CyberWire Daily - Agent Tesla still hits unpatched systems. Hot wallet hacks. AI and DevSecOps. Notes on Fancy Bear and NoName057(16). And some curious trends in the cyber labor market.

Episode Date: September 6, 2023

There’s a new Agent Tesla variant. Lost credentials and crypto wallet hacks. Tension between DevSecOps and AI. Fancy Bear makes an attempt on Ukrainian energy infrastructure. A look at NoName057(16).... Tim Starks from the Washington Post's Cybersecurity 202. Simone Petrella and Helen Patton discuss People as a security first principle. And cybersecurity jobs seem to be getting tougher (say the people who are doing them). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/170 Selected reading. New Agent Tesla Variant Being Spread by Crafted Excel Document (Fortinet Blog)  World's Largest Cryptocurrency Casino Stake Hacked for $41 Million (Hackread)  Crypto casino Stake.com loses $41 million to hot wallet hackers (BleepingComputer)  Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach (KrebsOnSecurity)  Global DevSecOps Report on AI Shows Cybersecurity and Privacy Concerns Create an Adoption Dilemma (GitLab) APT28 cyberattack: msedge as a bootloader, TOR and mockbin.org/website.hook services as a control center (CERT-UA#7469) (CERT-UA) Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure (The Hacker News) Ukraine says an energy facility disrupted a Fancy Bear intrusion (Record) What's in a NoName? Researchers see a lone-wolf DDoS group (Record)  New Research from TechTarget’s Enterprise Strategy Group and the ISSA Reveals Continuous Struggles within Cybersecurity Professional Workforce - ISSA International (ISSA International)  Life and Times 2023 Download Landing Page (ISSA International)  E-book: The Life and Times of Cybersecurity Professionals Volume VI (ESG Global)  Layoffs list extended by Malwarebytes, Fortinet, Veriff, SecureWorks (Cybernews)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.
Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.
Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.
Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash N2K, code N2K. There's a new agent Tesla variant, lost credentials and crypto wallet hacks, tension between DevSecOps and AI, Fancy Bear makes an attempt on Ukrainian energy infrastructure, a look at no-name 05716, Tim Starks from the Washington Post's Cybersecurity 202, Simone Petrella and Helen Patton discuss people as a security first principle, and cybersecurity jobs seem to be getting tougher. I'm Dave Bittner with your CyberWire Intel briefing for Wednesday, September 6th, 2023. Fortinet describes a new variant of the agent Tesla remote access Trojan that's being distributed via malicious Excel documents.
Starting point is 00:03:13 The attackers exploit a pair of long-patched CVE vulnerabilities in Excel to execute the malware. It's another case in which failure to patch leaves the door wide open to attackers. As Fortinet notes, despite fixes being released by Microsoft in November 2017 and January 2018, As Fortinet notes, and mitigating 3,000 attacks per day at the IPS level. The number of observed vulnerable devices is around 1,300 per day. Cryptocurrencycasinostake.com has disclosed that hackers have stolen $41 million from its Ethereum, Binance Smart Chain, and Polygon hot wallets. Bleeping Computer quotes the casino's statement about the incident as saying, We are investigating and we will get the wallets up as soon as they're completely re-secured.
Starting point is 00:04:12 User funds are safe. While Stake didn't explain how the intrusion and theft occurred, it's not the only cryptocurrency operation to sustain a loss, and some of the other cases may be instructive. Krebs on security reports that another set of cryptocurrency thefts may be tied to the November 2022 breach of LastPass. Krebs cites Taylor Monahan, founder and CEO of Metamask, who's found that a total of $35 million worth of cryptocurrency
Starting point is 00:04:43 has been stolen from more than 150 individuals since December 2022. According to Monaghan, the victims aren't newbies. He said, The victim profile remains the most striking thing. They truly all are reasonably secure. They are also deeply integrated into this ecosystem, including employees of reputable crypto orgs, VCs, people who build DeFi protocols, deploy contracts, and full-run nodes. Monaghan and other researchers suspect that the hacks are due to attackers gradually cracking the leaked LastPass vaults. GitLab has published a report looking at the state of AI in software development, finding that 83% of those surveyed said that implementing AI in their software development
Starting point is 00:05:32 processes is essential to avoid falling behind. However, 79% noted they are concerned about AI tools having access to private information or intellectual property. Additionally, 90% of respondents said they're already using or plan to use AI for software development, though 81% they need more training with AI tools. Turning to Russia's hybrid war against Ukraine, CERT-UA reported Monday that the GRU's APT-28, Fancy Bear, QA reported Monday that the GRU's APT28, Fancy Bear, has attempted to compromise an unspecified energy facility with a phishing campaign that carries a malicious payload in a zip file attached to an email. If the attachment is opened, the victim is open to remote code execution.
