2024 Security BSides // Mick Baccio

is this it yeah good morning everyone uh Happy Halloween uh so before we get started want to say thank all of you for coming down to the Cayman uh thank you our sponsors and all the speakers thank you for being here today it really uh it's such a unique conference my first time in the Cayman and I kind of want to move here now so uh before we get started a little disclaimer uh I work for a company called Splunk uh who's heard of Splunk I don't know why I did I can't see anything um so I work for Splunk Splunk was bought by a company called Cisco I'm also faculty at in's research U and I do

a bunch of other stuff what I'm talking to about today has nothing to do with any of my day job stuff I just want to be super clear like oh well Mick from spunk said no this is just me talking to you about some stuff I learned throughout my career so don't hold me accountable please second disclaimer I used AI to generate all my slides and um any of you that fear AI taking your job you are fine all right this spelling is just atrocious I just want to point it out now that like there's going to be some misspellings know that I can spell if I see a little squiggly line I know that it's wrong but AI does does not so

uh my 10x prompt engineer career is slightly uh different um so first going to go through who am I uh going to talk about the 80s car industry for a bit uh going to talk about the seik model and how Seiki Works in cyber security and how we can apply that so first off my name is Mick bachio I'm a Global Security adviser at a company called Splunk I've been doing cyber for a very long time uh I started off in the military like a lot of people did crypto stuff cuz I found out I was colorblind the day I joined the military and they're like you can't be a nuclear engineer red wire green wire whatever so uh my

focus has really been Network defense blue team side of the house and then I really really gotten a threat intelligence uh worked incident response jobs Pentagon Health and Human Services CDC ended up at the White House during the transition from the Obama Administration to the Trump Administration and let me tell you was wild um and then after the government I was the ciso for Pete Budaj his 2020 campaign when he ran for president so that was just a really really unique experience for me uh I've have a conference called thronton it's just an annual thing a group of us run to talk about threat hunting and and just knowledge transfer knowledge creation like I mentioned I faculty I'm a Defcon

goon uh next year will be 10 years so if you see me I'm that guy yelling please step on that side uh I teach lockpicking it's super fun if you've never done it I highly recommend it and I love Air Jordans like my kids are not going to college because I love Air Jordan so much so uh on the socials that's my LinkedIn that's my if you search no hack me anywhere you're going to find me I mean that's my handle it's been my handle for like 20 some odd years just search that anywhere and you'll find me all right um I actually can't see my speaker

notes

uhoh right I'm sorry about this got to take it easy oh no all right we Vamp for a little bit until it comes up the idea behind this talk is um little l a little groundw work there are two kinds of knowledge perfect uh you have tacit knowledge right and tacit knowledge is personal experience it's it's experience-based knowledge it's difficult to articulate it's difficult to formalize it's rooted in individual insights um like riding a bike reading body langu anguage recognizing patterns and data based on a personal experience so tacit knowledge is highly subjective and context specific it's often trans through personal interaction like conferences just like this rather than written instruction on the other side of that

you have explicit knowledge so explicit knowledge is a more formalized uh and structured can be easily articulated can be written down can be shared with others this is like manuals documents databases procedures something that's distributed to an organization so since it's cified explicit knowledge is easily transferable across organizations oh my goodness I'm so H and you can do that without direct personal interaction so those two kinds of knowledge all right so tacit and explicit knowledge are both super super crucial in an organization to be successful because you have to take the tacet knowledge and combine it with the explicit knowledge and you're creating new knowledge uh meanwhile like Cy we rely a lot on tacit knowledge it's just

something I know how to do because I've done this for so long and on the other side of the explicit knowledge um incident response playbooks something like that threat intelligence reports these are examples of explicit knowledge so I wanted to talk about how we can be derivative and still make that matter and still be important um little background who here and I can't see just clap maybe uh any gen like who remembers the 80s yes well I'll be in bed by 9: it's fine um so during the 80s Japanese car manufacturing was dominating all right and US companies relied heavily on strict processes and explicit docum documentation where Japanese firms like Toyota had explicit knowledge or Shar

