Sep 9, 2024
Episode Description
In this conversation, Scott discusses the importance of building trust and creating an open environment in cybersecurity. He shares his experiences in organizations where security was viewed differently and emphasizes the need for collaboration and accountability.
Scott also provides advice for those looking to advance in the security field and highlights the challenges and opportunities in both small and large security teams. He discusses the future of the field, the increasing rate of change, and the importance of continuous learning.
Scott concludes by expressing his love for the challenges and growth opportunities in the security field.
Watch On YouTube
0:00hi everyone and welcome to the Hands-On ceso podcast my name is AD and today we'll be talking to Scott Huntley
0:06director of it and security at setseg Scott has over 40 years of it infrastructure experience and spent six
0:13years in the US Navy as a Data Systems Tech working on ship to ship and ship to
0:18a data Communications he worked his way up to Tech lead transitioned to manager and is now director of it and security
0:26Scott how are you doing I'm doing good happy Monday
0:31happy Monday okay so Scott before I go into what it is that you do today I'd
0:37love to hear how did you even come across security like how did that start I've been doing this job for a long time
0:42and I've worked my way up through the ranks and I always kind of play it on the periphery of security my real big
0:49background is servers and operating systems I started with novel networking and Windows Active Directory but I was
0:56always the guy on the team that interfaced with security teams somebody had to make sure our systems were being
1:02patched somebody had to make sure that the virus definitions were being passed out and all that so I kind of really
1:08worked very closely with security teams over the years and a couple years ago opportunity came up to join set seg and
1:16I got here and one of the first things they said is we're developing a security program didn't really have anything in
1:23place so that's going to be on your radar so basically that was my first
1:28introduction into actually being in a security role so you know worked with our CIO at the time and we started
1:34putting in a security awareness training program so we started training our users on this is a fishing email this is this
1:42this is that and the company has really embraced it security from the top down
1:47which is really what has to happen in the world if Senior Management doesn't embrace it then your program is not
1:53going to go anywhere so started training started doing sending out fishing tests we sent out a picture of a puppy was
2:00supposedly lost in the neighborhood and the link was try to get you to click on the puppy picture and about half the
2:06company failed but that was that Awakening that they needed that this is kind of serious so you know after we got
2:12done with getting the security awareness training put in place started writing policies so much of what we do is
2:18policies so all these different policies started building our program based on these and there's the technical aspect
2:24too of making sure that we have everything locked out so yeah that's how I got into it kind of a long story I'm relatively new to the official security
2:31role but I've learned a lot but you were always next to it sort
2:38of I was always next to it right I was always the guy that whatever major
2:43breach happened you know the security guy came running up to my desk and he's all out of breath he had run up three
2:49flights of stairs and he's like we got this major vulnerability and you know going on and on and on and I jumped on
2:55to our tool ran a report and showed them oh look we missed one server with that patch last month you know so I was
3:01always that guy making sure that we were protected so you were kind of doing
3:06security you just weren't called security I just wasn't called security right I've never written a firewall rule
3:11in my life but that's okay I don't need to write firewall rules I have people that are way smarter that can do those
3:17kinds of things for me very cool and what does your day today look like now
3:22I'm like one of the first people that arrive at the office every morning and so I get here and I got a plan in my
3:28head you know here's what I'm going to tackle today and then you know that old saying all battle plans go out the
3:34window at first Contact well that's kind of how my dayto day goes so you know I go into the day think I'm going to work
3:40on this or I've got this policy I need to tweak or this document I need to review and stuff like that so I get in
3:45and look at email and see what came in overnight jump on our ticketing system see what tickets might have come in
3:51overnight what kind of alerts might have come in overnight just kind of set up the day then we hold a morning standup
3:57with my team just so everybody gets a chance to know what everybody's working on and then we kind of start attacking
4:02the day and maybe something comes up and I've got to run an investigation maybe there's a new
4:08application somebody wants to bring in so I've got to spend some time vetting a new vendor or a new application
4:14everybody's got the world's greatest new product solve all my woses and everything weed my way through those but
4:20security is just part of my role being in a relatively small company we wear lots of hats we make sure that the
4:25printers are working we make sure the copers are working we make sure that physical security systems are working
4:31you know it's just dayto day that's what keeps it exciting no two days are the same and at the end of the day I go home
4:36and think yeah I didn't do anything I thought I was going to do this morning so we'll get at that tomorrow occasionally I can work on that policy
