WEBVTT 1 00:00:00,180 --> 00:00:03,030 Anna Delaney: Hi, welcome to the ISMG Editors' Panel. I'm Anna 2 00:00:03,030 --> 00:00:06,420 Delaney. And this is our weekly editorial analysis of the top 3 00:00:06,420 --> 00:00:10,080 cybersecurity stories. And this week, I'm very happy to be 4 00:00:10,080 --> 00:00:13,590 joined by editors Marianne Kolbasuk McGee, who heads our 5 00:00:13,620 --> 00:00:17,310 HealthcareInfoSecurity site, Michael Novinson, who leads our 6 00:00:17,310 --> 00:00:21,570 business coverage, and our editorial director, news, David 7 00:00:21,570 --> 00:00:24,000 Perera. As always, wonderful to see you. 8 00:00:25,440 --> 00:00:26,850 David Perera: Thanks for having me here. 9 00:00:28,680 --> 00:00:31,500 Anna Delaney: Marianne, start us off. You're embracing the 10 00:00:31,860 --> 00:00:33,390 autumnal sun maybe? 11 00:00:34,050 --> 00:00:38,310 Marianne McGee: Well, this is a photo we took out in Western 12 00:00:38,310 --> 00:00:41,940 Mass a few weeks ago. We went out to Western Mass, they have 13 00:00:41,940 --> 00:00:44,520 what they call the biggie every year, which is sort of like an 14 00:00:44,520 --> 00:00:49,890 agricultural and agricultural festival/carnival. So this is 15 00:00:49,920 --> 00:00:53,970 more of an agricultural, I guess, I don't know parky sort 16 00:00:53,970 --> 00:00:58,080 of photo. I'm not really a carnival person, but it's always 17 00:00:58,080 --> 00:00:59,010 nice to get away. 18 00:00:59,010 --> 00:01:03,030 Anna Delaney: So, lots of local vendors? 19 00:01:03,780 --> 00:01:07,710 Marianne McGee: Yeah, you know, they have pig races and they 20 00:01:07,710 --> 00:01:11,730 demonstrate how they shave the wool off sheep. You know, they 21 00:01:11,730 --> 00:01:14,130 have a lot of fried food, that sort of thing. 22 00:01:16,800 --> 00:01:20,430 Anna Delaney: Just like any ordinary weekend. Michael, you 23 00:01:20,430 --> 00:01:21,930 are providing the music today. 24 00:01:22,710 --> 00:01:25,200 Michael Novinson: Yes, I am. This is a photo of the Rhode 25 00:01:25,200 --> 00:01:28,260 Island Philharmonic Orchestra. Now, during most of the year, 26 00:01:28,260 --> 00:01:31,080 they perform indoors, classical music in a nice venue in 27 00:01:31,080 --> 00:01:34,140 Downtown Providence. But over the summer, they traveled the 28 00:01:34,140 --> 00:01:36,540 state of Rhode Island - not a very large state - but they put 29 00:01:36,540 --> 00:01:39,060 on free concerts around the state, playing more popular 30 00:01:39,060 --> 00:01:42,840 music. This year was music from theater and from our famous 31 00:01:42,840 --> 00:01:47,760 movies. So we did get to enjoy them this summer. My two-year 32 00:01:47,760 --> 00:01:51,630 old had a ball listening to the Sousa March. And this is a photo 33 00:01:51,630 --> 00:01:55,050 of them performing in front of, in Roger Williams Park in 34 00:01:55,050 --> 00:01:59,280 Providence, in front of a really nice piece of artwork. 35 00:01:59,850 --> 00:02:01,980 Anna Delaney: Incredible and to think it's free as well. That's 36 00:02:01,980 --> 00:02:02,430 awesome. 37 00:02:05,450 --> 00:02:08,150 Dave, you're joining us from the great outdoors. 38 00:02:09,050 --> 00:02:11,870 David Perera: In the great outdoors, overlooking Harpers 39 00:02:11,870 --> 00:02:16,400 Ferry, which is a small historical town about an hour's 40 00:02:16,400 --> 00:02:22,490 drive away from Washington D.C., where I'm located, give or take 41 00:02:22,490 --> 00:02:27,380 a suburb. And Harpers Ferry is pretty beautiful, year round. 42 00:02:27,380 --> 00:02:30,170 But, of course, when the trees turn, as they're doing, this is 43 00:02:30,170 --> 00:02:31,160 especially beautiful. 