Security's Effect on the Bottom Line: Corporate Financial Literacy for InfoSec Professionals

hey how are y'all doing this morning uh for this talk we're have Jason kler be given it he's he is currently pursuing an MBA at SMU while building out an attx service management program at a large critical infrastructure manufacturer prior to this role he uh consulted various F 100 companies on matters of strategy communication and consumer privacy as a member of a big four consulting firm he started cyber and information security program at a large Investment Bank where he ran their global social engineering program applicational all listing and supervising approvals of all new applications with data leaving the Banks Banks Network immediately following his graduation from un with his BS and Engineering certificate in cyber

security he's also running the uh red team for the southwest region of C collegate cyber defense but he's going to be talking about secur effect on the line corporate financial literacy for Information Security Professionals where he's going to discuss how Information Security Professionals can better communicate with financial uh officers and sea level Executives about what they're doing so I'll leave leave it over to you thank you thank you Trent all right good morning everyone thank you for coming out what what what's up we got buttons to push oh it's supposed to be blank oh yeah no that's me that's my FL start with a blank slide good morning thank you for coming out to what is probably the most boring

talk because we're going to be talking about accounting and finance and all that other stuff that most people think is has absolutely nothing to do with cyber security uh but we're going to try and weave it in there enough of you are here that I assume you're interested I assume you all know which talk you're you're here for right okay cool all right cool well thanks for being here I appreciate it we're going to talk about uh financial statements and why they're important to us and what we do um specifically as technical Risk Managers and how that applies to the business at large all right some disclaimers uh none of this is related to my employer this is all stuff that

I'm doing on my own um all thoughts and ideas are my own unless otherwise stated uh I'm not a lawyer this is I'm specifically not your lawyer this is not legal advice I am not a doctor I'm not your doctor this is not medical advice I'm also definitively not a financial adviser this is not Financial advice at all this is just things I know that I've learned from my education and uh I think it's silly that people have to pay six figures to go learn this stuff when it should be it's not hard it's just not well presented in most places I don't think so I'm trying to bridge that Gap so you don't have to go get an NBA

yourself an overview of what we're going to be talking about today we've got the introduction I'll tell you a little bit about who I am uh why financial statements exist in the first place why they're important how they came to be the different types of the financial statements which are conveniently listed here we'll continue on and then we'll go through some examples and some applications and then summarize so who am I and why do I have the knowledge to talk about this well first and foremost I decided that to move up my career I needed to get an MBA and so I went and signed up for one and so this is kind of a summary of things I'm learning in the

first semester uh other than that formal education I am currently the vulnerability Management program manager at a critical infrastructure uh manufacturer we do full spectrum there from automated vulnerability assessments to physical breaking and entering and everything in between so if you want to talk about that come find me and we'll I'll talk your ear off forever prior of that I was a senior cyber security consultant at a big four Consulting where I did a little bit of everything we did some broad strategy for the ceso and board of directors we did some communication plans we did some uh pseudonymization and things like that which is a fun word I learned to spell for the first time

there uh before that I was a cyber security Analyst at a large Investment Bank where I ran their Global cyber uh global social engineering program uh so basically I did the fishing for everyone here in the US South America Europe Japan Hong Kong everywhere you name it that was a blast learned a ton I also ran their digital external digital activities work group where every time they had a new program that was had data leaving the firm I ran the work group that did the approvals for that and I did a bunch of other things here and there like application allow listings some sass analysis and things like that and prior to that I got my education at

University of North Texas where I got my bachelor's in science and computer engineering I chose Computer Engineering over computer science or it because I thought engineering meant more money I was wrong it just meant more math um took some classes here too funny enough uh actually sat in this Auditorium for digital logic Good Times uh let's see while I was at un I ran a team of student uh researchers doing a project for NASA where we revamped their DHCP protocols for spacecraft as far as I know that's in the process of being put into implementation but it's going to take a couple years to get new hardware up there because that was one of the key

