State Of Cybersecurity Report: Extended Play

thanks very much for coming along today I'm about 40 minutes or so around the state of cybersecurity report that info security and more specific at the start of this year and extent leap layer this is a slightly longer version of the talk I did originate in post security Europe and especially I've done this outside of mainland England actually I'm thinking it's so and yes big things to all of you becoming and appreciate that so just a little a bit about me I'm depth here this room info security magazine been there almost four years format analyst with four five one research but with somebody's not paying attention actually is that hey there we go three four five one a couple of things

and I don't care I'm put it on the bottom now to time b-side speaker this but second time I was at Scotland in about 2017 I think it was so okay I'll be a little bit uh a little bit proud of myself right just a tiny little bit just probably knocked Italy visible from the back and again just like a man said you can barely see it here a little bit min for a security magazine if you're not familiar with it on Twitter at info security mag we write quite a lot content for light IT security leaders people who kind of do a lot of like the buying the hiring the purchasing the strategies we do some tech stuff and

trying it right we do print issues I don't have any with me we literally go to press next week on the next print issue so if you don't get that drop me a message on some contact details up at the end that's the corporate thing right and I think I might have actually left in this one as well this is just a bit of information about what info security magazine to and I'm gonna whiz through it we actually the podcast now we do weekly webinars and we do a lot of we do online summits so we do a lot of content I call it high quality until I didn't put that slide in a high quality

editorial content and that sort of thing right so what is this gonna run through what the state of size of your report is going to talk about what's driving cyber security now a little bit comparison to other things it's a little bit of future stuff and think I've been working on which is very kind of ongoing piece of research it's about how the trends affect people coming into the industry now and then we'll just wrap up at the end so it should be done on time which I'm sure the organizers will be appreciative of so 2018 last year I did the first slice I try and get its states of cybersecurity report we report from now on the idea was we see a

lot of threat reports and then here is worked in media and lists a lot of you actually I mean Brian was citing the Verizon report which is one of the best ones out there there's a lots and lots and lots of reports out there so we're looking to the case of like you know there's more let's create one ourselves we thought let's do one that we actually write ourselves we do the research ourselves and we try and talk to people and try and drop the trends triage what they've been saying so come with the common trends did that last year got to 32 people a lot of reports you read will be written by people at polymer and one

poll various different research organizations not many have actually got a guy like me getting on the phone to various sort of security leaders see so CEOs etc and actually going out and saying what's what we do so what I did was a good 33 people it's like a little bit late in the year to be honest and got this out in time for InfoSec last year and these were the top findings so gdpr was number one 46 percent of respondents consider the fact this was done research for no map March April 2018 ripe in the run-up to GDP are so hence that was top threat landscape coming over 12 months on from wanna cry not texture and then board level clouds

and persistent and then just like Brian swing map thud and panic actually which is quite an interesting one to see come in as a top trend we liked it it was right now really well people seem to like it so we thought let's do it again which is quite simply what I'm presenting today so version 2 came out into a 19 as again we started quite early it could we knew what we were doing and also it's quite easy to go to people and say I want to do what we did last year but a little bit different or a little bit you know a little bit larger so again came out in time for

InfoSec I got 60 people across the industry and just because I yeah it was a little bit easier to come together started about February ran through club at Sauber mid-april and from those conversations 31 distinct friends imagine most of you if I said to you can you know me 31 friends with in cybersecurity you probably last six I sabe your head so 31 was quite impressive these include five top trends so five most common trends is sort with twenty eighteen five lower trends like sort six to ten and then eight single response trends I put those in because I think it's quite interesting that's only been cited by one particular person and a previous time I actually I think

actually was that InfoSec someone said what sort of people did we survey so these are the kind of people we were talking to so you can see it's a lot of company people which is the probably easiest to get access to actually it's kind of the vendor CEOs the CTOs the evangelists and that sort of thing as well as the C so other words I see so sore their various practitioner side of things as well that sort of thing so that's kind of people we were talking to so it's was actually asked me after my presented this was about two weeks ago and so what survey what sectors were surveyed and someone said how many

