Episode 8 - Enterprise Nervous System: Using Network Signal to Direct Business Strategy
Episode 8 - Enterprise Nervous System: Using Network Signal to Direct Business Strategy
0:00 / 0:00
About the episode
In this episode of Corelight Defenders, I'm joined by Bernard Brantley, Chief Information Security Officer at Corelight, as we delve into the concept of the enterprise nervous system. Bernard shares insights from his extensive experience in network analysis, explaining how organizations can leverage their network traffic data to enhance security and drive business outcomes. We discuss the importance of understanding the interdependencies between assets, processes, and goals, and how security teams can position themselves as integral to business success rather than just risk mitigators. Join us as we explore how security can effectively align with business strategies, fostering a culture of proactive engagement and intelligence sharing.
Episode transcript
Download transcriptEpisode 8 - Enterprise Nervous System: Using Network Signal to Direct Business Strategy
Welcome to Corelight Defenders. I'm Richard Bejtlich, strategist and author in residence at Corelight. In each episode, we explore insights from the front lines of NDR, network detection and response. Today, I'm joined by Bernard Brantley, Chief Information
Security Officer at Corelight. Welcome, Bernard. Thank you, Richard. Uh, thanks for having me. Excited to join you on this podcast journey today. Well, I am glad you're here, and we talked about different potential topics, and something you mentioned caught my interest, and it was the enterprise nervous system. I was wondering if you could tell us a little bit about that idea. Absolutely. Um, so, you know, I've held a number of different roles over the years, uh, some of them at some of the largest enterprises on the planet. Uh, all of them focused on some type of network analysis as a path to threat hunting outputs, threat intelligence outputs, uh, high-value asset protection outputs. And, um, what I learned during all of that, that was that there was a immense amount of value in, uh, the network traffic itself, um, sometimes with unintended usages way outside of the realm of security, uh, incident response, threat intelligence, threat hunting. And it made me take a step back and think about security program more broadly, um, that we have access to a wealth of information, and in some cases, more complete information than the rest of the business. So what we are really able to do is see the ins and outs, the process-level execution, the goal-level execution, the tactical-level, uh, software development execution as a function of the network, and then make decisions and reason around that to implement new policies, to drive incident response, to go do some coaching and security trainings. And really, it all summed up into, you know, if I think about the business overall as something that makes sense to me, how do I rationalize this to explain to my four-year-old or my wife, who's not techie, how this all works? Uh, I like to say, hey, the enterprise is the body, and in that body, there are a bunch of different functions. Um, the most important function is the nervous system because it kind of directs how everything else behaves. And so starting at the network and understanding that, you know, the organization does not necessarily move without some type of signal transitioning the network, and then, more importantly, that the governance structures that we have in place and the way that people use their technology is really implemented through the lens of security and GRC. Um, what we really are is a nervous system within the business. We both help direct how people go about executing their daily tasks. We are able to pull into our memory via policies, controls, uh, direct action, security trainings, the learnings that we've had, and in most cases, given the threat landscape and, um, the, the overall picture of the market with respect to security and the challenges that it's facing, we have some level of forward intelligence on what things might be coming to disrupt us or distract us from hitting our goals. One of the common perceptions in security is that IT is not in a position to know what's important to the business, and that if you, say, you find an asset that has a problem, you have to go to the business and ask them, "What is this thing? What does it do? Is it important?" And what I heard... What I just heard you say was, it's potentially it's the opposite, that IT, if they have the right information, knows potentially better than the business what's important to them. Is that, is that part of what you're saying? Yeah, I think that's, that's absolutely true. Um, it requires a bit of a pivot from how people have historically behaved in IT. This is a shift that I'm implementing in, at Corelight. Um, so, you know, this is in process and being tested, but the reality is, we all have access to the company's top-level goals. We all have access or can pivot through others to gain access to the leadership layer in the organization, and we all have access to fully understanding how the business operates. Now, how we take advantage of that is left up to us, but with the kind of intelligence that you can gather through some proactive conversations, and if I was to bundle this up into something that the security program owns directly, I'd say, go run a business impact analysis.
