No links this week as I focus on an interview with Quentin Rhoads-Herrera of Critical Start where we talk about cyber security during a time of crisis.
Chris Ward: [00:00:00] welcome to the Wiki squeak. Squeak with me. Kristen chiller. Now, something a little different this week. I am not actually going to do any links. I have a lot of interviews actually to get through. One of the advantages, if you can say that if this current situation in the world is a lot of people are suddenly very available, so I have a lot of interviews to get through. [00:00:26] Um, but I haven’t actually done it as much reading of the news. Well, the technical news and articles as I would like over the past week or so because of this. So I did have a couple of links, but there’s only like two or three. I didn’t see much point mentioning them really. So I thought I’d rather just focus on this interview instead. [00:00:43] And if you’d like, you can see those links in the newsletter version of this podcast. Oh, Christian shauna.com instead. I also did say a couple of weeks ago that I was going to try and keep this podcast, um, a covered 19 free zone. But, uh, an interview came up that was actually quite interesting and, and somewhat related and somewhat relevant. [00:01:02] And this is why I wanted to get this episode out now as well. Um, whilst, uh, it’s a co issue. So this was an interview I did with Quentin Rhoades Herrera from critical start, and it’s an interview we did last week. Things have probably already changed quite a bit in the less than a week since we did the interview and we spoke about the company. [00:01:24] He, so a critical start and their work identifying as surveying and combating the increase in cyber attacks and cyber security issues around the covet 90. Correct around the, at 19 a pandemic. So kind of sideways related in a technological way to what is happening right now and what cybersecurity experts are doing to help people as they’re also more vulnerable working from home. [00:01:53] Uh, and there’s more target talking attacks and things like that because there’s a lot of people kind of in stress. So it’s an interesting interview and I do hope you enjoy it. [00:02:05] Quentin: [00:02:05] Sure. Uh, my name’s Quinn roads where I am the director of professional services for critical start. So I run a team called team Aires. Um, we are both the offensive and defensive securities. So I have guys on one side of the house. They do. Uh, penetration testing and ethical hacking. And then on the other side, I have, um, individuals who do digital forensics and who are like ex federal law enforcement from the FBI and, uh, in CIS, all of that good stuff. [00:02:38] Um, so I kind of operate. Across the broad spectrum of information security, if you will. Okay. [00:02:47] Chris Ward: [00:02:47] And, um, so what have you been specifically kind of looking at the past few weeks then. [00:02:54] Quentin: [00:02:54] So the past few weeks we’ve been trying to work with some of our threat Intel partners in regards to some of the threats that have been rumored around coven 19. [00:03:03] Outside of that, we’ve been, um, trying to develop content that is not sales sellsy. We’re not trying to sell anybody on anything, but give them advice on like, how to. A train on your downtime, et cetera. And we’re also contributing to folding at home, um, with our hash Cracker because when we’re not doing anything with the hash Cracker, might as well figure out some usage of it. [00:03:27] Right. [00:03:29] Chris Ward: [00:03:29] What do you mean by threats in particular here? I’m guessing, you mean digital threats, so, yeah. What do you specifically mean? [00:03:37] Quentin: [00:03:37] So digital thread. So we know that a lot of domains been bought up recently around coven 19, um, like coven 19 IBSC, et cetera. I mean, the, the list goes on. Um, I keep track on a few people on Twitter who, uh, do this for a living as well, and they’ve been pulling out large lists of, uh, domains purchase. [00:04:00] Uh, recently for coven 19, or has the word coven or Corona virus or et cetera. Uh, we also use a, a digital threat intelligence partner. Um, who. Correct name for the sake of their own requests, but they have been tracking your El purchases and DNS purchases, um, for quite a while now. And they have an extensive amount of recent purchases around Corona virus. [00:04:34] Uh, you [00:04:36] Chris Ward: [00:04:36] know. Did you mean this in terms of trying to spread disinformation or what, what sort of threats that we’re looking at? [00:04:49] Quentin: [00:04:49] So we’re not sure what the threats really are yet. So some of them could be being used as a way of, um. Getting ready for fishing attacks, mash fishing attacks, um, mimicking like CDC or the who or any other health organization trying to