Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Violet Sullivan - The Queen of Cyber Privacy
106 Plays11 months ago
We've got a good one for you today, folks! Violet Sullivan brings her signature humor and passion to the InsurSec Podcast. We talk all things privacy legislation, insurance industry jokes, the origins of her sticker habit, and more. Her unique career path provides a lot of valuable insights across cybersecurity, privacy law, and now insurance. If you haven't followed her prolific LinkedIn and Twitter presence, do yourself a favor and DO IT!
Recommended
Transcript
Introduction to Violet Sullivan and her journey
00:00:19
Speaker
Welcome to the ensure sec podcast I'm your host Abe gifts and we got Brian done with us here as well and our guest this week is Violet Sullivan and
00:00:29
Speaker
You probably know her. If you listen to this podcast, you probably listened to her many LinkedIn shows that she puts on, which are fantastic. And we're super honored to have her on the show today. Welcome. Thank you, Abe and Ryan, fellow creators, creatives.
00:00:47
Speaker
Yeah, absolutely. Well, I always like to, I like to, to hear people's stories because there's always something similar and then there's always like unique parts to it when it comes to people in this industry, right? So I always say, take us back as far as you want. Two people fell in love or wherever you feel relevant.
00:01:06
Speaker
Oh man. But I feel like, I don't know if you have this in podcast world, but as soon as you record more than two, you're like, dang it. Did I say the same thing on the last one? Because people are going to be so tired of my origin story. I'll try to mix it up a little bit to say I am by like a lot of insurance people. I think when I came to insurance, I was like, whoa, there's a lot of lawyers here. I'm not unique. I'm not special. Like my mom told me I was.
00:01:32
Speaker
But the insurance side was one of those, I mean, cyber in general, people drop into cyber, people find their way into cyber, whether it's someone throwing something they didn't want to work with on their, on your desk, or you just kind of look into the right place, right time. And mine.
00:01:49
Speaker
was right place, right time.
Entry into Cyber Insurance during the Target Breach
00:01:51
Speaker
I did criminal defense out of law school. I worked for the public defender's office. I went to oil and gas to try to make more money and then thought, oh, I need to figure out how to get back to Texas and thought, oh, oil and gas is perfect. Great trade that I picked. Well, it wasn't a great time in the price of natural gas. And so I settled for a job in cyber because I was like, well, I guess I'll do this thing called data breach, even though I didn't know what it was.
00:02:19
Speaker
It was the year of Target. It was an awesome place for me to fall in because it was kind of truly filling a gap that people assumed lawyers could only be in the law firm, and then technical people could only be on the tech side, and then that was all you needed to respond to an incident.
00:02:40
Speaker
I fell into a company called All Clear ID and we worked with the call centers and the breach notifications like the actual printing out of all those pieces of paper that say you have been affected by an incident and you don't think about all of those missing pieces of how
00:02:56
Speaker
You get that thing in the mail, right? The stamp has to get on there somehow. And someone is figuring that out and someone's QAing the address. I was on the team that was putting all those together for Home Depot, for Sony, for Anthem. So responding to mega breaches was like my entry into the market. I got into this world and I think there was something awesome, I will say, about
00:03:23
Speaker
getting thrown into something that was recognizable at the time. People were like, oh, you've been through the same trauma. Like you've been up at 3 a.m. working on QA of like this
Transition from Forensic to Insurance at Common Forrester
00:03:33
Speaker
stuff. At the time we were like, how does this matter? Does this matter? This is, you know, like everyone was trying to figure out what it meant. But I think because I started in the obscure way, that's the finishing, that's the finish of my story is I've always gone to more of the obscure
00:03:50
Speaker
placement from my skill set. So I went from what I call operational response. That's what I kind of call that call center, you know, all the printouts, incident response in the only operational, non-technical. I went from that to preventative risk management, a tabletop world and, you know, hypotheticals and beautiful compliance frameworks, GRC stuff.
00:04:15
Speaker
for, and that's where I learned the insurance side. Cause I served a company, I worked with a company that served seven different carriers and white labeled their portal. Um, so it was called e-place solutions and no one knows that name cause it was always labeled the names of the insurance carriers. So I got to, I think that was fun. I know you have a lot of brokers here because I got to make the brokers look good. And so they always like were so nice to me because I was like, oh yeah, there's a bunch of free services. The carriers have already paid for.