Starting point is 00:06:19 The phishing email is unusual, the record points out, in that the fish bait it dangles is gaudier than the stodgy and sober come-ons The text of the email often reads like this. Should the recipients incautiously do so, they'll be taken to some apparently innocent websites where the malware will be served up piping hot. Cert.ua says an alert user tipped them off to the phishing before any substantial damage was apparently done. The Record has published a report on the Russian hacktivist auxiliary
Starting point is 00:07:04 no-name 05716. Like other such auxiliaries, they've specialized in DDoS attacks, most recently against financial institutions in Poland and Chechnya. Compared to its peers, however, the record finds NoName more disciplined, selecting targets and studying their vulnerabilities before initiating the attack. The group also doesn't rely on widely traded commodity malware, preferring to rely on its own bespoke tool, DDoSia. The group lacks a public face, analogous to Killnet's noisy yet still mysterious figurehead KillMilk. Who funds No Name remains unclear. It obviously acts in the Russian interest, with a preference for NATO targets, but there haven't been any obvious signs of money flowing to the group from the Russian government, according to the record.
Starting point is 00:07:57 And finally, there are some curious cross-currents in the cybersecurity labor market. The first of these is a general shortage of cybersecurity workers. TechTarget's Enterprise Strategy Group and the Information Systems Security Association have published research looking at the cybersecurity workforce, finding that the majority of cybersecurity workers said their jobs have grown more difficult over the past two years. The problems, about two-thirds of those surveyed report, are both internal and external to their organizations. Externally, a more challenging set of threats and more onerous regulatory regimes have made the job tougher.
Starting point is 00:08:38 Internally, workers say staffing shortages, tight budgets, and workload complexity have combined and made their careers more difficult. 71% of organizations say they've been affected by a shortage of workers with cybersecurity skills, and that, the report says, represents a dramatic increase from 57% in the last study. The labor shortage has increased cybersecurity team workloads and contributed to a high rate of staff burnout. Organizations say they have the most difficulty finding people qualified to work in application security, cloud security, and security analysis and investigations. Industry has long deplored cybersecurity labor shortages, so this study amplifies a familiar complaint. It's interesting, however, to see the tension between these reports of a tight labor market
Starting point is 00:09:30 and a more recent trend toward layoffs by cyber security firms. Cyber security news reports that data from layoffs.fyi show that at least 46 cyber security companies have laid off 4,738 employees since the start of 2023, and those numbers are probably low since not all companies are required to report layoffs, and therefore many do not. Many of the layoffs followed mergers or acquisitions, and therefore are unlikely to be composed entirely of cybersecurity specialists, but a significant fraction do affect cybersecurity workers proper. It's curious that these two trends seem to be simultaneous. It suggests that there are inefficiencies and irrationalities in a labor market that has yet to fully mature. Coming up after the break, Tim Starks from the Washington
Starting point is 00:10:33 Post Cybersecurity 202, Simone Petrella and Helen Patton discuss people as a security-first principle. Stay with us. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
Starting point is 00:11:49 cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io. There's a generally accepted principle in business that your organization is only as good as your people.
