Why CISOs Are Becoming Executive Leaders | SoftBank's Gary Hayslip

[00:00:00] I'm Felicia Shakiba and this is CPO PLAYBOOK, where we solve a business challenge in every episode.

[00:00:14] 100% of Fortune 500 companies employed a CISO or an equivalent role in 2023. If a company is

[00:00:22] unfamiliar with the role of a CISO, a Chief Information Security Officer, it risks lacking

[00:00:30] the strategic leadership necessary to safeguard its digital assets and infrastructure from increasing

[00:00:36] sophisticated cyber threats. This oversight can lead to vulnerabilities in security,

[00:00:41] potentially resulting in significant data breaches, financial losses, and damage to

[00:00:47] the company's reputation. In an era where cyber resilience is a key component of business

[00:00:53] continuity, a CISO plays a critical role in maintaining trust and confidence among

[00:00:58] stakeholders, customers, and partners by demonstrating a commitment to security.

[00:01:03] Failure to recognize and empower this role can leave organizations unprepared in the face of

[00:01:09] potential cyber crises. Today we will learn all we need to know about a CISO from Gary Hayslip,

[00:01:16] Chief Information Security Officer at SoftBank Investment Advisors.

[00:01:21] Gary, welcome to the show. Thank you for having me.

[00:01:24] Gary, what is the CISO role an acronym for Chief Information Security Officer actually do?

[00:01:35] Each business that has one uses them differently. It isn't like they're a set example.

[00:01:42] There's some type of form or of this role that's pretty much found in every organization

[00:01:47] today that conducts business using technologies or services connected to the internet. So the

[00:01:52] role itself is very varied. I like to look at it as they are business executives that managed

[00:01:59] risk using technology, people, processes, and that's their core role for the company.

[00:02:05] And how has the role evolved during your tenure in cybersecurity?

[00:02:10] What I've seen is it used to be extremely technical and it used to be one of those roles

[00:02:18] that would be buried down in the hierarchy of managers and stuff fell within a company.

[00:02:24] Over the years though as technology has become more integrated within businesses,

[00:02:29] the role itself has become more visible. And as attacks and threats and stuff have impacted

[00:02:36] businesses and operations and revenue, their role has really become more visible.

[00:02:41] And what you're finding now is organizations now when they hire for somebody for that role,

[00:02:47] they just don't look for someone to have technical knowledge. They're also looking for people to

[00:02:51] have soft skills that they can be partners. Can they integrate with other departments that

[00:02:56] are non-technical? Can they operate in a business environment? And so you're seeing

[00:03:00] the role shift dramatically honestly over the last five years.

[00:03:04] In many organizations, you might see security roll up into a CIO, Chief Information Officer.

[00:03:13] So how is this role different and why is it important at the executive level?

[00:03:19] Reporting to the CIO is actually common today. About 60% of the CISOs still report

[00:03:25] to CIOs, but many now are reporting the CEO, CFO, CTOs. It's pretty much across the gamut

[00:03:32] via their reporting to some executive. There are concerns that with the CISO and reporting

[00:03:38] to a CIO because the CISO's mandate is to monitor and remediate technical risk and a CIO's

[00:03:46] job really is to use technology to provide services on a daily basis. So it's kind of like

[00:03:52] one is providing services and the other one is managing the risk of those services.

[00:03:57] So if you've got someone that's supposed to be managing that risk, how do you report

[00:04:00] to the person that's causing that risk? And so there's been some discussions that sounds

[00:04:04] like that's an ethical issue that really shouldn't be happening. And in some sectors

[00:04:09] like financial services, if you're regulated, it's actually supposed to be split. The security

[00:04:15] executives cannot report to the IT executives. They are supposed to be separate because they're

[00:04:20] worried about that ethics issue, about that management of risk. But outside of that,

[00:04:25] pretty much almost all CISOs report to either the CIO or one of the other executives.

[00:04:31] And the other part of your question is becoming more important now at the executive level.

[00:04:37] The big thing about somebody who is in the CISO role, cyber security impacts the business.

[00:04:43] However you deploy it, however you use it, whether it's cloud, whether it's on-premise within

[00:04:48] the business, within their own data centers, cyber security impacts. You do not do cyber

[00:04:54] security without causing some type of change to protect the business, some type of change

[00:04:59] to protect new revenue streams, some type of change to help an M&A process. That kind of impact,

[00:05:05] that kind of good or bad to the business, you want to be talking to executives.