verses are private versus public sector yeah I'll put my hands up now on from the public sector review every 150 of the sixty were from the private sector VC legal association to analyst and four from education that you know professors and that sort of thing so if we do this again next year I might try and sort of reach out try and balance it out a little bit more okay let's move on then so from the sixty people we interviewed house survey said the top trend then was product problems and sort of technology troubles and this was a kind of a combination of several factors which you can read here the as you can see their

companies stuck in the cycle of constant crisis too many problems with detection that's also vulnerability management legacy technology someone who'd actually say to me what do you mean by legacy technology a previous presentation it's a tricky one to determine actually legacy because to some people I would say something might say that something came out in like say 2010 like the original palo alto network firewall might say well that's now legacy and i'm like we're actually pretty nothing wrong with that and actually it's pretty nothin wrong the original checkpoint firewall if you're still using that and you're configuring it and you're making it work to the the neat level that you need to work it commoditization fishing obviously the

top one there more technology and there are problems I just picked out a few comments from the report so as you can see the 16 attack vectors there are 26 technology sectors this actually did come from the CEO a CEO in this case it was a kill swept and check point so he actually stood on stage at his own conference and said that they're actually we've got too many technologies for too many for too few attack problems so interesting that yeah it's a CEOs determining that problem the big-ticket solutions haven't delivered and we're trying to slightly cuz he coming in slow slowly and I said old technology legacy and that sort of thing there's a

determination was sitting on this old technology problem there's some stuff that Java did when he was at for fight one about shelfware which is probably worth looking up at gee if he can find that about how old stuff is as technologies bought but just not utilized and just often too often it's too hard to configure and we don't really use it right I think that's the last one yes so number two a very broad very hard to determine topic is the human factor 31 percent of our respondents there's I'm not huge numbers it's very split across the sort of the margin really no ones like you know seventy percent of people said this but I said last year was 48 percent

compliance but human factor awareness so it was very spell that very what broad umbrella a lot of things here awareness breaches technology cannot be in confused customer centric usability skills shortage that's still going on will be there for the rest of time talking about that and the concept of upskilling people is actually quite an interesting one that that would come from a someone working for a vendor who actually said that we're not it's no the capability to get someone in and then push them up like Martin link was talking about this morning actually a finding people are actually working training them up is a real problem actually and we've had this conversation about week is versus strongest link for

some time so just a few a few points here yet we still have people the weakest link a few attempts made to support them I'm sure we've all heard that over the years taught and deficit we're creating this ourselves there's a feeling actually we are creating our own skill shortage here by actually not being able to hire people who fit it now probably in this audience here it's putting people trying to look for the jobs and people are sort of finding you know you go up there and you find they're looking for things that you haven't got and actually then you've got skills that they need but it's trying to meet in the middle between so of an HR

person who's acting like a buffer which is a bit of a shame and this one is quite a long quote but social engineering talk to a couple of social engineers like Richard de Vere and Jenny Radcliffe for this as well and obviously they did cite that so there's too much of an expectation in the hiring process for people to be ready and if something I think industry needs to consider that certainly came out in the research right your Ella or moved to number three and in compliance this was an interesting one actually because this when I started doing the research this wasn't coming up at all and I thought I'm onto a headline here and that compliance was big one

year and it was out of the top five the next sadly it started getting cited I deliberately tried to avoid people like compliance state protection specialist because they would have all said this so I tried to get much broader but compliance including things like GDP are obviously PSD to some of you might know PCI and probably most of you know CCP a mine I've come across it yeah that's the new California one which comes out in January but yeah some of the kind of common things there frameworks number two their disappointment over lack of fines as you can see by the time here this research there was a feeling that gdpr wasn't really delivering and hey-ho

this about a month after this published reports published we saw two fines coming out so yeah that was the feeling at first the gdpr we had this build up and yeah you know the media were doing a lot and lots of hype about gdpr and how bad everything was gonna be but as it worked out it's actually kind of come true to an extent there were two fines or intent to fines issued against ba and Mary it within them about a week of each other I think as I recall in July we're now nearly in no but practically in November from tomorrow and we've absolutely that's the last we've heard so who knows maybe that

