1:10

Okay , today on Cyber Work , Mark Toussaint of

1:12

OpsWatt joins me to talk about his work

1:14

in securing operational technology and , specifically

1:17

, about his role as product manager

1:19

. This is an under-discussed role within

1:21

security and requires great technical expertise

1:23

, intercommunication skills and

1:25

the ability to carry out long-term campaigns on

1:27

a product from , as he puts it , initial

1:30

brainstorming scribblings on a cocktail napkin

1:32

, through the creation , creation of the product and all the way

1:34

to its eventual retirement . Learn what

1:36

it takes to connect security engineering solutions

1:38

, experts , project management and more in the role

1:40

of security project manager , and how

1:42

OT security connects fast , flexible

1:45

IT and cybersecurity with systems

1:47

that , as Mark put it , might be put in place

1:49

and unmodified for 15 or 20 years . It's

1:51

not too hard to connect these worlds , but it does take

1:53

a very specific skill set and you'll find

1:55

out about that today on Cyber Work . Hello

2:03

and welcome to this week's episode of the Cyber Work

2:05

with InfoSec podcast . Each week , we

2:07

talk with a different industry thought leader about cybersecurity

2:10

trends , the way those trends affect the work of InfoSec

2:12

professionals , while offering tips for breaking

2:14

in or moving up the ladder in the cybersecurity

2:17

industry . My guest today , marc

2:19

Toussaint , is a senior product manager

2:21

at OpsWatt . Marc joined OpsWatt in

2:23

2023 , bringing him a strong

2:26

cybersecurity background and a proven history

2:28

of providing comprehensive cybersecurity solutions to

2:30

a wide range of critical infrastructure

2:32

industries . With 30 plus years of experience

2:35

at high tech and B2B companies ranging

2:37

from startups to large multinationals , he is now focused

2:39

on accelerating the launch and market

2:42

acceptance of the NetWall product line for OpsWatt

2:44

. Prior to joining OpsWatt , mark held senior

2:47

product management roles at Owl Cyber

2:49

Defense , bell Howell and Pitney Bowes . He's

2:52

based in Connecticut . Mark holds a BS

2:54

in plastics engineering from the University of Massachusetts

2:56

and an MBA from the University of New

2:58

Haven . So , mark , thank you so much for joining

3:00

me today and welcome to CyberWork . Thanks

3:03

, chris . Thank you for having me . Okay , I

3:05

realize I usually ask beforehand

3:07

, tucson , is that the correct pronunciation of your

3:10

name ? Yes , okay , and OpsWad is how you

3:12

about it ? Okay , I thought

3:14

as much . Just wanted to make sure . Okay

3:16

, to help our listeners get a better sense of your

3:18

background , we always like to sort of dig

3:20

into where you got interested in this stuff

3:23

first . So what was your earliest interest in computers

3:25

and tech and security ? Was there like a

3:27

moment , you know , when you were a kid

3:29

or a teen or in college or whatever , that really

3:31

got you excited about it ?

3:33

It really happened after college . You know , I came out

3:35

of school with a degree in plastics engineering

3:37

but I was hired by a company

3:39

that wrote software for the plastics

3:42

industry and over

3:44

time I just gravitated

3:46

towards the software side of the business

3:48

and

3:53

at that time a lot of manufacturing was being shipped overseas . So reading the tea

3:55

leaves , you know it made a lot of sense

3:57

to move on to the high tech

4:00

side of you know opportunities

4:02

out there . So that was really sort of the

4:04

starting point of , you know

4:06

, getting involved in technology .

4:08

Now , once you sort of got

4:11

it's hooks in you like that , did you study

4:14

formally like in school , did you self-teach

4:16

yourself , did you get books , did you just kind of ask

4:18

around Like what , how did you sort of feed the obsession

4:20

?

4:21

Pretty much just learned . You know trial

4:23

and error on the job .