44 00:02:31,690 --> 00:02:35,050 Anna Delaney: It does look like Scotland in many ways. Gorgeous. 45 00:02:36,550 --> 00:02:40,720 I am well, but you know how your phone or some social media 46 00:02:40,720 --> 00:02:45,700 platform shares memories of you. So this is the memory. Three 47 00:02:45,700 --> 00:02:50,530 years ago, today, I was in Napa Valley, of course, and just 48 00:02:50,530 --> 00:02:54,580 sampling some wine. I think it said 10 am, drinking wine. So, 49 00:02:54,910 --> 00:02:59,590 of course, showing you, sharing some nostalgia with you from 50 00:02:59,590 --> 00:03:02,500 three years ago. Well, Marianne, I think we've got to start with 51 00:03:02,500 --> 00:03:04,600 you this week because you've got the most bonkers story, surely. 52 00:03:04,810 --> 00:03:09,820 A U.S. Army Major doctor and his wife face federal indictment for 53 00:03:09,850 --> 00:03:13,060 attempting to disclose to a Russian spy the medical records 54 00:03:13,060 --> 00:03:17,170 of U.S. military patients. Yikes. Tell us more about it? 55 00:03:17,690 --> 00:03:22,070 Marianne McGee: Well, as we know, since Russia's invasion of 56 00:03:22,070 --> 00:03:25,700 the Ukraine back in February, we've been hearing a lot about 57 00:03:25,700 --> 00:03:30,050 potential spillover cyberattacks on the critical infrastructure 58 00:03:30,050 --> 00:03:33,500 of the U.S. and other allied nations that are assisting 59 00:03:33,530 --> 00:03:37,730 Ukraine, as well as potential hacktivism or other cyber 60 00:03:37,730 --> 00:03:41,210 incidents involving attackers that support Russia's effort. 61 00:03:41,600 --> 00:03:46,580 Thankfully, we haven't seen any of those worst fears materialize 62 00:03:46,580 --> 00:03:49,880 in the healthcare sector. But, the Justice Department, as you 63 00:03:49,880 --> 00:03:54,620 noted, just last week revealed a pretty stunning criminal case 64 00:03:54,620 --> 00:03:58,460 that highlights how malicious insiders could use their access 65 00:03:58,460 --> 00:04:03,200 to sensitive information to help Russia. In this case, it was Dr. 66 00:04:03,200 --> 00:04:08,150 Anna Gabrielian, who is an anesthesiologist and her spouse 67 00:04:08,600 --> 00:04:14,300 U.S. Army Major Jamie Lee Henry, who is also a doctor formerly at 68 00:04:14,300 --> 00:04:21,500 Fort Bragg. They were charged on eight counts of conspiracy and 69 00:04:21,800 --> 00:04:26,000 criminal violations of HIPAA involving wrongful disclosure of 70 00:04:26,000 --> 00:04:30,290 identifiable health information. Now, for one thing in the bigger 71 00:04:30,290 --> 00:04:35,120 picture, we don't generally see many criminal HIPAA cases being 72 00:04:35,120 --> 00:04:39,590 filed by prosecutors. And when we do, those cases are generally 73 00:04:39,590 --> 00:04:44,930 tied to allegations of patient data that was accessed or stolen 74 00:04:44,930 --> 00:04:50,900 by insiders to commit crimes, such as ID fraud, credit and tax 75 00:04:50,900 --> 00:04:54,320 fraud, and those sorts of things. But this case is 76 00:04:54,320 --> 00:04:59,120 generally an outlier here. In this case, prosecutors allege 77 00:04:59,120 --> 00:05:03,770 that the conspiracy centered on a plot by Gabrielian and Henry 78 00:05:03,770 --> 00:05:07,820 to assist Russia in its conflict with Ukraine by providing 79 00:05:07,820 --> 00:05:13,130 details about sensitive medical conditions of U.S. military and 80 00:05:13,130 --> 00:05:17,210 Department of Defense officials, including some retired and some 81 00:05:17,240 --> 00:05:23,000 deceased individuals' spouses. In court papers, prosecutors 82 00:05:23,000 --> 00:05:27,140 allege that Gabrielian used her access to electronic health 83 00:05:27,140 --> 00:05:31,550 records where she worked to obtain the medical information. 