requirements we came up with I also ran the student club for cyber security and intelligence while was there um yeah all right enough about me why do we have financial statements uh what are they how do they come to be in short people were cooking the books and that's what led to the Wall Street yeah yeah led to the Wall Street financial crisis uh kicked off The Great Depression um a lot of people decided that was a bad thing and we shouldn't do that again and to not do that again we needed to make sure that people weren't uh manipulating their financial statements so a bunch of things kicked off and a bunch of laws

were passed and ultimately that came out to be the US Securities and Exchange Commission which puts out a lot of the guidance for these financial statements um there's a bunch of other laws that were passed that goes in this one key thing uh 1994 they launched Edgar which is a online platform with an API and stuff so if you want to go pull these things in an automated fashion we're going to talk about that a little bit later in the talk and then uh most recently uh s ban Oxley act so for those of you in GRC you are probably way more familiar with that than I am this is just kind of a summary

of timelin of how we got to where we are today uh financial statements and their I'm G to say rigidity don't change very often there was I think the most recent change was 2002 if I recall correctly for what has to be put out there uh there's other things that change a little B more frequently but we'll get into some of that other stuff is Way Beyond my knowledge because I am just starting and uh I'll be back next year with more maybe who knows depends on how much youall like this all right financial statement types uh so the the United State Security and Exchange commissions I need to be specific about that because there are

other Security and Exchange commissions out there from other nations uh there's a couple requirements a lot of that depends on size of the company and the type of company but basically anyone that's publicly traded if you can find a stock ticker for them they are required to put these out specifically the 10K and the 10 Q the K is their annual state which is a summary for the calendar year previous and the Q is for the previous quarter important to note here not every company is on what we call the same fiscal year which means that 10K that annual report doesn't come out January 1st for every company a lot of them do some of them have their

fisical year starting uh what the rest of us call uh Q3 so I think it's July 1st okay March April May June July yeah yeah yeah July 1 is when their fiscal year starts so we're going to see that in one of the examples later on where one of the companies puts out their 10K for their annual report in July whereas others put them out in January typically uh it has to be on the quarter of the year which is every three months the first of the third month in that cycle uh it's up to the company of when they post that I've not found any good reasoning as to why they shift those around I'm sure there's a reason I don't

know what it is yes when I work for ret yeah our finan was January February okay Reet is Thanksgiving Christmas yeah right yeah we did not want our Maj purchasing to be because yeah that makes sense's usually that absolutely makes sense um me being in critical manufacturing for heavy manufacturing that's l less of an issue but that absolutely makes sense being on the depending on the vertical you'd be in it would determine when you would want that fiscal year to end the three main documents that are contained in these reports now there's a bunch of other stuff but the three main ones that we're going to be talking about today are the balance sheet the

statement of income and the cash flow statement and those are the three that kind of tell you what the company has been up to not yet slow down there we go most of these here in the US any anyone that any company that files in the US with the SEC us SEC is going to be following what we call Gap procedures and that's generally acceptable accounting principles and that's put out by an organization that b basically makes sure everyone's kind of doing the same things as they're putting together these documents that's important to note because as we move from company to company vertical to Vertical uh retail to manufacturing there's going to be very different ways of doing business so

some things make sense to be recorded in different places depending on your type of business so accountants and people in finance have a decent amount of leeway with where they record their expenses and when they record their expenses these are just generally general principles that apply to it we're going to go into some of these for example uh you you recognize Revenue when the service is provided not necessarily when the cash comes in things like that uh if you're going International with other companies that are based overseas like maybe a Volkswagen or an Audi you're going to go with the international um requirements that's from an organization based out of London we're not going to be talking a whole

lot about that we'll talk a little bit about Gap as we go on you will notice in a lot of these financial statements in addition to the Gap documents that are required a lot of the companies will provide non-gaap numbers which are things that are not uh in these generally acceptable principles but they feel like are better representative of their company so they provide the numbers that are required in the way that it's required but they also do an additional bit of information that they think is more representative the issue you run into there is not everybody does those the same way so it's hard to apples and oranges that kind of thing all right

about the balance sheet uh this is the financial position of the company at a single point in time and so it's going to be very interesting we're going to talk about these three documents some of them are point in time some of them are over a period of time and what this balance sheet does is it basically says this is roughly what the company is worth these are all the things we own these are all the things we owe and then here's the extra that belongs to the shareholders and we call those assets liabilities and Equity so the assets are the things that the company has things like cash or Investments or inventory and accounts receivable things like that

liabilities are things the company owns uh like accounts payable taxes uh things like that the equity is kind of the the balance the middle that is the the the value of that belongs to the shareholders and it's called the balance sheet because it it balances there's a really easy formula there where all of your assets must equal all of your liabilities plus your equity and you can flip that around do your basic algebra however you want but when we look at a few balance sheets that's how that's going to look and so actually if

