CyberWire Daily - Cybersecurity snow day.
Episode Date: July 19, 2024A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web ho...sting companies suspend Doppelgänger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million. A pair of Lockbit operators plead guilty. N2K’s CSO Rick Howard speaks with AWS’ CISO Chris Betz about strong security cultures and AI. A look inside the world’s largest live-fire cyber-defense exercise. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Dave is joined by Andy Ellis, to discuss today’s top story on the CrowdStrike-induced Microsoft outage. N2K’s CSO Rick Howard recently caught up with AWS’ CISO Chris Betz at the AWS re:Inforce 2024 event. They discuss strong security cultures and AI. You can watch Chris’ keynote from the event here. Read Chris’ blog post, “How the unique culture of security at AWS makes a difference.” Selected Reading Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World (WIRED) Counting the Costs of the Microsoft-CrowdStrike Outage (The New York Times) Major Microsoft 365 outage caused by Azure configuration change (Bleeping Computer) Most of SolarWinds hacking suit filed by SEC dismissed (SC Magazine) Ransomware Remains a Major Threat to Energy (BankInfoSecurity) Investigation prompts European hosting companies to suspend accounts linked to Russian disinfo (The Record) MediSecure Data Breach Impacts 12.9 Million Individuals (SecurityWeek) Russians plead guilty to involvement in LockBit ransomware attacks (Bleeping Computer) Inside the world’s largest ‘live-fire’ cyber-defense exercise (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A CrowdStrike update takes down IT systems worldwide.
A U.S. District Court judge dismissed most of the charges against SolarWinds. A CrowdStrike update takes down IT systems worldwide.
A U.S. District Court judge dismissed most of the charges against SolarWinds.
Sophos examines the ransomware threat to the energy sector.
European web hosting companies suspend doppelganger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million.
A pair of lock-bit operators plead guilty.
N2K's CSO Rick Howard speaks with AWS's CISO Chris Betts about strong security cultures and AI.
And a look inside the world's largest live-fire cyber defense exercise.
It's Friday, July 19th, 2024.
I'm Dave Bittner, and this you for joining us here.
It is always great to have you with us.
A widespread IT outage has impacted businesses globally,
causing significant disruptions in banking, aviation, healthcare, media, and more.
Early Friday, companies in Australia using Microsoft's Windows
began reporting blue screens of death,
followed by similar reports from the UK, India, Germany, the Netherlands, and the US.
This led to Sky News going offline and major US airlines grounding flights.
The issues have been traced to a misconfigured update
from cybersecurity firm CrowdStrike,
affecting only Windows devices.
CrowdStrike engineers acknowledged the problem
on their Reddit forum,
offering a workaround and guidance for affected customers.
The update involved CrowdStrike's Falcon sensor product,
which is part of their security suite. CrowdStrike's Falcon Sensor product, which is part of their security suite.
CrowdStrike CEO George Kurtz confirmed the update defect, emphasizing it wasn't a cyber attack.
He stated that a fix had been deployed and reassured that Mac and Linux systems weren't affected.
Microsoft also acknowledged the problem, noting that a resolution was in progress.
Microsoft also acknowledged the problem, noting that a resolution was in progress.
The financial impact of halted operations and business disruptions could reach millions.
Airports faced delays and long queues with flights canceled worldwide.
Passengers in India received handwritten boarding passes.
TV networks like TF1, Canal+, and Sky News experienced broadcasting issues. The outage has been a stark reminder of the global economy's dependence on a handful of major tech companies. CrowdStrike's
stock dropped nearly 12% in pre-market trading, while Microsoft's fell about 1.4%. The incident
has prompted financial regulators in the UK to investigate the impact on banks and payment systems.
For additional insights on this story, I am pleased to welcome to the show Andy Ellis.
He is an operating partner at YL Ventures and previously was CSO at Akamai.
Andy, great to have you back.
Great to be here, Dave.
Great to be here, Dave.
So as you saw this story developing, I would love to get your insights as to how you reacted to this.
Well, yeah, it really was a flashback for me.
When you develop planetary scale systems, any system that is deployed so widely that you really can't find somewhere where it isn't,
safety becomes a bigger issue than security most of the time. And when I was at Akamai, we had several issues like this,
and we designed a lot of safety systems just to prevent a mass outage of exactly this kind.