4:24

Okay thanks , yeah

4:26

, so we had a past and

4:28

frequent guest , susan Morrow , who started out in chemical

4:30

engineering , and she said she enjoyed the

4:33

process of securing her specimens in

4:37

the network more than she enjoyed actually doing

4:39

the work , and so that's how she knew she was a person

4:41

for security . So it sounds similar for

4:43

you as well . So , yeah

4:45

, so I usually will look through a person's

4:47

LinkedIn profile to get a sense of their

4:50

sort of career trajectory , and yours is fascinating

4:52

and varied , but also it's pretty focused , because that you've

4:55

had several product manager roles at

4:57

companies known for their technical products

4:59

, like Bell Howell and Pitney Bowes , while also

5:01

always frontlining the security component

5:04

in each one . So can you tell us about your career evolution

5:06

and what you learned at each stage of

5:08

your journey , maybe a couple of transformational

5:11

moments or projects , and what

5:13

those gave you as far as skills

5:15

or qualifications ?

5:17

In terms of transformational moments . I mean , at one

5:20

point I evolved into a sales

5:22

role and did that for a couple

5:24

of years and I really wasn't that

5:26

happy . I didn't like cold

5:28

calling and just some of the aspects of

5:30

the role weren't

5:32

for me and kind of came to the conclusion

5:35

that I needed to figure out . You know where

5:37

to next and you

5:40

know I came across

5:42

a book called what Color is my Parachute ? Oh

5:45

yeah , you know it really helped you

5:47

focus on what skills you're

5:49

good at and ultimately you know the skills

5:51

that you're good at . You're most likely going to like

5:53

what you do if you are able to find

5:55

a role . So in that time period

5:57

I did a lot of work with the automotive industry

6:00

and Ford , gm , and really

6:02

what I enjoyed most about it was working

6:04

with them to help them define

6:07

you know what they needed in products

6:09

, and that , you know , sort of led

6:12

into my first product manager

6:14

role , where that was just an area

6:16

that you know I really gravitated

6:18

to because it really it took a combination

6:21

of technical and sales skills

6:23

to be successful in that role .

6:25

Yeah , well , that's , that's that was . That goes nicely

6:27

into my next question here , because a

6:29

lot of our listeners sort of get

6:32

a sense of what kind of work they want to do

6:34

in cybersecurity by hearing what people do in

6:36

cybersecurity . So I was going to ask if you

6:38

could talk me through your average day as a senior

6:41

product manager at OpsWatt . Are there

6:43

certain things that you do every week ? Are there certain

6:45

tasks that are common ? And yeah

6:47

, and talk a little more about the sort of cross

6:50

point between the sales

6:52

of it and the technical expertise of it .

6:54

Yeah , I mean an average day like , for instance

6:56

, this morning I came online and I

6:58

had three requests for support

7:01

one in Turkey , one in the Middle East

7:03

, one in one of them in

7:05

Taiwan . So typically

7:07

, you know , I would address technical questions

7:09

or commercial questions that our solutions

7:12

engineers around the world have , or commercial

7:14

questions that our solutions engineers around the world have . You

7:17

know I may later on today meet with the

7:19

marketing department to review

7:21

, you know what

7:25

efforts around my product lines are ongoing and what we want to do next . That will be followed

7:28

by a customer call supporting , you

7:30

know , sales activity . Other

7:36

days , you know will be more , you know , focused around . If I have writing to do

7:38

, maybe I have to write product requirement

7:40

documents and things like that . I'll block out

7:42

time , but it's really , you

7:44

know , a varied role and you know every

7:46

day is a little bit different , but you

7:49

know supporting the sales organization

7:51

and then you know , looking , engaging

7:53

with customers to understand . You know , looking , engaging with customers to understand , you know

7:55

what their needs are and

7:57

how the market is evolving . Part

7:59

of that you know . For instance , today

8:02

I'm arranging meetings for subject

8:04

matter experts in a different vertical market

8:07

that we don't address today to try

8:09

to understand how might we

8:11

, you know , move

8:13

OpsWap products into a new vertical

8:15

market segment ? And you

8:18

mentioned on the role . It's a unique

8:20

role and one of the challenges of product management

8:22

that makes it a hard thing

8:24

to do is that most product managers

8:26

are individual contributors , so

8:28

nobody works for you . Yet

8:31

you rely on all the functional

8:33

disciplines within an organization to

8:35

be successful , and you

8:37

know you have to have credibility and you have to be able

8:40

to be very collaborative

8:42

to get to where you need to be

8:44

from in terms of the goals of your product line

8:47

. So that's something that's unique

8:49

about the role .