feeling is still there that hasn't really delivered just a few comments then and excitement about regulation has died down at all its force better incident phonce those of you do IR stuff maybe it's actually now you're now seeing more value of what you're actually doing and again we've kind of just covered that as in which world expected right number four was company and board engagement I get only 18 percent of people actually cited this but it was it was enough to actually get us into our top five and it's an interesting area because again it was going to came up last year in terms of board level recognition now it's about engagement again Brian said

this this morning about now the fact we have people actually are taking notes of us if anyone's watched Jeff Moss opening at issues black cat USA don't the keynotes pretty good but he's opening is really good he says something on the lines of government regulators legal boards now recognized cyber and how do we do something with it so that's worth checking out in about ten minutes it's really worth watching but yeah it does drop it was actually last year it was third now it's fourth but the fact is is I'm going to pick up some of the points here talk about business people in an immature market discussion between the CEO and board is different because maybe

the CEO kind of gets it now they might not understand absolutely everything pulled awareness measuring culture we obviously saw no no before bought a CL tre Cairo it's company they think the amount was disclosed but you know it does give a figure to that number actually to that value of actually measuring a company's culture and just to pick a few comments out not the job of the company to make it more secure help it to sell stuff and help them meet their vision board rumors lessons a lot learns etc and he's taking more seriously than it was in the past so these all these comments by the way these are actually from actual the research we did these are all actually

quoted in the report which are whilst I'll show you a link at the end and then fifth and the saw the last of the top five was automation there we can roll their eyes now if you want because yes it's still there a I machine learning under that umbrella of automation and it's it does have mixed responses which we'll get onto but yeah the concepts were that if you are going to do this you need to put like your whole or into this really which probably most people can't really do well I'm sure the comments in the second but one see so I did talk to he was kind of building almost a grassroots security team he's

from the major publisher and he was able to actually use machine learning and AI because he's actually and DevOps because he's actually starting out so a lot of more set more established so huge teams probably aren't ready to work this yet because it just involves so much retrofitting as you see too much fun on AI and machine learning in an immature markets and that sort of thing so again a few comments from here so anyone here doesn't understand non symbolic verses symbolic I can point you to a medium blog by Rhett D'Souza because I had to look at that up as well and this came in I've very briefly said non symbolic is what we call good old-fashioned AI makes

use of strings that represent real world entities or concepts non symbolic involves provide providing raw environmental dates to the Machine and leaving it to recognize patterns so that's yeah definitely recommend that reading ret D'Souza's meeting blog then listening me trying to explain it non symbolic symbolic then and next one yeah a lot of height said Fudd around AI even though he did come in as a very popular topic is because it was actually quite mixed it wasn't everyone saying it's great there was people saying it was a trend and something we're seeing as a trend but you gotta try and figure that one out whether it's good or bad and that's I think there's a chief for

comments on this yeah it must be old I think this what she was from that see so I mentioned an automation first humans second actually going to do this throw it all in which I don't think anyone is so probably saying oh yeah let's do that and I think there is one more yes it's there it offers immense value and fear does sum up probably the entire actual response is that everyone's like that on the on the the fence around automation generally so and there you go again right so those were the five trends that we that we discovered in our research I guess what I probably go I put my hand up is that yeah this wasn't a pretty

fair example of one year versus the other because it was different people there was a larger sample set this year I'd so you know that the various sectors we covered a lot of people there were probably large companies but hopefully what trying to is capture a bit more information about what the industry is actually thinking and just a little bit so yeah so just to sort of put the numbers on here but 35 percent product problems 31 human factor 25 compliance and then I think was 18 for company engagement any automation so which compared to state 2018 which is much more of a compliance and a board level slightly more technical maybe but still business strategy stuff isn't

there's no like you know malware stuff in there and things like that is that it's a quite a mixed bag of responses that do suggest that the CSO is still very much in the security pom it's all very much business in twine and business engaged rather than let's get down and hack all the things kind of thing right I'm speaking of which let's go to the six lower trends then so five lower trends so say sort of six to tens I thought all these five up on one slide make it a lot bit easier so cyber hygiene this is a term that divides quite a lot of people because to quote ed Tucker who was one of the people I am