I I'm going bring up Microsoft's 10K can I do this this is gonna be hard okay so I don't know how to make it bigger nope yep hey all right there we go so this is Microsoft's 10K from 2023 this is their financial I believe Microsoft is one of the ones that ends in July um I go to the top we'll find out later but you can see here they've got all of their assets something to not separated between current assets and non-current assets the big things there is current assets are things that were either acquired or intended to be sold within the next calendar year non-current assets go longer so if you buy a big old

manufacturing facility you're going to keep that a little longer than a year hopefully otherwise it may not be the best investment so that would be called a non-current asset if you're going to buy a couple pallets of lumber you probably want to turn those around faster than a year so that would be a current asset probably under inventory depending on your type of the type of business here that's just a quick summary of what you're going to see up there we're going to go into a lot of this more in detail uh let's see oh um things go on the balance sheet uh only if they have a perceived future benefit and sometimes as markets change

so for example if I bought a manufacturing facility two years ago four years ago let's say the value of that real estate's probably gone up since then but we don't reflect that in the balance sheet we reflected at its initial purchase price the only time we would take that into account is if we were to sell that facility and then that would go into the uh the cash flow statement and uh income statement later on uh let's see here quick summary we're not going to go into a lot of detail there but let's look at the uh the next one which is the income statement if my mouse will work come on there we go all right income statements are they

show profit or loss over the period of time and that could be the year or the quarter depending on that statement they come out of and these cover three main categories that would be Revenue the cost of Revenue and other expenses so this is basically how the company conducts itself and makes money uh revenue is the things they sell the the services they sell and it's important to note that there's a cost to that Revenue so if if I am a let's say I I build houses I'm a general contractor for construction I build houses when I sell you a house that doesn't come free to me it doesn't poof out of thin air I have to hire labor to

build it I've got to buy materials to put it together there's um what's the thing where you pay a City for a license permits thank you yeah there's you got to buy the land there's there is an expense to produce that thing that I sold so it's not pure revenue and that's what we call cost of goods sold things that go directly into that important to note if I'm a real estate agent and I have a cyber security team because I'm that big I don't know um that cyber secur team doesn't directly contribute to the cost of the revenue or the revenue itself so it's going to go into other expenses things that go into cost

of Revenue are explicitly you can point to that thing it's like yes that went to make this thing if that makes sense so HR wouldn't fall under there uh your accounting team wouldn't fall under there Services yeah yeah exactly uh some other simple math Revenue minus expenses plus gains minus losses is your net income Revenue um it's important to note that most of these financial statements for U publicly traded companies are on the acral basis not the cash basis so when I do my personal budget at home I use more of a cash basis right I get paid that gets logged immediately I pay my rent that gets logged immediately I got my car payment that's logged immediately a

cruel basis is more when the expense is generated and when the um income is recorded for the services provided so when we for example back on the general contractor if I sell that house for I don't know let's go back to the 90s $100,000 um I don't Mark that as income on the acral basis until the sale closes even if the money transfers a month before aural basis says I have not earned that income until the sale closes uh it's same thing for a car right if if you send money to the dealership a week before because you know you're going to get it but say you're on vacation you can't pick it up right away they don't Mark that as

income until you take delivery of the vehicle uh this can get complicated when you're talking about things like consulting or other services where it's spread out over time where I sell you two years of Consulting Services I can't Mark that all now as income even if you pay it all up front I have to mark it as income as the services are provided and that goes back to the generally acceptable practices generally acceptable accounting principles that we talked about earlier that Gap where do I take that the first year up front do I take it month by month it really depends and so that goes back to depending on your industry and that goes back to

