You can't think it won't happen to you - Austin Hohl, Information Security Manager @ Heartland Bank

You can't think it won't happen to you - Austin Hohl, Information Security Manager @ Heartland Bank

You can't think it won't happen to you - Austin Hohl, Information Security Manager @ Heartland Bank

Sep 26, 2024

Episode Description

In this episode of the Hands on CISO podcast, Adi speaks with Austin Hohl, the Information Security Manager at Heartland Bank. Austin shares his journey from IT to cybersecurity, discussing the cultural differences in how companies view security, his day-to-day responsibilities, and the importance of building a security culture within organizations. He emphasizes the need for user education, the challenges of managing stress in the field, and the evolving role of AI in cybersecurity. Austin also provides insights into compliance, current trends, and advice for those looking to enter the cybersecurity field.

Watch On YouTube

Episode Transcript

Episode Transcript

Episode Transcript

Adi (00:01.999)

Hi everyone, welcome to the Hands on CESA podcast. My name is Adi and today we'll be talking to Austin Hall. Austin is the Information Security Manager at Heartland Bank with experience in IT management and security. Today we'll be talking about his journey into the field. Austin, great to have you here. How are you?

Austin Hohl (00:20.141)I'm doing well. How are you?Adi (00:21.868)

I'm great. I'm really excited for this conversation because I know that you come from a field that is quite diverse. So maybe first thing, let us know how did you end up in security?

Austin Hohl (00:33.689)

Yeah, absolutely. I started, I started into the IT world. So I came into a help desk position right out of high school. And I was really interested in it and I wanted to go to experience more of the IT world. As I was going through the help desk position, I got a bachelor's in network and communication management. And I thought that was really cool. I thought that was the.

The role for me was networking. And as I started getting promoted through the help desk positions, a position in our security team at the bank I was with at that time opened up for threat management. So I went over there and realized that's where the fun stuff was. That's where I found that I enjoyed going up against someone else's attacks and going up against their methodology, as opposed to with my networking degree. You can basically make sure that the network's up.

and that it stays up. So I got quickly bored with just checking stats and making sure that the network was up and running smooth. And that's what started my journey in the security world of wanting to move up and get into management and be the one creating the policies versus just enforcing the policies. And here we are.

Adi (01:56.96)

Amazing. Did you see any difference in terms of like, so you were doing IT back then, but you were also doing some security in some places. And did you see a difference in the culture between, like different companies and the way they view security?

Austin Hohl (02:16.041)

Absolutely. it seems to be different everywhere I've looked. And when I talk to people, sometimes security is the bad guy. They're the ones that are stopping you from doing what you want to do, or they're not letting you click those links. And then in other companies, they are more or less the heroes. They're the ones keeping the company running. They're the ones keeping you from being breached, from being in the news for bad publicity. So it's really

it can go from one extreme to the other and where I'm at currently with Heartland, like I have, I have great support, like up to the board level. meet with the board, every month and they're interested. They don't, you know, they're interested to hear what we're talking about and, to understand risk going on as opposed to doing it as like a check the box. We talked about it kind of thing there. They truly want to know what's going on, which is fantastic to have, where I have been in.

situations where no one wants to hear about security, because that's going to impact operations and we can't do that. We can't slow operations down.

Adi (03:23.926)

Interesting. you think there's a, how do you see the difference between being in a fintech company essentially to being maybe in a company that has less sensitive data?

Austin Hohl (03:36.877)

Yeah. So, and that's, that's one of the reasons I chose to get into the financial world was the regulations around it. So I really enjoy that there are the cut and dry. You have to at least meet these minimum standards. Whereas like in retail, there isn't a lot of requirements around how you keep your point of sale machines running and other than maybe like PCI DSS for credit cards. But after that, like storing your data and what you do with your client's information.