00:04:44
Speaker
Um, here it is. And they're like, we didn't know it existed. We didn't even know where to find an IR plan or a HIPAA risk assessment. Um, and so I think, um, from there, I kept wanting to be more technical. It's like, I kept answering the virtual CISO calls, which ended up being all privacy questions, even though they called in for CISO. And they're all compliant, either compliance, check the box or privacy questions. Cause it would always be.
00:05:10
Speaker
I don't know about PCI DSS, what merchant level do I fall into, or HIPAA, or some other framework, and it wasn't really a technical. It's not like they called saying which EDR solution are you
00:05:23
Speaker
Like, can you compare them? That happened like once a year. It should have happened more, right? If it was free for them to ask questions, but it didn't. And I decided I wanted to be more technical and I went on the forensic side for two years. And now, as of a couple of weeks, or I guess when this airs, maybe a month, I'm on the insurance side. So now I'm no longer a vendor. I was always a vendor, never a bride.
00:05:49
Speaker
I was, I was on the side for 10 years in cyber and now I'm on the insurance side and I love it. I know that was, um, it was crazy cause we had it scheduled and then I was, I was thinking like, we're going to interview Violet, you know, from the forensic side of things. But then like that morning I see the post that you made the move to Chrome Forrester, which I was like, Oh, that's, that's perfect. Take us through, take us through how that happened.
00:06:19
Speaker
Oh man, that's another funny. I mean, like we're going to get into this, aren't we? Okay. So I was about to ask if you were disappointed when you saw that I was on insurance. I guess you have enough insurance people that you were. No, no, no, absolutely. Okay. So it was a soul searching journey and I'll try to speed up and just say I had been thinking for eight months.
00:06:43
Speaker
I knew and in my mind, I knew I was itching to go to the insurance side and I actually battled for a while on broker versus carrier. And a lot of people were like, you're a broker personality, like you fit there. And then I would talk to the brokers and I'd be like, I agree with that, but there's this other part of me that wants to do this. And so I really feel like, I mean, and really it's part of what I found on LinkedIn through trial and error is I like,
00:07:10
Speaker
different topics. And one of the things I love about LinkedIn is that I can talk to different audiences, right? You can talk to the underwriters, the brokers, the insureds, the technical vendors, the operational vendors, the legal counsel. And I found that in the spot that I got hired for Common Forrester, it really does interface with all those different groups. And so it's kind of like the, you know, it's called the cyber solutions team that I'm leading, but it really is kind of
00:07:41
Speaker
The audience is what attracted me. I get to work with all those players, all those people, and I like to help other people kind of connect to solve the problem.
Navigating Industry Languages and Compliance
00:07:52
Speaker
Yeah. I find that super fascinating because you are probably the only person I've ever talked to that can, because each segment has a different language, right? Brokers speak a certain language, underwriters speak a certain language, language, forensics.
00:08:06
Speaker
And you have been on all facets. You've been on the front end of the compliance side, you've been on the broker end, and then as well as the underwriter side, and you've been on the backend of things when things go wrong, right? So far, what's your favorite piece? What do you love about each segment?
00:08:27
Speaker
Oh, that's a good question. Oh, this is fun now. We can put them in high school cliques. We could be like, this is cute, right? So first of all, the privacy nerds are like the purple hair drama geeks, okay? So privacy nerds are the ones that are so optimistic about being that unique flower and putting themselves, and I love them because I have
00:08:49
Speaker
text chains of like privacy squad privacy nerd but it's so idealistic because their goal is that everyone respects everyone's own consent and requirements and doesn't
00:09:03
Speaker
think about the way insurance, and this is why I like insurance, they think about making money, and so privacy's like, oh, you want to have economic benefit from that? I thought you just wanted to play by human ethics and rules. So there's like this conflict, and that's why I really like on the security side, when I was studying for the CISSP, it totally clicked. I haven't taken it yet, I just keep saying I'm studying, so I'm somewhat relevant.
00:09:29
Speaker
Is that if you have privacy, they have the rules in place, right? This is how you, this is what the data is that special. This is what you do if it gets messed up or if you screw it up. Security is the way to play by the rules. Like it's the mechanism of safeguarding that data. And then it just was like, Oh, okay. Because in privacy world, they never explain how, or I'd take that back. They'd say privacy by design, but even that's a concept that's very fluffy.