I interviewed for this it came up with a line one of our webinars which is if the base was so easy we'd all be doing them well yeah you probably would actually a home patch management you know sounds easy the vulnerability to slow down that management and and detection and fixing it sounds easy and pass what my everything sounds a lot easier than it practically is I guess but that's like the hygiene is something that's kind of go on you around actually in doing the basics whatever cloud so yeah it kind of came up last year come in a slightly lower this year hasn't gone away cloud it will still be a popular topic I think for ever I mean

I've been covering security now since 2008 and people are still having that conversation of is cloud secure now considering that probably the fifth one they're agile transformation I'll be on the SEC does suggest you're more use of like in is aw essence is as your that doesn't mean cloud should actually be slightly higher apt nation-state attacks and malware sort of but just one slightly above the other there I put malware second it's just below that because now I takes in more general phishing ransomware that's all the more general cyberattacks apt nation-state attacks which was interesting and also just following the guys from Kaspersky was is interring that that's come up actually and I thought that was going to widely

sort of kind of dismissed as a trend actually but no it turns out that people do still see apt as a big thing and maybe that's just the world we live in now maybe it's the political situation maybe it's in there the likes of the NCSC and various security agencies going around saying these are the big threats NCSD did that in a story I wrote a month or two ago you know they highlight the big four threat nations and it's like okay we're still talking about Russia and China and Iran the North Korea so it is still a big deal and just finish off your agile transformation this when I started doing the research this was really really

prominent actually in dropped a lot of people stopped citing it but digital transformation has been quite an interesting one for 2019 it's not hard one to determine actually about how businesses security key part while the business tries to be more flexible but again it did come in literally like the ten most cited trends so an interesting one I wanted to get in anyway right and the single response trends so get a literally cited by one person you might look at them and think I can't believe that that one was only cited by one person bug bounties for example only one person who said that government intervention different from the malware nation-state thing government intervention fuzzing and different

audiences I present your front by breathing it sort of blank faces or people going yeah yeah buzzing I'm just behind I presume a lot of people you know what fuzzing is about automated software testing so yeah that came in by one person and certificate transparency GRC as well as liberal you didn't kind of go and try and review it again there's a lot more trends thirty one and I picked out what like fifteen here I did get a message from Ben Tom --have who's been fun today Bethan to spin and Ben came to me as Ben is one of the people I did in if you bent you throughout the gartner didn't where he works now but he came to me

that she to the DM he sent me rather supplies there weren't more response around containerization so it's slightly off screen maybe it's been there these days that's the web container so I said alright then well actually as it turned out to people that side containers are coming but the other one was and these are just some of the comments that the two people then and the other guy the person I should say came up a lot more bang for your buck without overheads solid up tune of kubernetes supplies well lightweight systems about those of you who know containers probably number this is news to you bet it's hold at containers and mature and then holding containers bought some old

cross og in the times I've done this presentation a lot of people that hands me go have you heard much about someone said secured textures curse security defined perimeter and I kind of think no really someone said the company to go brexit on God and so I don't really want to talk about I just could be picked out very early on I thought well maybe I should put this in because it's quite interesting one that did come up and so so given is I can put up a Dilbert about kubernetes so just because it mean also I had a long conversation on the tube a couple weeks go the friend of mine which 750 in the morning talking about

kubernetes is not something that most people want to do ok so I wanted to try and figure out how this stood up against other industry research so I went to five different different levels sort of write five different lists effectively Gartner I guess we all know 4.14 mentioned voice the enterprise side screech ventures you might seen them Steve Morgan Steve doesn't quite good research actually very problem LinkedIn weirdly PwC and then Club C so came in just before actually did this at info sake so they've all done these kind of lists of trends that they determine so what I do is I thought let's have a look at what they've done compare it's what I've got and let's see how much my