You can get a very good understanding of the spread of assets, the spread of processes, the importance of those assets tied to those processes for a business to continue to exist, and then ultimately decide and section out, yep, we have a good understanding of why this set of assets is key to, call it, marketing's ability to release a, a press release, or engineering's ability to cut a software release, or sales' ability to go, uh, close a number of deals, and pull that in, and then leverage the data that we're seeing to say, "Yep, in the execution of any of these different phases or in a general steady state, we can see which assets and which processes and which identities and which people are the most high value to the business executing the goals", and come up with that picture to say, "Yep, we're able to tell you how you're doing against your process execution. We're able to tell you..." And this is the, the position
I have on insider threat in developing these baselines. "We're able to tell you what normal behavior looks like versus abnormal behavior, versus some type of disruption happened somewhere because some of these key identities or assets are experiencing some level of challenge or disruption." Th- this is really interesting because I was definitely in that other camp, uh, because I had done so many incident detections and responses and dealt with the asset owners, and I, I couldn't tell from where I was what I was looking at. Based on what you've said-... you can put yourself in a position to, to know enough about an asset to not only be good at security, but, but potentially to contribute back to business goals. The question, though, is, what kind of information do you need to be in that position? Yeah, I'd take a step back and say that the asset context is a, um, is a subtype, right? If I was thinking about building out classes of things to organize my, um, to organize a framework for discovery around, asset is a subclass. Um, I kind of think of things in three altitudes: people, process, tools. Uh, tools is the, the asset context. If you level that up to process and, you know, step out of the direct IR, um, mindset, and this is more of a function of the management layer responsibility or maybe you're a super proactive individual contributor. Um, going and having conversations with this particular business unit, and I would start with one where you're seeing a lot of impact, and just asking the question: "Hey, can you help me understand what happens in a given day? Um, I've been to one of your QBRs, or I see at the end of a quarter that you've, uh, executed and tracked these types of metrics. What types of activities contribute to that? And who are the people that are involved in those activities, and what are the assets or applications that are tied to executing those activities?" I think that having that just very real, very open, very direct conversation to say, "Hey, I'm trying to understand more about your business, and more importantly, I think there's p- a potential for me to give you some intelligence or some understanding that could help you move faster," gets you to the, "Yep, Person A lives in this s- this port- this part of the environment. Uh, they've got a laptop. They log into this application. That application exchanges data with these back-end assets. Uh, I see on my network signal or my system signal where and how that's happening."
I can add some context and some information on top of that to say, "Yes, this is tied to marketing going to generate a press release," or, "Yes, this is tied to engineering executing a code review before they do code freeze so that they can release some software." Uh, I think the, the goal here is to really think backw- think back from the business output and find the, um, find an opportunity to go have some just very real, very direct conversations about how people work, and then pull that back and structure it around what it is that you're seeing to give both you and the business context beyond,
"Yep, I'm driving incident response. This thing was compromised, and I gotta lock it down." You're saying that we still have to have conversations with the rest of the organization, better to establish the relationships, find out what's- what the business does, and then you compare that with all of the signal that you're deriving from your instrumentation. Uh, well, I think actually both are true.
Uh, I- ... my easy path is to go out and have the conversations. I think the harder but also possible path is, you know, if I think about a, a, a, a, a normal enterprise, and, um, you know, I work backward from some low-level signal, and I start to piece together, all right, you know, the hop to this system I'm interested in came from a system that holds fifteen different pieces of software on it or applications on it. Uh, who owns these applications?
I should be able to go back to an asset inventory or a tool that, uh, is, is maintaining the applications that we've bought and who the owners are, and I can start to link those things myself. I can step back and pull down an organizational chart and say, "All right, that owner has a certain set of people that work with them and for them. Am I able to see these same identities that work for them in those systems, or do they persist in other systems? Uh, let me look at the volumes and start to build, you know, volumetric, uh, and time-based baselines in a period of a day or a week to analyze this group, and then let me go and see if I can understand, in the context of their QBR deck, uh, what all of this means." I think it's a much harder path to work backward from the, you know, very individual or specific asset to that picture and construct it without any outside input. But I do believe that between, um, knowledge management interfaces like Confluence, uh, internal, internal data stores and shares, like G
Drive or OneDrive, where they hold the QBR decks and kind of documents around what's going on, and then ultimately things like town halls or, uh, forums that your leadership is in and talking about how the business is acting or, you know, in a very large enterprise, press releases about how the business is acting, you can stitch that picture together. Um, I think the, the reality is that our adversaries are doing some of this on their own as they work through target selection, so it's not a large leap to say that these analytic techniques are out there and being used today. I just don't think that that end-to-end picture, um, is native to, uh, an individual contributor sitting in a SOC, and that the easiest way to gain access to that end-to-end picture is to go start having conversations. You and your org are, I would consider, the
AI leaders in Corelight. You're always briefing about how to use different tools and how you've put them to work, lots of innovation there. Could you foresee a time where you could take those business documents, those business artifacts, you mentioned QBRs, potentially all-hands calls, transcripts of those, could you dump those into an
AI and potentially pair it against the network instrumentation and, you know, and endpoint instrumentation and logs and such, and potentially have that system figure out what's mo- you know, what are we doing, what's most important, what do we care about? ... I absolutely do. I don't believe it's as easy as just, you know, pulling and dumping. I think that you've got to have multiple different steps, uh, along the way. Um, I'm a bit of an abstract thinker, so, you know, how I would go about doing that is use the LLMs or use generative AI, uh, to kind of figure out, "Hey, in general, I'm interested in some analytic techniques that allow me to process mine.
