Frank Raimondi | From Vulnerability to Victory: Mastering Cybersecurity with the Right Tools
MSP Business SchoolFebruary 27, 2025
221
27:4539.38 MB

Frank Raimondi | From Vulnerability to Victory: Mastering Cybersecurity with the Right Tools

Join Brian Doyle on the MSP Business School podcast as he has a fireside chat with Frank Raimondi from Nodeware. This episode provides an engaging exploration of the critical importance of cyber hygiene for businesses heading into the new year.

It highlights the evolving responsibilities of MSPs in the cybersecurity landscape. As Frank delves into the intricacies of effective cybersecurity strategies, he also shares news about his new podcast venture, "Frankly Speaking," bringing fresh perspectives to existing and potential Nodeware users.

In this insightful episode, listeners will gain valuable knowledge about essential measures for reinforcing cybersecurity, including vulnerability management, multi-factor authentication (MFA), email security, and security awareness training.

Emphasizing the importance of proactive cyber hygiene, Raimondi speaks to the expanding role of penetration tests and third-party risk assessments. The conversation also touches on the growing necessity for MSPs to guide their clients through the changing cybersecurity terrain, with businesses realizing the significant risks posed by inadequate security measures. This episode is rich with strategies to boost security postures and reduce potential liabilities.

Key Takeaways: 

  •  Cybersecurity as a Priority: Implementing strong cyber hygiene is crucial for businesses to safeguard against claims rejections and ensure better engagement with their customers. 
  • Proactive Measures: Tools like vulnerability management, MFA, and security awareness training play a significant role in reducing cybersecurity risks.
  • Human Factor in Cybersecurity: Emphasizing the cultural shift towards cyber awareness and making staff a key line of defense against potential threats.
  • Value of Penetration Testing: MSPs are encouraged to offer penetration testing to evaluate and reinforce their clients' existing cybersecurity measures critically.
  • Expansion of Cyber Services: MSPs have lucrative opportunities by adding more robust and comprehensive cybersecurity services based on emerging threats and client demands.

Show Website: https://mspbusinessschool.com/ 

Guest

Name: Frank Raimondi 
LinkedIn page: https://www.linkedin.com/in/frankraimondi/
Company: Nodeware Website: https://nodeware.com

Host

Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/
Sponsor vCIOToolbox: https://vciotoolbox.com

 

Listen to MSP Business School on the Fox and Crow Group Your IT Podcasts Network!

[00:00:00] Hey everyone! We know we gotta be cyber vigilant to stay in front of the threats that are emerging in front of us. But today's chat with Frank Raimondi will really help you zone in on some simple tactics you can take to improve the security in your organization right now. So let's get to it. Welcome to the next episode of MSP Business School.

[00:00:32] Hey everyone! Welcome to the latest installment of MSP Business School. I'm Brian Doyle as always joining you here. And I apologize for my distorted picture for those of you seeing it on YouTube. I'm on the away game and I forgot to bring my webcam with me. So native laptop tools, not, you know, for a guy that's already got a face for radio, I don't need anything else really hurting this. But, you know, as always, I like to say nobody's here for me. They're here for my guests. And I'm really excited today. It's somebody you're,

[00:01:01] that's familiar to the show. One of the people that I love hanging out with on the road. And today joining me for a little fireside chat is Frank Raimondi from Nodeware. Frank, good to see you. Thanks, Brian. Thanks for, thanks for the time and your overall effort on the MSP Business School. I love the consistency and outreach and educational play. It's wonderful. You know, all of us have our little fun things and I don't want to gloss over this. You just kicked off something new as well. And I want to help our listeners help find

[00:01:31] you. You've got a new little podcast going on with a new little partner. Why don't you share a little bit about that? Yeah, we added a long-term channel guy, Frank Gurney, to the company in the fall. And we've been brainstorming on different things and we had different impetus to do it. But we, given that we're Frank and Frank, we're kind of like, well,

[00:01:54] should we do Frank and beans, Frank and this, you know, between two Franks. And we ended up doing, you know, Frankly Speaking. So we're doing a monthly podcast just with different guests, different topics. And, you know, very little commercial element to it. The first one we did, which is available on YouTube, you can look through

[00:02:16] the other, is on just how to add, you know, why adding services to your MSP is valuable and cybersecurity services in particular. Things like penetration tests and third-party risk management and all that. So yeah. So thanks for the plug. And I'd love to, you know, well, the next one, we're mid-February, we're either going to be the 14th or the 13th or the 23rd. I don't know. We'll let you know.