stands up and this is maybe not the easiest to so decipher but these are the five trends in bold that that I picked out and again slightly screen slightly off but yeah take troubles came up three times twice we've got p CC once we've got their human factor two different ones their compliance though only got mentioned by cybersecurity ventures personal on date privacy no Gartland a 4-5-1 nor club see so i see in compliance does this mean compliance doesn't matter anymore no compliance is huge staff I did a session we did a two-day online conference recently and I moderated the compliance session it was the most listened to entire two days people still want to talk about

compliance GDP are still keeping people headaches and still give people probably nightmares at night so yeah he gave me the board only one it's it's interesting that that is that Club see so which I'm huge amount about Club see so but I know they're kind of a membership organization that security culture you could argue is that part of kind of engaging with the board and to an extent maybe how it's but something in automation has you see everyone certain that automation it's always everywhere so ladies what contact that's the main bulk of that of the main research I say this came out in June just in time for info second I launched it on their

Thursday so it's been out for just under four months now what I was doing the research only two trials talk about the future as well and try and figure out how many people actually were talking about what's happening in the future so about so 33 exactly of the 60 I talked to actually I asked okay what do you think's driving is forward what's really changing things and surprise surprise it's automation again advanced automation know as you see some of the comments we've picked out here I think I did three lesson last year actually adoption of AI and automation as a future training was 28 percent this time it was so high above everything else was

probably under 10 percent it wasn't even worth doing a top 10 because you know it sort of fragmented percentage versus a 36 percent automation so this was kind of the main thing really for the future now what I was doing this was a couple months ago I was thinking okay I want to try and this is all very nice to see but what I want to try understand is how this effects like people coming into the industry and how do these or trends really resonate with people looking for jobs now one thing it we do info security is current we've quite keen on promoting opportunities to like newspaper work with next-gen we have a section on the

website specifically for new people coming to the industry we soar feature them we yell and learn promote their work do some writing for us we do so I thought let's try and tap into that and see where we go in terms of these trends and how how much they resonate with the with the next people coming in so this is very much still going on to the point that I was literally updating slides last night and numbers so I think to be about 50 people so far when you're doing a survey of industry professionals they're people caught there are groups people call PR companies where you can email them and you get about 12 interviews in a bad day when students is

a little hard let's put it that way I can put out on Twitter and I can tag in organizations and hacking societies I don't get anyone responding so I have to go through LinkedIn and find you all so if anyone here has been responding to my emails I really appreciate it if you're feeling like I'm annoying you please tell me to go away I've been really clean used to try and get a really good demographic together of people so and special thanks again to crest and slide security challenge who actually did some amazing to their their database and this summit we're actually kind of wrapping this up actually I'm going to probably do about another few more days of just

trying to get some research done we're gonna publish what I'm about to show you as a series of articles on info security which will be free to read and I'll probably do the the numbers so what I wanted to do was pick out I picked out seven questions or share this very stat heavy presentation but seven questions that I picked out from those top five trends or only top five to ten friends and figure out how the people who are coming into the industry deal with that so one question asked this is very mind that the top thing about tech troubles and detection and all that kind of thing so are people who can't disappear you've

got yours either at university like work placements or maybe out the first year or two of their job are they ready to deal with malware and so at so far as of I'm kind of like this morning about 51 people answer this one so 33 I said yes and 18 I've been given no or a Mormon negative response here's just a few comments more to be done more routine not without industry experience I wouldn't know really how to respond I would never respond after an attack but covering all the bases again you know it's a team effort as we're probably aware and so undergraduate leave the education as giving me knowledge so much more positive response people not feeling

that everything is terrible that they're terrified by the concept of reverse engineering and you know suddenly a kind of a ransomware lock down but the same time and more people think this is actually something they're ready for so that was why I picked this one because of the tech trouble thing being number one number two was now this is because of I mentioned AWS as your and IaaS is kind of a huge thing now we seem to become it's covering this all the time not just with the problems security problems with it but actually how to work with it so is there enough out there are the curriculums keeping up really so so far we got 52 people