I have a set of data here, uh, which ones would you use?" And work backward from that to potentially go pivot into Claude Code to build a, a system or an agent that is able to go do that thing, and then go test it against your data source and see if you can identify individual processes. And then, you know, construct another type of
LLM prompter query to go start understanding, "Hey, in general business terms, how does the business operate between marketing, sales, and customer success? And can you, given a set of, you know, identity profiles or press releases, work backward into individuals who are responsible for goals that look like the following?" And then go build that system via
Claude Code and kind of test those things and structure it into an agent. And ultimately, the last point would be, how do I get more ready access or quicker access to activity baselines? So less, um, you know, the direct ins and outs associated with protocols that we know, but I think that there's a certain set of activities happening within this network data. Um, you know, there's some SSH things that mean that files are transiting, there's some SSL things that means that there's encryption happening, there's some HTTP things, which means that either APIs are being called or people are visiting the web.
Uh, how are those activities usually related, and how might I go about building an activity baseline from the raw data? And again, pivot into Claude Code, go build your, uh, build a, a, an agent to go test these things, see how close you can get to something that makes sense, and then build an ecosystem where those agents interact with each other. And, and by the way, I just mentioned
I was saying Claude Code a bunch, just because that's what I use, but I'm no way promoting or pushing people to go use Claude Code. Uh, but to answer your question directly, yes, I do see a future in which that is possible.
It takes some really understanding the problem, extracting the small components of that problem, and creating a, uh, set of scenarios that you can apply engineering logic to, and then with systems-based thinking, stitching them back together to get to your end state. Bernard, I introduced you as the Corelight CISO, but I should have also mentioned that you run
IT here. Could you s- foresee a future where there is more of that fusion? Because what you're describing, I think, is only possible when someone has the perspective on, on both of those areas. Yeah, I, I believe the fusion is necessary. The question is, can we start to find or develop security leaders that have the end-to-end business context in mind? What IT leaders have historically been good at is working with individual business owners and saying: "What do you need to get your jobs done? Here is the technology stack that supports that, and here is how we work with you to enable the end-to-end usage of that." And along the way, they get a pulse on the forward strategy of the business and start to proactively identify technologies that accelerate execution in the business, and bundle all of that up and, and provide that back to the business as a service.
Security has historically been a, "Let's go mitigate risk and ensure that the worst case does not happen." And therefore, we are not actively trying to see how fast we can let the business run and spotting new technologies that the business should be adopting. We are actively enumerating vulnerabilities within the current stack of things and trying to figure out the best way to implement controls, sometimes with disruption, other times in partnership to minimize disruption. But, you know, it's two very separate mindsets that, uh, you're asking to bring together. Uh, I think I've had some unique access to the large enterprise in such a way that I've seen both sides work, and then thanks to the executive team here and just the nature of this role at Corelight, I've gotten a lot more integrated into that bend- end-to-end business execution in such a way that my abstract brain can go start thinking about the potentials of the future, especially given that AI is now an IT function thing to go, uh, get implemented, integrated, and enabled. And so this future that we're all headed towards, um, with the context of the AI and how fast things move there, means that, uh, both security, governance, and IT implementation and tech stacks are going to have to exist and work together to move at the same speed. Um, I think that the future is more reasonably reflective of an AI leader, an IT leader, and a security leader working in close concert, uh, than that all existing within a single person.
But if I were to, uh, design my perfect future technology or business-enabling technology leader, uh, I think it would, it, it would incorporate all three with an eye toward: How do we deliver the most rich end-user experience to deliver the best customer experience, uh, as securely as possible? Well, I think that is a great place to end. I, I think we're gonna have to have you back, Bernard. There's a lot more that I think we could talk about. And, uh, just in a short conversation, you've changed the way I think about, uh, security and what we're actually doing here, which I think is awesome. So thank you so much for joining us today on the Corelight Defenders. podcast. Absolutely.