There, there aren't a lot of regulations around it. and I don't like that. I don't like that my information is being sent to whoever for whatever reason, and I have no control over where is the financial world. care. We want to know that your information, your social security numbers, your bank account numbers are all secure. and I want it to be a part of that solution of making sure we're keeping the trust between our clients and, keeping our information out of the dark web and out of the wrong people's hands.

Adi (04:38.348)

Nice. How does your day to day look like now? Like what are the things you do on regular basis? What are the things that sometimes

Austin Hohl (04:48.581)

Yeah, so my normal day to day is I oversee our security team here at Heartland. So I've got one analyst and he is a rock star. Like he is the one responding to the alerts at 2 a He's giving me updates on what's going on through the different events that we may see. I'm interacting with the department and department management to let them know where we're at and any changes that we may be thinking about making.

that could impact them or their policies and procedures. I'm updating our policies and procedures. I work with our chief information officer to make sure he's aware of anything that we're seeing and to find out if we have any upcoming projects or anything that could impact security or any security changes that could impact projects. So a lot of what I do now is the policy and

risk acceptance and meetings. I don't get to be in the weeds as much as looking at the alerts and digging into why things happened. So sometimes that's fun and other times it's boring having to do risk assessments and decide if this risk is worth accepting and get signatures on things. But I do enjoy it. It's part of the work and sometimes you got to take the good with the bad or the fun with the boring as well.

Adi (06:13.74)

Cool. And how do you keep updated? Cause I know that like the cybersecurity field changes so fast. And also there's news, there's breaches, there's new technologies. Like how do you consume information?

Austin Hohl (06:29.337)

Yeah, so we're part of a couple of different networks, one of them being FSISAC. So that's the financial services data sharing basically. So we can go out and we get updates of what other banks are seeing, what other lines of financial institutions are seeing, and we are able to update any attacks. I'm also a part of a bunch of smaller organizations where we can just talk and get an idea of

what's going on in the world. I like that better than reading reports because the reports have already been doctored and marketing and everyone else has had their hands in it and it's written like a lawyer wrote it. Whereas I can actually just talk to someone that has it ongoing. So I'm talking to another security professional and we're able to just have that cut and dry conversation of this is where we're at, this is what we're seeing and this is where we want to get to with this information. So having those

spread sharing communities is amazing.

Adi (07:31.658)

Amazing. within that community, would you say that security professionals, like in all levels, is there a lot of talk back and forth? Do you feel like there is enough sharing of experience or is it something that you, that is kept more secret maybe because of security?

Austin Hohl (07:56.317)

Yeah. So there is, there is a lot of talk between, the industries and specifically like in the banking world, however, you're, you're right. They, don't like to tell how we are being secure, but we like to say basically in theory, how we're being secure. Cause you know, we don't want to, just broadcast out there. This is how we do ABC because then you know how to get around ABC.

You do throughout the communities, you do find those close net relationships with other institutions where you're like, Hey, we do things really similar. Let's, let's actually talk. and then there's the other, Institutions where you're like, Hey, this is how I would do it. If I was looking at it this way, as opposed to saying, I have this software, I have a program to do this thing and, it works great for us. So there is, there is that boundary of you have to know your audience of

of who you're talking to and what you can talk about.

Adi (08:57.706)

Interesting. Do you ever need to be the bad cop? Like the person who's like, no.

Austin Hohl (09:07.469)

Yeah, I am normally that person, especially my day to day involves the, mean, I am the one that has to go out and say, Hey, we can't do it this way. I know, I know it seems like it should be three clicks and done, but when you click those three things, bad things happen. I always try to come with another solution. So, Hey, we can't do it the way you want to do it, but what about if we try it this way? And I find that that's a lot.

easier on people accepting security. Because while they may not consider it as a, as their first thing that they think of when they're trying to complete their task, when you give them that work around, it's more than just saying, nope, you can't do it. Find some other way on your own. It's a, it's more collaborative and doesn't give people a bad impression of security.