[00:02:42] Listener, by the time we get this posted up, they'll probably have that date firmly up there. And, you know, we'll make sure that we have a link to that in the show notes as well. So if you want to jump in, we'll, you know, we'll make sure that you can find the Franks in Frankly Speaking. But today, Frank, I think we're going to talk a little bit about just general cyber hygiene. You know, something that has become, you know,

[00:03:06] this cyber has been a conversation forever. But as we head into the start of any new year, people are looking at their new ways of communicating with their customers, new ways to kind of engage their customers. And, you know, what are the topics that we're going to be talking about? And overall, cyber hygiene has really become a very important topic as people are finding things like cyber insurance carve-outs happening when claims get made and more claim rejection. And everything starts with getting a little bit of a

[00:03:33] foundational push. So, you know, I'll kick it off to you. Maybe you want to start the conversation a little bit on cyber hygiene. Yeah. So good, good, good point of where this is going. And, you know, a specific example is just looking at, you know, maybe two years ago, three years ago, vulnerability assessment, right, was kind of a key thing of check the box. Yes, I'm doing this. Okay, here's my insurance, you know, request a premium renewal. Good. And, you know, if you think back to, you know,

[00:04:02] even insurance requirements were, you know, 20 years ago in a car, right, when seatbelts got added, or airbags, right, the same kind of thing where the insurance companies kind of drove the need for better preparation, reducing risk of them having to pay out, right, on an injury, right? So think about the same way. It just changed, changed from a car to a business and cyber needs. And so part of that, you know, if you're thinking about

[00:04:30] how do you reduce your risk, how do you reduce your health risk, right? The simple model of, you know, you go to the doctor, they tell you to eat less and work out more and do better. And, you know, okay, you go away and you start to do these things. And it's like, yeah, but how do you really know whether that's going to work or not? And, you know, you go back again, kind of, again, proactively looking at, can you test my scores? Can you see how I'm doing? You know, in the cyber world, that's, that's really kind of coming

[00:04:58] down to knowing what your assets are, right? You can't protect what you don't know without being, you know, if you don't know what's there, you need to know what's on those devices and whether it's a SAS alert program or, you know, Alvik's got their SAS management program used to be SAS Leo, you know, things that are looking actively in an environment. And so what we've kind of narrowed

[00:05:24] it down to and what we've promoted and again, somewhat selfishly, but in general, the hygiene area of, uh, and cyber hygiene areas is vulnerability management and start with that. Cause that's what we do. Um, but whether it's us or anybody else, you have email security, right? You've got to be catching and protecting that user, which as we all know is whatever high, huge percentage of problems come around because of a user error or user clicking on something they shouldn't. Um, the next one is

[00:05:53] MFA, right? Everybody knows MFA and that's usually the first one that gets picked off by insurance companies as being not compliant and not actually doing it in its grounds for dismissal of a claim. Um, and then the fourth category in there that we look at is security awareness training, right? Those are things that making sure the employees are smarter are doing, you know, doing continuous training and learning to what's, what's going out there. So that, again,

[00:06:20] that broader category of the cyber hygiene is really a growing need, whether it's compliance, which you know all about or insurance, or, uh, it's kind of one of those like, duh, right? And it's, it's a very obvious play. And, um, what we're just trying to do a little bit more promoting this year is driving the messaging of, you know, it's not, you, you, I mean, you still have to have the MDR tools. You still have the XDR, you still have tests and you still have to have all the things

[00:06:49] that are required, but, um, there's a balance here and the better you do on the upfront of the proactive, the less you're going to need the other tools. So, well, you know, really what you're diving into there too, is the human factor, right? A lot of these things tie back to the humans that are actually operating the machines and making the decisions, uh, in real time. And, you know, I've been reading a lot about, you know, building a culture of cyber awareness within your organization,

[00:07:14] empowering people not to feel like that when they make a mistake, don't tell them, you know, because you're going to get in trouble, but more, Hey, I think I clicked on something. It might've been nothing. Let's communicate it out. Right. So when you start looking at cyber hygiene, you know, it certainly starts with building an overall culture in your business that, Hey, we all need to be vigilant. People make mistakes. Don't hide your mistakes come forward. Those aren't going to be punitive. Right. And then that ties into everything you're talking about, knowing where your assets