84 00:05:31,850 --> 00:05:36,050 And the DOJ doesn't identify where Gabrielian worked, but 85 00:05:36,050 --> 00:05:39,530 she's known to have been a doctor at Johns Hopkins Medicine 86 00:05:39,530 --> 00:05:43,160 in Maryland, whose patients include ex-military and 87 00:05:43,160 --> 00:05:47,240 intelligence personnel. The DOJ alleges that the couple 88 00:05:47,270 --> 00:05:50,150 conspired to provide this medical information to an 89 00:05:50,150 --> 00:05:53,660 individual that they believed was working for the Russian 90 00:05:53,660 --> 00:05:56,870 government. However, the supposed Russian spy was 91 00:05:56,870 --> 00:06:01,670 actually an undercover FBI agent. Gabrielian told the 92 00:06:01,670 --> 00:06:06,470 undercover agent allegedly that she was motivated by patriotism 93 00:06:06,500 --> 00:06:10,820 toward Russia. Now court documents allege that Gabrielian 94 00:06:10,850 --> 00:06:15,350 told the undercover FBI agent that Henry's information could 95 00:06:15,350 --> 00:06:18,650 help Russia gain insight into how the U.S. military 96 00:06:18,650 --> 00:06:23,630 establishes an Army Hospital in war conditions. Right now, the 97 00:06:23,660 --> 00:06:28,340 couple is currently under house arrest and pending their 98 00:06:28,670 --> 00:06:32,090 arraignments, they've surrendered their passports. If 99 00:06:32,090 --> 00:06:36,320 convicted, Henry and Gabrielian face a maximum sentence of five 100 00:06:36,320 --> 00:06:40,370 years in federal prison for the conspiracy counts, and a maximum 101 00:06:40,370 --> 00:06:44,180 of 10 years in federal prison for each count of disclosing 102 00:06:44,180 --> 00:06:48,290 health information. Now, I've been covering this sort of space 103 00:06:48,290 --> 00:06:50,960 for a long time. And this is definitely one of the more 104 00:06:50,960 --> 00:06:54,590 unusual alleged HIPAA criminal cases I've encountered, 105 00:06:54,620 --> 00:06:58,310 involving malicious insiders. And it's also a reminder for 106 00:06:58,310 --> 00:07:00,920 healthcare and other entities not to lose sight of the 107 00:07:00,920 --> 00:07:05,900 so-called potential enemy from within, as they try to prevent 108 00:07:05,930 --> 00:07:09,740 potentially catastrophic cyber incidents from external 109 00:07:09,740 --> 00:07:12,350 attackers. So, very unusual case. 110 00:07:12,870 --> 00:07:14,730 Anna Delaney: It's an interesting case, because of the 111 00:07:14,760 --> 00:07:18,150 insider threat meets Russia's war in Ukraine. Are there other 112 00:07:18,150 --> 00:07:22,020 ways that healthcare organizations can refresh their 113 00:07:22,020 --> 00:07:24,870 take to thinking about insider risks? 114 00:07:25,290 --> 00:07:26,850 Marianne McGee: Well, the thing that's sort of interesting about 115 00:07:26,850 --> 00:07:30,180 this case, and it's not really documented yet in court papers, 116 00:07:30,180 --> 00:07:35,070 maybe we'll find out, as this sort of plays out, is how 117 00:07:35,100 --> 00:07:39,930 Gabrielian and Henry were able to sort of access this 118 00:07:39,930 --> 00:07:44,670 information and take it with them without anybody noticing. 