a human executive function and that's kind of my point and that's kind of the takeaway here. With same, with the cyber and compliance we can find leveraging the latest and greatest in tools, but we need our team, we need our people as humans to go through it. You can automate vulnerability scans and some of these things, but it's never the same effect as a real hacker or a white hat that would go through things.
Speaker 2:Yeah, I mean, we can obviously look at things that in other perspectives, like we can shed light from different angles, that software can do right, it's only just.
Speaker 1:And with less brackets, I guess less stringent tunnel vision around it. So we can look at.
Speaker 2:Yeah, like, for example, like some of the compliance software that we use is like, oh, if we were to run a sweep of all their documents. It's like, oh, this company's not compliant, right. And then we go over and manually override it and saying, oh, this control doesn't apply to that company for X.
Speaker 1:Y, or there might be like a way to sanitize the data, to make it out of scope.
Speaker 2:Yep, yep, all right guys.
Speaker 1:Thanks for listening.
Speaker 2:Yes, we'll see you on the next one. All right, take care. Thank you.