where the accountants have some leeway of when they Mark that income as revenue generated otherwise it goes into another account we call unar unearned revenue and that's that's cash that we have received but we have not earned yet and so because we have not earned it yet that's technically a liability that's a thing that we might have to pay back uh that's the biggest note there any questions on cash flow

yeah so that's a fantastic uh question that is more um that gets that gets that gets complicated yes so so yes because there are some companies that will what we call capitalize certain salaries and what that does is that allows them to realize that expense over a longer period of time so for example I heard a story about a company that capitalized their salaries of their Developers they're coders and they would they would realize that expense over a period of four four or five years and that made the books look really really good because they weren't spending a Year's worth of salary in a year they were spending it over five years and so they

would the that CIO would come in capitalize their developers books look amazing and then right at the five-year Mark when all that stuff starts to hit they bail and they go to another job and it it looks like they did an amazing job and whoever comes in has to clean it up um whereas operational expenses are things we're spending on things we're doing right now which should be most salaries um or things that go into it so for example when I buy a tool we talked about how I do vulnerability management and a tax service management when I purchase a tool from a vendor that is technically an operational expense at least the way my company does it um

other things like um when we get into manufacturing facilities like uh real estate warehouses uh equipment that is more of a capital investment and that gets put on the books as it depreciates so for example when you buy a car that car is not going to last you forever um there's a really good chance that wear and tear it's going to have a lifespan of I don't know let's say 10 years depending on the car and so at that point you put the cash out right away to buy the car let's say $10,000 on the car and then at that point you would you would depreciate the car's value value by ,000 every year and you would

Mark that as that expense and that would be a capitalized expense does that make a lot more sense we're getting way more complicated things than I was anticipating getting here but that is a fantastic question yeah yeah and I'm glad you asked it because looking back I should have put this in the slides because that's probably the one thing that affects us the most is how a company uh manages our salaries are we capitalized salaries or are we operational in my opinion m

y yeah absolutely um again we've got some simple formulas for how this this this statement balances uh and the three main categories in here are operations financing and investing so operations are things we talked about just now like salary uh buying a manufacturing facility financing is how do we raise the money to buy that do we have cash on hand that we can do that do we need to sell common stock uh or do we go get a loan for it investing could be other things a lot of companies will invest in marketable Securities in the same way that you and I do and that could be just a matter of um hedging against future

expenses all right so let's let's dig in a little bit more how do you compare two different companies that might be in a similar category but different sizes so for I I'll provide the slides you don't need to take pictures unless you really want to um how do you compare say Microsoft and Amazon right both have cloud services both have some form of uh let's say consumer sales right I can go buy a copy of Windows 11 I can buy anything off of Amazon um how do you compare the two right and that's why we come up with the concept of ratios where when we do some Ma math with the the same numbers that

are in every one of these reports we can kind of do some comparisons about what is the return on Equity so of the shareholder Equity that is in that company how well is that company using that Equity uh we got return on assets but things that they already own how well are they doing that uh get into leverage and that is that is basically what is the risk with the company presently are they overleveraged um do they have how's their liquidity and their solvency and those terms mean liquidity when they go to invest in something they go buy a new facility uh are they likely to use cash or are they likely to take a

loan solvency is is what is the likelihood of the company continuing to function based on its existing finances uh how risky is it for me to give them a loan so we're going to go into all of those and this is a oh I took out that slide all right so the first one this is the DuPont ratio setup basically three big ratios that you can go crunch we can take out of these three documents I I want to point out something really interesting here I've always found this fascinating with ratios you've got one document the balance sheet which is point in time and you've got other documents which are over a period of time and we are taking

facets of both of those things from different um time factors right things that are now or or yesterday or point in time versus things over the course of the last year when you're taking as aspects of both of those and combining them to to make ratios to compare different companies return on Equity is a big one um we got return on assets how effective are they using their assets uh total uh leverage which is um how how do I explain leverage how much are they borrowing are they borrowing more what gets into some of the risk um yeah yeah and and I will be I will be posting these slides so you don't need to write