Adi (10:01.878)

Nice. How do you create a community now? Well, not even a community, but a culture that understands that security is a thought. Like you can do certain things because it might affect the company beyond yourself.

Austin Hohl (10:18.137)

Yeah, you know, I, like to just get out there with the individuals. So I will go meet with departments. I'll go meet with, really anyone that I can, that will listen to me. I like to meet and work with people that maybe have questions about security or are concerned about their information. and I, I just talked to them and I understand where they're sitting at and where their views are. And I try to align security views with their views. That way they can have that correlation of.

what's going on in their world and how it compares to the security world. I don't like to sit behind email or behind the screen and be that person that just says no all the time. Getting out there and showing that the people in security are people as well is really important to me.

Adi (11:12.571)

Interesting. What do you think is something that people out of security don't really understand about security?

Austin Hohl (11:20.025)

There is a lot of threats out there. know, a lot of people are, they think that, this won't happen to me. We're a small person or we're a small institution or that's just my home router. Like no one's going to target me. And I always try to give the example of on the internet, you're just a number and they don't know if they're attacking a country or if they're attacking someone's.

gas station, like they, they, just don't know what that IP address comes back to until they start attacking it. And by then, if you're not secure, they are, the odds are that they've already made waves and have caused damage to your network. so the mindset of, it won't happen to me. It isn't the case at all. cause they don't know that you could be, your IP address can be one number off from a major pharmaceutical company.

and they accidentally typed the number wrong and now you just got attacked.

Adi (12:19.328)

Interesting. It's not a, like I haven't even thought about that angle. Like you can get attacked even without someone trying to attack specifically you. Interesting. Have you ever been part of a company and of course, no names or anything like that, but that had a significant security incident? And if so, what did you do about it?

Austin Hohl (12:43.577)

I have not been a part of a company that had a major incident. We do run through the different tabletops where we see what would happen if an incident occurred. And a lot of that is we play in production. So we will release some sort of fake malware or we'll click links and just see how the controls respond.

layering your security controls is really important. So you don't want to rely on one product to fix everything. You want to have multiple products to make sure that if one doesn't catch it, the next line will. So I like to think I'm prepared, but there's always room for improvement.

Adi (13:27.902)

Interesting. When you got started in security, did you feel, were you more stressed than now or would you say it kind of stays the same or were you not stressed at all?

Austin Hohl (13:43.357)

Yeah, when I started into security, it was more excitement. I wanted to see what was going on out there and just see what was going on with the different tools and technologies that were available. Now I am for sure more stressed than when I started. You know, it's, I've had the time to experience a lot of different things and a lot of different attack factors to know what else to be worried about. I feel when I started,

I had this very small thought of what security was and that it was just in that circle. And if it was outside of there, it wasn't me. But now I realized that this is a massive circle of things that I have to be aware of. that's, you're always thinking, what if this happens or what if that happens? And it becomes interesting to try and process all that.

and still be able to sleep at night.

Adi (14:43.818)

Interesting. It's always interesting to me when CISOs talk about the way they manage the stress of always being on, always being ready for something to happen and how some CISOs look at it as not even just CISOs, security professionals. Some people see it as something that needs to be really managed and thought about and planned for in terms of you should take time off. You should understand how you can get.

help from your team and all of that things. And some of them are more under the, like the behavior of.

It is what it is and I understand what I can control and I sort of let go of that. Do you see a lot of that in the cybersecurity community of like people who are like, how are they dealing with it from your experience? How do you.