[00:05:10] You want to be part of the executive process. They want to have insight into what you're doing

[00:05:16] and what projects you're working on and why you're doing things. And at the same time,

[00:05:21] you want to have that type of contact so you can get things done. And the reason I say that

[00:05:28] is one of the biggest things that CISOs have a problem with is business culture. The organization

[00:05:34] itself will push back on change that you're trying to do. The organization that you're trying

[00:05:40] to protect, they don't want to change. They like doing things the way it's always been this

[00:05:44] way. I don't want to make changes. I like doing it this way. What do you mean the SEC says

[00:05:49] you have to do this? What do you mean you want to go ahead and do ISO 27001? I don't care.

[00:05:55] This is the way I've always done it and I've been here five years. Why should I have to change?

[00:06:00] So you need those executive connections to get things done. And at the same time,

[00:06:07] to give you that bullet shield to fight off all the stuff that's going to be thrown your way,

[00:06:12] but also to help you as a business executive understand culture and how you fit into it

[00:06:17] and how you can build trust and how you can partner with your non-technical executives in

[00:06:22] the other departments, your non-technical stakeholders that you have to serve,

[00:06:26] that you have to provide services to. So it's really critical. CISOs will have to be part

[00:06:31] of the executive team to be effective and they will report to some executive, whether it's the

[00:06:37] CIO or whether it's some other C-suite member. It's become quite common today that it's

[00:06:43] going to be somebody with a C in the title. So it's about making that shift at the top

[00:06:49] in order for the activities or responsibilities in order to really take place. My second question

[00:06:56] or follow-up question to that is, how does the title of CISO as opposed to a director or a VP

[00:07:04] of security really influence the perceptions both within and outside the organization?

[00:07:10] Oh yeah, peers of mine that are trying to get the title, they're trying to get the

[00:07:14] chief information security officer role. Honestly what is up happening is that

[00:07:18] there's a career progression. If you get into cybersecurity and the more you progress and the

[00:07:24] more senior you get to the point where you're a manager or a director and then eventually you're

[00:07:29] up for the CISO title, I look at it as you mature as an executive until you finally get the

[00:07:35] CISO role and it's an acknowledgement of the business that they're taking cyber seriously.

[00:07:42] It's an acknowledgement of the business that you are an executive and at that level of

[00:07:47] maturity you get it both positive and negative. You get the remit that you're going to make

[00:07:53] change, that you've got the budget, that you've got people but you also are going to be held

[00:07:57] accountable. You also if things go wrong and it's found through negligence or something on

[00:08:03] your end that you didn't do things right, you will be held accountable which means that's

[00:08:07] probably going to be a resume generating event. You're going to be calling out.

[00:08:10] You'll probably be going out the door because it's part of earning that title. Why it's

[00:08:16] important on the outside I have found when you're dealing with vendors, when you're

[00:08:19] dealing with customers and suppliers, when you're dealing with third parties there's a big

[00:08:24] difference of I'm just the VP of information security or I'm the chief information security

[00:08:29] officer. If you're the chief information security officer it's like you're the CFO

[00:08:35] or you're the chief operating officer or you're the CEO. It's a title, it's a letter of

[00:08:40] I guess you say a mark of maturity or an executive mark of where you're at. If I look at a company

[00:08:47] and they've got a CISO, I know from a standpoint within the company that their security programs

[00:08:53] matured enough to the point to where the board and the C-suite has acknowledged that

[00:08:59] we need somebody with that title and they typically will have directors and officers

[00:09:05] insurance. They typically will be reporting to the board. They will obviously have some

[00:09:10] type of budget, some type of security team. For me it is when you start getting to that level

[00:09:16] where you have that title there is more of a business executive mentality around it. Vice

[00:09:21] just being manager. For me the difference between being like a security manager or a VP of

[00:09:27] information security and being a chief information security officer is really once you have that

[00:09:34] C title you're a business executive and you're treated as such and you're going to be held

[00:09:40] accountable as such. It's also the way it's viewed on externally as well. When people

[00:09:45] look at the organization they're looking at the company as being mature to the point to

[00:09:49] where they have C level executives. And so those conversations are being at the top of

[00:09:56] the organization. Those are the things and responsibilities and knowledge that executives

[00:10:00] need to have in order to secure the business essentially. Yes and that's the reason why

[00:10:07] I think by the time that you get to as a security executive by the time that you get

[00:10:11] to where you're getting the CISO role that's where you need to actually start having more of

[00:10:17] the business, more of the business chops per se of being able to operate within organizations.