tacit knowledge skills and insight they shared those across the organization so it was a continuous exchange of knowledge through Concepts like Kaizen and we'll get into that a bit later and after a while people started to figure out like wow why were they dominating so there was some research done the idea behind this talk was there's this movie called gung-ho came out in 1986 uh it's Michael Keaton it's an old Ron Howard movie basically it's it's there's this guy named M hunt Stevenson who Michael Keaton plays Works in a small Auto Factory in hadleyville Pennsylvania all right Factory shut down uh he goes to Japan and tries to convinced this company Assan Motors to reopen the

factory and they could build cars and turns out you know culture clashes organizational structures but we put aside our differences and we all come together and it works out in the end because it's an ' 80s movie and that's what happens so throughout that you see the adoption with a lot of principles and that's what I kind of want to talk about here and how that works all right so think of this 19 late 70s early ' 80s um Japanese automakers rapidly outpaced companies like GM and Ford and Toyota Nissan and Honda were the top of the game so they gain a strong foothold and in 1981 Japanese cars made up over 20% of the US market which is crazy uh and

GM's market share dropped to around 40% to 30% so in comparison American manufacturers struggled with inefficiencies in their production processes and the quality of their vehicles was often criticized this led to declining sales GM and Ford experiencing significant financial losses and the introduction of voluntary export restraints by Japan in the 80s was an attempt to address the imbalance like it was Japan who said hey look I'm sorry we are just dominating we're going to not export as many cars and that didn't really work out so these developments exemplify the impact that outdated processes in the American automotive industry and set the stage for why Innovation and models like Seiki become crucial for future competitiveness did that not

work oh I'm sorry about that that's my notes aren't removing okay I think that's it so the contrast between American and Japanese Automotive companies in the 80s can be large attributed to differences in their approaches to Knowledge Management and organizational culture um you remember the US and the 80s think IBM where it was very rigid very top- down processes uh it was very Hier artical it was chain of command you followed it you didn't ask any questions you just did your job and didn't do much outside of that um think in the 80s Ford still had the assembly line right mass production model inherited from its early 20th century roots and it prioritized efficiency rather than continuous

process Improvement and GM pretty bureaucratic um it was similar where workers were expected to follow hey here are the rules here's the conditions here's the procedures don't go too much outside of that uh which contributed to a decline in quality and competitiveness decision- making was slow and communication between departments was limited I know this sounds like super familiar to all of you uh other things that happened were something called lean manufacturing where Japanese Auto makers had a lean manufacturing approach uh exemplified if you remember the Toyota production system it focused on eliminating waste and optimizing efficiency it required sharing constantly of tacit and explicit knowledge to refine that process so it's this concept of knowledge sharing

culture where Japanese firms focus on the creation of new knowledge through collaboration and continuous learning which was absent at the time in many American firms and there's this concept I just love the spelling I think one of the prompts I had was like no text and no text was on there U so there's this concept called Kaizen and I I couldn't find like the English equivalent of it it's this concept of continuous Improvement um and that is what heavily influenced the Seiki model so America I said mentioned at the time American firmance was very top down you know the president vice president and so on and so forth and you as just a flying worker you had no say

in anything you just kind of did your job so the philosophy of kaisen it emphasized incremental Innovation so you're not trying to land on the moon once you're just trying to get a little bit closer each time we're creating new knowledge each time and those processes constantly evolved that meet changing demands so the idea of continuous Improvement and knowledge sharing Japanese automakers like Toyota and Nissan followed that kaizon model Toyota had a system called just in time just in time minimized inventory by producing only what was needed and that required strong communication and strong knowledge sharing between organ between workers and management like hey we need this many chips uh to build this many cars we