00:09:59
Speaker
And I think you talk about the best parts of each so I picked on that first because that's what in my mind I've always kind of joked with my privacy friends about like we're too idealist in that part of the world and sometimes the insurance side is way too competitive business focused not thinking enough about the repercussions of the actions with security decisions and privacy decisions.
00:10:24
Speaker
So I don't know what my, I don't know like which side I like the best. I will say security people. I've learned that you just have to let the know it alls know it all on the security side. Right. But I think the other interesting thing on security is I think when you.
00:10:51
Speaker
I think it's really hard to find someone that can translate it. And even when they say they can translate it, they still might use only business words to translate it. But the security people are very helpful in understanding the levels of risk because just like a risk manager might be able to see all of the different types of policies that's needed from, you know, EPL, DNO, like all of these different, um,
00:11:18
Speaker
policies and programs that they need to be involved in because of the risk of the industry. The cybersecurity person is almost like that in a micro perspective where risk managers macro over all the risk. Security is really just thinking about like literally the locked doors to the server room and the virtual cloud and the virtual machines and all of these
00:11:42
Speaker
imaginary places is a lot, you know, not imaginary, but the places on prem, the places in cloud, the hybrid environment, the people that interact with the devices. And meanwhile, they're dealing with an immense amount of people that don't even realize they're using technology every day and that that technology is because they've set the foundation of secure transactional networking.
00:12:09
Speaker
Um, so I, I really respect security, the more and more technical I get, but I do call them out as the know-it-alls of the group. Um, even more so than brokers. Right. Um, but I think I love, and I just got off a phone with someone from Alliant that I was a new friend that I made. And, um, I was like, man, they're the realist. They're the ones that tell you what the, what the insured is going to do or not do.
00:12:35
Speaker
And they're the ones that just kind of lay it out there, like the common sense. So that's why I think other people hopefully said I was a broker, not just because I'm gregarious, but because I like to break things down to basics. And man, it was so interesting. He was bringing up the fact that, um, all of these scans that people are doing, like all the scans, he was like, my client.
00:12:58
Speaker
looks at this and goes, well, crap, now I just have to go cover my, you know, cover myself more because you just pointed out a new liability when I was already doing all this other stuff to focus on liability. So I think that there's nothing wrong. You know, I think the scans have, we just kind of oversaturated. I still think they're a very valuable resource for underwriting and a very valuable resource overall to look at risk.
00:13:24
Speaker
I think what the broker pointed out to me today that I was like, man, that's so smart is that we need to think these things in the context of how they're received and not just how they benefit us. It's kind of like when the vendor comes and tries to solve all our problems and we say, we didn't have that problem. So I like the brokers. I love that. I love the underwriting side because I just found out and don't make fun of me. I just found out the underwriters were in their own way selling
00:13:53
Speaker
the policy to the broker and they had to like prove the value. And this was only a year or two ago. Someone told me that and I was like, I thought they literally just wrote the paragraphs. Like I thought the legal, you know, brains that just sit there and wrote paragraphs for a policy and worked on the wordings. And I didn't know they were more of this like overarching persuasive body for the carriers.
00:14:19
Speaker
Yeah. It seems like such an interesting group of like checks and balances almost, right? Everybody's bringing like a certain element to the table. It's even more funny when you realize how many people are skeptical right now of insurance. And I'll go to these, especially security. You start realizing, oh my gosh, it's not just the,
Privacy Challenges in the Insurance Industry
00:14:41
Speaker
not everyone loves us. A lot of groups are skeptical of, of insurance and you know, there's people quoted all the time of,
00:14:51
Speaker
whether or not this is a realistic task to attack that we've been doing the last two decades. There are so many things that you mentioned that we could know. I've like opened Pandora's box. You mentioned like new things there. The asterisk that this is my own opinion and in my company's opinion. As long as we keep that loud and clear, then yes.
00:15:18
Speaker
I mean, we could go on for days about scans. That's one of our biggest probably talking points on the show is the ineffectiveness of scans outside of context. And I don't think that they accomplish what carriers want to accomplish when they run those scans without any context. It ends up in many ways, like on the broker side and the retailer side, right?
00:15:46
Speaker
this scan that they're running and it's producing results primarily based on open ports, right? And so these open ports look maybe super critical on some InsurTech's scan results that they send. And maybe they even like adjust premium based on the results.