spread, um, you know, malicious malware or try to spread this information is also a possibility. [00:05:16] Um, we don’t have really good Intel yet on what these domains are doing and what their purposes are. We just know that a decent amount of them have been purchased. [00:05:28] Chris Ward: [00:05:28] Is there, I mean, is there to help you here? Obviously a lot of people are in a somewhat new situation right now. A lot of countries, a lot of people. [00:05:38] Uh, is there any kind of learning you can take from anything in the past to help interpret the data in some way? Or is this kind of a new threat in, in many different combinations of way? [00:05:51] Quentin: [00:05:51] It’s not a new threat. I mean, these threats happen all the time. If you take, when you S reported that they were going to create space for us, right? [00:05:58] Um. When that happened, I know people went out and bought space force type URLs. Right? Um, it’s a common theme. We, we find when there is mass amount of information being put out, that’s either a national news or global news where malicious actors will go out and buy these domains in order to eventually take advantage or, you know, use them for bad. [00:06:23] Uh, so this isn’t new. This is just. New to me on a global scale. I haven’t seen something so big and I, and I think a lot of people are kind of in the same boat, right? The last time we had a global pandemic that, um, had this much impact on the economy, as, you know, to the point where the U S economy or U S Congress just approved a $2 trillion stimulus package. [00:06:48] Right? We haven’t seen that in our lifetime. So. It’s kind of interesting to see what’s going to happen in the next few weeks, especially in the United States with the stimulus package. Every year we see, um, tax threats and, and, and fraud, uh, fraudulent attempts via phone, email, snail mail, et cetera, where people are trying to trick people out of their hard earned money from their tax refund. [00:07:14] And now with the stimulus package, I have no idea what that’s actually gonna look like. Um. I’m actually afraid that it’s going to be taxed. It’s just going to be the same type of, you know, attack vectors just on a much larger scale. [00:07:29] Chris Ward: [00:07:29] And apart from monitoring domains, are there other things you look for like a Twitter bots or Facebook pages? [00:07:38] I see on the website you also have sort of mobile security. So there are other, uh, vectors you look at as well. [00:07:45] Quentin: [00:07:45] So we, we do look at social media a decent amount. I spend most of my morning looking through, um, through that, through various, you know, threat intelligence companies, sources. Um, social media is one of the most interesting ones because you do see a spring up of like fake Twitter accounts, fake, uh, LinkedIn accounts that have, um, mimics either professionals within high ranking organizations. [00:08:11] I haven’t. Necessarily seeing that with this, but, um, I have seen in the past with like the space force, people created fake space for Twitter accounts, um, just as troll accounts. But I mean, it’s, it’s been used the same way for malicious activity as well. [00:08:29] Chris Ward: [00:08:29] Okay. And. Is there, is there any, I mean, this is not really very easy to say, is there anything people could do because, um, you can’t, no one can really stop people buying domains, but, um, short of, of that, which is, you know, you can’t stop something that doesn’t exist yet. [00:08:49] Uh, are there other factors that people can, can do in their own personal or business security or. Policy or awareness to to kind of help reduce offshoot threats from the, from the main threat we’re all facing right now. [00:09:07] Quentin: [00:09:07] So I think, you know, in terms of cyber defense, right? The main thing people need to realize is that nothing really changes in the way we should approach cyber security. [00:09:19] We should still approach it with the fact that. You know, any email that we receive could potentially be malicious and we should be in one of those type of physicians were requesting things that we get right. Being a little bit standoffish in terms of, of who sends us what at any given time, unless it’s verified through a trusted source, such as, um, you know, PGP, uh, pairing, et cetera. [00:09:44] Um, so, I mean, I think we still need to be very. Vigilant around emails. We still need to be leveraging encryption where possible, like VPN. Um, especially with everybody working from home. Organizations need to make a huge move into having their employees using virtual private networks in order to protect the data that’s going from this untrusted zone, which is the, you know, the employee’s house to a trusted zone, the corporate network. [00:10:11] Um. They need to be