8:50

Yeah , that was what I was going to say is hearing

8:53

that you're working with , like , client success and you're also

8:55

working with the engineers

8:57

. You're very much the sort of conduit

8:59

in terms of the problems , the solutions

9:02

, but also seeing the big picture . So you're juggling

9:04

a lot at the same time , aren't you Exactly

9:06

? Yeah , yeah . So

9:10

today's topic we've been talking a lot about

9:12

operational technology , industrial

9:14

control , manufacturing , the last couple of episodes

9:17

here , and so , thanks to a few all-time inquiries

9:19

and a lot of great introductions , this

9:22

is going to be the focus of this month of CyberWorks

9:24

episodes . So I wanted to talk to you about

9:27

the OT side of things . Can you get our listeners

9:29

up to speed on the current challenges we

9:31

face in a set of increasingly connected operational

9:33

technology environments ?

9:34

on the current challenges , we face in a set of increasingly connected operational technology environments

9:37

. Yeah , I mean , you know I don't think it's any secret that critical infrastructure

9:39

has been , you know , a central target

9:41

for bad actors out there to hack . And

9:43

it's critical because if you , you know

9:46

, if you are breached , there

9:48

are , you know , power outages

9:50

, there can be safety

9:52

issues , you know people can be harmed

9:54

if equipment , you know , doesn't do

9:57

what it's supposed to do . So there's

9:59

also financial risks that , if

10:01

you know , associated with getting hacked . So

10:04

you know it's important that

10:06

we can secure the OT environment

10:08

and protect , you know , inbound threats

10:10

and you know there's any number of technologies

10:12

out there that really you know provide

10:14

sort of a defense in depth approach

10:18

to securing these OT assets

10:20

.

10:21

Yeah , so yeah , I've had a bunch

10:23

of great guests on the show talk about industrial control

10:25

and infrastructure , and many of them

10:27

went straight to the OT challenges , especially Emily Miller

10:29

and Leslie Carhart and Teresa Lanowitz

10:31

, so I know a bit about the issues around the

10:33

sort of delicate balancing act . The sort of delicate balancing act

10:35

of sort of harnessing modern

10:38

network and cloud network security practices to connected

10:40

networks of machines that aren't necessarily

10:42

built to those same flexible specifications

10:44

for things like firmware vulnerability , patching

10:47

and so forth . So in your work so far , what

10:49

have you found are the most effective strategies

10:52

for securing OT systems ? And I

10:54

know it's probably varied from industry to industry , but especially

10:56

as things like IoT take formerly static

10:59

pieces of machinery and chain them together in patchwork

11:01

ways .

11:02

You know in terms of the challenges , I mean a lot of

11:04

the . A lot of the OT systems that

11:06

are utilized , you know , to generate power

11:09

or refine oil and gas have

11:12

been in place for 20 years . They're old

11:14

and they were not designed

11:16

with security in mind . So

11:19

there's a couple things in

11:21

my role with the NetWall product line

11:23

. We enforce unidirectional

11:25

data flow so we can get data out

11:27

of the OT environment to IT

11:30

to do things like predictive

11:32

maintenance , analytics

11:34

and so forth . But

11:40

we need to deploy these types of technologies so that we can get data out but nothing

11:43

can get in . There's also threats

11:46

by portable media bringing in

11:48

USB sticks , so we

11:50

need to have multi-scanning

11:52

technologies and deep content

11:54

inspection to ensure that you

11:57

know if a vendor comes in with you

11:59

know some new firmware that

12:01

they're not infecting your you know

12:04

your OT network . So there's any number

12:06

of technologies . We

12:08

work with customers a lot to help them with

12:10

network segmentation and

12:13

things like that . So there's

12:15

a range of you know , analytical

12:18

and network-based tools out there

12:20

that you know . Really , as

12:22

I mentioned before , it's not any

12:24

one single technology , it's a defense

12:27

in depth .