all those down if you're interested in it um but here's a bunch more ratios that talk about profit profitability that is how effectively is the company generating Revenue based on these things uh so there's some stuff to talk about based on their dividends how effective is their revenue uh how quickly are they growing and sustainable growth is really interesting because that tells us based on the growth the company's doing do they need to expand their properties and and uh equipment or is that a a slower thing because when you when you look at that sustainable growth ratio that can tell you does the company need to make more investments in the future to continue its expansion or are

they going to stagnate or or over leverage themselves we get into some big ones here like gross profit margin and operating profit margin and that's basically um literally the profitability of the company it tells you how effective they are at generating Revenue we got some Asset Management ratios that just tells us how well are they using the things that they have so the property and equipment that they have how effective is that being used uh how effective is inventory being used inventory turnover and on hand period is fun because that tells us a little bit about how quickly they go from making a thing that they sell to selling it and then there's more that gets into uh

later about how effective are they about managing their finances uh about collecting money from uh customers they've sold to and how effective are they at paying vendors that they bought supplies from those two are really interesting because everything else we say we want to maximize right we want to maximize return on investment we want to maximize return on Equity we want to maximize return and sales however for your cash collection period that is uh how how good you are at getting money from your customers and for your uh your payment period that is when you pay your vendors those are things we say we want to optimize not necessarily maximize and the reason why there is is because if you

maximize the amount of time that your uh customers are paying you that's going to impact your cash flow statement because you're not getting your money soon enough at the same time if you shrink it down and you give them this gets into net 30 net 60 N Net 90 the idea being that a customer places an order you ship them the product they have 30 days to pay you and this is where we get into optimization because depending on those terms the net 30 the net 90 a customer might be willing to pay more for longer terms but if you charge you know payment on delivery they might not want be willing to pay as much in the same way

when we're talking about suppliers if we're paying them quickly we might get better pricing if we're requiring them to wait 90 days for them to for us to pay them we're going to have easier access to cash because we're not pushing out as fast but that supplier might not be willing to give us the best price does that make sense and so that get that gets into a whole other thing about cost of money so when I want to go invest in a new manufacturing facility do I have that cash on hand because I've optimized my uh accounts payable and my accounts receivable or do I need to go take a loan and then incur interest charges in

the future and that gets all very complicated very quickly here's some solvy ratios they talk about what is the risk that the company is taking and depending on depending on your account you can tell certain things about how the company invests uh when they go purchase new materials or new facilities do they do it with cash on hand or do they need to take loans you can tell a lot lot of very interesting things from these numbers all right so I've blathered on for about 30 minutes about uh financial statements and ratios and whatnot let's take a look at a few so I have already pulled the 10ks from Microsoft Google and AWS from 2013 or 20

2023 and we're gonna we're g to pop those in real quick so let's take a look so let's uh take a look at Microsoft real quick so if we go back up to the top

maybe

way all right so we can see here this is published for the physical year year of June 30th 23 so we can see Microsoft is not on the calendar year for their physical year and as to why I can't speak to that do you have any insight on that one no this might just be part of being a technology company I don't know but as you can see there's a lot of stuff in here that are not numbers that's a lot of words with some numbers and that's because part of each of these filings is uh what we call manages Management's summary of the year and extra things so they're going to talk about what happened Acquisitions

uh what's the word not spin-off sell off the opposite of acquisition divest divesture thank you um so they're going to talk a lot about that they're going to talk a lot about goals for the future things like that when we get to the actual balance sheet and statement uh of cash flow and income it's realistically it's only about three pages but you can see there's a lot more here right so that's interesting because there's generally speaking there's a section in it talks about how they do their business how they generate their sales and they'll say yeah licensing for Office Products licensing for operating systems Cloud income because they're going to be running Azure uh what's

really annoying about a lot of these things is you're not going to see a lot of those broken down here some of them will some of them won't companies fight really hard about trying to put that information out here so it's going to be really hard for me to determine how much of Microsoft's revenue is from um operating systems versus Azure they're not going to share that with me when you know so we're not going to get

that

window that actually makes a lot of sense all right so here's the income statement you can see we've got revenue and it's important to note when you're reading these um the the sum for the for the category is at the bottom so for these first two lines we see Revenue product and services and others so we got a dollar amount for product a dollar amount for services and others and then we've got total revenue for the line so there's the sum of the two on top it's important to note that because when you're looking for um the the bottom line you're not going to sum everything in that column you want to sum the right things right you