So, do you have a certain amount of empathy for the folks at CrowdStrike for the
very bad day they're having? I have a ton of empathy. This is, you know, I
suspect when they finish with the incident post-mortem and try to figure out what happened,
there's going to be a lot of places where they're going to say, if only we had done something.
And that's what usually happens when you build a safe system, is that when you have a bad day,
about 17 different things went wrong. And if any one of those had gone right,
you wouldn't have had the bad day. And from an outsider's perspective, you're like, wow,
how incompetent are you that 17 things went wrong? And the real answer is, well, if only 16 went
wrong, like that's a normal day. We catch those bad things don't actually happen because that's
the whole point of safety systems is to make sure that you have redundant
safety checks. And for some reason, and we'll learn what those are a little bit later, you know,
CrowdStrike safety systems didn't stop this. I've seen folks speculating that perhaps there could be
some aftermath of this if CrowdStrike users decide that they're going to disable CrowdStrike for a little while while things
settle down. Yeah, so that is certainly a possibility. Like, it's entirely possible that,
you know, folks will say, well, we're just going to turn off CrowdStrike.
The challenge is, it's also a critical security system. So, if you turn it off, you know, that's
like, you know, basically taking the walls off of your house and saying, well, you know, I had a leak in one wall, so let's just remove all of the walls because I'll be safer that way.
Where do you suppose we go from here?
I mean, CrowdStrike certainly taking it on the chin today, but they'll be back to fight another day.
Oh, absolutely.
When you look at people who are this large having a bad day like this, it's not a business ending event.
It is business impacting.
The crowd strike that we will know in two years will not actually look like the crowd strike of today.
I suspect there'll be a huge internal focus on whatever they're going to call their initiative.
We called it bulletproofing.
Really, we were proofing ourselves against the bullets we were shooting into our own foot. How do you make your system more redundant, more safe? Because where this will really show up
is in the sales cycle. Every CrowdStrike sales rep is about to have a really tough 6 to 12 months
because they're going to have to explain what CrowdStrike is doing better to every single one
of their customers, every single one of their renewals.
Every CISO and CIO is sort of foaming at the mouth saying,
well, I can't wait to hold this over them
in negotiations next year
because I'm going to demand a discount
because I had a really bad day
and the limitation of liability in the contract
meant they couldn't make me whole.
So they're going to make me whole
by giving me cheaper products going forward.
Yeah.
All right.
Andy Ellis is operating partner at YL Ventures. And previous to that, he was chief security officer
at Akamai. Andy, thank you so much for taking the time for us today. Thanks for having me, Dave.
In an event unrelated to the CrowdStrike issue, a major Microsoft 365 outage on Thursday, caused by an Azure configuration change, impacted users across
the central U.S. region. Starting around 6 p.m. Eastern Standard Time, the outage affected services
like Microsoft Defender, Intune, Teams, OneDrive, and Xbox Live, preventing access and login.
Microsoft worked to reroute traffic to restore service,
noting a positive trend in availability after a few hours.
DownDetector received tens of thousands of issue reports,
particularly from Xbox users experiencing server connection problems.
A U.S. District Court judge dismissed most of the charges
in a landmark case against SolarWinds
following the sunburst hacking campaign linked to Russia.
Judge Paul Engelmayer ruled that many of the charges
impermissibly rely on hindsight and speculation,
though some claims about misleading cybersecurity statements were upheld.
The SEC had charged SolarWinds and its CISO,
Timothy Brown, with fraud for overstating cybersecurity practices and failing to
disclose known risks. SolarWinds must respond to remaining charges within 14 days.
The court noted SolarWinds' inadequate cybersecurity measures, including weak passwords and excessive administrative access,
but dismissed other claims as non-actionable corporate puffery.
The decision underscores challenges in holding companies accountable for cybersecurity in public and regulatory statements amidst criticism from the cybersecurity community.
Ransomware is a significant threat to the energy, oil and gas, and utilities sectors globally.
A report from Sophos titled The State of Ransomware in Critical Infrastructure 2024
highlights that median recovery costs for energy and water sectors soared to $3 million in the past year,
four times the global median.
to $3 million in the past year, four times the global median. Vulnerability exploitation initiated 49% of attacks in these sectors. Data from 275 respondents in energy, oil, gas,
and utilities shows that 67% of these organizations faced ransomware attacks in 2024,
higher than the 59% global average. Median ransom payments rose to over $2.5 million.