[00:10:24] I'd recommend to some of my peers who are getting their first CISO role that they have

[00:10:28] a mentor within the business to help them better understand how to report to the board and be more

[00:10:33] effective when they are reporting to the board and they're going up to ask or something. I also

[00:10:38] talk to them about there's going to be more expected of you in your communication styles

[00:10:42] and the way you do reports and the way that you do budget and the specific things you

[00:10:46] ask for. There's going to be more that's going to be expected of you when you put

[00:10:50] your slide decks together and you're briefing the baseline risk of the company and threats

[00:10:56] and stuff like that. There are things that you can get away with as a manager that you won't get

[00:11:00] up as like a security manager because you're low level and you're buried five levels down.

[00:11:04] You're not going to get away with that when you're a chief information security officer

[00:11:08] because you're a business executive. You're expected to go in have a level of maturity

[00:11:13] and understand the business and operations and where revenue is coming from and some

[00:11:18] departments are more important than others. Some data, some technology is more important than

[00:11:22] others because they generate money for the company or there's significant regulatory risk

[00:11:29] around specific operations or around specific partners or significant contractual risk. You

[00:11:35] need to know these things as a chief information security officer. You should care about them

[00:11:40] because your program is going to be intertwined in managing and monitoring for the business.

[00:11:45] In most executive roles, there is this certain expectation around cross-cultural

[00:11:51] collaboration and cross-functional collaboration. How do you ensure alignment on security

[00:11:56] strategies across diverse key departments such as IT, legal, HR, compliance?

[00:12:04] Yeah that is what you're at the CISO role that is key. In fact I know numerous CISOs when they

[00:12:10] interview that the first couple of questions is around technology. They pretty much know from

[00:12:16] a technical standpoint it's table stakes. You've got it otherwise you wouldn't be there at the

[00:12:21] table doing the interview. When you're doing the interview they already expect that you've

[00:12:24] got the technical things that are going to be needed. The other 70% is all about fit.

[00:12:29] The other 70% is that are you going to be able to partner with your non-technical

[00:12:34] stakeholders like legal and compliance in the audit? And they're going to ask you

[00:12:40] give us examples of projects or give us examples of specific things you have done

[00:12:44] with these other types of departments. It's a very large business focused view of how you

[00:12:51] operate as an executive and I spend a lot of time talking with them and mentoring CISOs who

[00:12:57] are between their first and third roles. They've got their first role and maybe now they're up

[00:13:01] for their second. They're getting more senior or they're in their second role and they just

[00:13:04] got their first large CISO role and what's going to be expected of them? How am I going

[00:13:10] to operate? And I recommend that they take a class or two or have a mentor who is a business

[00:13:17] executive who's not a CISO but has been a previous CEO or previous CFO or something like

[00:13:23] that. Been a business executive at a company or two to help you understand how you're going

[00:13:29] to operate and what I mean by that is how do you communicate? How do you work and collaborate

[00:13:35] with people across the various departments? Are you easy to work with? Do you deliver on time?

[00:13:41] Can you be counted on to go ahead and take on the hard jobs or the hard issues and investigate

[00:13:47] and help remediate problems? Are you like for myself, I can tell you typically what I do

[00:13:55] is I may do an internal assessment and baseline where our risk is at and put together a list

[00:14:00] of issues that I think we're going to need to work on but I won't rank them. Instead what I will

[00:14:05] do is I will pull my peers in from the other departments, from the other business departments

[00:14:11] and I will ask their help and I want the business input on the security risk and things

[00:14:15] that I'm looking at and they will actually help me evaluate them and rank them and decide

[00:14:22] which ones we should address first. And so that way when I am putting together my 6, 12,

[00:14:29] 18 month project plan for my team and we know what projects we're doing, they're aligned for

[00:14:35] security but they're also aligned for the business so we're focusing on the ones that

[00:14:39] businesses they need first. Who are the people that roll into this role? What are the positions

[00:14:44] that report to you? Honestly it really depends. Typically you're going to have security

[00:14:50] operations which is the normal everyday security operations and it'll be made up of security

[00:14:56] engineers, security analysts, people that are pretty much doing the care and feeding of the

[00:15:02] security tools that you have for managing risk and for managing the security services

[00:15:08] that you provide such as doing patch management and vulnerability scanning and scanning for

[00:15:13] insider threat and identity, managing identity. These are all basic things that your team's

[00:15:18] going to be doing. Along with that there could be other things that could be assigned to you.