[00:07:43] are, making sure these guys aren't bringing in rogue assets, you know, understanding shadow it considerations through those tools like SAS, you know, SAS alerts, finding out what applications are running. And, you know, this is kind of a, it's really changing the RMM model in a lot of respects too, you know, because the assets are now the cloud assets more than the, uh, things that are sitting on your desk and the applications that were installed locally. Yeah, absolutely. No, it's, it's, it's really fascinating what people are finding in their

[00:08:11] environments on their systems. Um, and you know, you, you can't, you know, it's easy to think about the PC or the Mac, right. Or the server that's, you know, interfacing out, but you know, the, the, the growing relevance of IOT devices and where they play and what, you know, what, how many open ports do they have? And, you know, again, if it's, if it's got an IP address, it's, it's accessible, it's exploitable and, you know, you got to minimize all of that at the front end.

[00:08:41] Yeah. So, you know, again, uh, as we head into this new year, almost every MSP I talked to is looking at how to broaden their security stack, how to add new recurring revenue about it, how to take more of a position. And certainly, you know, there's a counter conversation going on. How much liability do I want to take on as the MSP as well? And, uh, that might be a future conversation that could be had, but, um, you know, the reality is they're all looking at bringing in new approach

[00:09:06] models and certainly setting up the foundational layer of cyber hygiene. It's amazing to me, um, Frank, and I guess this will be a plug for you in a roundabout way, how many customers are still not doing vulnerability scanning? You know, obviously part of my world is asset management and asset governance within our platform. And I'll talk to customers who are so concerned about these kinds of things, but they're only doing it at the product life cycle level. And they're not looking at the

[00:09:31] application vulnerabilities that go beyond windows patching and other things. Yeah. And, you know, it's, it's, it's huge. I, we, we, we see it a lot in one of the, the, again, there are, there are resource constraints, right? There are issues that an MSP might have, you know, they might roll out, you know, get an entire program, somebody else's that roll out home building management and they roll it to one or two customers. They specifically needed it or

[00:09:58] requested it or, or, um, or, or whatever, but they say, well, you know what, I came back with so much results that I, you know, I don't have the time, the resources, the bodies to, you know, if I, if I roll this program out to everybody, um, then, you know, I'll have too much work and it's like, that's not a good excuse, right? That's, that's putting your head in the sand as an ostrich would do. It's, it's, it's avoiding the obvious and, and, you know, you were kind of referencing there

[00:10:26] that you got to start somewhere, right. And you got to have a path or a plan and yeah, I'm going to, I'm going to come back and I'm going to see that, you know, I've got 10 devices with, you know, each of them has three critical vulnerabilities on it. Okay. Well, and it might have 30 others, right. Okay. Well, don't worry about the 30 others right now. Let's get the 30, the three that are really critical or, you know, we've added a new feature of, um,

[00:10:51] the EPSS scoring and which is, which is a finer element of, of explaining and putting a percentage on the risk levels that, that, that device is going to be exploded or that CVE is going to be exploded in the next 30 days. It could be on your device, could be on somebody else's, but it's, it's another prioritization level of bringing this in. And, um, so we, you know, we're, we're looking at partnerships with support organizations that can provide, um, you know,

[00:11:20] maybe it's a 10 hour block, maybe it's a 20 hour, maybe it's a retainer, the, uh, you know, time used, um, that can help an MSP without having to add the bodies, but still provide an extra level of protection, you know, somebody that could be versed on our product and some others and, you know, help them SP, you know, if they see that an EPSS score of 90%, well, they, they attack it, they approach it, they fix it before the MSP is even known about it. Right. So, um, there's,

[00:11:49] there's ways to get around this and it's, it's a bit of recognizing what's there, prioritizing, you know, the, the steps and the timing that you need to do those. Um, but, you know, it kind of goes back to that being, being prepared, but also showing that you're doing something right. If, if that, if your customer does get, you know, breached or if, um, you know, somebody says, well, you know, I need you to do and all this, well, you're showing a path, right. You're showing a progress and you're making, you're making all the best

[00:12:17] effort, right. Nobody can do everything, but you're making the best effort. And that's what it really comes down to. Well, you know, Frank, I, I hear every day about how people tell me that their business reviews are falling flat. Right. And part of that is because the focus isn't on the risk and isn't on what the customer needs to do to tighten their responsibility in some cases. And by showing that path and helping them understand where those gaps are, it's something that's real time. It's something that can be improved upon today. It doesn't