know that it's a six-month backlog to get these chips so we have just enough that we need we can continue production and keep moving things along and Nissan had a similar model where it was a flexible production uh that allowed for rapid changes and output based on demand so workers were cross trained could rotate between different tasks and it fostered a more collaborative environment and better overall efficiency and those differences had significant impacts that top- down rigid American system was slower Japanese counterparts did a lot better uh and they encouraged socialization and externalization from their workers Japanese automakers constantly ref systems whereas American firms stagnated in hierarchal less flexible models so that's what happened and then people

tried to figure out in the '90s late ' 80s early '90s like well how like how did they do that they just weren't just better there's there's a reason there's a method to it so these two well three cats but the two cats um takauchi and nonaka two researchers in Japan to to came up with this idea to explain how Japanese company particularly Industries like manufacturing and Automotive were so successful Innovation and knowledge creation compared to the US so it was inspired by competitive pressures from the global market especially their ability to quickly innovate and improve products so the Seiki model everg emerged as a framework to try and explain how companies like Toyota and

Honda were able to consistently outperform American Automotive giants like GM and Ford in the 80s and 90s all right so Seiki Seiki is an acronym that represents knowledge conversion within organizations socialization externalization combination and internal ization and I'll go through each of these these models describe how personal experience-based and explicit documented formal knowledge interact and are transformed into new knowledge so there's was a book came out in 95 called the knowledge creating company and this is where the model was first published and it became foundational in the fields of Knowledge Management and organizational learning I think it's still used as a reference today so socialization this is sharing t pass it knowledge um direct experience and

interpersonal interactions like I'm doing to you now the phase focuses on learning from others by observation imitation and participation in shared activities kind of like these conferences it's a perfect example of it uh socialization is generally an informal settings mentoring face-to-face interactions or or working together on projects things like that the goal here is to transfer knowledge that is difficult to articulate like personal skills and you do that generally ined activities so an example would be a senior cyber security expert mentoring a new employee showing them how to detect subtle patterns in network traffic that might indicate an attack is coming or might indicate an attack has occurred now the expert may not be fully able to

articulate and explain uh their intuition in words but through those shared experience the new employee is going to observe and work alongside them and pick up on that knowledge does that make sense so externalization this is conting tacit knowledge yeah uh to explicit knowledge so externalization is articulating the tacit knowledge that we have and converting it into a form that can be shared more easily uh think of like documents diagrams manuals it's about codifying personal insights into structured formats now it works because individuals Express their tcid knowledge in ways that others can understand uh this often happens in brainstorming sessions discussions or during the writing of reports where we're all collaborating in one document and

there's actionable insights uh that turn into an overall framework so an example of this would be a cyber security team documents the insights gained from a recent incident turning them into a detailed incident response Playbook we've all done this probably at least once right here's an incident that happened here's how it responded to it so if it happens again we know what to do now this Playbook we just created can be shared across the organization so again allowing others to follow those structured steps when facing similar threats so next stage is combination combination refers to the process of bringing together different pieces of explicit knowledge into a system that creates new understanding it involves organizing integrating and systematizing

knowledge from various sources um this would be something like creating a database or a report or a model uh to compile information from different areas is right this is like you have six different threat feeds coming in and are all for one goal so it's about synthesizing explicit knowledge to make it more comprehensive and applicable to solving complex problems and an example of this is cyber security organization will create a threat model by integrating data from multiple sources right you've all got threat intelligence feeds you've got log files and you've got previous reports so we're going to combine those things and form a holistic view of potential risks and the combined data is then used to improve defensive

posture and our overall defensive strategies and the last phase is internalization so this is absorbing explicit knowledge as tacit knowledge so it occurs when individuals learn from the explicit knowledge and apply to their own experiences uh hopefully you know they convert it back into tased knowledge this is how structured information is absorbed and becomes part of personal knowledge so you read reports you read case studies you you go through training and then you apply that knowledge in real life situations over time That explicit knowledge that you learn becomes second nature informing your decisions and actions um an example this would be you've got an analyst out there who studies the company's instant response Playbook top to bottom and it