119 00:07:44,910 --> 00:07:49,350 Or it's possible that because they met with the FBI agent, 120 00:07:49,770 --> 00:07:54,930 supposedly, before this information was taken, or at 121 00:07:54,930 --> 00:07:58,560 least, handed over to the FBI, you kind of wonder, maybe the 122 00:07:58,560 --> 00:08:06,150 FBI also tipped off Johns Hopkins Medicine or the military 123 00:08:06,690 --> 00:08:09,810 facility where Henry worked to let them know that we're 124 00:08:09,810 --> 00:08:14,790 watching this case here, you better watch your access 125 00:08:14,820 --> 00:08:17,760 monitoring more closely, but this is what's happening. So, 126 00:08:18,420 --> 00:08:21,750 but in most cases, healthcare organizations aren't tipped off 127 00:08:22,050 --> 00:08:24,900 that you got somebody in your organization that might be 128 00:08:24,900 --> 00:08:29,160 trying to do something malicious with patient information. So 129 00:08:29,160 --> 00:08:31,770 we'll have to see how this plays out, but it's definitely an 130 00:08:31,770 --> 00:08:37,620 unusual case for criminal HIPAA allegations, but also a war 131 00:08:37,710 --> 00:08:42,030 crime possibly. That's what's being charged, but you know, 132 00:08:42,870 --> 00:08:43,620 it's fine. 133 00:08:45,270 --> 00:08:47,940 Anna Delaney: How has the community reacted and received 134 00:08:47,940 --> 00:08:48,510 this news? 135 00:08:48,600 --> 00:08:52,170 Marianne McGee: I think it's gotten a lot of national 136 00:08:52,170 --> 00:08:55,830 coverage here in the U.S., and I think it's definitely a juicy 137 00:08:55,830 --> 00:09:00,540 case. Because again, there's been so much said about possible 138 00:09:00,540 --> 00:09:05,400 cyberattacks involving Russia and Ukraine and spillovers and 139 00:09:05,400 --> 00:09:08,340 all that, but this is something that I think caught quite people 140 00:09:08,340 --> 00:09:09,360 by surprise. 141 00:09:11,250 --> 00:09:13,440 Anna Delaney: Thank you, Marianne. Well, from one insider 142 00:09:13,440 --> 00:09:17,190 threat case to another. David, more law and order this week. A 143 00:09:17,190 --> 00:09:21,300 former Seattle tech worker, Paige Thompson, was sentenced to 144 00:09:21,300 --> 00:09:24,690 time served and five years probation, including computer 145 00:09:24,690 --> 00:09:28,140 monitoring, for her massive hack on Capital One, of course, that 146 00:09:28,140 --> 00:09:30,840 allowed her to obtain the personal information of more 147 00:09:30,840 --> 00:09:34,470 than 100 million people. Tell us about the sentencing. 148 00:09:36,220 --> 00:09:40,120 David Perera: So, the sentencing was very much in line with what 149 00:09:40,390 --> 00:09:44,950 her defense attorneys had asked for. Government prosecutors were 150 00:09:44,950 --> 00:09:50,860 asking for seven years imprisonment. So, the judge very 151 00:09:50,860 --> 00:09:54,340 much sided with defense attorneys on this, deciding that 152 00:09:54,430 --> 00:10:01,300 the 100 days that she spent in jail ahead of her trial and five 153 00:10:01,300 --> 00:10:05,230 years of supervised release, along with home confinement 154 00:10:05,590 --> 00:10:10,210 during that period, was sufficient punishment for 155 00:10:10,210 --> 00:10:17,380 Thompson. The circumstances of how she came to hack Capital One 156 00:10:18,430 --> 00:10:22,540 are very interesting. And one thing that defense attorneys did 157 00:10:22,930 --> 00:10:28,210 stress during the trial was that she didn't target Capital One, 158 00:10:28,210 --> 00:10:31,540 she didn't know that she would be getting the information of 159 00:10:31,840 --> 00:10:35,470 100 million individuals. She was basically running a script 160 00:10:35,470 --> 00:10:44,410 looking for vulnerabilities in web application firewall on the 161 00:10:44,440 --> 00:10:48,430 Amazon cloud, and she found vulnerabilities and one of them 162 00:10:48,430 --> 00:10:53,530 belonged to Capital One, which was in the middle of closing 163 00:10:53,530 --> 00:10:55,990 down its data centers