respond to this and yeah pretty negative she's 34 percent if you are in have a training curriculum and not this isn't me firing a gun at you this is me just sort of saying you know this is what people are saying back to was just a few comments back however this really is available people just don't take it you can find stuff on the web you how it works completely you'll see another chair question put on this in just a second personal research stuff is out there if you want to train it it also is probably training going on at most conferences and things like that we can she find out what you need and also oh

sorry I thought was one more no well there we go right next one was compliance that's a top-five thing with compliance and this is one a fewer states so far about 49 people answer this I did share this on Twitter and LinkedIn if anybody wants to talk but we'll get inside in a minute with compliance being such a popular trend are we seeing more demand for GRC skills in job ads 380 50/50 slightly more yes the sort of thing I got from Twitter tweeted yesterday about this people saying actually yes we are seeing this the most people hiring actually they are people are looking for all-rounders which will go into w another question but just some of the comments we had

discussion coming up more often people understand government frisking compliance and compliance this particular job we're still very tech focused but job you're looking for I suppose if you're not looking for something with GRC it's not a huge thing maybe but seen this especially risk ones where job alerts are in this area people probably studio PR is a bigger issue is becoming I have become a bigger issue CCPA if you're dealing with companies in California PCI doesn't go away PSD to which is about payment services and does reflect quite a lot of stuff about GDP are probably worth looking at and yeah it's worth looking at and you can Akamai Oscar on the info security if you want

because I wrote about that recently so yeah that's PSD to next question then was oh sorry one more crisis is always mentioned for audio forensics rolls right next one so know about compliance now these are the framework to mean like PC IPS and PCI PSD to GD P RS gets the easy it lost with them do you understand what they mean how they different so so far 52 people have answered that majority and more positive 35% only 17 say no maybe just because it's been all over the news and it's hard to avoid it again it's very much this feeling of like you're able to teach yourself this you can pick all this this stuff up

pretty easily and gets up to speed with the basics lack of education maybe just because universities it's it's something that's rapid and is actually you know moving along very quickly so maybe it's not something they can adapt to that quickly I love that not heard of PSD to again what we worth looking up on if you haven't come across it yeah there's quite a lot of the material on there now this was a just sort of following all the compliance and the cloud thing we asked would you expect to company to train you on the job yeah pretty unsurprisingly 39 percent of the 52 said 39 39 percent expected only total of the 52 we asked have actually

said yes or giving us a more of a positive response so it's you know two of the biggest themes with around at the moment are actually being able to work in these kind of cloud environments it would expect training it feels business requirement they should companies when paper training if they don't have to take great training around online training if you can you know afford it or you have all the time to do it and yeah should in training your employees Randers that'll throw them in probably to train them and people leave but that's ladies almost there so this is the this kind of a huge thing going around actually around levels of experience qualifications we've seen this around in

research and it probably ones look out here is I Sarkar but I'm where job ads are sort of saying you know come enjoy come work for us all when you need your sis which was five years in from a five years experience okay well you wouldn't go in on day one start your sips training you're going on two years so that means you might have seven years which means you're probably twenty eight which by that stage you might want to buy a house if you're lucky if you don't live in London and or a city maybe Belfast the same now but yeah I'm achievable levels of experience of coalification which is preventing people from actually starting the job at all so

yeah slightly split slightly more in favor of the of the positive and they are see the job ads they require degrees some of you might still be at university or to the people we are talking to were some momentary worse after that university it's kinda hard to reach those people who've got straight in without degrees unfortunately it's just that's the way things are working which isn't the ideal recruiters don't know what they want or need and I think most people can probably resonate with that and next one fourteen year olds they want to be cyber ninja straight out of uni and pay them entry-level wages at self I someone cynical it was probably Brian they've probably