applies it during a real Cyber attack through repeated application the analyst internalizes the knowledge improving your ability to respond to Future incidents and you know without referring ref ing to that Playbook again so it's just creating knowledge over and over the easiest way kind of visualize this is the Four Corners here think of it like um golden spiral all right so we have knowledge we're creating new knowledge each time but each that that knowledge that we've just created is a little more complex each time and that spiral gets bigger so every time we create something it's going to be a little more complex and that's the idea is to constantly create new knowledge so that's a SE model in a nutshell um next

coming no so so far we've seen how the 80s Auto industry was like kind of trashy in America the struggles uh they had laid the foundation for understanding knowledge creation and how the SE model emerged as a way to explain how Japanese companies consistently outperform their Western counterparts uh so what does that mean today right like that's that's a great story Mick but like how do I apply that in cyber security um just as car companies needed to innovate quickly to stay ahead so do security teams I think every time we turn around there's a new breach there's a new data laws there's a new AP something something is getting compromised and that's something we deal

with every day in our jobs so what we're trying to do is constantly evolve adapt learn so let's have some ideas of why being derivative is important and how we can apply that knowledge creation model in cyber security this is my favorite um I add to draw Ango Gan as a Pixar character and that's what I got so all right let's talk about derivative Works um who is familiar with the Cyber kill chain anybody heard of it yeah like we've all heard of it would you be shocked if I told you that was not an original thing like I love Eric I love K the whole gang but like it was actually based on the

killchain like the kinetic kill chain the dod uses when they want to yeah um so cyber kill chain was developed in 2011 someone checked my math on that it builds up on the concept of knowledge creation by outlining steps a Cyber attack and how Defenders can disrupt it came from military kill chain Frameworks and it got formalized by the gang over at Lockheed um so it's a derivative of a traditional military framework adapted for cyber security it enhances knowledge creation by allowing security teams to formalize responses and collaborate in threat analysis integrating both tacit and explicit knowledge real word incidents uh and explicit data from threat feeds so since it's introduction like I saw a lot of hands go up we all

use a kill chain but derivative of the killchain you have other Frameworks like the diamond model you have miter attack and all these things are derivative of other sources So speaking of miter attack everybody's heard of that yeah I know Adam's like yeah heard so miter attack is a framework that is derivative and extends the principles of seik into cyber security just like SE emphasizes converting tacit knowledge into explicit knowledge and vice versa miter attack gathers explicit knowledge about adversarial tactics and techniques and documents it into a structured framework now security teams use it to combine various data points and externalize their insights building on real world experiences building on their tastic knowledge then through ongoing collaboration and

internalization miter attack continuously evolves making a living knowledge tool for cyber security and I think there's probably a Halloween surprise later day when it comes to miter attack Frameworks uh isacs information sharing analysis centers these play a critical role in cyber security right everybody knows what ISAC is some of us are probably members of ones it it creates this collaboration it Fosters this sense of uh collaboration Ross Industries to share threat intelligence and enhance collective security right isacs we don't work in the same company but we work in the same industry work in the same group whatever that might be and we're collaborating together trying to increase knowledge each ISAC focuses on a specific sector Finance Healthcare

whatever that is and within that sector we can share realtime insights on emerging threats vulnerabilities and best practices what targets uh industry a may not Target industry B so and That explicit knowledge those threat reports those intelligence speed that isacs embody the seik model so collaboration enhances the security posture of all participating organizations by turning shared knowledge into actionable defensive strategies so everybody's been in a sock before right I that's where I grew up was working at a security Operation Center threat hunting uh one of my favorite things ever it is a super collaborative process that relies on both tacit and explicit knowledge professionals share strategies you know that socialization part of it it and