able to lock that down and create these, you know, VPNs and on top of that lane layering, multifactor authentication. I mean, we’re using our hash Cracker to do folding at home, to give back to the community. I mean, this thing has gone in just about two weeks. We’re in the top 2% of all contributors. [00:10:30] We do the same speed and and destruction to passwords. Really, when you think about it, we go through about 700 billion guesses per second on windows password caches. So layering on multifactor authentication on top of your VPN is really, uh, the number one move people should be making right now, as well as trying to find ways of enabling their defenders. [00:10:56] You know, the people who are monitoring their defensive tools to work remotely and. You know, address alerts on the fly from, you know, without being at their desks or in front of the server. I have [00:11:09] Chris Ward: [00:11:09] sort of three questions came out of that. I mean, sure. The first one, just related to what you were saying, ignoring the, the defenders, the hackers, the white hat hackers. [00:11:19] The test is, et cetera, who kind of know what they’re doing? Who, one of the things you said there for lots of people, things like VPN, two factor authentication, PGP, these extra levels of security, uh, something that. Generally it’s still somewhat too complicated for many people to be bothered with. And usually when you’re on your corporate machine and your corporate office, it’s just kind of set up. [00:11:46] And then when you get into the home situation, of course it’s different. And I think this way you, you know, on a very mundane level, I’ve spent all week. Helping people figure out how to use VoIP software. And that’s actually not even a particularly a security issue. That’s just a very minor kind of thing, really. [00:12:05] Um, and even though password managers exist, and we have major tech companies pushing for forcing you almost to use better security, almost forcing you away slowly from using passwords. But still, these are mostly things that people like you and I. Really care about and we’ll go to the effort to actually, so actually, you know, enforced, forced them and use them. [00:12:28] So, sure. I mean, and we all know the human factor is usually the weakest factor in any kind of security policy. Um, I mean, how. How do you think you can help businesses and their employees with that side is like making it so that it is this stressed person at home who’s probably now got two kids at home as well. [00:12:52] Um, and actually focus on this thing that really doesn’t seem that important to them at this particular moment in time, but actually kind of is, you know. Yeah. And make it easier for them as well. Are there any recommendations [00:13:04] Quentin: [00:13:04] you have. So, I mean, I don’t know about making it easier in any degree of a good point. [00:13:09] People are stressed working from home, right? Not only are they working from home and, and they’ve possibly never done that, but they’re also dealing with, you know, in an economy crisis with the global pandemic, a lot of outside external stressors that they’ve never had to deal with before. Um, I do know a few companies that what they’ve done is they’ve kind of converted a lot of their it staff. [00:13:29] And I know one company in particular took all of their pin tests and, and put them through help desk training so that they can help them, walking them through, resetting their password, walking them through, setting up VPN. You know, I think companies. Need to do their best in walking their, their employees through the motions. [00:13:49] Right. Because a lot of the times, like you said, this is not the foremost thing in their mind, right? They don’t necessarily care at this very moment if they’re going through a VPN or if they’re using, you know, the best security encryption possible. What they care about is one, they still have a job too. [00:14:05] They’re getting paid three that they. Don’t fall, you know, ill to Cove at 19 you know, et cetera. So companies really have to kind of hold the, the employees hands to a point and walking them through this in a way that’s easy for them to understand. I think that’s the only real way of doing this very easily because. [00:14:27] I mean, yeah, I can write a script to VPN you in and set everything up, but I’m going to have to do that across. How many employees do you have in my heart coating Pat? Am I weakening security by doing so? Um, [00:14:40] Chris Ward: [00:14:40] patients and support is probably the best thing they can actually provide. Yes. The human factor again. [00:14:47] Yes. Yeah, and I guess tried to have policies that can be a little [00:14:52] Quentin: [00:14:52] flexible [00:14:53] Chris Ward: [00:14:53] within reason. Like everything is at