Starting point is 00:13:00 Hiring the right people, training them, keeping them up to date and investing in them are all critical to establishing and maintaining an effective and fulfilling workplace culture. Helen Patton is Chief Information Security Officer for Cisco's Security Business Group and author of the book, Navigating the Cybersecurity Career Path. As part of a series of segments we call Solution Spotlight, our own N2K President Simone Petrella sat down with Helen Patton. Here's their conversation. Helen, we've had some great conversations in the past. And one of the things that I think we connected on immediately is our mutual belief that successful business outcomes are not possible without good people and a strategy to have good people. What in your own career path solidified this notion for you? Well, I think we've all had experiences where you join an organization and you join
Starting point is 00:13:50 to do a specific role. You're very excited about the job that you're excited, you know, that you're joining for. And then you realize that you actually have to do this work in a community of people. And sometimes you luck out and the community of people think like you do and share your values and work the way that you want them to. And sometimes they don't. And sometimes you're a part of a team that where your immediate team thinks like you do. And this happens in security a lot. We have this sort of little bubble of people and they all think the same way and everyone feels great. But we're completely alienated from the rest of the organization who cares about different things
Starting point is 00:14:32 and prioritizes things differently. And so in my own career, I've experienced all of these kinds of variations on this theme. And I really got to the point of saying, if you're going to be a leader of security, you have to control that. Now, you can't control people, and I get that, but you can have very intentional strategies around. And of course, I remember the lessons that were the difficult lessons most easily, unfortunately. But I've also been really fortunate to network with people who've got really great ideas. And so I am all about liberally stealing somebody else's good idea and applying it if I can do that. You actually wrote a book on this topic, and it was released in late 2021, just as we were all just kind of sitting at home,
Starting point is 00:15:21 really learning a brave new world. But tell us a little bit about the book and what inspired you to write about it in the first place. Well, so I had always thought that in my own career, I would either end up doing a PhD or I would end up writing a book. And I hit this point where I had a fork in the road, which one am I going to do? And I couldn't work out how to do a PhD and stay a full-time working adult. And so I decided to write the book. So that was that. And then the question was, what do you write a book about? Well, at the time I was the CISO at The Ohio State University. And when you are there, you're always getting asked for career advice. You get asked for career advice from people, from the students who are trying to hack into cyber for the very first time. But I also would be asked to talk to people who were already in security, but they were
Starting point is 00:16:11 dealing with some issue. How do I deal with being a woman in security? And I found myself being invited for coffee to talk about these things. And what I was finding was, one, I didn't have enough tolerance for caffeine that I could meet with as many people as I wanted. And two, the answers were mostly the same, right? Like you certainly, everyone's an individual, I get it. But from an advice perspective, you tend to start from the same point. So when I was thinking about what do I want to write a book about, I was thinking maybe if I wrote this down
Starting point is 00:16:45 and my answer's down, I could mentor at scale. One of the sections that has stood out most to me in our conversations as well, though, is the final section. You have it divided into three parts, and there's a lot that's geared towards the individual, but there's also a whole section on leading and for those who are starting to lead in cybersecurity. And a lot of the elements that you discuss is what goes into building and communicating a strong business case for a security program. It includes things like having a security strategy and building a diverse team, how to fund that strategy, how do you talk security to a non-security audience? I'm actually curious, before we even get into kind of what should people do, what are some of the things you see today that security leaders make as mistakes that's standing in their way to preventing them from
Starting point is 00:17:36 kind of having these principles widely adopted in their organizations? That question is like a whole thesis all on its own. There's lots. I think the first thing I would say to answer that question is that security as a professional discipline tends to be everywhere in a business. You know, we tend to sit in technology and we might originate from technology, but we find ourselves working with legal or finance or HR or sales or development, whatever. We tend to be everywhere. And the tendency of a cybersecurity leader who isn't as mature is to try and be all things to all people. And it's really easy in the security space to find a reason where you should be involved in everybody's business. And at some
Starting point is 00:18:29 point you burn out. So being able to be clear on what kind of security person are you? Are you a more of a risk management kind of person? Are you a technologist who runs cyber security technology? Are you somewhere in the middle? Do you come technologist who runs cybersecurity technology? Are you somewhere in the middle? Do you come from a privacy background? Like understanding the kind of security person you are. I think the second thing is then knowing where your boundaries are, which I know is related, but there are some things you can control and there are some things you can't. And I think being intentional about what you can do about the things you can control, great, that goes into your strategy.