Recovery times have worsened, with only 20% recovering within a week, down from 41% in 2023.
High rates of backup compromise and encryption were also reported.
Proactive monitoring and response plans are essential to mitigate these threats.
Two European web hosting companies,
Hensner from Germany and Hostinger from Lithuania,
have suspended accounts linked to
the Russian propaganda campaign Doppelganger.
This network used legitimate European infrastructure
to spread disinformation.
Hostinger's servers in
Singapore hosted several propaganda websites mimicking legitimate media, including Israeli
and German sites. Hetzner's Finnish subsidiary hosted four such websites, blocking the affected
server after German non-profit journalism group Correctives investigation. Researchers at Quirium and EU
DisinfoLab discovered Doppelganger's operations across at least 10 European countries,
highlighting the inadvertent use of European services for disinformation. Doppelganger has
been active since May 2022, spreading fake articles designed to resemble real media outlets like Germany's Der Spiegel and Britain's The Guardian.
Australian digital prescription services provider MediSecure confirmed that a ransomware attack in April 2024
led to the theft of personal and health information of 12.9 million individuals.
The compromised data from services provided
between March 2019 and November 2023
included names, dates of birth, addresses,
phone numbers, healthcare identifiers,
Medicare and concession card numbers,
and prescription details.
MediSecure stated that due to the complexity of the dataset,
identifying specific impacted individuals was not feasible without incurring substantial costs.
The stolen data, totaling 6.5 terabytes,
was taken before the deployment of file-encrypting ransomware,
but the company restored its systems using a clean backup.
Despite the data breach, prescription delivery services in Australia remain unaffected.
Despite the data breach, prescription delivery services in Australia remain unaffected.
Two Russian individuals, Ruslan Magomedovich Ostomirov and Mikhail Vasilev,
admitted to participating in multiple lock-bit ransomware attacks, targeting victims globally and in the U.S.
According to the Justice Department, these affiliates breached vulnerable systems, stole sensitive data, and deployed ransomware, demanding ransoms for decryption and data deletion.
Astamirov, active between 2020 and 2023, and Vasilev, active between 2021 and 2023, caused significant financial losses. Astamirov, arrested in June 2023,
faces up to 25 years in prison,
while Vasilev, extradited and already sentenced in Ontario,
could face up to 45 years.
Coming up after the break,
Rick Howard speaks with AWS's CISO, Chris Betts, about strong security cultures and AI.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now?
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security
questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta
when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7,
365, with Black Cloak. Learn more at blackcloak.io.
N2K's Chief Security Officer Rick Howard recently caught up with AWS's CISO Chris Betts at the AWS Reinforced 2024 event.
They discuss strong security cultures and AI. AWS is a media partner here at N2K CyberWire.
In June of 2024, Brandon Karp, our VP of Programming, Jen Iben, our Executive Producer,
Jen Iben, our executive producer, and I traveled to the great city of Philadelphia to attend the 2024 AWS Reinforced Security Conference.
And I got to sit down with an old friend of mine from way back, Chris Betts, the relatively new CISO for AWS.
Chris has been in the saddle for just shy of a year now, and we got to talking about the idea of establishing a strong security culture as the new CISO coming on board. And I asked Chris, after I had talked to a bunch of AWS security
leaders that week, that it appears that not just the security team is working on this,
but the entire AWS leadership team is in the house for this. Yes, it's spot on. One of the
things I've come to realize more about culture over the
last few years is that culture is something that doesn't just happen and is not fire and forget.
Culture takes constant reinforcement and reinvestment. It's something that you have
to continue to deliberately, deliberately spend energy on. And yet it's, it's amorphous, right?
We say culture, like we all know what that means, but, and we can point to it when we see it, but
it's hard to pin it down. Am I, am I right about that? Yes. Though I think there's some really
good signs that you can pull. One of the examples that I think about often is how people make
decisions. And so what's the language that
you use? You're in a room, you're having a conversation about how to solve a problem.
What's the language that you use? What's the ultimate good that everybody just automatically
agrees with is the right thing. And there's lots of different languages we use at many companies.
different languages we use at many companies. When I'm at AWS, I can tell you almost every conversation that I'm in involves a set of two things. One, what is best for the customer?