and transferring all this 164 00:10:55,990 --> 00:11:04,360 information to the Amazon cloud. If she had gone on to sell that 165 00:11:04,360 --> 00:11:09,190 information, if she had shared that information, then no doubt 166 00:11:09,310 --> 00:11:13,180 her sentence would have been much stricter. And there are 167 00:11:13,180 --> 00:11:16,720 indications that she was thinking about doing something 168 00:11:16,720 --> 00:11:20,470 like that or pondering what her next steps were with all the 169 00:11:20,470 --> 00:11:24,430 information that she had downloaded, but the facts are is 170 00:11:24,430 --> 00:11:28,630 that she didn't sell it. It doesn't appear to have been 171 00:11:28,660 --> 00:11:34,840 distributed just beyond her hard drive. And so, she's getting 172 00:11:34,870 --> 00:11:36,040 supervised release. 173 00:11:37,150 --> 00:11:39,670 Anna Delaney: And what do you make of the verdict because the 174 00:11:39,670 --> 00:11:44,470 DOJ isn't very happy to think that it's not what justice looks 175 00:11:44,470 --> 00:11:44,830 like? 176 00:11:45,540 --> 00:11:48,690 David Perera: Well, that's what one of the federal prosecutors 177 00:11:49,020 --> 00:11:54,660 in this case said, yes. They're not happy at all. The defense 178 00:11:54,660 --> 00:12:00,300 attorneys are very happy. They saw that quote and they got in 179 00:12:00,300 --> 00:12:03,210 contact and they said, you know, this is indeed what justice 180 00:12:03,210 --> 00:12:08,520 looks like that the case against Thompson was hyped up from the 181 00:12:08,520 --> 00:12:12,450 start and didn't match the severity of her actual crimes. 182 00:12:14,040 --> 00:12:16,500 Anna Delaney: What's Capital One's reaction been? 183 00:12:16,000 --> 00:12:21,190 David Perera: So Capital One is not necessarily saying anything 184 00:12:21,190 --> 00:12:25,720 about the sentencing itself. But there is a sense that Capital 185 00:12:25,720 --> 00:12:33,550 One is moving beyond this 2019 incident. It was fined $80 186 00:12:33,550 --> 00:12:37,930 million by federal financial regulators, who also put the 187 00:12:37,990 --> 00:12:41,860 company under a quarterly cybersecurity improvement 188 00:12:41,860 --> 00:12:46,090 reporting mandate, basically saying that every quarter, you 189 00:12:46,090 --> 00:12:49,240 have to report back to federal regulators, how you've improved 190 00:12:49,240 --> 00:12:54,880 your security posture. And just in August, federal regulators 191 00:12:54,880 --> 00:12:58,030 released Capital One from that requirement. Basically, they 192 00:12:58,030 --> 00:13:01,300 said that we believe the security has improved to the 193 00:13:01,300 --> 00:13:06,700 point where we no longer need quarterly updates. Capital One 194 00:13:06,730 --> 00:13:13,540 also settled a proposed class action against it, tied to the 195 00:13:13,540 --> 00:13:19,360 breach, so it's $190 million settlement. And Capital One 196 00:13:19,360 --> 00:13:23,800 decided that rather than continue with litigation, it was 197 00:13:23,800 --> 00:13:28,000 simply just settled with the class action attorneys. And now, 198 00:13:28,000 --> 00:13:34,870 of course, Thompson has been found guilty and sentenced. So I 199 00:13:34,870 --> 00:13:39,070 think there's a sense that the Capital One is closing the 200 00:13:39,070 --> 00:13:42,100 chapter on this particular incident, and moving forward. 201 00:13:43,830 --> 00:13:46,800 Anna Delaney: But also another reminder not to dismiss the 202 00:13:46,800 --> 00:13:51,300 insider threat. Michael, you've written about the departure of 203 00:13:51,300 --> 00:13:54,810 Lacework co-CEO David Hatfield, what happened? 