[00:12:44] really require a lot of capital outlay in most cases to make some of the corrections that come out of shadow IT, out of vulnerability management, really more. It's a, you know, it's making sure that, uh, you're communicating out to your team things that they shouldn't be doing. And then your tech teams are taking care of the small things behind the scenes, a lot of which could be automated. Yeah, no, absolutely. And I'll take it one sort of degree of more, it's a little bit more, a lot more complex, but a lot more involved, um, you know,

[00:13:13] from the, from Bowling Bin Management is, you know, sort of stretching out to a penetration test, right. A lot of people kind of mix those terms up. And so maybe we can do a little definition, uh, on that, but, um, you know, penetration test is an external third party, right? Management, phone building management and MFA, you're doing that internally as the MSP protect, you know, you're setting that up. But a term penetration test is, you know, after you've gone to the doctor and you've been told what you do, you go onto the treadmill and

[00:13:42] you do a stress test, right? And that's what, that's what a pen test is, is really taking, taking an outsides view, right? A white hat, you know, hacker coming in and trying to do, do the bad stuff, right? And see where it goes and report out. And again, those, you know, typically those produce a big report of specific actions and POAs and all that right terms, right? They will go through and say, you know, if somebody came into here and then it was able to connect

[00:14:10] there and they were able to connect to that, they could have access to that. So, you know, that, that, that plan. And again, that's a pretty detailed plan and a lot of companies have to do these by, you know, twice a year or at least once a year. And again, you're going to come back and see, oh my God, there's so much stuff that we need to do in here. But again, if you, if you tackle and hit the priorities, make your progress, you know, you'll, you'll, you'll have a better report next year.

[00:14:39] So, yeah. And I mean, that's a huge services opportunity for the MSP community too. Even if you don't have that skillset internal, you know, Frank, I'll promote for you and put this out there, but your other hat is with IGI global, which is really the services arm inside of your organization. And, you know, there's groups like yours that can go out and do these rather relatively cost-effectively where the MSP can make a little bit of margin too, but also really get, you know, versus some of the automated tools out there that you read about,

[00:15:08] you're getting the penetration test and human analyzing the result to really dictate what the output is. And, you know, I think a lot of the MSPs have shied away from the penetration test conversation because they just know they're not equipped to do it. Right. Well, they shouldn't be, they really shouldn't be doing it anyway. If anything, you really want them being out there too, because in essence, that penetration test is going to maybe show you where you need to shore up on the customer's dime. You know, you're in.

[00:15:36] Yeah. And I think there's some hesitancy to promote a pen test because, you know, it's going to, it's going to divulge things that maybe the customer thought they were already done. But I think there's a counter argument to that, that an MSP can very easily make. There's only one way to truly protect yourself, unplug everything and, you know, turn them off and unplug them. Right. Obviously that's not feasible, but there's something to be said. Hey, new threats come out all the time. Networks get more complex. You know, we continue to make additions,

[00:16:06] both what we manage for you and additions that you make on your own that sometimes we're not aware of. And by doing these tests, it gives us the opportunity to make sure that we're not getting too far away from where, where the core source is. And when you're having a cyber hygiene conversation, I think that's a very relevant one you can have with the customer. Because again, that back door might not be through the MSPs doing, but they're afraid of showing it. It could be from a link somebody clicked on phishing wise. Right. And now it's made an exploit that, you know, has yet to identify itself until you get a pen test.

[00:16:36] Yeah, absolutely. No, I think, you know, it's, it's, you know, we're, we're seeing actually with, with some of our customer sets, we're actually seeing that have been using the birds, you know, sort of doing the right things. They we've gotten, I don't know what the percentage has been, the large increase in this year, last month of 24. And so far this month of MSPs realizing that they do need to pen test. Right. And, you know, it's, it can start at $3,500 costs for, you know,

[00:17:06] a reasonable starting point, but it's a true report with human eyes on it that, that is, that is actionable. And their customers are, are recognizing they need it. Right. So it's, it's a very, it's a very interesting new, new tool to, to, to have in your toolbox. Right. Again, it's something you offer, right. It's, it's, it's the margin play. You can buy it at X cost and then, you know, the, you don't even want to deal with the dollars. You know, there's ways to just

[00:17:33] have the end user pay for it directly. You just kind of oversee it. I don't want to gloss over something though, that you just said there, Frank, that kind of spurs a different conversation. MSPs are starting to get more aware of the problem starting with them. Right. And they're becoming more vigilant and making sure that they're doing the right things. We used to always make the joke of, you know, shoemaker always takes care of their shoes last. Right. Or whatever that lovely saying is. I never get those right. But, um, you know, something like that, but everybody gets the gist.