combine intelligence feeds logs reports to create comprehensive defensive strategies and that's what you do in a stock it's a collaborative approach powered by the seik model you can see how it ensures both real-time experience and documented knowledge contribute to building a dynamic effective cyber security defense Dev SEC Ops right same concept seik model it's continuous collaboration when you think cicd it's the idea of continuous integration continuous development um developers and Security Professionals like I know Dev SEC op is a dirty word to a lot of folks when you think about what it is it's you're sharing practical knowledge and formalizing it into secure development practices so Dev SEC Ops teams continuously improve security integration and development cycle that's

kind of the job that's why we keep doing it so it's a constant feedback loop of documenting experiences and learning from them so that ensures both Security Professionals are efficient and their development Pipelines so what happens next right what can you do like this is all great but like what can you go home and I want to you know what's the call to action because I think when you talk you always call to action um so just like I mentioned earlier the concept of Kaizen fostering a a culture of open collaboration enables organizations to innovate quickly by encouraging employees at all levels to share their insights organizations can create a continuous flow of knowledge and ideas now this

this Collective approach allows problems to be solved faster and more effectively and Innovation to flourish when you have Factory workers on the ground that were communicating freely with management uh that is an improvements made in real time you can see how Toyota back in the 80s was dominating because of that mindset the principle applies not only to manufacturing but cyber security and other Industries where collaboration between teams is critical and it always will be so continuous learning um it's super important right like if if you stopped learning new things you would start being bad at your job and you probably wouldn't have one for much longer I think the idea of continuous learning is essential for staying adaptable and

driving Innovation where shared learning ensures that employees can quickly respond to new challenges and adopt better practices by consistently sharing your experiences and insights and Lessons Learned organizations can improve the processes and innovate over time for example um in cyber security continuous learning through post incident I always use the the word hot wash but I don't think that's it but you know post incident review like your postmortem when something happens okay what went wrong what went right what could we do better next time and it refines your defensive strategy we've all done them before and this is something commity to do to try and get better learning isn't when learning is embedded in everyday activities both

Industries can evolve faster and stay competitive uh a structured flow of knowledge within an organization that ensures information is shared quickly and effic efficiently across teams is super critical when knowledge moves freely between departments when they're run thr stove pipes we all complain about because we're not working with Team a or Team B we solve problems faster we optimize processes more effectively streamline communication and collaboration companies can reduce redundancies and increase productivity an example um in in cyber security so when intelligence from one team flows easily to another you know response times get shter defensive strategies can be rapidly adjusted similarly in manufacturing knowledge sharing leads to more efficient production lines and quicker identification of issues potential

issues the key to success is maintaining a continuous flow of tcid and explicit knowledge across the organization ensuring that everyone is informed and aligned so I like this one uh the evolution right uh the evolution of knowledge practices it highlights a significant shift in rigid top- down management styles of the past so in the 80s Industries like automotive and even uh a lot of Tech Industries operated with strict hierarchies and knowledge was siloed and offered in only formal structured ways like there was no bsides back then right so this limited the flow of innovation and made organizations slower to adapt and change now with the development of models like Seiki creation became Dynamic emphasizing the

importance of converting personal experience into formalizing sharable knowledge and vice versa when that shift happened it allowed companies to collect insights of their employees for fostering this the idea of continuous Learning and Development in modern Industries the evolution of Knowledge Management is exemplified exactly like tools like miter attack where that tool itself that framework itself makes everyone slightly better and gives everyone a solid footing to build on in their own specific organization uh so the con exchange is vital to go back and forth explicit to tacit explicit to tacit and that Innovation is the way Toyota and all car companies worked in the 80s and you can see it in organizations now that have adopted these principles the things are

releasing that the the the idea of knowledge sharing and creation so in this world where cyber threats like I said mentioned uh faster than ever I think one of the biggest things you can do today is embed these principles in your organization I think you Foster a culture of open collaboration you encourage mentorship you build platforms that turn personal experience into shared knowledge and I think together we can create a future where knowledge flow drives Innovation and resilience making every organization safer stronger and smarter uh I think mentorship plays a critical role I I think there's a lot of folks who have walked a long road in cyber uh what you're doing is you're transferring tacit knowledge the