[00:15:23] The network engineering teams that are managing the firewalls, they may be assigned underneath you

[00:15:28] or they may be in IT and have a dotted line too. Typically IT may manage the firewalls.

[00:15:33] Security is the ones that are actually logged into them using them at work and pulling

[00:15:37] reports from them and stuff and sometimes companies will put them underneath security.

[00:15:41] Governance. If you are a regulated entity and your CISO has experience in GRC,

[00:15:48] like myself, I'm a certified auditor, they may put the whole GRC team underneath security

[00:15:55] or they may put the risk and governance teams underneath security just because of how intertwined

[00:16:01] the security stack is with the IT stack and a lot of the stuff that the GRC team looks at

[00:16:06] is IT related and so they may put it underneath security to have a degree of separation.

[00:16:10] And there's other things as well. In my current role I also do physical security

[00:16:15] which is a whole different mindset. A whole different mindset, different technologies,

[00:16:19] different processes, but there are some CISOs that go into it and take that on.

[00:16:24] I've operated in environments where I've had four different teams. In one of my roles I

[00:16:30] had a security operations team, I had a governance team, I had a cloud security team

[00:16:36] and I had an application security team that worked extensively with our product teams.

[00:16:42] I've worked a lot with our VP of DevOps. Her and I were partnered together and my application

[00:16:48] security team was actually embedded in her department and I spent a lot of time,

[00:16:52] and I did that on purpose to set up trust between our teams and I spent a lot of time

[00:16:57] working with her making sure that our products that we were producing were as devoid of

[00:17:02] defects as possible and we constantly tested for issues. How have increased regulatory demands

[00:17:09] such as those from the SEC or FCA influenced the strategic priorities within your role as a CISO?

[00:17:18] The increased regulatory demands, basically what they do is for a CISO if you're in

[00:17:24] a regulatory regime you honestly you spend a lot of time going back through looking at

[00:17:28] your stack reviewing previous assessments, reviewing previous controls and making sure

[00:17:34] that you have things documented. You spend time talking with your attorneys to verify

[00:17:39] are you missing anything. You also spend a lot of time looking at new rules that are coming out

[00:17:44] for we have an amazing amount of rules that are coming out around data privacy and not just in

[00:17:49] the United States all over the world and if you're an international company and you operate

[00:17:54] in a lot of different geographical locations now all of a sudden your company with the cloud

[00:17:59] to go ahead and be innovative and now you get all these new data privacy rules coming out

[00:18:04] saying hey that's great you want the cloud but we want our data to stay in our country.

[00:18:09] You have to collaborate with IT and now figure out with the technologies that we've got selected

[00:18:15] how do we go ahead and meet the regulatory needs that these new needs that have come up

[00:18:20] or data needs to be located in specific stuff but still also help the business be innovative.

[00:18:25] I do think there's a cost and it's fine because companies need to pay that cost to

[00:18:30] be more resilient or to go ahead and be able to meet the new requirements that come out

[00:18:36] but whether you like it or not no one meets new regulatory requirements without spending

[00:18:42] something. You're going to do some type of cost whether it's hiring people, new technologies,

[00:18:46] new processes just the documentation alone of documenting how you're doing things with a new

[00:18:51] requirement there's always some type of cost and it does it pushes back all the teams but

[00:18:56] it requires the CISO that collaborate with stakeholders because you are going to go out

[00:19:02] and find out hey are we meeting these new privacy requirements do we need to make changes

[00:19:06] to make sure data is co-located in new geographical regions. Hey are we getting

[00:19:12] the right reports the auditors are now going to ask because our regulations have changed

[00:19:18] and so all of these things you are continually reviewing that only happens every once in a

[00:19:22] while. No you are looking at these things easily every six months we are reviewing

[00:19:27] these things and I know some that are looking at it on a quarterly basis just because of the

[00:19:33] size of the company the type of data that they manage so they're not going to get caught they're

[00:19:38] afraid that the fines so they're going to do what they need to do. So yeah the regulatory

[00:19:43] it's not for free companies are going to meet it there's going to be cost of all.