the moment. And then two other things you mentioned there. So I do know what folding is because a friend was sending it around a couple of days ago, but [00:15:03] Quentin: [00:15:03] just [00:15:03] Chris Ward: [00:15:03] for anyone who doesn’t understand what that is, what is folding when you’re referring to it. [00:15:08] Quentin: [00:15:08] So folding at home is, is a project that was started by Stanford, if I’m not mistaken. Uh, and like in 2000 or maybe even earlier than that. Um, so what it is, is similar to cryptocurrency mining. We have a very powerful graphics, uh, well powerful machine with a lot of graphics cards and Titan. Uh, V. [00:15:30] Graphics cards. Um, so what folding at home does is we run their program and they send us work units, what they call wus, and we simulate protein folding, and we do it for covert 19. We do it for. Few others. We don’t really get to choose right at this moment, uh, which, uh, uh, you know, disease we’re actually working for. [00:15:54] They send it based off of the, you know, the available workloads that they have. Um, and we using our graphics cards, using our, uh, computing processing power, we send that data back to folding at home, which then shares it amongst the larger, um. You know, research groups, uh, the medical scientists, the medical researchers, the people that are way smarter than me in, in the terms of this stuff. [00:16:19] So it kind of gives us technical individuals the ability to contribute in a medical way, uh, without ever having to go to med school and, and go through all of that nightmare that I would never want to go through. Um. And at the same time it, it also kind of expands our own horizon before this ever happened. [00:16:39] I mean, we’re only talking almost two weeks now. [00:16:43] Chris Ward: [00:16:43] Now parts of the world. I mean, obviously it was, it was in Asia, but I think we all just kind of were like, Oh yeah. Okay. [00:16:52] Quentin: [00:16:52] Yeah, absolutely. And I never heard of folding protein folding or protein misfolding. So I mean, when, when I got started on the project and I had a, the red tea manager, uh. [00:17:03] Yeah. Spin up our hash Cracker, which he lovingly named , um, start, you know, processing workloads. I started researching what folio was, what the purpose was, what it did, and I saw things of like, they created a computational, um, a build out of what the coven 19 virus looks like. And I was like, Oh, that’s, that’s. [00:17:27] Crazy. Amazing. What was really crazy about it was in the time we joined for about a week, the nonprofit folding at home had such a hard time keeping up with the amount of contributors may, I think it’s over 2 million now. They actually had to get donations of EWS resources from companies because they couldn’t handle the amount of attention that they were getting, which is phenomenal. [00:17:53] Chris Ward: [00:17:53] Yeah, this is a problem you’re seeing with a quite a lot of services right now from services like coding at home that are obviously doing something very, um, very positive to just the services people are using just to do something from home. They’re all kind of getting inundated, but they’re not necessarily making any more money to pay for more infrastructure. [00:18:13] So it’s somewhat difficult. Okay. So then I guess when you were referring to hashing, you’re also talking about cryptographic hashing. And that’s what your systems are. Yeah. Okay. [00:18:24] Quentin: [00:18:24] Yeah. We, we built the hash Cracker out for the sole purpose of trying to show companies how bad passwords are, um, and how, how fast we can crack them within 24 hours. [00:18:36] And some of them, some companies are amazed, uh, it had some of their passports. [00:18:41] Chris Ward: [00:18:41] It’s actually, I, I will say it just you a few minutes ago, it was, it someone else who earlier mentioned to me that all the Bitcoin miners should be contributing to this right now. [00:18:51] Quentin: [00:18:51] It wasn’t me. But I, I do believe that. I think calling hive.com actually is donating a ton of research. [00:18:57] I think they’re number one on folding it homes website. I would have to look at that [00:19:02] Chris Ward: [00:19:02] cause I mean cryptocurrency is a somewhat up and net right now anyway. So is there a reason not to use it. That’s something better. But anyway, I digress. [00:19:09] Quentin: [00:19:09] Let’s, let’s [00:19:10] Chris Ward: [00:19:10] sort of wrap up with talking a little bit about critical start. [00:19:13] You talked about pen testers and things like that, so, yeah, on a, on a, on a normal time, what are you guys doing? [00:19:19] Quentin: [00:19:19] So, our main focus, our main business model is around manage, detect, respond. So we have a zero trust model, um, where, and a 24, seven. Right, 24 by