Austin Hohl (15:41.797)

Yeah. So I, I'm one that I want to be woken up at 2 a If something's going on, like I want to know. I like to know ahead of time. That way I'm aware of anything when I do get into the office. the, recently there was the, crowd strike event, and in Eastern time, we started getting alerts about 3 a We were not impacted by it.

but I was getting alerts of other institutions going offline because their computers were going offline and no one knew immediately if it was a threat or if it was a bad update, which is what it turned out to be. so while I was not impacted, I was up making sure that our vendors and our vendors, vendors, were up and that we weren't going to be impacted. There are, I just had a meeting last week, I think,

where we see, so it's got together and a lot of them were hands off. They're like, yeah, my team handled it. And they just gave me the after action report. And I, I haven't accepted that yet. you know, I want to make sure that we're doing everything we can with all of our knowledge versus having it funnel up and then just have the one person that reads the after action report. Cause we all have different experiences. And when we all get together, that's when great things come out of what we can come up with together.

Adi (17:06.784)

Interesting. What is your biggest challenge right now?

Austin Hohl (17:11.833)

it, it's probably user education. a lot of people are, they're really concerned about doing their work and understanding how, they can be productive in their day to day and they don't consider the security aspect of it. So when they see that Facebook ad that says, you know, you can get this free application or you get this free, whatever, if you click this link, they're not thinking of the security implementations around that implications around that.

so it's, they, they like to click things and then they think about it. So just trying to get them to think before they click and, think about that one thing that they're about to do that could change, you know, the security of the systems.

Adi (18:03.064)

How much would you say the focus is on educating the people versus implementing controls that make sure people don't make silly mistakes?

Austin Hohl (18:14.881)

So I take the approach of making sure the users are educated. I think if you can keep the users educated, you don't have to invest as much in controls because they are the control. They're the first or last line, depending on how you look at the attack of protecting your information. Having the controls in place are nice and they're more

You know how they're going to react versus you don't know how an individual is going to react. So having the digital controls in place as a secondary line is my approach to it, but the education and working with the associates to make sure that they truly understand that what they do has a major impact on the security of the company.

Adi (19:08.908)

Interesting. And what would you say?

is the most frustrating thing you've been coming across in that context.

Austin Hohl (19:22.693)

Probably the risk acceptance of some of the things that companies are willing to accept. So if it takes longer than average to do it the secure way, companies can take the approach to just accept the risk and do it the way they've always been doing it. Which I don't like that response of this is how it's always been done. It could have always been done wrong, but we just don't know.

until we try that new way. And a lot of times that's where you'll get a lot of pushback from companies is because you're changing processes that have already been established and that impacts production and operations. And that may not be a suitable time in the company's year to try that. So it's frustrating to know which...

battles to have basically of, we really shouldn't accept this risk or we can accept that risk now.

Adi (20:25.91)

And just saying, how do you see the balance between security and business?

Austin Hohl (20:31.993)

It's the way I look at it is if I have enough compensating controls. So if I turn off that first line defense, are my next lines of defense going to catch it? And if my user is going, if I can't rely on the user to not click the links, that's where I really depend on those lines of, of control. just the, the, the layering of, of the controls is really important for that exact reason of we can shut one of them off because I know.

the next three are going to catch it.

Adi (21:06.2)Do you at all use AI?Austin Hohl (21:10.577)

Sometimes, so we are, we are starting to get into AI. it is, it's an interesting, approach just given where, like we need to know where the data is being stored. need to know who was able to see the quarries. We're trying to, understand what its responses are going to be. because it seems you can ask it the same question. You get a different answer every time, but.

it all comes back to the same answer, just worded differently. Similarly, when we're looking at events, what AI may consider as malicious activity, it could be normal activity for us because it doesn't know our environment yet. So when we first started looking into AI tools, we were getting all kinds of alerts saying, you know, there was issues here and issues here. It's like, no, that's just normal. So while I...

Think .ai is probably the, is the future. It still needs tweaked and it also should be used as it's a tool. It is not a first line of defense. It's not a saving grace for everything. It's not going to replace people. We need people to manage the tool.

Adi (22:29.962)

Interesting. What do you think, like when we look into the future of cybersecurity, it's changed a lot over the last few years. Is AI going to be one of the main factors of change in the years to come? Or do you think it's going to be just like sort of, you know, growing at the same time, but not necessarily the main thing?