Starting point is 00:19:12 That's where you spend your time. But being able to say, you know, this thing over here, the way this leader thinks or the fact that I haven't got money right now or these things I can't control. right now or these things I can't control. So being able to then be able to let that go gracefully or being able to then have a reactive strategy to that is really important as well. So those would be the first two places I would start. Well, and you know, the old adage goes, you only are as successful as the people that are around you. And that includes the team you built underneath you. But if we don't have the right team, it's going to actually contribute to that burnout. Yeah, for sure. This usually first comes up when people are thinking, do I stay an individual contributor or do I become a people manager? And so they're learning
Starting point is 00:19:59 on the job. If they have any accountability, they realize that their failures as a manager has direct implications to the success and happiness of the people who are on their team. And some people go, yay, I love this responsibility and they rise to the challenge. And other people go, hell no, I didn't sign up for this. So, you know, understanding what it takes in terms of coaching and mentoring, there's a lot of parenting overlap, actually, that goes into people managers, right? Often as a manager, you don't feel like you've got a lot of time. So it's a big balance. It's a challenge. The last question I have for you is once you apply all those principles, or if you do apply all those principles, how do you measure whether
Starting point is 00:20:41 the things that you're putting in place or those strategies are having the impact on the business or they're successful the way that you want them to be? There is no magic metric. I know there's meantime to detect and meantime to repair and there's all those things. But I think whether or not you're successful is very contextual to the organization you're in. I think sometimes the measurement of success isn't a security metric. It should be. There's got to be something in that balance scorecard that is a security metric. But it might be something like the turnover rate of your employees. What's your voluntary turnover rate in your team? If it's super high, you're probably getting something wrong, right? Maybe if you're trying to do cultural change in the organization, you're going to measure
Starting point is 00:21:31 the engagement of the non-security employees at your company with your security team. So there isn't one metric, but for me internally within my own team, one metric, but for me internally within my own team, I am looking for engagement. You can spend your whole life trying to get the right metric and never find it. Well, it just goes to prove that it's a, you know, a hard, a hard problem and one that can't be solved overnight. As you said, there's no magic wand. Well, Helen, thank you so much for joining me today. And for those who are looking for an opportunity to read more on the topic, but Helen will still potentially get a cup of coffee with you. The name of the book is Navigating the Cybersecurity Career Path by Helen Patton. Helen, thank you so much. Thank you for having me.
Starting point is 00:22:21 That's Helen Patton, Chief Information Security Officer for Cisco's Security Business Group and author of the book, Navigating the Cybersecurity Career Path. She spoke with our own N2K President, Simone Petrella. And it is always my pleasure to welcome back to the show Tim Starks. He is the author of the Cybersecurity 202 at the Washington Post. Tim, great to have you back. Dave, Dave, Dave. Couple of interesting stories that you have shared on the 202 in the past couple days. First of all,
Starting point is 00:23:13 a bit of a scoop here. You had the story of Mudge coming back to public service. What's going on here, Tim? Yes, the famed hacker known as Mudge, born Zatko, either name seems suitable to me. He has decided to join CISA as a technical advisor. His real job will be to be a part-time person focusing on their Secure by Design initiative. That's the thing they've been working on to try to get software makers to put cybersecurity into the product as they're developing it. Not just tacking it on at the end or making it a constant source of updates. So pretty big scoop for them in terms of the hire, scoop for me, scoop for them. The hire is high-profile one.
Starting point is 00:23:55 He is a person who has significant credibility in our community and is coming off of being an employee who maybe people would be scared to hire given the fallout that he had with Twitter as the big whistleblower of their security problems there when he was their security chief. He left, filed a whistleblower complaint with a number of federal agencies.
Starting point is 00:24:15 And so a bold hire a little bit too, in terms of you know he's going to be a truth teller, you know he's going to be a truth teller perhaps at your expense. So interesting development. Yeah, I raised my eyebrows a little bit at the fact that he's going to be a truth teller. He's going to be a truth teller perhaps at your expense. So interesting development. Yeah, I raised my eyebrows a little bit at the fact that he's part-time. Just is there such a thing in that sort of position, right? Other than the name only. I can't imagine that he'll be short on hours.
Starting point is 00:24:42 Yeah, you know, Sys has done this kind of thing before. I think they might have done it with Josh Corman, where they've had people come in as these kind of outside advisors, help them in these roles, and then move on not long after. So I don't know how long he's going to be sticking around. He obviously had been showing some interest in staying in industry,
Starting point is 00:24:59 working with Rapid7 after Twitter. So it might be a sort of thing where they had an opportunity to snag him for a bit, and they're taking advantage of the moment. Yeah. You recently spent time at the Billington Cybersecurity Summit, and you wrote about some comments from General Paul Nakasone. Share with us that story.