[00:19:46] You've mentioned before that a balanced view of AI and cyber security viewing it as both a risk

[00:19:54] and opportunity. Could you elaborate on how you approach integrating AI tools while managing

[00:20:01] associated risks? In 2013 I was part of a group of CISOs that went before congress

[00:20:07] to go ahead and brief about the weaponization of AI. Back then they were concerned about AI

[00:20:12] being used as a weapon now think about that it's like 11 years ago and now we have AI

[00:20:17] whether it's apps on your phone or your search engine that you use when you go on

[00:20:21] the internet many of the new security tools and IT tools we use today are now being AI integrated

[00:20:29] whether you like it or not there's going to be an AI bot or an AI assistant. My company is AI

[00:20:33] friendly and we're investing in AI companies so we're working with AI and as a security executive

[00:20:40] originally last year many of us were pushing back and saying hey there's just too many

[00:20:45] unknown risks you just got to say no no no and just not do it. To me it's like being

[00:20:49] an ostrich sticking your head in the sand and hiding because you're not going to stop it.

[00:20:54] Whether you like it or not it's being integrated in so many different apps and so many different

[00:20:58] technologies you can't prevent it in the business. There's so many free things that

[00:21:04] are popping up on the web now that your employees want to use you're not going to be

[00:21:08] able to stop it and so what comes down to when you have a prevalent technology like that

[00:21:12] it's more of okay there's an acceptance piece of all right we're going to see it

[00:21:18] it's here let's figure out how we can manage it and deal with it. And so that comes around to

[00:21:23] all right let's put policy in place on what it's for what are we going to use it for

[00:21:28] what are our use cases and let's educate our employees on how to use it safely what we

[00:21:34] recommend for them on how to use it what to do with it let's provide them training

[00:21:39] and start training them and not only that let's make a decision that we're going to go ahead

[00:21:45] and go with a specific platform we chose openai's chat gpt version 4 we're looking at from a security

[00:21:52] standpoint there's many others that are out there but that's typically what you'll do is

[00:21:57] you'll select a couple of different tools typically it'll be ones that you're paying for

[00:22:02] that you are able to control you'll put the other policy procedures you'll train your staff

[00:22:07] and then the next piece is the fun part for a security team how are we going to manage

[00:22:11] it how are we going to make sure people are actually following process they're actually doing

[00:22:17] not doing stupid stuff with our data that's where unfortunately the technology is catching

[00:22:23] up there's a lot of security startups now they're just coming out and this is what I look at

[00:22:28] as systems have to be comfortable about leaning forward in our environments part of the job is

[00:22:35] the fact that the technologies never stagnant the risks that we deal with are not stagnant

[00:22:39] they're constantly changing and you have to be comfortable working in a fluid environment like

[00:22:45] that where you're managing risk and managing technology so the next piece for ai is all

[00:22:51] right company's going to use it you've put everything in place you train the staff they're

[00:22:55] being innovative that's fine they can do their piece now my team has to do theirs and my team

[00:23:00] is we're going to monitor we're going to manage that risk we're going to go ahead and look at

[00:23:05] startups we're going to look at security tools that are out there that are using ai

[00:23:09] that help us see gen ai across the environment what our people are how our people are using it

[00:23:17] if there's new tools that pop up we're going to call them on it and say hey you need to bring

[00:23:22] that through tech review we need to take a look at it we need to understand the risk

[00:23:25] and if it's approved then you can use it if it's not we're going to block it if you

[00:23:31] people are using a tool and hey we think there might be questionable here we want the ability

[00:23:37] to do a pop-up and say hey pursue it to our policy remember only this type of data only

[00:23:44] this process don't forget you know your training and then let them go on about their

[00:23:49] business so we have to do that maintenance and that management piece that unfortunately

[00:23:54] for gen ai right now is still relatively young in the security field but it's growing

[00:23:59] exponentially fast november last year i knew two security startups that were doing gen ai monitoring

[00:24:05] as of today i know it doesn't it's that fast how quickly and these are companies that are

[00:24:10] in stealth and they get funded five ten fifteen million dollars coming right out of stealth