seven SOC. Uh, effectively what they do is they take in, um, everything, all of your logs, every alert from loads, uh, informational all the way to critical. [00:19:40] And they go through, uh, a trusted behavior registry. So we. Thank you. It kind of like a going through and saying, all right, we know everything in this section is good, so we’re going to go ahead and ignore this because we’ve proven it to be good. We don’t know about any of this, so we’re going to check all of these, and we do that with every single client and as our trusted behavior registry gets [00:20:04] Much larger and much more thorough. We reduced the amount of alert fatigue that is caused. Right? So I think on average, we’re 95% or more, um, alerting on actual events that need to be addressed. Um, so that’s the main core business of critical start. Uh, they’ve been, we’ve been around for nine years. Um, been extremely successful. [00:20:28] Outside of that, you know, the red team and blue team, we do things from. Red teaming to pass from complexity assessments to, um, offensive slash defensive training, um, all the way to like, governance, risk and compliance. So helping companies understand what compliance needs they may have. Uh, what, how do they meet those compliance needs as a PCI? [00:20:51] Is it HIPAA? What it, whatever it is, right? Um. And, um, and then also a value added reseller, right? So we have, uh, intrinsic, uh, partnership with companies like Palo Alto. We do a lot of Palo Alto work. Um, helping companies choose the best technology that fits their needs. Um, instead of just trying to force a, you know, a circle into a square hole, um, is kind of the way I always look at it. [00:21:19] So that’s, that’s critical start at a very high level. I, I’m sure I didn’t do the MDR justice cause it’s not my core focus. But, um, it is probably the most amazing MDR I’ve seen. I’ve been in security for quite awhile and I may be a little biased, but [00:21:34] Chris Ward: [00:21:34] two, two things there. Well, what is your career focus. [00:21:37] Quentin: [00:21:37] So my core focus is running a red and blue. So I’ve been doing pen testing for, um, probably seven years doing zero-day research. So just a few days ago, I released some zero days. I have 15 more zero days being released next week. Um, these have been patched by the vendor. Um, so I mean, we’re not dropping during coven 19 madness. [00:21:59] We’re not releasing exploits that are gonna cause more [00:22:01] Chris Ward: [00:22:01] problems. For those who don’t know, let’s unpack. Firstly, let’s unpack zero days. [00:22:06] Quentin: [00:22:06] I necessary days, but [00:22:07] Chris Ward: [00:22:07] just, just to, just the, it’s one of these things that people read about a lot probably without ever really understanding what it means. [00:22:14] Quentin: [00:22:14] Sure. Yeah. [00:22:15] Sure. So zero day is a vulnerability that the world does not quite know about yet. Um, a vendor may know about it because we’ve told the vendor, um, a client may know about it because we been founded during a client engagement, but nobody else in the world knows about it. So. Um, we go through, especially in this, in today’s climate with coven 19, everybody working from home, we go through a rigorous process of making sure that both the client is patched, um, and the vendor has issued that patch. [00:22:44] Or if the vendor doesn’t. Reply to us. We find ways of mitigating the risks for the, for the client. Um, but we released those really to aid people in understanding may. If the vendor didn’t patch it, then we provide information on how to mitigate, uh, if they have released patches, we want them to update as much as possible, as quickly as possible. [00:23:06] Um. So we released those. That’s been my core focus, I guess, for most of my security background has been fasting and the offensive security. Yeah. I find it much more exciting than, than blue team work, but it goes hand in hand, which is why we created team areas, which is the combination of blue and red team. [00:23:26] Chris Ward: [00:23:26] And just so. Penetration testing. I actually, um, so I’m half Australian and I lived in Melbourne in Australia for a long time. For some bizarre reason. I seem to know a lot of dentists that, I don’t exactly know why there’s so many of the, or just met them, but I don’t know. Um, so, you know, this can be people who in varying degrees go on or off site to actually. [00:23:46] Sometimes, I mean, actually typically contracted by a company to try and find vulnerabilities, um, correct. And onsite. This can be, so I know when I met who worked for a local council there where people were post-it noting passwords to screens and stuff like that, you know, that’s a, that’s a nontechnical vulnerability all the way up. [00:24:05] To the or down to the