A fundamental key of establishing a really solid security portfolio is a compliance framework. So, NIST is fantastic. It’s been in the industry for a really long time. There’s other ones out there that people follow, you know, on the financial sector, it’s generally a PCI SOC certifications if we’re talking about physical data centers and things like that, and then you have what we follow, which is HITRUST, that kind of picks the best and breed from all those interweaves them together into a singular framework. We personally have attested to this for over five years now and we feel really strongly that as the industry evolves and the tools and practices evolve, that framework has been evolving with us. And so, every single year when we attest, we find additions to controls, you know, new verbiage between controls and we find that it’s not just about the policies and procedures, it dives deeper into the implementation to ensure that we’re really doing what we say we’re doing on paper. And that gives me a great deal of confidence in our security posture simply because we’re attesting to what I believe to be the strongest framework in the industry.

24×7 is extremely important. Unfortunately, for us, the threat actors don’t just work 8 to 5 where most of your technology folks are going to be on the clock. Generally, it’s after hours that a lot of these things are going to happen. And so having that staff 24×7 at three o’clock in the morning, they see the actions and they immediately jump in, take action being notified of it the following morning. Unfortunately, in a lot of cases is too late. We need to be able to jump in there and stop that threat actor immediately while everyone else is still asleep to make sure that we limit the impact that we’re able to stop those actions and prevent anything nefarious from happening with ourselves and our customer data. So, there’s a lot of tools a lot of people use SIM. SIM is a really great tool, having run those myself. I tend to move into the next generation, a traditional end point and, and something that’s collecting your data on the back end. Unfortunately, today isn’t enough. It’s more about actionable intelligence and that’s what you get from some of these 24×7 MBR, EDR services that are available in the marketplace today. It’s not just monitoring and reporting to you what happened, it’s analyzing all of what’s a normal user behavior. And if it sees actions occurring within that user ID, it can immediately flag and find things before they’re doing those, you know, nefarious acts of the things that generally bubble to the surface of wow, you know, somebody shouldn’t be deleting a bunch of information or information shouldn’t be leaving the environment. It’s more this person shouldn’t be logging in at this time or they shouldn’t be in this location if they were in that location an hour ago and being able to draw those, you know, patterns and behavior together to form a complete picture of, you know, is this a normal action within your environment and then doing that on Saturday and Sunday when we’re all enjoying other things is really what you need to do to tie these things together.