12:28

Yeah , so I mean , like I said , I've

12:30

heard so many different kind of approaches and that's

12:32

one of the things that's so interesting about this is there's so many different

12:34

approaches . But it sounds like yours is very much like

12:37

a very strong sort of perimeter

12:39

wall around the OT . That

12:42

is kind of like a porous wall that only sort of

12:44

allows you know sort of outward

12:47

through your product there . I mean

12:49

, it's a lot different from other things that I've heard where you

12:51

know they're getting very sort of granular in securing

12:53

you know individual processes and so forth . Sure

12:56

, yeah

13:01

, that's interesting . So you mentioned memory sticks and other sort of incoming threats . What are

13:03

some of the most common attack vectors for security compromise across

13:06

industry and connected OT security issues

13:08

? What are the ways that attackers are getting in ?

13:10

Yeah , I mean it could be . You know remote

13:12

access , which

13:14

opens up threat vectors into the OT network

13:17

. It could be , as I mentioned , portable media

13:19

. And in addition

13:21

, you know organizations

13:23

have historically a lot of

13:25

connections out of OT or into

13:27

OT , whether that be for remote

13:30

access , whether it be for vendor support

13:32

, and so often

13:34

you know they have , you know , ports open

13:36

and access into the network that

13:38

they don't even know about . So

13:41

you know we work with customers and try to

13:43

get them to inventory all

13:45

their connections into and out of

13:47

you know , the OT network . I saw

13:49

a presentation once where a company counted

13:52

they had 238 connections into

13:56

and out of OT . Many of them

13:58

were no longer used yet they had open

14:00

ports to the outside world . So

14:03

and then , if you know , if you get in through

14:05

one of those open ports you know we saw

14:07

there was a water treatment plant

14:10

in Pennsylvania where it

14:12

is suspected that they had PLC

14:15

controllers that used the

14:17

default factory passwords , which are

14:19

readily available on the Internet

14:21

. So that combination

14:24

of a threat vector in and then poorly

14:29

configured devices is a recipe

14:31

for disaster .

14:33

Yeah , no , 2023 seemed

14:35

to be the year of asset detection , like it

14:37

was the first time I heard everyone talking about know

14:39

every single connection point in your network

14:41

, because the thing that you , you

14:44

know , had an intern on seven years ago and

14:46

thought was disconnected is not actually disconnected

14:48

and it's still a point of contact .

14:50

That's absolutely correct .

14:51

Yeah , yeah , yeah . So that's going to be a big

14:53

part of this , I think , going

14:56

forward like this , so , yeah

14:58

. So , as I say at the top of the show , mark

15:00

, the goal of CyberWork is to help students and new cybersecurity

15:03

professionals sharpen the skills needed to enter

15:05

the cybersecurity industry , whether

15:07

at a single company like OpsWatt , or as a freelancer

15:09

or consultant for hire , Like

15:23

what are you know and you have like a rank of skills across

15:25

the board because of your need to sort of connect with different departments

15:27

. But what are the most important skills or experiences or trainings or certifications

15:30

or soft skills they need to actively pursue OT security

15:32

work .

15:32

You know a lot of , a lot , of a lot

15:34

of people come into OT from IT

15:37

. It's a much bigger field and

15:40

so you know it can be challenging

15:42

to get into the OT space

15:45

because it's a different set of skills than

15:47

the IT world . But , you

15:49

know , take classes

15:51

, get certification . What I

15:53

can say is that there's a lack

15:55

of candidates in

15:58

the OT arena that really are

16:00

knowledgeable and have experience in OT

16:02

, so that there's , you know

16:04

, there is a great opportunity out there for

16:06

people that have those skills

16:08

. So I think you know there's OpsWAT has

16:10

, you know , basically

16:13

a university that we , you know , make available

16:16

. There are certification programs out

16:18

there . Try to do something

16:20

to get you know the OT on your

16:22

resume . You

16:24

know , and , like I said , there's

16:26

a lot of opportunity in the OT space

16:28

because there's not a lot

16:30

of people that are trained in OT technology , that are trained in

16:33

OT technology .