Not what will the customer like? What is best for the customer? And since I'm in security,
my conversations are most often about security. And there's never a question. The minute somebody goes and anchors back to, oh, security is our top priority, bang, everybody agrees.
So then the question is about what do we do that's best for the customer?
And how does that align with security being our top priority?
Because security is what's best for the customer.
And so that's the way you have the conversation.
That's one sign.
The other sign that I think about awful lot
is where do people spend their time?
I mean, you know, you better see.
So as a leader,
there is almost nothing more important
than where you spend your time.
You can talk about a lot of things,
but where you spend your time
really says what's important to you.
That's a great point.
I was asking Steve Smith earlier today.
He's the CSO of Amazon, right?
I asked him, you know, because we do,
we interview a lot of CISOs in this program, right?
And the question for a company like yours,
the size that it is, Amazon's a Fortune 10 company.
If AWS was its own company,
what you guys would be Fortune 35 or something like that.
So that would be, that's a giant, big organization.
So what's your typical day? If it matters what you're spending your time on, what is a typical
day for somebody like you? Well, actually, this ties back to our culture. I spend a bunch of time
either talking about strategy, where we want to go, how we want to drive something that really makes a customer's experience better,
either because the security of the cloud,
the security for the cloud we build has to be right.
But I spend almost as much time focused on
how do we make sure security in the cloud,
the time that the customers spend building,
that it's seamless for them to be secure.
Chris, it wouldn't be a security
podcast unless we talked about generative AI. I think we get fined if we don't actually mention
it. So we talked a lot of Amazon and AWS people this week about their takes on it. So what's your
high-level take on good, bad for the industry? What are you looking forward to? Anything like that.
Generative AI is an amazing tool.
It is really cool.
I'm excited about what it can do for the industry.
I'm excited about what it can do for security practitioners.
I'm excited about what it can do for developers.
I think we're in very early days
of seeing how people take advantage of this,
but I see it being used in some really, really innovative ways.
And so there are also things we need to do really thoughtfully and carefully to make sure that we're providing secure solutions with generative AI.
And we need to be aware that there are going to be people like any tool who abuse it, and make sure that
we're designing our defenses against that. But I'm genuinely excited about it as a tool,
recognizing that it's one of many tools, but it's a tool that I think helps solve some problems
that we'd struggled with solving in the past. So is there anything on the 25 meter target list
that you're looking at?
And that's all I get.
I got to start thinking about
that one for generative AI,
like right now.
Is there something like that
you're worried about
as the AWS CISO?
Here's this new technology.
Gartner has all the AI stuff
just barely going up
the peak of inflated expectations.
It hasn't even reached the top yet
to go down into the trough
of disillusionment.
So we are still very much hyped up about this. All right. Is there, as we think about that problem
space, as we start to figure out what it can do and what it can't do, is there something right now
that you're thinking about as the AWS CISO that, oh, let me start working on that one
right now. The other ones will come later, but this is the one I'm going to work on first.
Is there something like that? There's a few that I'm really excited about right now. The other ones will come later, but this is the one I'm going to work on first. Is there something like that? There's a few that I'm really excited about right now.
One, we know that people spend a ton of time, I think I saw a stat somewhere about 46 or 48%
of their time of security practitioners building queries to look for data. And the learning curve
there can be really, really steep,
knowing which data elements
from what place to bring together.
Some of the capabilities of generative AI
to develop, to take natural language input
and come out with technical code
that can be reviewed and then executed,
I think is going to help speed up incredibly
our ability to rapidly analyze, triage, take actions.
And I'm already seeing that today.
Yeah, because we already know it could generate code.
You're taking it to the next level,
generate queries so we can find the right stuff.
So we can find the right data.
So in fact, I'll talk a little bit more about that
at the keynote today.
But there's some amazing capabilities
coming down the road.
I've talked to a lot of CISOs who are using CodeWhisper
and Amazon Q Developer
to enable their security operations team
to write code faster.
I mean, look, we've all led security operation teams
where there's a ton of really nuanced manual effort
to go build spreadsheets,
run a whole bunch of Linux commands.
We have all seen security teams
where they spend a ton of time on very manual work, building spreadsheets, running a set of
shell commands. In 2024, we're still building spreadsheets, yes. In order to go do analysis.
And when I talk with those teams, and this is the manual work, this is not the nuanced work that the security operations folks really want to do.
This is the toil.
This is the toil that gets there.