Austin Hohl (22:59.077)

Yeah, I definitely think AI is going to take over the spotlight of security controls. Though as quickly as AI can respond to alerts and take action versus someone sitting in an operation center somewhere being able to interpret the alert, know what's going on, follow their procedure and then execute. AI is just, it's going to do it in seconds versus.

someone waiting to get the alert and then running through that process. So I do think that it's going to take the spotlight. It's just a matter of where the balance is. can make poor decisions based on the yes or no configurations that you give it. So if you say, hey, if you see malware, I want you to turn the machine off. But if it accidentally sees like,

Internet Explorer as malware, you just turned off your entire network because AI is saying yes or no. Yes, I see this program installed, so now I'm turning everything off.

Adi (24:09.934)Do you have a team right now?Austin Hohl (24:12.707)

I do. So I've got one security analyst and then myself. So we take turns on being on call and responding to alerts.

Adi (24:20.748)

Interesting. when you look at the difference between, well, I guess it's a, it's a, like it's a small team, but when you look at the difference of not having a team to having a small team, to having a big team, what do you think is the difference? Is it big company, big team or other, other factors?

Austin Hohl (24:42.565)

There are other factors. A lot of times when you get into the bigger companies, it's just about alert volume. How much can one person handle effectively and securely? I like our size. Of course, I would always take a couple more people, but I like our size because we get to do more. When you get into the bigger companies, you have someone devoted to red team only, you have someone devoted to blue team only and purple team and all the other colored teams.

whereas here we are all of those. So we get to see how all of the, all of the operations connect to each other and like, we'll take turns. So sometimes the security analyst will be red team and then there's me being blue team trying to catch them. And then we regroup after and say, all right, how did you get where you got and how can we build alerts to know if you made it there and vice versa.

Adi (25:39.04)

Interesting. What is one blind spot that you think security professionals maybe overlook, miss, like don't pay enough attention to?

Austin Hohl (25:52.589)

I would take it back to the end users. A lot of security professionals, they don't consider their end users as a line of defense because they're a wild card. We don't know what they're going to do. And that's where I think we're overlooking the human aspect of just training them to be aware. And not only does that help us as a company, but it helps them in their personal life as well to make confident decisions. So they know that

While at work, they can't click links and at home, they know they should not click links as well. And if you can keep them secure. Personally, they bring those good habits into work. It's what I've found over the years.

Adi (26:38.528)

Interesting. How do you do that though? Like how do you get them to actually take it home? I would assume that's like the harder part.

Austin Hohl (26:48.919)

Yeah. And that's when, when I do trainings, I don't like to only show the work related. This is why we do things. like to give that, that, correlation to your personal life. So. Like in a couple of the PowerPoints, I show Facebook ads and I say, I'll put them side by side and say, which one's the right one to click. And like, if you click this, is it actually going to take you somewhere? And I show them.

the key signs like hovering over the link and looking for misspellings and all the common things. Just because it does translate into work to the same when you receive that weird email that says, hey, I need you to wire this money, but don't call me because I'm in a meeting. Just do it through text. And those things that you're seeing on Facebook that are like, hey, fill out this 50 question questionnaire of all of your

Like all of your common things that you like, like your mother's maiden name and your first pet. And it's like, those are all ways that people can social engineer you. they're getting all those security questions from you because you are filling these things out on Facebook. And I pick on Facebook a lot, cause that's what we see a lot here in our industry. is the, the, employees are on Facebook and they see, I got to know so -and -so because they filled this 50 questionnaire out, 50 question questionnaire out.

And now I know more about them, but so do all the threat actors now. so if I can get your mind thinking that way of the information you're putting on the web is not just for who you think it is, it's for everybody. And at some point it'll end up there. And that, that translates right back into work of we need to keep our client info safe.