16:34

Yeah , Is

16:39

there sort of a bulk set of skills that people who come to it from IT to OT

16:41

like what are the big things that

16:43

you see are missing in someone's skillset

16:46

when they make that jump ?

16:47

Well , you know , for instance , coming

16:50

from IT , they haven't had hands-on

16:52

experience with PLCs

16:55

and RTUs . The

16:57

protocols that are used

17:00

in industrial control systems are

17:03

very foreign to the IT

17:05

world . So you need

17:07

to learn about what types of hardware

17:10

technologies are there . You need to learn about

17:12

what protocols customers

17:14

use to communicate within

17:16

OT and then from OT to IT

17:19

. So those are some

17:21

of the . You know the things that are different

17:23

. And again , you know

17:25

the IT hardware

17:28

and software world has very frequent

17:30

refreshes and

17:39

you know , in the ot world , as I mentioned , you may build a system

17:41

and install it and get it up running operationally and you and just leave it for

17:43

20 years , 20 years , and that's very different in the it

17:45

world yeah , no , absolutely now

17:47

.

17:47

Um , yeah , that's a . That's a really good

17:49

point . To that end , do you do

17:52

people who are getting into this from it

17:54

or more kind of tech side of

17:56

things need to have any kind of like engineering

17:58

or physics background or anything like that ? Or do

18:01

you just need to know how to do

18:03

the securing rather than how to sort of find

18:05

people ?

18:05

Yeah , I think you know there's people that are in

18:07

the OT from a very wide range of backgrounds

18:10

. They're not all from IT . Many

18:12

of them , you know , come from the engineering side

18:15

of the world . So it's a real

18:17

range of types . But

18:19

you know , many of the control system engineers

18:21

are , you know , came from that engineering world and

18:24

then you know , from the cybersecurity standpoint

18:26

, they have had to sort

18:28

of evolve to develop those

18:30

skills . And likewise , with

18:33

the IT side , you know they've needed to evolve

18:35

to build out those OT

18:37

skills .

18:38

Yeah , yeah , no , that's a really , really great

18:41

point . Now , yeah

18:43

, so like if a listener is coming to this and they're

18:46

thinking this sounds interesting , but they're

18:48

unsure about whether this type of work might be for

18:50

them , can you talk about your favorite

18:52

parts of the work you do ? What are things that keep

18:55

you excited and keep you pushing to do your work

18:57

every day ?

18:58

Well , you know , I like working

19:00

with customers and understanding you know their

19:02

needs , their requirements and as well

19:05

as the market . And

19:07

you know , from a product management standpoint

19:09

, you get to see

19:11

the product lifecycle , literally

19:13

from , you know , scribbling on a bar napkin

19:15

to developing

19:17

that product , launching that product , uh

19:20

, managing it through its life cycle and

19:22

then , you know , bringing the product to end

19:24

of life when it's , you know , no longer

19:26

, no longer useful . So it's

19:29

it's very , you know , unusual

19:31

for you to be able to touch that whole , you

19:33

know , lifespan of a product and

19:37

manage that . So I find that exciting

19:39

. I also , you know , I like

19:41

, you know going

19:44

from , like I said , taking you

19:46

know concepts and ideas and

19:49

you know morphing those into

19:51

a product strategy and then bringing that

19:53

to market . So you know just

19:55

the role I find always very interesting

19:57

and , you know , never

20:00

sort of rubber stamping . Yeah

20:02

, you know , your day doesn't consist

20:04

of that .

20:05

Well , and also because people who are just starting

20:07

their career journeys don't always think of you

20:09

know , can only think of , like the fun , sexy parts of a

20:12

job . What are the things about your job that

20:14

you really have to be okay

20:16

with doing over and over again , that people

20:18

might not think of , like certain reports or

20:20

certain like oh , I gotta do this meeting again

20:22

.