more technical ones. Um, so that’s kind of their job. And he actually told me that police had sort of arrested him several times trying to break into buildings and things, and you’d have to present a letter or stuff like that [00:24:19] Quentin: [00:24:19] that we could ever get a jail free card. [00:24:21] Chris Ward: [00:24:21] Yeah. Um, what would you refer to? [00:24:23] Blue and red team. What does that mean? [00:24:26] Quentin: [00:24:26] So we, we, so the way I see it is it’s a partnership. It has to be, right? So I tell clients all the time, you can hire a pen test firm that can go in there, you know, destroy your network, drop the mic, walk out, and that’s it, right? I can give you a hundred page report and wish you the best of luck. [00:24:43] Um. Well, we decided to do from critical start is we decided to take a perspective of blue team is going to get better as red team gets better and vice versa, right? So if I learn a way of bypassing some technology or I find a zero day that. Is not yet released, but maybe somebody else finds it the same time and they exploit somebody who comes to our blue team. [00:25:06] We can help them and we can educate them on the red team mindset on our tool sets, on our, um, you know, way of approaching exploiting networks and people. Right? Because like you said, some of it is nontechnical, some of it’s tricking people into letting us in, in the buildings, um, where the blue team can actually help us understand. [00:25:28] How they hunt us. Right? Um, and so that maybe when we go do that next pen test, we take some of that knowledge with us, we apply it to our pen tests, and we can help our clients blue team become even better. The same goes for our research. We’re building out our blue team research as we speak. The goal behind that beam, whenever we release a way of doing some red team activity, we’ve follow up with a way of also defending against it because. [00:25:57] I don’t agree entirely of just really seeing all the ways of breaking into stuff without ever providing a way of preventing or, or, or blocking that technique. Right? The same goes with the tools we develop, right? If we develop tools, we should also explain how you can defend against those tools being used against you. [00:26:18] So we created this combination of a team so that we can share knowledge centrally and we can grow. Both the are, both of our expertise is at the same time without having to work as a forensics person. Cause that I don’t have the mindset for that. But I do have the mindset of a, of a red teamer and I can help them understand what I would do and I can understand how they would try to find out what I did. [00:26:45] Chris Ward: [00:26:45] And then finally, so what is manage detection and response? It’s not your department, but you say a critical start is very good at it. What is it. [00:26:54] Quentin: [00:26:54] So we manage. Um, so what we do is we deploy a bunch of end points out. Um, we have a wide selection of them, um, where we manage their antivirus, their endpoint detection response tools, uh, and any other suite of tools that we support in our platform, um, that we call the tap or zero trust analytical platform. [00:27:17] Unless they’ve changed the name on me in the last like couple months, which is possible. Um. But what we effectively do is we, like I said, we consume all these logs from all of their hosts that they have, um, sending data to our platform. And we go through, let’s say when they’re going onboarding, we go through, and some of that data is going to be already signed off as known. [00:27:41] Good. Because that’s the only way we do it is we say, yes, we do know 100% that this is a good, uh, alert, right? We know that this isn’t a bad or malicious action, so it goes through our trusted behavior registry. The rest of that. Unknown. So maybe the informationals, maybe the lows, even all the way up to the criticals. [00:28:02] We work with the client and filtering out to say, is this something that’s expected on your side or is it not? And one really easy example is, um. Most it people use PowerShell every day. Um, but unfortunately, PowerShell blocks execution and sometimes, so you have to use execution policy bypass, which then will immediately flag triggers on, uh, most, uh, endpoint protection tools. [00:28:30] We will flag that as a bad known bad for your company, right? If we haven’t already been told that yes, it is supposed to be used by this user on this workstation. So then we take those, that information, that user, that workstation, that event, and we put it into our, into our trust behavior registry. And so we will no longer alert on that again. [00:28:54] But if another user logs into that machine and runs the same thing, we’re going to alert on it because it’s not a known good to us. So