Thanks again for having me. Thank you for joining us on the Network Defenders Podcast, sponsored by Corelight. We will see you on the network.
You've been listening to Corelight. Defenders. To stay informed with expert intelligence on today's cybersecurity challenges, please subscribe to ensure you never miss an episode. We'll see you on the network.
Security Officer at Corelight. Welcome, Bernard. Thank you, Richard. Uh, thanks for having me. Excited to join you on this podcast journey today. Well, I am glad you're here, and we talked about different potential topics, and something you mentioned caught my interest, and it was the enterprise nervous system. I was wondering if you could tell us a little bit about that idea. Absolutely. Um, so, you know, I've held a number of different roles over the years, uh, some of them at some of the largest enterprises on the planet. Uh, all of them focused on some type of network analysis as a path to threat hunting outputs, threat intelligence outputs, uh, high-value asset protection outputs. And, um, what I learned during all of that, that was that there was a immense amount of value in, uh, the network traffic itself, um, sometimes with unintended usages way outside of the realm of security, uh, incident response, threat intelligence, threat hunting. And it made me take a step back and think about security program more broadly, um, that we have access to a wealth of information, and in some cases, more complete information than the rest of the business. So what we are really able to do is see the ins and outs, the process-level execution, the goal-level execution, the tactical-level, uh, software development execution as a function of the network, and then make decisions and reason around that to implement new policies, to drive incident response, to go do some coaching and security trainings. And really, it all summed up into, you know, if I think about the business overall as something that makes sense to me, how do I rationalize this to explain to my four-year-old or my wife, who's not techie, how this all works? Uh, I like to say, hey, the enterprise is the body, and in that body, there are a bunch of different functions. Um, the most important function is the nervous system because it kind of directs how everything else behaves. And so starting at the network and understanding that, you know, the organization does not necessarily move without some type of signal transitioning the network, and then, more importantly, that the governance structures that we have in place and the way that people use their technology is really implemented through the lens of security and GRC. Um, what we really are is a nervous system within the business. We both help direct how people go about executing their daily tasks. We are able to pull into our memory via policies, controls, uh, direct action, security trainings, the learnings that we've had, and in most cases, given the threat landscape and, um, the, the overall picture of the market with respect to security and the challenges that it's facing, we have some level of forward intelligence on what things might be coming to disrupt us or distract us from hitting our goals. One of the common perceptions in security is that IT is not in a position to know what's important to the business, and that if you, say, you find an asset that has a problem, you have to go to the business and ask them, "What is this thing? What does it do? Is it important?" And what I heard... What I just heard you say was, it's potentially it's the opposite, that IT, if they have the right information, knows potentially better than the business what's important to them. Is that, is that part of what you're saying? Yeah, I think that's, that's absolutely true. Um, it requires a bit of a pivot from how people have historically behaved in IT. This is a shift that I'm implementing in, at Corelight. Um, so, you know, this is in process and being tested, but the reality is, we all have access to the company's top-level goals. We all have access or can pivot through others to gain access to the leadership layer in the organization, and we all have access to fully understanding how the business operates. Now, how we take advantage of that is left up to us, but with the kind of intelligence that you can gather through some proactive conversations, and if I was to bundle this up into something that the security program owns directly, I'd say, go run a business impact analysis.