204 00:13:55,920 --> 00:13:58,500 Michael Novinson: Anna, thank you for having me on here. So, 205 00:13:58,530 --> 00:14:01,350 Lacework last year was one of the highest flying security 206 00:14:01,350 --> 00:14:04,200 startups soaring through the stratosphere. They close the 207 00:14:04,200 --> 00:14:07,290 largest funding round in cybersecurity industry history, 208 00:14:07,410 --> 00:14:11,790 they raised $1.3 billion on a valuation of $8.3 billion, which 209 00:14:11,790 --> 00:14:15,660 is the third-highest valuation any cybersecurity startup has 210 00:14:15,660 --> 00:14:20,130 ever received, behind only Tanium and Snyk. 2022 has been a 211 00:14:20,130 --> 00:14:24,000 very different story for Lacework. They say bad news 212 00:14:24,000 --> 00:14:26,100 comes in threes, and that certainly has been the case 213 00:14:26,100 --> 00:14:30,150 here. So first off in May, Lacework was the first 214 00:14:30,180 --> 00:14:32,790 cybersecurity vendor who publicly disclosed layoffs as a 215 00:14:32,790 --> 00:14:36,750 result of the economic downturn. They announced that they were 216 00:14:36,750 --> 00:14:39,510 laying off 20% of their workforce. They employed 217 00:14:39,510 --> 00:14:43,380 approximately a thousand people at the time. The second strike 218 00:14:43,380 --> 00:14:47,730 came in late August when Andy Byron, who was their president 219 00:14:47,970 --> 00:14:51,480 and their chief revenue officer - he was responsible for sales 220 00:14:51,480 --> 00:14:55,170 and marketing, in particular focused on growing the company's 221 00:14:55,200 --> 00:14:59,400 channel program globally. He announced - it was reported that 222 00:14:59,400 --> 00:15:03,630 he had left the company after spending three years there. He 223 00:15:03,630 --> 00:15:06,030 had previously served as the chief revenue officer at 224 00:15:06,030 --> 00:15:10,470 Cybereason. So when Byron left, all of his responsibilities were 225 00:15:10,470 --> 00:15:15,330 shifted over to David Hatfield, who had started as the CEO at 226 00:15:15,330 --> 00:15:20,730 Lacework in February of 2021. Previously, he was the president 227 00:15:20,730 --> 00:15:25,080 at Pure Storage for nearly seven years, which was backed by 228 00:15:25,110 --> 00:15:28,260 Sutter Hill Ventures, the same folks who are backing Lacework. 229 00:15:29,250 --> 00:15:34,170 Round three came out late Tuesday, Protocol reported, and 230 00:15:34,170 --> 00:15:36,930 the company confirmed that they had sent a memo to employees 231 00:15:37,170 --> 00:15:41,730 that David Hatfield is out as co-CEO of the company, meaning 232 00:15:41,760 --> 00:15:45,000 that the company, going forward, will be led by Jay Parikh, who 233 00:15:45,300 --> 00:15:49,440 was the longtime VP of Engineering at Facebook, spent 234 00:15:49,470 --> 00:15:53,430 more than 11 years in that role, and then joined Hatfield as the 235 00:15:53,430 --> 00:16:00,510 co-CEO in July of 2021. So the interesting thing here is that 236 00:16:00,510 --> 00:16:03,270 Hatfield and that co-CEO arrangement, Hatfield was really 237 00:16:03,270 --> 00:16:08,160 responsible for operations, for business strategy, for global 238 00:16:08,160 --> 00:16:10,500 expansion, a lot of the go-to-market stuff that 239 00:16:10,500 --> 00:16:13,710 overlapped with what Byron was doing in sales and marketing. 