4:42that I want to do nice I see cyber security constantly growing there's a lot of new things happening all the time
4:49how do you balance out such a busy schedule and also staying up to date with who got breached today and what new
4:56technology exists all of that stuff that's the biggest challenge right there is keeping up on everything if there's a
5:03major breach here I'm in the Michigan area you know I'll get people filing in my office door hey did you hear about
5:08this company hear about that company so I feel like I got to kind of keep up on that but you read a lot you do podcasts
5:14we have a local ISC squared user group I go to that every month so I'm talking to
5:19my peers there's conferences I sit on a couple of Statewide committees for cyber
5:25security and education so I'm talking to people in education monthly at least we
5:31get subscribed to the sisa alerts so those come in all day you're just taking in so much information and you have to
5:37really kind of figure out what is that what is the key piece of information that I need to be looking at and then
5:43keeping up on technology Trends you know the explosion of AI I feel like there's so much there that is going to offer
5:50security you look at like Twitter you look at blogs you look at all kinds of different stuff and a lot of times you
5:56just kind of scroll and something catches your eye then you got to dig in spend some time in the evening digging
6:01in at home it's a battle and how much does AI how Disturbed are you buy it of
6:07its effect on cyber security like how much are you even thinking about it I
6:13think about it a lot but I think about it in terms of how can it help us and how can it help us go faster you know a
6:19lot of the security tools are starting to say that they're using AI to scan our networks or to monitor our firewalls and
6:26come up with alerts and things like that so I think it'll be good as the world keeps going faster and faster people
6:33don't have the time and the bandwidth or the capacity to dig in as far as they really need to be digging in looking at
6:39looking through logs and that so that's where I think AI is going to really help cyber security but you still need to
6:45have that solid background to understand what is being told to you so you can say
6:51that is a concern that's not a concern so I'm excited about AI every company's their most important asset is their data
6:58well first their people then their data AI has a potential of compromising the
7:03data so that's the part that I concerned about is somebody having good intentions suddenly releasing a bunch of our data
7:10to the world they want to analyze a spreadsheet right so they throw the spreadsheet into chat GPT and analyze it
7:16and all of a sudden now that data is no longer our data it's now out there in the wider world we wrote an AI policy
7:23earlier this year we rolled it out to the company we've had training we've spent a lot of time talking about it and
7:28it's like if you're going to use a a tool come talk to me come talk to your manager I want to make sure that nobody's intimidated to walk in my
7:35office and say Hey I want to use this or you know I'm not going to believe what I just clicked on interesting when you
7:41look at the security of the company how much is it about educating the employees
7:47and teaching and explaining and just making sure they understand and how much is it about putting actual blocks like
7:54making sure they don't accidentally do anything and nothing can happen by accident you know technology will only
8:01protect us so much we can have all of the controls in place we can have all of
8:06the rules in place and somebody clicks on an email and releases their
8:12credentials and it's done right so I tell everybody if something comes up you
8:17know we have a lot of iPhone users so if there's a breach or security concern on
8:23iPhones I'll write it up and send it out to the team and say just for your awareness this is out there but I always
8:28say that cyber security is a team sport and that we need to be partners I need to be partners with my peers and I need
8:35to be partners with the executives and I need to be partners with the end users everybody in the company has my cell
8:40phone number I'm like you call me 24 hours a day seven days a week I'm always going to answer the phone and I would
8:46rather wake people up and start attacking a problem half an hour after you released your credentials as opposed
8:51to six weeks after you've released your credentials right I can control the sooner you let me know I can control it
8:57we really spent a lot of time educating our our users we're kind of competitive we have a quarterly meeting and in the
9:03quarterly meeting we have a security drawing so if you've passed all your fishing tests if you've done all your
9:09fishing training if you've reported a fishing test then you go into the pot for a drawing and you get a $50 or $25
9:16gift card to do wherever you want right so people want to know that they're in that drawing and we just take it
9:22seriously now I'm even transitioning to you know what we're teaching you here at work and what we're teaching you here to
9:28protect us set egg it works at home too so start teaching your family about this stuff
9:34and training them how to not click on a fishing email CU I don't want to have you lose everything in your checking
9:40account because somebody in your family did something this is real world this is not just for us this is for you too so
9:45like I say as long as our executive director totally Buys in totally supports it and people know that it's
9:52important to him it's important to us it's important to them amazing do you ever need to be like the best cop like