00:16:07
Speaker
And then you talk to the client and they're like, well, okay, that's not even our IP or yeah, that ports open, but we have to have it open because we run an important service there. And these are the compensating controls or that ports open, but it's a printer. Like it just doesn't outside of context, these scans to me. Don't provide much utility. I'm curious what, what your thoughts are there.
00:16:34
Speaker
Well, I think anyone that has, because a lot of these scans are third party, sometimes they're built in house, right? But I think one of the things that anyone has right now, and I'm glad to hear they're at least acknowledging they don't want the false alarms, right? They don't want the problems that they're causing, but the false alarms are the problems that are being caused or the misinformation and the work that's required to disprove a negative.
00:16:58
Speaker
Right? Just disprove that it is not the case there. I think there's a lot goes into, I just feel like it's very common for anything in security to have the problem with the tension of efficiency versus like the reliability or the security or the correct like
00:17:23
Speaker
Is it correct or not? Or is it quick? Because one of the things that when I worked before on the risk management side, we were toying with, and we were building our own scanner for all of these different carriers. And at the time we were like, okay, do we compete with BitSight and secure scorecard and all these different things. And it was such a, it was so hard because it was, everything was coming to market, right? Science and, um,
00:17:48
Speaker
I mean, there were tens in the 20s and now even more. And I remember the biggest question was really one of the questions of security and the purist and security side, because the ones that were making money and getting out faster to market were pooling from the scan, and I'm not going to be super technical because of the audience, but the
00:18:11
Speaker
scan was pulling from a database, a big, huge example of this data that the client had at different times. It wasn't a point in time scan. And then the ones that were point in time would take longer.
00:18:29
Speaker
So it was a question of, do you want your scan in three seconds or do you want your scan in two days? And then I realized because our scan with certain ones, if they had, we had a subdomain expansion, meaning, and I liked learning this because it's like, Oh, you have a risk. This is going to help for a pixel litigation later. Cause I realized, Oh my gosh, you don't just have a risk on potterybarn.com. You have a risk on potterybarn.com slash.
00:18:53
Speaker
admin slash remote slash the slash slash towels, you know, all these different things. And you, I realized through the scanning and learning the scanning process that if someone, and we, we did that subdomain expansion, but that was a bear because if we said we could do it, it could take, and I saw some that took three days.
00:19:18
Speaker
To scan because there were so many and there's probably you know ones that took even longer But the one that the ones that we did we would have to time on the weekends And I remember like pushing them out for manual scanning because the normal scanner wouldn't Take something that big And that's crazy. That's just a point in time and that's to tell you it takes three days to get a point in time three days ago I I think that
00:19:44
Speaker
The false alarms are probably in the trade-off there. I feel like the false alarms were probably because it picked up something that they had already remediated. And it made me like the scan was pulling from a bank of data too old.
00:20:02
Speaker
But I don't know that that's where all of the false alarms come from. I'm just, I've seen that before.
Challenges of Vulnerability Scans in Underwriting
00:20:07
Speaker
Um, and I've seen kind of that argument from the purist on, does it take longer? Is it more accurate? All that stuff. But what it, what do we really, like, what I don't understand is who's looking at them and saying, well, I got a 94.2% out of 200. And what does that even mean to risk? I feel like it should be like a one, two, three, four.
00:20:32
Speaker
fix these four, these are huge issues, right? Or prioritize them by vulnerabilities that have actually been exploited in the wild. Yeah. I see that as a potential solution here. Cause I mean, there could be like a critical, a critical vulnerability that gets exposed. But if it's not, if it hasn't ever been exploited in the wild,
00:21:01
Speaker
Should we prioritize it over a vulnerability that might be less critical, but has proof of being exploitable? I'm not a security guy, so I'm not the authority on this. I don't know if I have an answer to your question, but I will say there's also been those things that we thought we fixed over the years, right? Emotet or Log4j, and people thought we spread enough awareness and there's still
00:21:31
Speaker
causing messes because people don't keep things updated or know anything about their security sometimes. There's just still the people that aren't going to, aren't going to be engaged with that. They're going to use technology and just bulldoze through the risk of the issues. And Violet, you mentioned that pool of data, you know, a big issue with that as well was, uh, I know exactly who you're talking about when you speak of the companies that pulled from a pool of data.