Adi (28:37.016)

Wow, that's so interesting. So you say that all these things, like, even if it's not, even if it's not a link they clicked and was malicious, like there's still the fact that they're putting information online is an issue.

Austin Hohl (28:55.343)

Yeah, exactly. it's more and more where, and it looks harmless enough. You're answering questions and that's how you get to know someone, but that is also how the threat actors get to know you.

Adi (29:10.446)

really interesting. What would you

How secure is secure enough? Because people are going to use social media, they're going to share their lives. Where do you see the line of what you should and shouldn't share?

Austin Hohl (29:29.449)

Yeah. And it depends on all your settings and the platforms you're in. It's the security industry has pretty well turned to. It's not if you get breached, it's when you get breached, how bad is it? so that's where you're having those controls. So if you have your profile set to private and you have your posts can only be viewed by people that are your friends. You still have the issues of what if your friend gets compromised? What if you get compromised? What if.

the entire platform gets compromised. Like you're still going to lose that information at some point, but it's just a risk assessment that you have to do in your day -to -day life of what's the likelihood this is going to happen. Now the average person doesn't sit there and go, well, know, this social media platform has these controls in place and they have these DR procedures and I do, cause I'm boring, but.

the average person doesn't do that. So to give them that confidence to say, you know, you're picking name brand things to use. You're not using companies that are, have just spun up overnight and they want your information. It keeps them in the mindset of trying to keep with the, just the way security is, is

flowing because your name doesn't get out there if you've been breached and you don't.

Austin Hohl (31:08.57)

You don't stick around long if you've been breached and you've lost all of your users information.

Adi (31:20.32)

Unfortunately. Interesting. If I'm changing the topic a little, what would your advice be to someone who's looking to get into security? Like someone who does find everything that we've talked about really interesting and does see, you know, himself in that field or herself.

Austin Hohl (31:21.924)Right.Austin Hohl (31:42.539)

Yeah, the biggest thing is to go talk with your security teams and go talk to other security professionals. Security teams are very guarded. So if you are coming in from zero security experience into a company, the odds are low that you will get directly into a security team. You normally have to start like at a help desk and work your way in, learn the systems, learn what security is protecting. That way, when you come into that security team,

You already know the systems that you're protecting. So you know, Hey, I did it this way and no one yelled at me. I think someone should yell at me for doing it this way. security teams are in myself included are, cautious of bringing someone in from the outside and going, here's all of our flaws. Fix them. Because now if that person leaves, you just gave them everything and the job didn't work out for them and they left. But now you have that risk. If someone knows all of your.

your secrets and they left. So whether they use it at all or if they do use it for bad, that's a risk that you, myself, I don't accept. I like to bring in higher from within.

Adi (32:57.664)

So you're saying that you prefer hiring from the company someone that you already know, trust and not like someone who's from the outside. Interesting.

Austin Hohl (33:06.853)

Exactly. Exactly. So it's, it's normally starting at that, that entry level position and, or an adjacent position and expressing interest that you want to come into the security realm. And normally security teams are pretty open to bring other people in because we do like to talk about security most of the time. So having that, that person that wants to hear how we do things is

puts you above everyone else that's complaining about security or, I had to do this multifactor this time. So expressing interest once you do get into that company will put you way ahead of anyone else applying for that same position.

Adi (33:51.958)

Interesting. And what are the things that you care a lot about when you look for someone to join your team?

Austin Hohl (34:01.169)

work ethic is my biggest thing. I don't necessarily need you to be, knowledgeable in all the systems. don't, I don't really need you to be certified in a bunch of different things. I like to bring you in with a good work ethic that I know you're going to be happy to assign your name on whatever you provide. I can provide the training. I can get you certified. I can, I can do a lot of that.

for that person and most security companies will do that as long as they are willing to put the work in. And that's what is sometimes difficult to find is someone that wants to progress and put the work into better themselves and the company that they work for.