20:22

I gotta do this thing you know , I don't

20:24

, I don't know that I I can think of anything

20:26

like that every day . There's a bit of variation

20:29

, okay , uh , all many customers

20:31

are , you know , have different sets of circumstances

20:34

that you need to work with , and

20:36

you know the idea

20:39

that you know you're looking at . You know where

20:41

do we go next with this product , where do we , or

20:43

what products ? You know , are there unmet needs

20:45

in the market where you know

20:47

we can bring a product to market to fulfill that

20:50

need ? So I don't know that . There's

20:52

one aspect of the role that I , you know

20:54

, is sort of drudgery .

20:57

OK , yeah . So when

20:59

, when someone is , you know , done with

21:01

their studies and wants to get into , you

21:04

know , and is in that uncomfortable

21:06

space of like I have no experience , but I need experience

21:08

, like like for for OT

21:11

environments like this , is this something where you

21:13

could like volunteer with like a local

21:15

you know industry ? Like , how do you get

21:17

experience when you're like fresh

21:19

out of school or like a new face

21:21

, like that ?

21:23

Well , I think you know from

21:25

my role , from a product

21:27

management it's often difficult . Most

21:29

product managers don't start off out of

21:31

school as a product manager . They

21:34

come from either the technical side or the

21:38

engineering side and in many

21:40

cases you know from a marketing type

21:42

role . So it's often

21:44

not just a you know you're where

21:46

you want to be immediately . You have to sort

21:48

of plan ahead and

21:50

get yourself in a role that positions

21:53

you to do that . Now , from the

21:55

OT side , I think

21:57

anything you can do for getting

22:01

trained on cybersecurity , getting

22:03

certifications , as I mentioned

22:05

. There's not a lot of these skill sets out

22:08

there , so there is opportunity . So

22:11

from a technical OT perspective

22:14

, I would say try to take

22:16

some classes in cybersecurity or

22:18

get some certifications . There's a lot of

22:20

different approaches that you can

22:22

go to

22:25

get that experience on your resume .

22:28

With regards to there being so many open

22:30

spots and so few sort of available

22:32

candidates . Is this a skills mismatch

22:35

or is there just not enough people interested

22:38

in this type of work ? Do you think Like

22:41

what's the mismatch ?

22:42

I think it's probably a skills mismatch

22:45

that a lot of you know a lot of cybersecurity

22:48

. You know trainees

22:50

came come from the IT side and

22:53

you know , even though , even

22:57

though there's a lot of opportunity in OT , it

22:59

is not as widespread as opportunity

23:01

for IT because there's so

23:03

much more IT effort

23:06

than there is , you know , ot effort .

23:08

So there's a lot of space for people in OT

23:10

, but there's a lot , a lot of space for people in IT is

23:12

what you're saying yeah exactly . Okay , got it

23:14

. So it's a scale of things . Okay , all

23:17

right . So as we wrap up today , mark , I

23:19

wonder if you could tell our listeners the best piece of career

23:21

advice you ever received , whether it was a mentor or a teacher

23:23

or colleague that gave it to you .

23:25

You know I kind of touched on that that

23:28

you know , find out what you really

23:30

like to do and there's a good chance

23:32

that you know . Once

23:39

you find out what you like to do , you'll be good at it . You

23:41

know plan ahead . You won't get to where you want to be right

23:43

away . And you know , in terms of my role , you know you

23:45

need to understand the technology

23:47

. You need to understand , you know

23:50

the skills of the product management role

23:52

in order to be credible

23:54

and successful . So

23:56

, yeah , I think .

23:59

Yeah , know what you want to do with yourself before you start

24:01

doing something .

24:04

It's simple , but it's , you know , it's true

24:06

.

24:06

It's simple , but it's . You know it's true . It's simple , but it's true . Yeah , exactly

24:08

so . Okay , so before we go today , Mark

24:11

, you've talked a little bit about it , but tell us all about OpsWat

24:13

and the work that you do to protect crucial

24:15

infrastructure .