You can get a very good understanding of the spread of assets, the spread of processes, the importance of those assets tied to those processes for a business to continue to exist, and then ultimately decide and section out, yep, we have a good understanding of why this set of assets is key to, call it, marketing's ability to release a, a press release, or engineering's ability to cut a software release, or sales' ability to go, uh, close a number of deals, and pull that in, and then leverage the data that we're seeing to say, "Yep, in the execution of any of these different phases or in a general steady state, we can see which assets and which processes and which identities and which people are the most high value to the business executing the goals", and come up with that picture to say, "Yep, we're able to tell you how you're doing against your process execution. We're able to tell you..." And this is the, the position
I have on insider threat in developing these baselines. "We're able to tell you what normal behavior looks like versus abnormal behavior, versus some type of disruption happened somewhere because some of these key identities or assets are experiencing some level of challenge or disruption." Th- this is really interesting because I was definitely in that other camp, uh, because I had done so many incident detections and responses and dealt with the asset owners, and I, I couldn't tell from where I was what I was looking at. Based on what you've said-... you can put yourself in a position to, to know enough about an asset to not only be good at security, but, but potentially to contribute back to business goals. The question, though, is, what kind of information do you need to be in that position? Yeah, I'd take a step back and say that the asset context is a, um, is a subtype, right? If I was thinking about building out classes of things to organize my, um, to organize a framework for discovery around, asset is a subclass. Um, I kind of think of things in three altitudes: people, process, tools. Uh, tools is the, the asset context. If you level that up to process and, you know, step out of the direct IR, um, mindset, and this is more of a function of the management layer responsibility or maybe you're a super proactive individual contributor. Um, going and having conversations with this particular business unit, and I would start with one where you're seeing a lot of impact, and just asking the question: "Hey, can you help me understand what happens in a given day? Um, I've been to one of your QBRs, or I see at the end of a quarter that you've, uh, executed and tracked these types of metrics. What types of activities contribute to that? And who are the people that are involved in those activities, and what are the assets or applications that are tied to executing those activities?" I think that having that just very real, very open, very direct conversation to say, "Hey, I'm trying to understand more about your business, and more importantly, I think there's p- a potential for me to give you some intelligence or some understanding that could help you move faster," gets you to the, "Yep, Person A lives in this s- this port- this part of the environment. Uh, they've got a laptop. They log into this application. That application exchanges data with these back-end assets. Uh, I see on my network signal or my system signal where and how that's happening."
I can add some context and some information on top of that to say, "Yes, this is tied to marketing going to generate a press release," or, "Yes, this is tied to engineering executing a code review before they do code freeze so that they can release some software." Uh, I think the, the goal here is to really think backw- think back from the business output and find the, um, find an opportunity to go have some just very real, very direct conversations about how people work, and then pull that back and structure it around what it is that you're seeing to give both you and the business context beyond,
"Yep, I'm driving incident response. This thing was compromised, and I gotta lock it down." You're saying that we still have to have conversations with the rest of the organization, better to establish the relationships, find out what's- what the business does, and then you compare that with all of the signal that you're deriving from your instrumentation. Uh, well, I think actually both are true.
Uh, I- ... my easy path is to go out and have the conversations. I think the harder but also possible path is, you know, if I think about a, a, a, a, a normal enterprise, and, um, you know, I work backward from some low-level signal, and I start to piece together, all right, you know, the hop to this system I'm interested in came from a system that holds fifteen different pieces of software on it or applications on it. Uh, who owns these applications?
I should be able to go back to an asset inventory or a tool that, uh, is, is maintaining the applications that we've bought and who the owners are, and I can start to link those things myself. I can step back and pull down an organizational chart and say, "All right, that owner has a certain set of people that work with them and for them. Am I able to see these same identities that work for them in those systems, or do they persist in other systems? Uh, let me look at the volumes and start to build, you know, volumetric, uh, and time-based baselines in a period of a day or a week to analyze this group, and then let me go and see if I can understand, in the context of their QBR deck, uh, what all of this means." I think it's a much harder path to work backward from the, you know, very individual or specific asset to that picture and construct it without any outside input. But I do believe that between, um, knowledge management interfaces like Confluence, uh, internal, internal data stores and shares, like G
Drive or OneDrive, where they hold the QBR decks and kind of documents around what's going on, and then ultimately things like town halls or, uh, forums that your leadership is in and talking about how the business is acting or, you know, in a very large enterprise, press releases about how the business is acting, you can stitch that picture together. Um, I think the, the reality is that our adversaries are doing some of this on their own as they work through target selection, so it's not a large leap to say that these analytic techniques are out there and being used today. I just don't think that that end-to-end picture, um, is native to, uh, an individual contributor sitting in a SOC, and that the easiest way to gain access to that end-to-end picture is to go start having conversations. You and your org are, I would consider, the
AI leaders in Corelight. You're always briefing about how to use different tools and how you've put them to work, lots of innovation there. Could you foresee a time where you could take those business documents, those business artifacts, you mentioned QBRs, potentially all-hands calls, transcripts of those, could you dump those into an
AI and potentially pair it against the network instrumentation and, you know, and endpoint instrumentation and logs and such, and potentially have that system figure out what's mo- you know, what are we doing, what's most important, what do we care about? ... I absolutely do. I don't believe it's as easy as just, you know, pulling and dumping. I think that you've got to have multiple different steps, uh, along the way. Um, I'm a bit of an abstract thinker, so, you know, how I would go about doing that is use the LLMs or use generative AI, uh, to kind of figure out, "Hey, in general, I'm interested in some analytic techniques that allow me to process mine.