we’re going to then follow back up. Is this actually supposed to be running? Yes or no? If so, if the user’s supposed to, then we added to our trusted behavior registry so that the client never sees it again. [00:29:15] And one thing, I find that it’s actually more relevant now than it ever has been before with. Our MDR is, we have this thing called the mobile SOC. So our customers can do isolation of host quarantining hosts. They can immediately respond, review, and um. Uh, identify what we are doing on their behalf, um, on alerts from home, from really anywhere. [00:29:43] They could be isolated in a closet and still, as long as they have their phone, they can see what we’re doing on their network to ensure that we’re always following up on these alerts. We’re quarantine hosts, et cetera, and the client can as well from their phone. So we’ve already enabled them to do blue team work remotely. [00:30:02] Uh, even before it became a necessity. [00:30:06] Chris Ward: [00:30:06] Okay. Thanks for that. That’s a a good, thorough explanation. Now, the last question I usually ask people, but most of the time I’m usually kind of speaking to product teams, things like that. So I don’t know exactly what your answer will be or if you can answer it. Uh, obviously at the moment you’re kind of busy with very particular, um, activities. [00:30:28] Casting that aside for now, what’s kind of on your or the company’s plans, roadmaps for the next six months, like apart from code 19 are there other threats you have on your horizon and there are other features you’re looking to roll out or the services you’re looking to offer, that kind of thing? [00:30:48] Quentin: [00:30:48] So we are from my department. [00:30:50] Uh, we are releasing training. It’s actually been approved for black hat, uh, USA 2020, but that may get canceled. So, um, we’re probably gonna offer that training remotely, um, for individuals later in the year. Um, we are looking at offering other kind of, uh, blue team services and purple team services, um, in order to kind of. [00:31:13] Tests, uh, companies, defenses, um, uh, and how they react to them. Right? So how do their blue teamers work and how are they going to follow up and respond? Um, outside of that, I mean, the normal services that we continue to offer, pen testing, security, research, et cetera, is, uh, always going to be our, our kind of main. [00:31:39] The business model with team areas, at least, uh, for the company. Um. You know, outside of covert 19, continuing to get individuals to sign up on incident response retainers so that when the worst case scenario does happen, they do have a quality company they can go to as well as getting companies to move away from those, um, socks that. [00:32:04] Cause alert fatigue that ignore the informationals and and low findings, medium findings, and moving to a product model that is a little bit more aligned to identifying everything as much as possible. I think that’s, you know, the, the company’s main objective for the next six months, probably even a year. [00:32:24] Chris Ward: [00:32:24] That was my interview with Quintin. From critical start. I hope you enjoyed that. Now, uh, I have some new posts up on the website. Um, by the time this goes out, should be something, um, an article based on the interview I did with her Dera hash graph a while back. I should also soon have an article on using Swift playgrounds. [00:32:44] And actually a lot of other things that progress that should not be published quite soon. Um, I’m running a lot of online things right now. I did an online stream last week working on the Assyrian blogger pants. Do some more soon. Also recorded any storytelling podcast. Actually gonna do some test recordings of another new podcast scene and some new music and all sorts of things are actually quite a bit happening sometimes. [00:33:05] I always forget what it is that I have been doing in the week to tell you about it. Oh, yes, I remember. Um. Bill’s updated. My one day the world ended raw play game. So that’s at one day, the world ended at.com. Uh, hopefully it’s not true right now, um, with some new rules for different sorts of play. Uh, so you can play without the a storyteller or dungeon master or whatever you want to call them with, um. [00:33:30] And also, um, some examples, scenarios to get you started. So that’s up there right now and it’s going to be a lot more to come very soon. Stay safe. Everybody stay healthy and um, yeah, keeping all the, that on Kristen, sheila.com for any more updates, sign up to my various social channels and needed it. Is there. [00:33:50] And I’ll talk to you all again next week with another interview. As I say, I have plenty to bring to you right now, so the definitely be another one next week. Until next time. Thank you very much for listening. .