want to add the right things because otherwise you're going to get duplicates so be aware of that fortunately they already do most of that for you let's see here so we've got the income the revenue from their services and products and we've got the cost of revenues now this is really nice they broke it down by products and services uh products is probably an operating system Services might be Office 365 might be aure there's a lot of different things also important to note these are usually especially for the larger companies these are in millions of dollars they did not make $211,000 last year just to be clear um so keep that in mind there will be a

statement somewhere in the the bigger document that says what these units are in all right so we've got operating income uh gross profit margin total cost revenue and net income which is the bottom line for this they do a little extra here which is earnings per share and that gets into a little bit of equity this is also an important ratio U it's basically saying that of all the all the common shares that Microsoft has issued issued this is how effectively they're being used so if you are a shareholder with Microsoft and you have one single share you made almost $10 uh you don't get to see that right it'll come out as dividends which is

probably Pennies on that but it varies Company by company all right moving on here is an income statement sometimes called comprehensive income statement income other comprehensive I think there's a little more detail on the next page for no we go straight to balance sheet all right so there's your assets these are all the things they own and we' got a summary of current assets total current assets that's the things they've made and plan to sell this year or the things they've purchased this year things that are intended to rotate out within the calendar year uh then we move on to Total uh Goodwill is a fun basically leftover value that they think from a company they've purchased so for example

when backwing Google purchased Android or YouTube for that matter uh they absorbed all the revenues and income and expenses and those get reflected in those all those other categories but Goodwill is what they feel like represents the value of the brand itself of YouTube so if they wanted to sell off the brand of YouTube and Just rename it internally that's a thing they could do that would that would value intangibles uh that's typically patents things like that um and that's typically only logged as they purchase them when they go make them themselves uh that's generally speaking part of uh operation expenses so that's a balance sheet uh that's the assets yeah liabilities and stockholders Equity they

like to put these together because it's the balance of the assets remember assets equals liabilities plus Equity how am I at time oh we're good good again you've got it broken down by current which is things for this year and then total which is all of them and then Equity is just what's left over it's after you if if Microsoft was to you know make an announcement today saying they are going out of business and they sold off all their property and whatever remaining licenses they have and whatever physical servers they have and paid off all their debts that is the liabilities Equity is what they believe they would have left over that would go

to the shareholders all right uh I think that's all three did we cover all three oh no cash flow here we go okay here we go income from operations is basically how they break down what they did the functions of the business directly to generate income um something worth noting uh parentheses is an accounting of negative number so whenever you see an parthey in an accounting statement that's a negative so you would subtract that when you it together there's your financing section and so you can see here there's stock issued stock repurchased dividends paid out and that's the total that they spent on financing yes

that's a fantastic question I don't know the I can't like speak authoritatively on that based on what I know I think that they would do that on the back end that's like all the extra things that we don't get to see as the public in the same way that your employer uh has a lot of different ways of accounting for all the right it would it would it would yes it would filter into the uh services and products that we saw earlier in cash flow does that make sense yeah that goes back back to what I was saying about uh there's no way that I'm going to be able to determine from these statements how much of this was

from Windows 11 versus how much was from Azure subscriptions but yes yeah yeah pretty much all right next one is investing um pretty straightforward here is just things they've they've purchased for investing uh some incomes there for sales and investment and as invest Investments mature uh what those actually are is going to vary from company to company sometimes you will see those details in the statement for management earlier in the uh the what do you call statement I've also got Amazon and Google pulled up here

yo um what is what exactly is your question

so yeah ebbit or ebit da depending on how you pronounce it is earnings before debt interest taxes and something else amortization amortization yes um and that gets into what is the difference between amortization and depreciation which is we talked about that a little bit about the car purchase example about how you capitalize expenses amortization is is the equivalent for intangible assets um essentially it's just another ratio that you can use to evaluate a company there's the truncated version which is ebit which is earnings before interest and tax uh which a lot of people think is more a more accurate representation of the company because if you do it before uh debt and amortization that can be a pretty

sizable chunk depending on the company you're looking at and so it might not be as realistic um as to why people are pushing that I don't know uh there is a ratio that was presented to me in my class that's yeah yeah so and and my understanding is there's some legislation floating around that may push certain industries to that I've not followed up on that one is that what you know okay