I have a set of data here, uh, which ones would you use?" And work backward from that to potentially go pivot into Claude Code to build a, a system or an agent that is able to go do that thing, and then go test it against your data source and see if you can identify individual processes. And then, you know, construct another type of
LLM prompter query to go start understanding, "Hey, in general business terms, how does the business operate between marketing, sales, and customer success? And can you, given a set of, you know, identity profiles or press releases, work backward into individuals who are responsible for goals that look like the following?" And then go build that system via
Claude Code and kind of test those things and structure it into an agent. And ultimately, the last point would be, how do I get more ready access or quicker access to activity baselines? So less, um, you know, the direct ins and outs associated with protocols that we know, but I think that there's a certain set of activities happening within this network data. Um, you know, there's some SSH things that mean that files are transiting, there's some SSL things that means that there's encryption happening, there's some HTTP things, which means that either APIs are being called or people are visiting the web.
Uh, how are those activities usually related, and how might I go about building an activity baseline from the raw data? And again, pivot into Claude Code, go build your, uh, build a, a, an agent to go test these things, see how close you can get to something that makes sense, and then build an ecosystem where those agents interact with each other. And, and by the way, I just mentioned
I was saying Claude Code a bunch, just because that's what I use, but I'm no way promoting or pushing people to go use Claude Code. Uh, but to answer your question directly, yes, I do see a future in which that is possible.
It takes some really understanding the problem, extracting the small components of that problem, and creating a, uh, set of scenarios that you can apply engineering logic to, and then with systems-based thinking, stitching them back together to get to your end state. Bernard, I introduced you as the Corelight CISO, but I should have also mentioned that you run
IT here. Could you s- foresee a future where there is more of that fusion? Because what you're describing, I think, is only possible when someone has the perspective on, on both of those areas. Yeah, I, I believe the fusion is necessary. The question is, can we start to find or develop security leaders that have the end-to-end business context in mind? What IT leaders have historically been good at is working with individual business owners and saying: "What do you need to get your jobs done? Here is the technology stack that supports that, and here is how we work with you to enable the end-to-end usage of that." And along the way, they get a pulse on the forward strategy of the business and start to proactively identify technologies that accelerate execution in the business, and bundle all of that up and, and provide that back to the business as a service.
Security has historically been a, "Let's go mitigate risk and ensure that the worst case does not happen." And therefore, we are not actively trying to see how fast we can let the business run and spotting new technologies that the business should be adopting. We are actively enumerating vulnerabilities within the current stack of things and trying to figure out the best way to implement controls, sometimes with disruption, other times in partnership to minimize disruption. But, you know, it's two very separate mindsets that, uh, you're asking to bring together. Uh, I think I've had some unique access to the large enterprise in such a way that I've seen both sides work, and then thanks to the executive team here and just the nature of this role at Corelight, I've gotten a lot more integrated into that bend- end-to-end business execution in such a way that my abstract brain can go start thinking about the potentials of the future, especially given that AI is now an IT function thing to go, uh, get implemented, integrated, and enabled. And so this future that we're all headed towards, um, with the context of the AI and how fast things move there, means that, uh, both security, governance, and IT implementation and tech stacks are going to have to exist and work together to move at the same speed. Um, I think that the future is more reasonably reflective of an AI leader, an IT leader, and a security leader working in close concert, uh, than that all existing within a single person.
But if I were to, uh, design my perfect future technology or business-enabling technology leader, uh, I think it would, it, it would incorporate all three with an eye toward: How do we deliver the most rich end-user experience to deliver the best customer experience, uh, as securely as possible? Well, I think that is a great place to end. I, I think we're gonna have to have you back, Bernard. There's a lot more that I think we could talk about. And, uh, just in a short conversation, you've changed the way I think about, uh, security and what we're actually doing here, which I think is awesome. So thank you so much for joining us today on the Corelight Defenders. podcast. Absolutely.
Thanks again for having me. Thank you for joining us on the Network Defenders Podcast, sponsored by Corelight. We will see you on the network.
You've been listening to Corelight. Defenders. To stay informed with expert intelligence on today's cybersecurity challenges, please subscribe to ensure you never miss an episode. We'll see you on the network.
Subscribe now