00:21:59
Speaker
You know, a lot of times they couldn't pick up scans of like smaller entities, right? It would just come back null or whatever. Um, which was an issue, but, um, I think you hear the chainsaw in the background. Is that driving you crazy? Or is it just me? I can hear it, but we've become of the opinion here, like scans have, they're within context. They have value, but.
00:22:29
Speaker
They just become kind of noise and they've create fatigue and they honestly become a liability for the company at some point if there's too many false positives going on. What we've come to believe is security controls are primary when it comes to measuring the risk of this. Completely. Speaking of chainsaw.
00:22:56
Speaker
When I, when you said the word chainsaws, I thought, well, you're located in Texas. That reminds me of Texas chainsaw massacre, which reminds me of Halloween. And I actually, we have a, we have a discord group for this podcast community. Can I do this? Absolutely. Absolutely.
00:23:17
Speaker
So we have a, we have a privacy attorney in there. Um, and she, I told her that I wanted to dress up as privacy law for Halloween because that's the scariest thing that I could think of. D SARS. I want to be a D SARS.
00:23:33
Speaker
So that's kind of what I wanted to talk to you about is I feel like I'm not necessarily alone in not knowing what the heck's going on. And in terms of like a retail broker's perspective, being able to advise their clients on what the heck's going on. And then just from my perspective, I wanna know what's going on. It just seems so complex, so layered.
00:24:00
Speaker
It depends on where you're at in the world, in the country. And us privacy attorneys want to keep it that way, okay? Yeah, right. We want you to need us. We created it. Well, first I want to ask you, Abe, I know you purchased some privacy books. How many pages have you read? Like three? Five? It's very dense stuff. The things that you talked about buying the books, they did not look fun to me.
00:24:30
Speaker
Yeah, so I'm about, so I typically do audiobooks first, and then I read like textbooks later. So I'm about a couple, I'd say a couple hours in to some privacy law books on Audible, which is about as fun as you can imagine. Listen to somebody talk about that for that long. I'm interested in some more entertaining ones. One of them, I keep props by my desk. I have like 17 books over here.
00:24:59
Speaker
This is called Data Breaches Crisis and Opportunity. And the reason I like this privacy book is it's written by a security person.
00:25:08
Speaker
Oh, love it. It talks about more like the economic of like, why is data important? It talks about pharmacies and how like, if you anonymize the information of a private of a pharmacy, everything started off with people trying to make money off of human behavior. And so it goes into like, why does it even make sense? I'll send you this, it's really good.
00:25:31
Speaker
It's one of my favorite, favorite, but the ones, the textbooks are so hard and dense and really good. And privacy is complicated. And I feel like even 10 years in it, and that was my foundation. I started on the privacy side, took my CIPP first before anything else. And I still can't get myself to take the CISSP. I think it's really complicated mostly because the international, that you, international,
00:26:01
Speaker
that you touched on, but also because the attitude international is different than the US, right? Because in the US, it's like if we make money and we're not disobeying laws, then we're fine. They don't think about the repercussions to culture, mental health, things that we're trying to think about now with all of these children's privacy initiatives.
Complexities of U.S. Privacy Laws vs. International Standards
00:26:25
Speaker
but we've been bartering and selling on this stuff in the US for so long. I would say the other thing that really complicates it is it injects legal frameworks in what you think should be like an ethical issue.
00:26:44
Speaker
So all of a sudden you have like, okay, we have circuit court splits on XYZ and we have to show harm in federal court. And then this in state court is statutes and you've all these like legal rules and frameworks. So you think you have to have a law, a law background, but you actually don't. Cause some of the most, the best privacy attorneys I know are actually not lawyers, but they understand their area and they understand that like,
00:27:13
Speaker
um, layering of rules and they understand kind of how everything works together. But most importantly, it's privacy again, the purple hair drama kid has been trying to put parameters around the safety of important data for a long time. And no one listened, especially the government. Um, but I think for now, what we're seeing in the risk area,
00:27:43
Speaker
is more a, it's almost like, and the best way to say it is it's almost like the private practice of having to sue when you have been wronged is coming into play in the privacy world because the government didn't step up, right? This didn't step up, this, you know, like all of these things. And I say that only because there's no federal privacy law, not because they're not doing a good job. It's just, there's no cohesive privacy law.