Adi (34:45.826)

What would you say are the biggest topics in cyber security right now? If you're looking at the field and like the main things people talk about, look at.

Austin Hohl (34:57.989)

Yeah, ransomware is a big one right now of just people getting hit with ransomware attacks, different industries getting hit with ransomware attacks, how to prevent it, if things should be, if the ransom should be paid or how to respond to them and privacy. People are starting to take bigger control, taking a bigger look at their controls that they're putting around their

customers and clients privacy, which is great that we're now considering how to keep our clients info secure as opposed to doing our best and if something happens, well, of mentality of it.

Adi (35:44.992)

Interesting. Have you seen any shift in that over the past few years? was there a different focus maybe before COVID or even like whenever?

Austin Hohl (35:56.749)

Yeah. So especially around COVID, a lot of the mindset of executives and boards and stakeholders have changed from let's be productive to how can we be secure and productive? A lot of companies went remote with COVID and they didn't do it well, so it wasn't secure. So they had issues and which impacted production and same with if you're heavily regulated.

and you're not secure, you're now impacting production because the regulators are stepping in saying, why are you doing things this way? So the industries themselves are pushing back on the companies that aren't doing things as secure as they could be. And the companies have realized that and are trying to change their mindset to put security and then production and then figure out how to make the two level out and not impact each other.

Adi (36:55.65)

Being in FinTech where it's very regulated, you see any... Like how do you view compliance? Is it a thing that you kind of like, you have to hit it and then like that's level of security or is compliance more of like the direction and of course you have to have it, but there's also so much more that needs to be done. Like how is that viewed?

Austin Hohl (37:24.033)

Yeah, so a lot of companies do look at once they check the box that they're they're passing, they're good. I personally like to see innovative on all of my reports. I like to be that that company that is showing up higher than the previous company that the auditors or examiners had just looked at. I like to show that it's possible to do more than the bare minimum. It's it's prideful. It's nice to

to have that, that to look back on and say, Hey, we were able to do this and we were still productive and we, we were innovative and now other companies are looking at doing it and being that contact of how did you guys do it? And it was successful somehow. So let's talk it through.

Adi (38:14.698)

Interesting. So I have one final question. Before that, thank you very much for your time. think this has been really helpful for anyone who's looking into security and just wants to understand, especially in the fintech world, which is a little different. So two parts to my question. One, what keeps you up at night as a security person? And the other side, what gets you like

up on your feet, gets you excited. Like what is the best? Well, I guess in security sometimes the most like active days are not the best at all, but like, well, like, you know, makes you excited. We talked a bit about it before.

Austin Hohl (39:03.373)

Yeah, the thing that keeps me up at night is not knowing the unknowing of what could be out there and lurking to attack us basically. So that keeps me up not knowing what the next person is thinking of. We stop billions of attempts a year, but it only takes that one to cripple us or to put us in the news for bad publicity. And those are the things that I try to avoid and

That's what keeps me up is to keep us out of the news. but that's also my driving factor to get in in the morning and make sure that we are only good publicity where our firewalls are working or other controls are working or antivirus. All of it is working correctly and doing what we needed to and staying ahead of those zero days and zero hour attacks. so they, what, what keeps me up is also what keeps me going.

Adi (40:02.126)

It's a very good answer. It's very interesting. Sounds like a...

Adi (40:08.504)

fun yet stressful job to be doing. Okay, thank you so much, Austin. It was great having you.

Austin Hohl (40:12.495)Yes, for sure.Austin Hohl (40:18.211)

Absolutely, thanks for having me.

Ensure SOC2, HIPAA and GDPR compliance across all your SaaS tools

Built in Tel Aviv, Israel

Ensure SOC2, HIPAA and GDPR compliance across all your SaaS tools

Built in Tel Aviv, Israel

Ensure SOC2, HIPAA and GDPR compliance across all your SaaS tools

Built in Tel Aviv, Israel