[00:24:15] and they're building this stuff quickly and they're not just doing it for dev teams

[00:24:20] that go ahead who are dealing with the big llm models they're dealing it for cissos

[00:24:24] who are doing cyber operations it's a new technology dealing with new threats

[00:24:29] that you're just going to have to accept and so i look at it as how cissos are facing it is cyber

[00:24:36] risk is risk it's still the same the risks are still there the issues that you have with

[00:24:41] insider threat the issues that you have with protecting data protecting privacy they're all

[00:24:46] there they're just in a different package you just need to understand it train your staff

[00:24:52] put policy together so the company understands what it's doing and to be able to monitor it

[00:24:57] and then report to your executives so you can make decisions on what you're going to allow

[00:25:01] what advice would you give to someone aspiring to become a ciso especially considering the broad

[00:25:08] skill set required for the role and perhaps what advice would you give to organizations

[00:25:14] hiring a ciso it's funny because i've written books around this question so

[00:25:19] it's i can speak to it probably for an hour for someone aspiring to do it i would say

[00:25:24] you need to put the time in it normally takes about eight to ten years before you get your

[00:25:30] first role and that's average i would also advise them to get experience in software or

[00:25:35] product development get experience in networks especially cloud networks and on-premise networks

[00:25:41] and also get experience in risk management all of these things are heavily tied into a ciso role

[00:25:47] i would advise them that there are also critical soft skills as well as some strategic thinking

[00:25:53] time management effective writing and communication skills you're going to need all of these the

[00:25:58] more senior you get going forward i ciso role for a business that is hiring i would tell them

[00:26:05] that not all cissos are the same each of us comes through our career paths differently

[00:26:10] so do not look at just what is needed now for the role but also i would suggest to them

[00:26:16] that they look at the next 18 to 48 months where do they see this role going within the org and

[00:26:22] what type of security executive they think they would need to be able to fit that and to be

[00:26:27] able to fit that role too many times i have seen executives i've seen recruiters and companies

[00:26:33] they want 100 percent of what's in the job description but when you go in depth with them

[00:26:38] there is really only one or two requirements that are critical and the rest are nice to

[00:26:42] have what i would say to these businesses is know what your critical asks are and understand that

[00:26:49] it's okay if you are going to hire a ciso that can do 80 percent of that that's the reason why

[00:26:54] they have a team that's the reason why they have a peer network that's the reason why

[00:26:59] they have mentors you hire yourself a good executive who has experience they're going to be

[00:27:05] able to go ahead and learn those other things once they get comfortable in the job and they're

[00:27:10] working with stakeholders in their various departments very rarely do you get anybody

[00:27:14] that brings 100 to the table and honestly those unicorns that you bring in 100 to the table

[00:27:21] you're probably going to lose them in the next 18 months because somebody else is going to steal

[00:27:24] over me i honestly would go for somebody that has that 60 to 80 percent and it's going to

[00:27:30] grow with you with the business because you're giving them a shot you're giving them a chance

[00:27:35] they're going to get there in the business they're going to get established they're going

[00:27:38] to grow with you and add you more towards their career path they're going to stay with you longer

[00:27:44] gary thank you so much for enlightening us on what this role is and what it entails and i'm sure

[00:27:52] you've added so much value to people's day just having them listen to this episode i appreciate

[00:27:58] you being here and thank you so much thank you i have to admit this was a lot of fun i

[00:28:03] really enjoy talking about the role and especially helping more people come into it those of us that

[00:28:09] are senior like myself within the next five to ten years we're going to be stepping out

[00:28:13] doing other things there's a big discussion in our community right now about leaving a legacy

[00:28:18] about making sure that the next say class of ciso's that next group of security executives

[00:28:25] have gotten the experience have been mentor and they're ready to step into those roles as we

[00:28:29] transition ourselves there's a bunch of us that are taking it serious we're writing books on it

[00:28:35] we're talking about it we're mentoring because we want to leave it better than what we found it

[00:28:40] and is really important to us that's gary hazelip chief information security officer

[00:28:47] at softbank investment advisors if today's episode captured your interest please consider

[00:28:54] it with a friend or visit cpo playbook.com to read the episode or learn more about leadership

[00:29:01] and talent management we greatly appreciate your rating review and support as a subscriber

[00:29:07] i'm felicia shakiba see you next wednesday and thanks for listening