00:28:10
Speaker
And we have stickers in IPP that have Bigfoot on it and says, imagine when there's a privacy law, because it doesn't exist. State by state, we have to worry about all these different frameworks. And I think when people talk about class actions and they use that for sphere, I think
00:28:30
Speaker
I was an economics major and so I keep thinking like we're just going through economic process. We are literally seeing private companies and private individuals take into their own hands because there's been no protection of their privacy and they were harmed for some reason.
00:28:47
Speaker
So not that I support the plaintiffs suing all these companies for this, but you're just seeing an accountability move from government to people because there's not the same attitude towards privacy like in the EU with GDPR. Yeah.
00:29:09
Speaker
And you might've already answered this in, but do you, do you feel like we're, we're moving towards that? Like, do you feel like we're moving towards some sort of, uh, federal law as more states adopt their state specific laws? I don't know. I would not hold my breath on that only because it feels like it's much more complicated now with people picking
00:29:36
Speaker
different privacy issues that mean more to them. And the example I gave is there was an acronym ADPPA a year ago and all the privacy people were like, oh, this is going to be it. We're going to have our federal privacy law. Well, then the Dobbs decision was reversed and that decision had an impact on how people
00:30:00
Speaker
felt about healthcare privacy, well, then it made it more of a bipartisan issue. People were not in that cohesive space anymore of solving and getting something across the finish line. Now, not just the medical privacy details of what women are driving across state lines for, but also
00:30:25
Speaker
children's health, mental health issues, and what minors can access. All of those things came into play as well as this huge anti-TikTok, you know, fear mongering, whatever that is happening there. I honestly love TikTok, but I use it like a privacy attorney, right? I don't put in that information. There's already enough trackers on my phone. I know I'm being tracked in my geolocations everywhere, but the
00:30:53
Speaker
Um, the answer to your question is now that we have AI and generative AI worries and everyone wants to put guardrails, I feel like privacy is kind of like getting pushed back because all of these new shiny things are coming out and we should get somewhere, but I don't think we're going to get somewhere soon. So you think there's going to be a, there's going to have to be a bigger push from a private side.
00:31:23
Speaker
to have any type of impact, not to push federal regulation, but to have any type of impact, it's going to have to be... Well, I don't know. I do know what would shake a lot of people up is if we had, and you can call, on the defense side, you can call something a good law and a bad law, but it's always the opposite on the plaintiff side. They're going to call something that benefits them a good law, and we're going to call on the defense side, I'm biased on the defense, on the company side.
00:31:51
Speaker
I think what we would call something a good law and I think what would really shake this world is kind of like we saw with, do you guys remember hearing a lot about Capital One, like the lawsuit that invalidated, not invalidated, the lawsuit that said this certain, and again, it's case law is fact specific, but it said this certain forensic report was not privileged because you use the same technical people to do your preventative work and you didn't differentiate it for the
00:32:20
Speaker
litigation, so we are letting everyone read the forensic report. That's basically what came out of Capital One, but what people freaked out about was, do we need to put nothing in writing now? Thankfully, I like that ruling because I didn't have to put a lot of things in writing after that, which was nice, but we can scratch that. We can delete that from the thing, right? That Capital One, and I always think,
00:32:51
Speaker
For Capital One, because I cite them. Wyndham is another one, like Marriott. We have all of these in the legal side, especially privacy. There's not more than 10 that we name off the top of our heads. Or in law school, you'd have hundreds of cases that you could reference in different subjects. And privacy and cyber don't have anything.
00:33:09
Speaker
So Ryan, the better answer to your question is I don't want anything to happen that is contrary. But if we, if you were to say, what would you predict would shake things up? I would say a big lawsuit that went one way or the other and whatever way it goes, it's going to impact, right? If it goes one way, we're going to start changing and we're going to see even with Sony and the litigation after Sony, that's when silent cyber change started becoming a thing where
00:33:39
Speaker
the courts ruled that the insurance carrier still had to... I don't remember exactly how it went down in litigation, but I know that after those lawsuits in litigation, the courts are basically saying, insurance carrier, you need to be more specific on your wording. So guess what they did? They were more specific on their wordings. So all I'm saying is if there was some
00:34:03
Speaker
ruling of this is the new law or this is the new way we're handling things.