personal based experience skills that are difficult to document uh between senior and junior staff I have had a weird career where I've done things um that not a lot of the average Bayer just won't do in their career like hey have you been a ciso a presidential campaign because it's like an eight-month job let me tell you all about it so and it's it's it's great to be able to talk to folks about that and those experiences and make folks um a little more knowledgeable and they're take that knowledge and combine it with what they know so in cyber security think of it like learning how to detect subtle threat patterns or how to handle high

pressure incident responses um these programs not only speed up the learning process but create a culture of continuous Improvement in learning so again I think adopting these principles into your organization is super critical uh one of my favorite things is enhanced threat intelligence uh I think seik adoption would facilitate the externalization of individual experiences into formalized threat reports feeds and intelligence uh an example is there is a group of friends we all kind of did all the Intel things and we were analyzing a fishing email and one of the guys that we were working with was from the area where the fishing email originated so we did our Google translate you know we're like oh it's this this what it says and

he no actually you would only use this word if you were from this part of the country how do you know that oh because that's where I'm from and I'm like oh yeah that makes sense so it's those personal experiences those personal insights that people have I really think we should take advantage of the idea that you have so much knowledge to share with other people that's hard to codify um and again things like devths Ops get continuous integration but I think it's that individual experiences that we all have contribute to a greater role one of the other things I swear it's not a thing um if you're going to do it if you decide to write a book me and some

friends wrote a book uh get an ISBN we did a thing called blue namicon and basically it is I got a bunch of friends hey give me a thousand words on a leadership topic on a technical topic or just tell me a story like one of the favorite things at conferences are those hallway chats we all like hey this one time at incident response Camp those are great stories that we tell and I think the idea of telling stories Finding Your Voice once you do share the knowledge that you have um so again seik model what we're trying to get to is that idea of a golden spiral of continuous knowledge creation and growth each time

that level of knowledge is going to be slightly more complex each time that level of knowledge is going to be slightly more difficult and we're going to get better from it uh I think that's all I've got I talk super fast more like Bo hey uh do anybody any questions not everybody at once it's fine don't be shy don't make me ask mck questions I know where the body is are buried

now um good presentation sir um so for the tcid knowledge right it has to be a personal experience like you said um all the new AIS coming out now they really can't you know like come out of the computer could you give an examp example of how the AI could have um some tacid knowledge AI wouldn't have tacid knowledge like machines don't have experiences machines that get fed data convert that into assumed experience but it's a mathematical computation right the question was like do AI systems have that tacet knowledge How could a machine have tcid knowledge like it's just you're feeding it data you're creating explicit knowledge right when you ask it a question that's you

inputting it back and forth the idea that these systems are continually learning I think AI is slightly different because to me it's always going to be a tool it's not going to replace something it's going to be a tool that you use much like any other and I think it the creation of Knowledge from AI systems is important derivative work but I again that goes back into it is important derivative work if you can validate it and much like all of the spelling errors uh that you saw in the pictures earlier we've all asked a generative AI question and we got an answer and we're like whoa that is a that is the wrong answer there's not

three Rs in the strawberry so it's it's those that idea of knowledge creation I don't think is possible from AI systems at this point like five years now like oh Mick was wrong but like right now I just don't see it can can I kind of back on to that yeah um is that what's missing from AI is that we don't have enough experiential knowledge data being put into it we don't have a broad enough base I mean where where is the missing link with AI right now I think it is in the computation of it right you're feeding these large language models all this data but you are not you're just feeding it a bunch of one type of data

right and you can once you create that once you document something you turning Tas into explicit and vice versa it's it's a person doing that and I don't think a machine has that personal experience to be able to to create something thank

you just just about the AI it's because there's a the temperature uh it's a random uh when you say that AI have creativity in fact it's a random so um AI is not made to be precise so that's why you always need to validate and it will not change because it's the way it's made behind the scene so just to help so just so that I'm clear what you're saying is that AI is meant to generate a summary and not a specific it will never be specific enough is that I think it could be right right but again it goes into the the same concept is garbage in garbage out right so your your large