240 00:16:13,710 --> 00:16:18,630 Jay Parikh, who's now the sole CEO there, is an engineering 241 00:16:18,630 --> 00:16:21,450 guy, he looks at product technology, engineering, R&D, 242 00:16:21,450 --> 00:16:25,920 that's his bread and butter. So you now have, with both Hatfield 243 00:16:25,920 --> 00:16:30,210 and Byron departing, you have a major gap in terms of overseeing 244 00:16:30,750 --> 00:16:36,900 how this technology is brought to market. And given that the 245 00:16:36,900 --> 00:16:42,540 company has quintupled its headcount, from 200 employees to 246 00:16:42,540 --> 00:16:47,040 a thousand employees in the 14 months leading up to - prior to 247 00:16:47,040 --> 00:16:50,640 the layoffs. There's a large global operation to oversee here 248 00:16:50,640 --> 00:16:54,000 and a pretty clear vacuum in terms of who is going to be 249 00:16:54,000 --> 00:16:57,570 focused on directing the go-to-market motion. Here I have 250 00:16:57,570 --> 00:17:01,020 asked Lacework where those responsibilities lie today, what 251 00:17:01,020 --> 00:17:04,020 their plan going forward is. I have not heard back from them 252 00:17:04,020 --> 00:17:06,630 yet. But it certainly will be an interesting thing to keep an eye 253 00:17:06,630 --> 00:17:06,900 on. 254 00:17:07,859 --> 00:17:10,379 Anna Delaney: I mean, they'd say too many cooks spoil the broth, 255 00:17:10,379 --> 00:17:14,609 but the partnership, what we're led to believe, that was 256 00:17:14,609 --> 00:17:17,729 actually a happy one at the beginning, it went smoothly. Do 257 00:17:17,729 --> 00:17:19,619 we have any indication of what went wrong? 258 00:17:19,000 --> 00:17:23,980 Michael Novinson: It's an interesting question. So co-CEO 259 00:17:23,980 --> 00:17:26,290 arrangements tend to be volatile. We've seen a handful 260 00:17:26,290 --> 00:17:29,560 of them in security over the years, I just a couple of weeks 261 00:17:29,560 --> 00:17:32,530 ago written about a co-CEO arrangement at IronNet where 262 00:17:32,770 --> 00:17:36,280 Keith Alexander, the former NSA, had co-CEO arrangement with 263 00:17:36,280 --> 00:17:40,420 William Welch, COO of Zscaler and Duo to help with the 264 00:17:40,450 --> 00:17:43,210 go-to-market affairs at IronNet, they've really struggled. Welch 265 00:17:43,210 --> 00:17:46,540 left. You go back to Tanium a couple of years ago. Orion 266 00:17:46,540 --> 00:17:49,930 Hindawi was a co-founder over there, they had brought in Fazal 267 00:17:49,930 --> 00:17:53,260 Merchant who had more of a CFO, CEO background to help with some 268 00:17:53,260 --> 00:17:56,170 of the operational stuff. That only lasted for a little while. 269 00:17:56,170 --> 00:18:02,140 He left. You look at Darktrace. They had Nicole Eagan as CEO and 270 00:18:02,140 --> 00:18:05,290 then for a couple of years, Poppy Gustafsson, who was the 271 00:18:05,290 --> 00:18:08,650 CFO moving into that role to help with operations. That only 272 00:18:08,650 --> 00:18:11,320 lasted a few years, though, in that case, she did continue to 273 00:18:11,320 --> 00:18:14,500 stay with the company and she's now heading their chief strategy 274 00:18:14,500 --> 00:18:17,350 and AI. Actually, we had her in the ISMG Studios a couple of 275 00:18:17,350 --> 00:18:20,680 weeks ago here. But these are just hard to make work. You 276 00:18:20,680 --> 00:18:24,460 know, Oracle did it for a number of years. It's just hard to have 277 00:18:24,460 --> 00:18:31,330 two leaders at the same time. I think when companies are 278 00:18:31,360 --> 00:18:36,310 struggling, there tends to be - when companies hit layoffs, it 279 00:18:36,310 --> 00:18:39,910 tends to affect the go-to-market side more that investors don't 280 00:18:39,910 --> 00:18:43,180 want to see a retrenchment from technology or R&D investments. 