[00:18:03] And, but what I'm seeing a trend to is more MSPs doing annual pen tests on themselves and their systems starting to go out and get sock twos. Um, there's a, you know, I'm, I'm finding a lot more of the MSPs that are coming to our door being sock two certified or working towards a sock two assessment or an ISO assessment, depending on where they're located. And that is something unique, um, that I'm,

[00:18:28] I've just started seeing over the last 18 to 24 months. And you see it as the, uh, the, the, you know, the five person MSP or is this the 25 and I mean, to be fair, you know, it tends to be a more mature MSP. You know, I, I look at the MSPs that they all go on a journey and I don't equate it necessarily to size, but it's usually service delivery mastery and some level of account management mastery. And then it becomes organizational mastery. Right. And, you know,

[00:18:57] those might not be the accurate terms for it, but then they start looking and going, all right, I got my services on lockdown. What can I do to be better? What can I do? And, you know, there's an element of marketing that goes with sock two too, right? You know, if you're in the, uh, if you're in, in a local market and you're competing with a couple other folks and you have it and they don't, you know, you're certainly going to highlight that during the call. Hey, we take security so seriously ourselves. We're certifying ourselves. Well, we're getting external certifications next year to make ensure that we're doing it. And, um, you know, I've always said that with the

[00:19:26] certifications, there's a bit of marketing as much as there is, you know, due diligence, but the truth is the marketing is just the benefit that comes out of doing the due diligence. Yeah. Yeah. No, that's interesting. Um, yeah, we, we, we've seen the, I think, you know, I think the end users are sort of realizing that, you know, again, whether it's a compliance or an insurance requirement, or if it's just better awareness of the, you know, what they need to do

[00:19:52] to protect their business, um, it's becoming a more, more regular thing. So we're getting, actually the other, the other, the other piece in that mix, uh, I'll just add in there that, uh, um, that we've started offering that, that is part of the mist, et cetera, um, is a third party risk management, right? So the supply chain management and risk management, um, again, it's being required. It's both for the suppliers up to you or up to your customers. And then,

[00:20:20] you know, the, the links that your customer has into other people's in their, their customers. So there's some, there's some tools out there. We have one that, uh, it's, it's pretty, pretty powerful, um, that, you know, an MSP can offer, right? It's again, it's something they really, if they're doing it on their own, it's in a spreadsheet. That's just a thing they ask to manage. Yeah. We're seeing that a lot as well as, you know, our, uh, partner MSPs are doing governance as a service programs, leaning on our cyber and GRC platform.

[00:20:49] Uh, we've got third party risk management capabilities within there as well. And, you know, they're taking on those vendor assessment components, managing the remediation steps, making sure the risk is being mitigated. And this is a whole new, um, opportunity that's really being driven through things like CMMC, where your downstream vendors have to adhere to some level. Some absolutely have to adhere. Some are guided to adhere, you know, some are

[00:21:13] truly required. Some are just being told they should be. And, uh, it's really getting the customer more aware about third party risk management, which is really making it a nice story for the MSPs to talk in. Yeah, no, absolutely. No, it's, it's, it's fascinating. It would be, you know, as we go out on the road this year and sort of start, you know, talking to more MSPs about what they're seeing, what their customers are asking for versus what they're trying to push.

[00:21:40] Right. And it's always a interesting tug and tug of war back and forth of, you know, showing, showing value, showing your trusted advisor, love status, trout, you know, showing, uh, you know, recommending to them and they always have this, well, you're selling more, why aren't you doing that already? So maybe, maybe the end users are starting to get a little bit more educated that, um, they need to be doing more and they're less resistant to an MSPs offer.