10:00the person saying you can't use this you can't do that no I don't feel that way
10:05here I've worked with companies where the security motto is always we're not happy till you're unhappy that's not how
10:11I try to attack it it's what do we have to do to get to yes is the way I always look at it what controls do we have to
10:17put in place what do we need to do to get to yes so you can do what it is you think you need to do so I don't feel
10:23like I'm the bad cop they know that I'm coming at this from a position of
10:28concern and that we want to try to get the yes we just have to get there and what do we have to do to get there
10:36amazing who's on your team like do you have a group of people who are doing security or is it you that is doing most
10:44of it security is the biggest Focus but like I said I've never written a firewall rule so I have people on my
10:49team that do that the biggest part of my job is the infrastructure part not necessarily the security part so we
10:55maintain all of the servers all the switches routers fire walls copers
11:01desktops laptops iPads cell phones you know if it's electronic and it's got an
11:07IP address my team maintains it so everybody's doing security the senior people are doing a lot more security
11:13they're making sure our firewalls rules are being written properly and that our network is all being taken care of
11:19properly and that so the higher you go the more you get into that security realm but then they're still making sure
11:25that our servers are worked and our servers are patched and all that stuff that goes the maintenance so we wear a
11:30lot of hats and that's one of the things about a small company I've worked for billion dooll companies where you're
11:35just very siloed and it's like this is your world and you don't go outside of that world because they got a world and
11:41they've got a world and you got all these worlds are working together and in a company like this so you do a lot of
11:46different things we do a lot we do a lot you know we just reorganize the office and half the people got a new desk and I
11:53was helping move desks uh a couple weeks ago whatever we have to do is what we we do so
12:00amazing what would you say is one of your big challenges right now in the
12:05security hat really just the amount of data coming at me every day and not so
12:10much data as far as what's in our firewall logs and stuff like that but it's just the amount of data that you
12:15know here's the latest breaches here's the latest mitigations here's the latest trends trying to keep up on all of that
12:23is probably the biggest challenge I always feel like I don't know enough you know and it's like I didn't know enough about that when and I was on vacation
12:30and that crowd strike thing hit I'm getting texts from my boss you know do we have crowd strike here and I'm like
12:35what I've kind of checked out for a day or two here but okay let me see what's going on why would she be asking me that question so I better start digging in
12:42you know so now you're sitting in an airport on your phone trying to figure out what's going on in the world that's the biggest thing is just keeping up on
12:49everything and and I just never feel like I've done enough but there's always something else another article to read
12:54or another discussion to have so you just got to keep plowing forward yeah it's interesting one of the things a lot
13:00of people who do security that I've spoken to talk about is because you're always so like on it's a lot of stress
13:08stress management is a lot of where their mind is like how do they make sure
13:13they can keep it up sort of which is interesting yeah no stress I have a a
13:19unique tolerance for stress I was 19 years old and standing in combat on an aircraft carrier and I had an admiral
13:25pulling on my shirt sleeve asking me when the link was going to be back back up and that so I started young and I
13:32don't know it just kind of I have a high stress tolerance so I'm lucky in that aspect that I deal with that well very
13:39lucky that's cool I bet it's also good in other like Realms of Life drives my
13:45wife a little nuts to be honest because you're calm yeah that's funny what do you think
13:51about the way you see it helps you be that way like what do you think other
13:57security Chiefs Direct actors should look at to be a bit more like you in
14:03this sense yeah you know we've had major incidents and my boss is like are you taking this seriously and it's like well
14:10yeah why if I fly around here like an idiot for the next 20 minutes would that make you feel better if you're doing
14:17your best you know nobody expects you to be perfect I think people feel like
14:22everybody expects me to be perfect but people don't expect you to be perfect people don't expect you to have all the
14:28answers and so it's okay to be humble or it's okay to be vulnerable and say you know
14:34what I don't know right now let me figure it out let me go back and research this I would rather take a day
14:41and come back with the right answer every time in my career I've shot from the hip I've been wrong take that time
14:46to be sure of your answer as best you can right now if somebody demands an answer then I'll give them the answer
14:52but I'll be like 10 minutes from now I may change this answer so I don't put that added stress of always being right
14:58always being being the smartest person in the room I never feel like I'm the smartest person in the room and I'm okay
15:04with that and I think that helps relieve a lot of stress amazing is there
15:09something in security that you think you pay a lot of attention to but others
15:15don't I think it's that team building and not my direct team but the team
15:20building with the people that I work with so I spend time probably every day getting out of my office and walking the