281 00:18:43,180 --> 00:18:46,570 So when it comes time to cut jobs, last tend to be heavily 282 00:18:46,570 --> 00:18:49,630 weighted toward sales and marketing. And there's a sense 283 00:18:49,630 --> 00:18:52,120 that if things aren't going maybe the way that investors 284 00:18:52,120 --> 00:18:55,330 want them to go, that those are the folks to blame if people 285 00:18:55,330 --> 00:18:57,520 believe that the technology is strong and the technology is 286 00:18:57,520 --> 00:19:02,440 legit. Then the folks who are in charge of the operations and the 287 00:19:02,440 --> 00:19:06,370 strategy piece are usually the ones, where we saw Welch depart 288 00:19:06,370 --> 00:19:08,740 in the case of IronNet. And then in this case, we're seeing 289 00:19:09,010 --> 00:19:15,700 Hatfield depart. So yeah, it's interesting, we now have no 290 00:19:15,730 --> 00:19:18,400 co-CEO arrangements anymore in cybersecurity. I wonder if we'll 291 00:19:18,400 --> 00:19:19,510 see any more, going forward. 292 00:19:20,010 --> 00:19:23,730 Anna Delaney: Yeah. Let's see what happens in the Lacework 293 00:19:23,730 --> 00:19:28,380 story next. Thank you very much, Michael. Okay, well, speaking of 294 00:19:28,380 --> 00:19:31,470 leadership, and I'm going to make you leaders. I'm gonna make 295 00:19:31,470 --> 00:19:35,640 you heads of sparkling new incident response teams. What is 296 00:19:35,640 --> 00:19:40,140 the name of your team? What would you call yourselves? Silly 297 00:19:40,140 --> 00:19:41,400 names only, of course. 298 00:19:42,560 --> 00:19:45,740 Michael Novinson: So I was inspired by the Geek Squad at 299 00:19:45,740 --> 00:19:48,740 Best Buy. Been around for a couple of decades and had come 300 00:19:48,740 --> 00:19:54,860 up with the Nerd Herd. I do have to give a tip off to the NBC 301 00:19:54,860 --> 00:20:00,110 television show, Chuck, which had that really original, for 302 00:20:00,110 --> 00:20:03,530 me. But do you think Nerd Herd would be a very fun name for an 303 00:20:03,530 --> 00:20:04,250 IR team? 304 00:20:04,470 --> 00:20:08,010 Anna Delaney: Yeah, I really like that. Marianne? 305 00:20:08,960 --> 00:20:11,810 Marianne McGee: Cyber Stat. Everything's urgent in 306 00:20:11,810 --> 00:20:14,030 healthcare. So got to jump on it. 307 00:20:14,340 --> 00:20:18,690 Anna Delaney: Yeah, you got it. Very good. Dave? 308 00:20:19,410 --> 00:20:23,820 David Perera: Oh, well, the Jets. Yeah. Because when you're 309 00:20:23,820 --> 00:20:29,160 a Jet, you're a Jet all the way. You're never alone. You're never 310 00:20:29,160 --> 00:20:32,220 disconnected. You're home with your own and when company is 311 00:20:32,220 --> 00:20:33,810 expected, you're well-protected. 312 00:20:33,000 --> 00:20:38,280 Anna Delaney: Oh, wow. You've got your marketing message 313 00:20:38,280 --> 00:20:42,360 already. I was just thinking West Side Story - song and 314 00:20:42,360 --> 00:20:48,510 dance. So that was great. So I was thinking, I looked up. I 315 00:20:48,510 --> 00:20:51,510 tried to use the internet for inspiration as one does. 316 00:20:51,870 --> 00:20:54,900 Apparently, the word diamond is an old English word for 317 00:20:54,930 --> 00:20:59,490 invincible and untamed. So I'm feeling really creative here. I 318 00:20:59,490 --> 00:21:07,560 thought Cyber Diamonds. Diamond Documents, perhaps? Yeah, we can 319 00:21:07,560 --> 00:21:10,860 only try. Well, thank you very much. This has been fun, as 320 00:21:10,860 --> 00:21:14,460 always. And great to see you all. So, Marianne, Dave, 321 00:21:14,490 --> 00:21:15,720 Michael, thank you. 322 00:21:16,800 --> 00:21:17,190 Marianne McGee: Thank you. 323 00:21:17,220 --> 00:21:18,570 David Perera: Thanks. Have a great day. 324 00:21:19,500 --> 00:21:21,510 Anna Delaney: Thanks so much for watching. Until next time.