[00:22:08] Yeah. Well, I think, you know, I think the big picture as we kind of get near the end of our time together here is the customers are becoming more aware that they need to do things. The push and pull about in resistance to cyber projects at a pure cost level, you know, the customer's understanding it's not the cost of the tool anymore. They're really starting to understand it's the cost of the loss that is drive, that needs to drive their action. And, um, you know,

[00:22:33] that's a very fortuitous thing that's starting to occur because that certainly benefits the MSPs that are trying to have these conversations. They're, you know, becoming, um, met with less resistance. And I think overall in, in the, you know, in our, you know, in our country, you know, in opposing countries, I think everybody's starting to understand cyber vigilance. They've seen the breaches, they've seen utilities get shut down. They've seen the things that make them understand, Hey, we, we need to, you know, we need to be better. And it's really opening up

[00:23:01] doors, but more importantly, it's giving us the opportunity to share, you know, different ways that we can approach things. Yeah. No, it's, it's, it's going to be a new, it's going to be an interesting year as well. Just can you mention on terms of regulations and watchdogs and, and things that are, I think a lot of things are going, it seems to be so far and other things may be coming up in their place. But, um, the good, as you said, the good, the good news is I think most end users are starting to realize that they're not immune, right? I think too many people

[00:23:29] thought for so long ago, I'm so small, who cares about me? Um, and they're starting to read what, you know, simple example, right? How many texts you get a day of hi, hi there. You know, it's been a long time since we talked, who are you, you know, or the UPS, you know, package undeliverable. It's amazing. All those things, right. Are just crazy. And we, um, you know, it, so it's, it's, it's, I think it's realizing people are kind of realizing, oh, okay, maybe it is, maybe,

[00:23:57] maybe it's a random target, but it's a target, right? Um, you know, those things, obviously, while bad in the big picture are good in some cases, because it's really driving us, you know, they always say everything starts at home. Right. And, uh, you know, these are now cyber conversations that are happening at dinner tables that wouldn't have happened, you know, with your younger connected kids, with your spouse. And all of a sudden you're saying, just don't click on links. If you don't know where it's coming from and you weren't expecting it, it's probably not real. Right. And these are things that, you know,

[00:24:26] 10 years ago, we were never discussing internally, but now as common conversation. And I think those that are running small businesses look at it and go, all right, well, if I got this problem with the five people sitting around my kitchen table right now, I got 50 of them that are eating at my lunch table at work. And it's the same, you know, the same habits are going on there. And I know it sounds so primitive, but when you started something that really is personal, all of a sudden it kind of translates into, wow, can this be happening

[00:24:53] to my bigger picture? Right. And I think that's, what's really driving the conversations forward. Yeah. And one of the folks I've talked with this week that he's got a free service, it's check text at, shoot, now I'm missing up. I'll have to put it in, I'll send it to you for the notes. Yeah. So we can put it in the notes. But it's a service where basically for free, you can, if you get one of these texts and it kind of looks legitimate, but maybe it's not take a screenshot, send it this email and they kind

[00:25:20] of are gathering more and more resources on, on evaluate, you know, stay away or no, this went legit. It's just whatever. So let's just take, again, a little comfort level to, to, to pass along to your customers. Because again, we're getting so many of these in a day that's like, oh my God. Yeah. I bet you, I mean, you know, this probably speaks to me being a mid fifties guy, right? You know, I get more texts that are junk texts than I probably do legitimate texts for the first of a day.

[00:25:50] Very likely. Absolutely. But anyhow, well, Frank, any closing thoughts before we wrap up today? Well, I mean, again, I think just, just, you know, be practical, right? With your customers, be, be, you know, be proactive, right? It's the bottom line, right? You need, you know, your customers need to be more proactive about protecting themselves. And you can help them do that. So think about these cyber hygiene elements,

[00:26:15] where one piece of it, love to talk to anybody that has a question or, or just, you know, wants to chat through how they can approach their customers. And again, I think, you know, generally this is not a selling an individual product discussion. It's selling the promise of, of protection and proactive protection. So think about it as, you know, these, the, these four things we talked about is cyber hygiene, right? Well, building management,

[00:26:42] MFA security, email security, and security awareness training. Those are things that, you know, that's a four for four, right? If you're not selling all four of these, you're not doing, you know, if you're not selling all four of these as a package to your customer, then you're doing yourself and them a disservice. So think about how to, how to launch those together and not sell the individual line items. It's selling, you know, that promise of proactive protection. Well, Frank, it's always great to catch up with you. And, you know,

[00:27:10] I look forward to seeing you out on the road as well for the listener. If you want to get in touch with Frank, we're going to be putting his LinkedIn profile, of course, in the show notes. And of course you can just visit nodeware.com and engage with the team over there. If you want to learn a little bit more about their vulnerability management products. In the meantime, I'd like to tell you, listen, remember you could download this podcast anywhere you get your podcasts, including YouTube. So please, you know, please hit that subscribe button. So you stay in touch when we have new episodes,

[00:27:38] Frank, thanks for joining me today. And we'll see you again soon. All right.