24:16

Okay , you know OpsWat's been around

24:18

for 20 years and our focus is on

24:20

securing OT environments

24:22

. So we have a very broad range

24:25

of products that , as I mentioned

24:27

, it's not a single product , it's a defense

24:29

in depth approach . So we have products

24:32

for scanning portable media . We have products

24:34

that enable you to go out

24:36

and discover all of the IoT assets

24:39

. Look at what versions

24:41

of firmware are on those . My

24:43

role is in what we call data diodes

24:45

and unidirectional gateways . My

24:48

role is in what we call data diodes and unidirectional

24:50

gateways and

25:01

it's a hardware-enforced security that assists customers in getting that valuable data out of

25:03

OT to the IT world so that we can do business analytics , predictive maintenance and so

25:05

on . We have industrial firewalls and just

25:07

a whole host . There's been a trend in the industry

25:09

where traditionally

25:12

OT cybersecurity you

25:14

know there was more of a best in breed approach

25:16

where you had many , many vendors

25:18

in your shop and

25:20

now , as the

25:23

industry has matured , it

25:25

seems we're going full circle . So customers

25:27

now are looking to purchase you , to purchase

25:29

as much as they can from a single vendor

25:31

, just for efficiency

25:34

and one

25:36

organization to work with . So that's something

25:38

that we're seeing in evolution

25:40

and OpsWatt is well positioned for

25:42

that because of the breadth of the product

25:45

offering .

25:46

Yeah , yeah , and I was going to say we hear that

25:48

a lot about . If you sort of patch together

25:50

your system from lots of different things , you don't really know

25:52

which ones are the most secure and which aren't

25:54

. So if you're working all from the same vendor like that , I imagine

25:56

that's got to be a bit of personal

25:59

relief as well . Yeah , exactly , yeah

26:01

, so all right .

26:02

Well , one last question for all the marbles here

26:04

If

26:08

our listeners want to learn more about you , mark Toussaint , or Opswot . Where should they

26:10

look online ? Well , opswot , you know Opswotcom . We have

26:13

a real wealth of information . You

26:18

know , we pride ourselves on being thought leaders in the OT space . So there

26:20

are white papers , there are , you know , e-books . There's just a wealth

26:23

of information on

26:28

the Opswot website and you can just Google

26:30

me and see some of the things

26:32

that I've done presentations and

26:34

things like that . There's any

26:36

number of things out there available on the

26:38

web .

26:39

Oh good , so there's actual . You have speaking

26:41

engagements and things that you've done that are recorded . Yes

26:43

, oh cool , all right , well , I will go check

26:45

those out as well and hope our listeners do as well

26:47

. So , mark Tussauds , thank you for joining me today

26:49

. This was a lot of fun , all right . Thanks

26:51

, chris , for having me , and thank you to

26:54

everyone who watches , listens and writes into the podcast

26:56

with feedback . If you have any topics you'd

27:01

like us to cover or guests you'd cosec institutecom slash

27:04

free , where you can get a whole bunch of free and exclusive

27:06

stuff for cyber work listeners . Learn more

27:08

about our new security cyber security awareness

27:10

training series . Work bites , a smartly scripted

27:12

and hilariously acted set of videos in

27:14

which a very strange office staffed by a pirate

27:16

, a zombie , an alien , a fairy princess , a vampire and

27:19

others navigate their way through age old

27:21

struggles of your whether it's not clicking on the

27:23

treasure map someone just emailed you making sure

27:25

your nocturnal vampiric accounting work at the hotel

27:27

is VPN secured or realizing that

27:29

, even if you have a face as recognizable as the office's

27:31

terrifying IT guy Boneslicer , we

27:34

still can't buzz you in without your key card . Anyway

27:36

, go to the site and check that out for the trailer . Infosecinstitutecom

27:39

slash free is still the best place to go for your

27:41

free cybersecurity talent development ebook . Here

27:43

you'll find in-depth training plans and strategies for

27:45

the 12 most common security roles , including

27:47

SOC analyst , pen tester , cloud security engineer

27:50

, information risk analyst , privacy manager , secure

27:52

coder , icf professional and more

27:54

. One more time , that's infosecinstitutecom

27:56

slash free , and the link is in the description

27:59

below . One last time , thank you to Mark

28:01

Toussaint and Opswa , and thank you

28:03

all for watching and listening Until next week

28:05

. This is Chris Senko signing off , saying happy

28:07

learning .