language model is only as good as the data you're feeding into it I'm going to get my steps today oh thank you uh first acknowledge that I did see gungho when it came out um sorry Boomers y um question about seti and maybe applicability to the cyber security scare scill so scare scills lots of new entry people coming in and yet the jobs require a lot of experience and um there's no career path so the question is is is it SE is a model as back kind of a throwback to crafts people and apprenticing and do you see a fit there to solve what I would call a sock fatigue scarce SC got yes and no right um I I think the

idea of what a person who is nent in their cyber career knows and what is expected to know um I think there is a wild disconnect but I think it's a a completely different conversation when you start talking about the hiring processes and what the the skills required for those are I think cyber as a whole we could do a lot better job with mentoring people we could do a lot better job with encouraging more diverse voices in this industry um and it it's it stinks like I've been doing this for a while and you know we're we're constantly trying to bring in new voices new faces so that we don't have those same rigid models if we keep having the

same trains of thought it goes back to that this is the way we've always done it like we've all heard that before right like we've always done it this way and I'm like oh that must make it efficient so again yeah I I I I think those are apples and like slightly different colored apples anyone oh yeah uh thanks for a great talk um I I I love the stressing of the socialization of uh knowledge sharing and uh bringing people up how do you deal with the problems that we have especially in a smaller Island community of of sharing some of that knowledge especially if it's like incident reports where you're either think thinking of it

as a competitive advantage or perhaps just too embarrassing to share how do you nudge people into doing that for a wider Industry Group so in my experience and the question was generally like how is knowledge sharing um in my experience there have been organizations I've been at who are reluctant to share right no one wants to admit their house is dirty like what we have no incidents no um and it I think it depends on who is sharing that data I think the most collaboration I've ever had in my career the most success I've had in my career was collaborating with fellow analysts like folks who are actually doing operations who are responding to the

incidents who have the actual ioc's and but don't have as much uh they aren't as hamstrung by policies and management like I understand the competitive Advantage but I think one of the benefits of the ISAC is it destroys the competitive Advantage it's we're not here for that right when you join an ISAC you you're you're collaborating with people you're making a conscious decision to collaborate with other folks in your vertical for specific information sharing and I think more organizations are learning the benefits of that you're always going to have that you know oh we're not going to share anything and I think it's a detriment to organizations who still have that model Mick can you talk maybe a little

bit about ch cam house rules um I I don't know how widespread a concept that is you know I I think one of the advantages to getting those peers together uh and saying chadam house rules nothing outside of this room leaves this room you know other than from a a tactical standpoint well I I think the idea does that help or encourage I mean my version of chadam house is always different right is chadam house has always been hey you can repeat what you heard you just can't Source what you heard and that has always been pretty simple um I think when you share information with people you know everything I've really been a part of

most of my career has been trust groups where you have someone like carlot and I know each other we've seen each other we we've talked in person I trust her I will share information with her um I think it becomes difficult when you try and do that online I think that's where a lot of uh trust groups were that are strictly online kind of fail a little bit because that trust is not established uh but I do think that you know chadam house has gone the way of TP we're like fair enough information wants to be free yeah well and I think that um maybe in the islands you have a an interesting opportunity to create a a

vision of trust here because you are more interactive you are a smaller space and you're not having to put everything online right right and and I I think here um everything is geographically disperate but not by a lot so I think you're still able to have that collaboration um in person locally or even like virtual sessions but combine those two I I I think the Poss potential is there um and that's why I'm excited to see just the growth of it you know I was in a Jamaica last year for a conference and that has gotten bigger and bigger each year so I think that the idea of knowledge sharing and creation is slightly different for each island

but again it comes do an overall source and overall growth any other questions for Mick today all right Mick thanks everyone and uh Happy Halloween [Applause]