gave me that but yeah that is actually the yeah yeah one bit Brian cuz he's not a next gen person he's older than me so yes people entry-level wages that's unfortunate problem the way things are and have communication noticed of course with the board engagements that we put in there had they been taught to a level that you're comfortable with are you able to trap and stage like I am and wing it for a living you know you are you able to present in your hacking societies or things like that and again quite good numbers pretty splitter she 51 26 percent said yes someone comfortable it hasn't been taught see if you know actually be able

to communicate cyber issues to a board and the CEO or anyone in the industry and actually try and figure out what thing is going are you anyways you talk about it emphasis is being put on these abilities if you can't look someone in the eye and explain what wanna cry is or heartbleed is then you've got that sort of overcome and yourself and being able to defy producers in any organization right I think that's the last stat yes I just put onto the conclusion just sort of penultimate slide these are kinda just why I drew up from my own sort of feeling and so detection still a real problem for businesses however people have a comfortable dealing with malware

and incidents so it's things are getting a little bit brighter compliance even though it's a very present people getting better cloud isn't ever-present doesn't go away I think to believe the hype and automation automation things uh you know it's not going away it's two years present now the automation spin there and don't expect it to be so if we do this again in 2020 will price affect automation to go even higher because poor people are talking about it so just finish up then so if you don't report download this the white paper which is the original report is available for this URL white papers go back to about June I think June sickling he came out

the next gen stuff I've just been going through I'll be writing those up for interface security they'll be free to read much need to get around to doing it if you want to follow me I'm at then ready when we're at info security mag and that's my email address if you order I'm still looking for a few more people I'm gonna wrap up the research in about the next week or so if you do want to drop me an email and say yeah I'd love to answer some questions and as you can see the numbers everything's anonymize no one's being named no one's been shamed or anything like that it's all it's all good so with that I

think I'm about three minutes under and I will wrap up there any questions let me know otherwise huge thanks for coming today and I'll be collapsing in the corner somewhere Thanks thank you Dan anybody have any questions yes of course we have a serial question go that's good just in terms of the automation I noticed that you were sort of conflating that with AI but I mean in my hair mind sort of in the security space automation would be a much broader scope today I'm just wondering like is that what was coming through from the responses you're getting I think it's because we want to try and throw is quite an umbrella term a lot of people would talk about AI am

machine I look we don't have split the vote to half we want to try and get it under one umbrella a lot of this was if we broke me down we'd even have more than 31 friends I can't we saying yeah it is probably two different things AI is probably much if you put it this automation of machine learning we prefer on AI probably doesn't even fit it at all I would suspect that industry is itself is actually putting those two things together AI machine learning under a broader spectrum of automation I guess someone like me to determine if I want to keep doing that but now I get we're saying yeah II think it's probably one of those

things that we actually would look at and say you know actually next year if we do this again we might split the part so yeah though I was just thinking that control even like with automation of machine learning to me an automation would be like things like a sim dev where they would take the use case that the staff could develop and that's like human learning yet they're putting that into an automated form for dissection yeah I totally get that I think oh yeah it's something we probably consider if we did this again yep don't appreciate you thank you thank you any more scanning scanning scanning scanning 360 it after a couple of years of doing this is there anything that

surprises you that hasn't been in the reports such as industry like such as IOT yours Allison Nelson came up yeah that's that's a great point IOT yeah I probably have actually got the array the first he was about 31 so counting them yeah IOT I think would be one I would be surprised that ransomware as a sole trend didn't come out more I think we put it in as malware cuz there's a lot of people citing you know web most web-based attacks I'll probably fishing in there just get ransomware is an interesting one fishy for this year because it was being predicted to be over and then gang crab retire and then they came back again and now it's it's a

consistent trend again I think we come back but yeah that would probably IOT would be an interesting was I think a lot of people in mobile as well actually Mobile's not really been in this might fall under agile and transformation actually mobile but I still get people coming to me that you want to write about BYOD did we not do this ten years ago with with iPhones but yeah maybe mobile IOT and that might inform the same trend for people so promote working but no it's good good point yet all right done thank you very much they thank you over my man [Applause]