Impact of Privacy Litigation on Insurance
00:34:09
Speaker
Just like all the scare around the BIPA case and all the biometric when everyone was like, don't do work in Illinois because there's a risk of any biometric data you're claiming. All of that came from that huge jury award. It was like $228 million or something. I think that's what it's going to take to
00:34:34
Speaker
make more movement on the privacy side, but we're seeing it already changing with all of these one-off privacy litigation suits. Even if they're getting settled, even if there's not a law established about are these frivolous or not right now,
00:34:54
Speaker
They're still cost, they still cost money to insurance companies when you have to get a law firm to defend it, to file a motion to dismiss, to dismiss the lawsuit. Like you might've won, but you still lost. I mean, it still might've taken $40,000 to settle it. You know, I don't, I don't know what the numbers are. I'm not, don't quote me on the claim side, but, um, I think, I think the thing that I always think when I hear about the privacy of litigation right now is like,
00:35:21
Speaker
This is so different because it's not reactive to a crisis and a breach. And number two, it's still expensive to defend yourself. It's, um, it's one of those areas where like I, I try to put myself in a,
00:35:41
Speaker
in a broker's shoes. And I'm curious what your opinion is here. Let's say a client comes to you with questions. Is this within the scope of a broker's ability to advise? Or is this with how complex and multi-layered this seems to me? Should this be a referral? Well, one, any comment on
00:36:12
Speaker
privacy from a broker would all be best practices and not legal advice that would help guide them.
00:36:21
Speaker
consider all of the requirements and regulations. I think the privacy world is almost too complex for just best practices. So it would be, to me, the first questions I can see on a broker side being like, okay, how much data do you have? Okay, two, how much data do you really have? And then thinking like, okay, well, how do you protect it? But also,
00:36:46
Speaker
One of the things is I think we're still a long way away from people knowing even where their data is because Sally has some personal laptop at home that she's downloaded all the files to because she needs it for more efficient work experience. And I still think we don't know where all this data is. So you don't know where the risk is until the thing happens and then they start realizing it. So I would say the broker is a really good wake up call to explain the risk.
00:37:15
Speaker
especially if they can explain the digital risk of working in today's environment. I worked for a manufacturing company and I remember the CISO talking about devices and the CFO goes, this is a couple of years ago, well, what's a device? My phone's not a device. And he was like, yes, it is. It's a company owned equipment that interacts with our network. It's a device that I'm talking about.
00:37:44
Speaker
So I think we still have this gap. It doesn't CFO. Um, and then we still have this gap of like understanding the risk part. And that's where I think brokers excel because they can say, like, I don't know if brokers, if you guys all work and not you, but if they work in like this hypothetical world, but they're so good at applying it to different situations of risk.
00:38:08
Speaker
And I think that's what their best role is. I would not ask them to know all the privacy laws because then that would make them a way more boring person. It's true. It's very dense and they say the same thing except for like three words are different.
00:38:27
Speaker
Well, I can attest I've spent way too many hours of my life trying to wrestle with data ownership. And do we have a, like a Lockian view of ownership for data versus, you know, whatever the other option is. Um, that's funny. So that's a really interesting, uh, platform called a second site that, uh, can scan.
00:38:56
Speaker
a company's infrastructure and find like where all their data is. Where do they have duplicate data now? But you have to plug it in, right? It's not external. It's an agent scan. So that, you know, that's just one issue about it. But it is fascinating. And it's cool that they're able to find duplicate data and be like, hey, let's scrub all this data. I think that's what OneTrust tries to do too. But then they got
00:39:19
Speaker
but I don't know the effectiveness of all that. I use my privacy internal friends for those questions because they're dealing more with the internal struggles of getting like guardrails up, but I've never worked. And have you engaged Ryan with any of those tools? So, I mean, I'm just, I'm friendly with the CEO Ruben there. I haven't used it personally. I've seen it being used in a demo, but I've never used it in a real case basis.
00:39:49
Speaker
I, there's a lot of new privacy tools popping up and I feel like it's kind of starting to become as commercialized in terms of tools that help us as the security side has become, um, it is, but it is lucrative and it's, it's at least affirming what we've always said, which is like data is gold. It's very important information. I feel like I keep going back to some of those old breaches, like Panama papers. Do y'all remember that one? Yeah.
00:40:19
Speaker
Of course. It was like a big law firm in Panama. Big law firm in Panama that had to close their doors. The law firm's name was Mossack Fonseca, like a super bizarre name. But everyone had to leave that firm because the reputational damage
00:40:39
Speaker
just totally closed them down. And because it was like tax returns from Mitt Romney, it was, it was, you know, it was all of these politicians and celebrities that had banking and financial and sensitive data in a law firm in Panama, which, you know, sounds as probably clean as it sounds or is probably as clean as it sounds. But it's I think we forget about those cases and like the Ashley Madison.