Starting point is 00:25:20 Yeah, so those of us who have covered General Nakasone for a long time are probably well aware of how cautious he can seem when he's speaking publicly. He definitely wants to stay on track on what he's trying to say. This one felt a little bit more reflective for him. He's been running the Cyber Command. He's been running NSA since 2018. was due to leave this year, but has been stuck in a Senate kerfuffle that is not of his making, that is of a general dispute over the military and abortion. So he's a little bit stuck in the role waiting to leave the role. And maybe that made him feel more reflective, the fact that he
Starting point is 00:25:56 was revisiting a speech that he'd given five years ago at Billington itself. But he talked a good deal about how different things are now compared to where they were in 2018 and talking about not just the threat picture from 2018 to now, but also the way the government has changed. And also talked a bit about where he thinks things are going, the things he has been working on as he's departing and where he's looking at the future of those two agencies. Some interesting comments about Russia and China and our relationship with those two in the cyber realm. What did he say there?
Starting point is 00:26:32 Yeah, so one of the things we've heard a lot from top cyber officials these days is that China is this generation, this era-defining cyber threat. Where I think he took it a little further than what we've heard from some other officials is that I think he referred to it as a pacing threat and also talked about it being something that we're going to be having, I think he said our children, our children's children are going to be dealing with
Starting point is 00:26:57 as the main competitive threat, not just talking about it in the cyber context, but certainly including that cyber context. That was taking it a little further and saying that this is going to be a really long-term problem for the United States in cyber. And then talking about Russia as an acute threat, one that they're dealing with, you know, a more peaceful basis, probably perhaps a more urgent basis in certain ways. A little chance for him to brag a little bit about the way they feel as though they've been
Starting point is 00:27:21 able to counter Russia's information operations in Ukraine just by speaking to them aloud, just by talking about the existence of them and making it so that Russia feels like they're on the back foot. And then quickly, you covered the story here about Verizon agreeing to a $4 million settlement with some allegations of coming up short in some government contracting? Yeah, kind of a late-breaking story. The other night, when I first read it, I thought it said $4,000. And I was like, that's not much of a fine for Horizon. I think they'll be just fine.
Starting point is 00:27:54 That's the money they find in the couch cushions, right? Yeah. So yeah, $4 million fine for not following some required cybersecurity standards. And we'll see how much of a dent that puts into the midst. fine for not following some required cybersecurity standards. We'll see how much of a dent that puts into the Mitzvah. I actually don't know how much of a difference $4 million is for Verizon compared to $4,000. It's interesting.
Starting point is 00:28:15 I'm making a joke, but it's interesting to see a company of that size being held to account. I think it's a reflection of this administration's desire to put people on notice that not following these cybersecurity standards is going to cost you. Yeah. And I found it interesting that both sides of this sort of threading the needle of Verizon saying that we're not really acknowledging we did anything wrong, and the government saying we're not acknowledging
Starting point is 00:28:46 that you didn't not do anything wrong. There's a weird sort of dance that happens with these kinds of settlements and agreements. We see them more often with the FTC saying, we think you did this, but here's the settlement, and then a sort of vaguely worded non-apology that says, maybe we did it, maybe we didn't. So it's fairly standard in that regard.
Starting point is 00:29:14 Yeah, interesting sort of regulatory shot across the bow, I suppose. Yeah, maybe a little bit rarer to see it on the Justice Department side, though. All right, well, Tim Starks is the author of the Cybersecurity 202 at The Washington Post. Tim, thanks so much for joining us. Yeah, thank you. Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
Starting point is 00:29:51 a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. This episode is brought to you by RBC Student Banking. Here's an RBC student offer that turns a feel-good moment into a feel-great moment. Students, get $100 when you open a no-monthly fee RBC Advantage Banking account and we'll give another $100 to a charity of your choice.
Starting point is 00:30:37 This great perk and more, only at RBC. Visit rbc.com slash get 100, give 100. Conditions apply. Ends January 31st, 2025. Complete offer eligibility criteria by March 31st, 2025. Choose one of five eligible charities. Up to $500,000 in total contributions. And that's The Cyber Wire.
Starting point is 00:31:01 For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. You can email us at cyberwire at n2k.com. Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity. of cybersecurity. We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, your people.
Starting point is 00:31:45 We make you smarter about your team while making your team smarter. Learn more at n2k.com. This episode was produced by Liz Ervin and senior producer Jennifer Iben. Our mixer is Trey Hester with original music by Elliot Peltzman. The show was written by our editorial staff. Our executive editor is Peter Kilby and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI
Starting point is 00:32:46 and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.