I mean that's fair if you're going to use a non-gaap metric you need to tell us how you did it um yeah so here's Amazon yep Amazon all their numbers we're not going to go through them all just like that here's Google as well so what I have done is I have already taken these numbers and I've put them in a spreadsheet where's my mouse there we go

because we all know everything in cyber security runs in Excel and it's even worse than accounting um all right so that is really hard to read let's see what we do about that that's not working we're gonna do that okay all right so um not every line in the statements goes into these ratios I've pulled out the key ones that we're going to be using and I've already copied in the numbers fortunately as as weird as these statements are and as much as they different are different between companies most of them use the same terminology so it's it's not too hard to go into wait what does that say five Trent oh yeah you're right I can't do

math all right we're GNA be quick then all right um these are numbers for Microsoft Google and Amazon that I've already put in here these are the applicable lines from their statements to the ratios that I showed earlier and I've got a fancy little Excel thingy here that calculates those ratios for you oh my we can't read that either all right I got five minutes so we're gonna be quick you can come talk to me afterwards I will be posting this on GitHub so if you want to come talk more and explore my ignorance we can do that um ratios Roe return on shareholder Equity we can see here from these numbers uh we C Microsoft Google and Amazon we can see

that of the three of them Microsoft is more effective at using the equity that the shareholders have put in to generate Revenue that's because the ratio is almost double what Google's is and definitely bigger than Amazon's I don't know I should say amzn we fix that before I post it uh return on assets that is how effectively the company is using the assets they already have uh looks like in this case Google's using their assets more effectively and for leverage that is how much they have borrowed versus their their income we can see here that Google oh wow Amazon has borrowed more than the others um signicant more than Google and so you can kind of get it a little bit of

insight based on their existing leverage how are they going to finance future Investments can they afford to make future Investments and this gets back into the the growth and sustainable growth if a company is growing exponentially and they're already overleveraged that sustainable growth is going to look really bad because they're not going to be able to afford to invest to maintain the growth all right that's let's get back to slides because I got to be done in two minutes blah blah blah hope you learned something there Edgar uh is a electronic data Gathering analysis and retrieval system they have an API and a python module that the SEC maintains so you can go pull all these numbers it's really

cool I'm playing with some automation stuff on there with some of my classmates um fascinating stuff impact oh I got one minute talk about impact okay so most people if you're an internal cyber security team unless you work for a vendor or a consulting company offering cyber Services you are not going to have impact of the purchase of raw materials or the sales right most of us are expense lines to the company we don't go into the operating profit margin we go into the other so how can you impact these lines if you cannot change sales and um purchase of raw materials prevention of incidents right so Bibble just talked about triage and how to how to reduce the impact of an

incident incidents have real life cost implications to a company and that could be just from the breach itself that could be from ransomware leading to a larger uh impact so the more breaches and incidents we can prevent the more we can save the the company from having to put cash out because that's where that's going to come from that's going to come from that cash line on the income statement uh reduction of cost the best you can the better you can do to negotiate uh better prices for cost and services from your vendors and Consultants the the better off your Line's going to be and then timing so if you can push out that payment to the

investor that has the uh push out the payment to the vendor that has the ability to impact the cash flow statements and that might give your company access to cash to make those Investments without having to borrow and incur interest expenses that being said it might impact your ability to reduce cost so balance all those work with your Finance team they'll have input for you uh sources blah blah blah blah blah classes that's the book I read for class highly recommend really great um not super technical I binged it in an audio book format in about a day um really straightforward really easy yall are smart I know you are because you're here you'll be okay with that book that

class uh Securities and Exchange Commission is a fantastic website with a lot of resources Wikipedia is great also highly recommend Investopedia uh summary blah blah blah these are the things we talked about we're out of time I'm over time this is how you get in touch with me if you have additional questions I'm sorry I am out of time so I can't take more questions but I'll be here all day [Applause]

know