15:27floor and just stopping and talking to somebody and we're not even talking about work we're not talking about
15:32security we're just talking you know you go get a cup of coffee and there's somebody in the coffee room have a two-minute conversation with them and
15:38find out you know hey I heard you bought a boat or you know whatever it is and get to know them building trust is so
15:45important especially in today's world they have to trust me to come to me and say hey I accidentally clicked on an
15:51email okay so what I really try to do is get out of my office every day meet people and have those conversations it
15:59doesn't have to be about work and it doesn't have to be about security it just has to be about something and you get to know them as people and you get
16:05to hear their story and they get to hear your story a little bit and it builds that trust so that way when they do
16:12something they feel like they can come to you and not be afraid that you know
16:17as soon as I tell you I clicked on this link and this email because I forgot for a second I'm going to get fired we don't
16:23do security through intimidation around here I never like those environments and I'm not going to Harbor that I'm not
16:28going to build that kind of environment here I want people to feel like they can always come to me and tell me I made a
16:34mistake and that's fine you made a mistake let's fix it don't hide it that's the one thing I don't know if a
16:40lot of SOS do that they tend to want to you know sit in that perge and and that's just not where I'm at interesting
16:46have you ever been obviously without any names or anything but have you ever been part of an organization where security
16:54was viewed differently like where people were afraid or on the
16:59where people didn't pay any attention to security yeah oh definitely I've been in
17:04those environments like I said earlier worked with security teams where they've made the you know we're not happy till you're unhappy you'd walk in you say hey
17:11I'm thinking about and before you even got the idea out it was like no you're not doing that I've worked in those kinds of environments and it's not
17:18healthy right if there's an issue I want our teams come together I don't care who's problem it is let's come together
17:24and put our heads together and let's solve it hey I think my team did this I think this caused our problem now what
17:30do we do to get back those are the kinds of things I think that we need to make sure we as professionals and it
17:35professionals and Security Professionals make sure we're doing and that we're being better at it amazing have you ever
17:41had something well you didn't really do security back then but you were security
17:47have you ever seen anything happen due to these sort of Dynamics well yeah our
17:52security team at one of the companies I worked for had made a change the night before we came in the next morning and
17:58the apps are down and the system's not working and they spent all day saying you know no it's not us it can't be us
18:04we didn't cause it when the security manager and I were talking one day and he he goes I think this is a storage
18:10problem and he runs down and talks to the manager of the storage team and it's like you know the guy that I considered
18:15the smartest man in the room I'll call him George and I went to George in the afternoon and I'm the manager of the
18:21server teams right I've got all 1500 windows and Linux servers that I'm responsible for but I went to him and I
18:27was like hey are you seeing anything and he's like yeah I saw this air but nobody will listen to and so I was like oh okay
18:34so a couple hours later we're all in this room and we're trying to solve what's going on and they're like well
18:39let's do a system restart that'll fix it and I said well okay what happens when the system restart doesn't fix it and
18:45they're like well we'll figure it out I said you know George is seeing an eror nobody's listening to him and so they're
18:51like well George you know and he's a very introverted kind of a quiet guy and they're like well what are you seeing
18:56and he goes well I saw this air come through and one of the security guys is like well that can't be us we're not causing that it doesn't work that way
19:03and so he goes up to the Whiteboard and he starts drawing it out the guy's like huh it might work that way we should
19:10probably open a ticket with our vendor so they opened a ticket with the vendor and the vendor came on and and I don't
19:16remember all the specifics in that but it was like yeah this is a known bug so this is how you get back right so within
19:23a very short time everything was back up and running but we lost almost an entire day of people limping through trying to
19:30get work done because nobody would take the time to listen to everybody in the room so that's why I say there's plenty
19:36of time to assign blame down the road when there's an issue going on you got to trust one another can just roll your
19:42sleeves up and fix it amazing what would you say to people who are trying to
19:47advance insecurity or that are looking to get into it from some sort of similar
19:53field or maybe even from something else completely how do you see it you know
19:58what I would tell them is just take whatever opportunity comes your way don't wait for the perfect opportunity
20:04you know that old fake it till you make it kind of a thing I've kind of made a career out of that early in my career I
20:11was working for a small computer firm kind of doing consulting work and we had this really great salesman and he would
20:16go out and sell a product and then he'd come in on like Friday afternoon and he'd be like hey I just sold this