This is the work you do before you do the work, right?
Yeah.
And so when they start using some of these code development tools, and the reason they do that is because it's just faster to go build it than to go write some code.
And the reason they do that is because it's just faster to go build it than to go write some code. But what if instead of taking several hours to go write that Python script to go do the analysis, instead that can happen in minutes? building a tool that's repeatable, evaluatable, you can help understand how it happened.
All those capabilities that you want is not subject to the human error, the way that spreadsheet land is. They can do that in minutes. It's been life-changing for some of these CISOs,
for their operations staff, and allows them to go handle problems bigger, better, and start asking
new and different questions of their data. That's just an amazing experience. It is, and I acknowledge all that, but I think the problem I was trying to get
you to say earlier is, what are you worried about is the hallucination problem, right? How do you,
when you're doing a natural language query of a completely new data set, how do you know you're
getting the right answer, right? And how do you make the analyst comfortable that they're
getting the right answer and not going off in some wild goose chase somewhere?
When I think about generative AI, I think about how it answers problems and for what.
You'll notice both of the examples I gave you involve human judgment in the loop to understand, hey, does this query make sense?
We're talking about acceleration of human capability.
hey, does this query make sense? We're talking about acceleration of human capability. There are some areas and there'll be places where even with hallucinations, that's right enough
for people to get the right thing. I think, for example, of gisting of any incident. How do you
take this complex set of things, boil it down so So when you're doing 24 hour SOC operation,
you can hand off to the next person.
You know what?
You can afford a little hallucination there
because this just gives them the start.
So they have the context
and then they're going to go in and continue that.
And they're going to go check the data.
There are other places where
you need to have a human in the loop.
Make sure that that code's right
before you go and do it.
But still, this is a massive acceleration. And yes, we need to make sure that in the right places, we're making the right
decisions as we go. So yeah, massive capability, not a panacea. It's a tool. We have to use it for
what it's useful for. That was my friend, Chris Betts, the AWS CISO. That's our own Rick Howard speaking to AWS's Chris Betts.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, at the Retamarez military base in Madrid,
CSO Spain got a first-hand look at the Spanish team's headquarters for Locked Shields 2024,
the world's largest live-fire cyber defense exercise.
The fictional island nation of Borrelia faces relentless cyber attacks
over 48 hours, simulating a high-stakes scenario where essential services are targeted amidst a
territorial dispute with Crimsonia. Enrique Perez de Tenia, head of international relations for the
Spanish Joint Cyberspace Command, guided reporters through this complex exercise.
Locked Shields, organized by NATO's Cooperative Cyber Defense Center of Excellence,
involves nearly 4,000 participants worldwide. The Spanish team, comprising military personnel
and civilians, collaborates with international allies to defend Berilia's critical infrastructures,
such as nuclear power
plants and banking systems, from simulated cyber threats. Throughout the tour, observers witnessed
the intense yet composed atmosphere as teams managed communications, legal issues, and technical
defenses. Perez de Tenia explained the importance of real-time crisis management and legal compliance,
Kenya explained the importance of real-time crisis management and legal compliance,
likening the exercise to real government operations during cyber crises.
Despite the fictional setup, the exercise underscores the ever-present nature of cyber warfare with no borders or safe zones.
Locked Shields not only tests defensive capabilities,
but also fosters collaboration and learning among participants.
While Spain ranks mid-pack, the exercise emphasizes improvement over competition.
Perez de Tenia highlights the significance of building relationships and sharing expertise to strengthen cybersecurity.
In the end, the exercise reveals the stark reality of our digital age.
Constant vigilance and cooperation are crucial,
as cyberspace remains an unpredictable battlefield.
As Perez de Tenia aptly puts it,
we are not aware of how cheap it is to protect ourselves
and how expensive it can be if we do not.
But 100% cybersecurity does not exist. And that's the Cyber Wire. For links to
all of today's stories, check out our daily briefing at thecyberwire.com. Be sure to check
out this weekend's Research Saturday and my conversation with Selina Larson from Proofpoint. We're discussing scammers create fraudulent Olympics ticketing websites.
That's Research Saturday. Check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Ivan.
Our executive editor is Brandon Karp. Simone Petrella is our president. Thanks for listening.
We'll see you back here next week. Thank you. platform comes in. With Domo, you can channel AI and data into innovative uses that deliver
measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.