20:22product and you're installing it on Monday can you do that I'd be like yeah I could do that I've never worked with
20:28this product right so go home spend that weekend cramming you know or time in the lab figuring out how to do it so Monday
20:34morning I could show up at a customer site and do that installation when I stepped into this role I've never
20:40written a security policy in my life so how do I go about doing that well I figure it out there's resources
20:46available to me and I figure out how to either take an existing policy or write a policy you got to take those
20:52opportunities and figure it out the person who gave you that opportunity wants you to succeed if if they put you
20:59in the role to fail then they're not a good person right so you always assume that they're a good person so they put you in this role to succeed so don't be
21:05afraid to ask and say I'm kind of struggling on where to get started here or how do I go about doing this and if
21:11they know they'll help you and if not they might be able to point you in the direction of where it is so put yourself out there take those chances to fail and
21:19take those chances to learn you know failure is learning that's the biggest thing I'd say to people who are trying
21:24to get into security or really any field if that's what you want to do now you know I don't want heart surgeon to fake
21:29it till he makes it it's a little different I want that
21:35guy to know but don't be afraid to stretch yourself and to go beyond what you know if all you're going to do is
21:41what you know then you're never going to do anything new and for some people that's okay right yeah interesting do
21:46you feel like people in security are often quite stable and like doing their
21:53thing or is it a lot of like climbing the ladder sort of I've seen both where
21:59people are very happy with their hands on the keyboards and that's what they do and then there's people that do want to
22:05climb and not just go from the Tactical to the strategical decision maker and
22:11that's a personality thing and it's okay either way is okay if you're not comfortable leading people then don't
22:16become a manager but maybe take the opportunity to find out if leading people is really something you might
22:23enjoy when I made that leap from Hands-On to manager I assumed I would
22:29hate writing performance appraisals because I hated writing my own and I actually kind of enjoy it you know I
22:35take time I spend 24 hours on each person and that 24-hour time I spend
22:40thinking about them and what they've done and how they've grown and like that found out I kind of actually enjoy that
22:46process I don't want to do it multiple times a year but you know once a year it's not bad so yeah what you think
22:53you're going to like you may or you may not like and what you think you're going to hate there's a good chance you might actually turn out to like that so don't
22:59be close-minded H that's a good tip how do you think being a part of a small
23:05security team or even maybe being a solo security person in a company versus
23:11being in a big security team or big company how do you think these two roles differ from each other well a lot of it
23:19is the number of different hats we have to wear in a small company there's a lot of different things that can take your
23:25eye off the ball when it comes to security right cuz all of a sudden there's a copier down and I should be
23:31reading about this security breach but we're trying to figure out how to get a copier not that I'm the guy figuring out
23:36how to fix the copier but that's taking time and attention away is talking to my guys making sure that you know get a
23:42ticket whatever you got to do we in a large company but now your footprint is
23:47so much bigger our external footprint is pretty small so I don't have to worry as
23:54much I still have to worry but I don't have to worry as much you know as a large multibillion ion dollar company
23:59that has a th end points or 2,000 end points on the internet I don't have that
24:04to you know really keep my eyes focused or my team focused on all of that it's just different you know I've worked in
24:10large companies I worked in small companies most of my career has been in large companies and you get a lot more
24:15opportunities to learn in a larger company but it is what you're making even in small companies there's lots of
24:21opportunities you just got be willing to take them what do you tell people who look at the security job as someone
24:27who's just like we people about don't click this email yeah so like I
24:33mentioned earlier we had that quarterly meeting and I think it was our December quarterly meeting last year um was all
24:38about cyber security and so I kind of took the whole company through a day in the life of
24:45what I do and showed them here's the alerts we get from sisa here's our
24:50patching statistics here's a tool I look at to see how many vulnerabilities do we have in the system and I showed them
24:56kind of a before and the and an after where I showed them we're up here for the number of vulnerabilities we have in
25:01the system and then all a sudden like in one day there's a massive drop down to here and I was like what happened and
25:09they're like uh I don't know and I was like we turned off an old server we
25:15retired an old server that had all of its warts and and we got rid of this one
25:20so look at what it did to our environment and so they were able to see real time um how much better of a
25:28security posture we were in just by doing one little change so being able to educate them on what it is we do in
25:36cyber you know I tell them if I'm running around here with my hair on fire we've got lots of problems and it's a
25:42bad day for setag if I'm sitting here drinking coffee staring at my screen working on something it's probably a
25:47good day for setseg but you're also very calm so maybe you're drinking your coffee but everything is on
25:55fire yeah that could be that could be two it could be two interesting how do you see this
26:02feeli progressing in the future like what will be different in two years and five years 10 years I think the rate of
26:09change and the rate that information is going to be flowing at us and our ability to go faster and needing to make
26:17sure tools and Automation and that you're able to sift through the noise to
26:23get to what's important is going to become even more critical you know there's not fewer Bad actors today than
26:28there was yesterday there's more right there's always more Bad actors when they're selling their wees and they're
26:33creating more Bad actors and so really the key is how do you go faster I think
26:39people are going to have to learn how to do a lot more coding than I've ever had to do in my lifetime I worked for one
26:45company and the CIO used to always tell us that we're a tech company that happens to move Freight you know he's
26:51like every company is now a tech company that happens to do this other thing it's really kind of true when you think about
26:57it because you you know it's technology driving and a technology letting people move Freight whatever you know build
27:03cars whatever it is that you're doing technology is what is allowing you to do that so yeah it's going to be
27:09interesting I think too about like crowd strike and I think about VMware
27:14revamping their licensing that had a huge impact on us and we're adjusting to
27:20that but I think it's going to change a lot of thoughts right a lot of thoughts were like we'll just Outsource this
27:25we'll send this to the cloud we'll do this all sit now tons of server and workstations around the world went down
27:31because crowd strike released a patch that went bad so okay how do we prevent
27:37that from happening in the future I think a lot of companies are taking some time now to probably re-evaluate and do
27:42we want to be 98% virtualized do we want all of our eggs in the VMware basket or
27:48the whatever basket so it's going to be interesting to see how this all falls out in the next few years interesting I
27:55have one more question for you that I'm actually curious what your answer will be but what do you like most about the
28:02security field like it seems like from not being in it you always quite attracted to it until you became one of
28:09them yeah I had that labotomy you know and uh no that's what I told everybody when I went from being a tech to being a
28:15manager I had to have a labotomy done first and then I was a good manager after that no what do I enjoy the most I
28:21think it's just a challenge you know I've always been a person who likes challenges and you know I'm relatively
28:27late in my career to take on a challenge it would have been very easy to stay where I was and just Coast but that's
28:33not what I want to do you right if I'm going to work I want to be challenged I want to learn I want to expand I want to
28:38grow I think that's the biggest thing I enjoy about this role is I'm not the smartest person in the war room and I
28:45don't know the most but that doesn't stop me from trying to gain and acquire that knowledge I did my cissp last year
28:51and there was a way to challenge myself I did it in 30 days start to finish so you know I wanted to be done in a month
28:57and I got it done in a month how much does it usually take you know there are people that study for years wow probably
29:05six months to a year normally to do the studying you know but I did a boot camp and then I spent every night studying
29:12and all Memorial Day weekend I spent studying and I went in on Tuesday morning and I passed the test the first
29:18time so you know it's just that challenge to me if you're not challenged then you might as well just go ahead and
29:23retire you know go drive a golf cart or a lawnmower on a golf course or something like that
29:29it doesn't sound terrible you know it doesn't sound that bad no there are days you know welcome
29:37to Walmart kind of a thing but my days fly by and the weeks fly by and then the months fly by and any Years Gone by and
29:44it's like wow you know and then you st take that time to stop and reflect and think about all we got done in that past year and make sure that you take that
29:50time to celebrate the your accomplishments and that's one thing I don't know that we do enough in Tech is celebrating accomplishments and saying
29:57you know this was a big deal and we got it done and very little impact or no impact at the company I don't think we
30:02do that enough because our minds are set we're already on to that next thing it's good to take some time for that reflection and I think that's what I
30:09mentioned I enjoy writing the performance appraisals for my team gives me the chance to sit back and reflect on
30:14all that they got accomplished you know because it's so easy to say we didn't get anything done and then at the end of the day or the end of the week the month
30:20the year you're like holy crap we got a lot done yeah maybe not exactly what you
30:27planned but but a lot but we got a lot done right so Scott thank you so much
30:33that was so interesting and I feel like I understood a lot about the way you see security and also the way it's like when
30:40you're in a team that is relatively small but not very small but how different it is from when you're in a
30:47big organization and it sounds like you're really enjoying it and that your team is also getting to see like the
30:54best of you in that context well I hope there seen the best of me sounds like
31:01it okay well thank you so much for joining us I thanks I really enjoyed our
31:07time together