00:41:07
Speaker
We forget about those cases that data really can screw someone over and screw someone's life up if in the wrong hands, if edited, if changed. We're living in a place where it's hard to tell the authenticity anymore of whatever we see here or intake in data world. Our authentic data should mean something more to us.
00:41:34
Speaker
I know brokers are going to, there's sound bites that they want on the privacy side, but it's really hard because it's such an emotional area of practice. I didn't even think about it from that perspective. That's so true. Well, I'm hearing. That's why you brought me. I know. This is probably the most selfish podcast guest that we've ever had on.
00:42:01
Speaker
You don't have to be on the LinkedIn live now because I love, but I'm trying to figure out how much is too much. Well, I can't get enough. Whenever I get the notification, I'm like, this is going to be a good day. I was listening this morning and it's pretty awesome how many people show up. It was cool. We're still figuring it out. I'm going to say beta test for the first six months until I can figure it out.
00:42:27
Speaker
I get it. I get it. Technology is a, it's a blessing, but also a pain in the butt sometimes. Um, cool. So I like, uh, I'm trying to, I'm trying to wrap my head obviously around, around privacy and, um, the, you know, one of the, one of the things that's particularly interesting to me is the, the reporting requirements. And it seems like.
00:42:56
Speaker
You know, there's reporting requirements and then it seems like there's like a mixture of enforcement. So I'm curious if you have any insight into anything interesting in that realm in terms of reporting requirements, then also the enforcement side of things.
00:43:20
Speaker
I think we might have lost your mic there. That's because of the chainsaw. That's what the image is going to be when you promote this. It's just like a violet with a chainsaw. Slashing privacy rights. Actually, that would be a bad thing, so not slashing privacy rights.
00:43:41
Speaker
I can't make up a chainsaw one that quick. My response about reporting regulations, I really like to say it to non-legal audience. So bringing it back to the insurance audience is I think the first question, or the first thing you realize is there's a lot of like, nice to have rules and there's a lot of rules that say things. And I think you're getting to the right question when you ask about enforcement.
00:44:12
Speaker
And one of the best examples was when the GDPR came out, it had the steepest response for a fine, which was 4% of GDPR, sorry, 4% of
00:44:28
Speaker
I'm going to mess it up. I think it's gross revenue. I'm mixing my acronyms, but it's overall the gross revenue of the organization or, and then there's some other number, whichever is greater. So it's not even whichever is less. It's like whichever one's bigger, that's what we're going to pop you with. And so it was this huge number, especially for Facebook and Yahoo. It was meant to capture these huge companies.
00:44:53
Speaker
and say you have to be accountable, which is what they're doing because the ones we're hearing about are Facebook and Twitter and Google. It's holding those accountable.
00:45:08
Speaker
May 25th, 2018, a lot of people remember that date on the privacy side because that's when your email got flooded with these questions of privacy consent and privacy policies because that was the deadline or one of the deadlines. When that date happened in 2018, we saw people wondering, is this for real? Is this really going to be something to worry about?
00:45:33
Speaker
Over and over again, I would go stock all the panel sessions that were on enforcement and I would raise my hand and I would say, Judy Selby is always on there because she's coverage counsel. I'd be like, Judy, are there any examples you can give me that are small to medium-sized companies and not Google on Facebook? I want to know the examples of brick warehouse in Munich, Germany that got hit or anywhere else. I was having trouble for a long time.
00:46:03
Speaker
kind of equating the rules to the every business, like the every man.
00:46:08
Speaker
I couldn't grasp it and I will say it's almost been this ratcheting up. There's not one law that's made it where everyone just snaps to it, but it's almost this now when you say reporting requirements, it's almost like now that there's such a tangled web, people are starting to go, I probably need to pay attention to at least one of these things.
Discussion on Privacy Law Enforcement
00:46:28
Speaker
There's one rule that applies to me and I think what's good is that a lot of them are centered around certain frameworks and industry standards like NIST.
00:46:36
Speaker
right there's a security controls and standards framework that people worked on very hard and there's other frameworks to type to is so not that those are gonna help you in every privacy but they do have data components and so they're actually very good places to start and so.
00:46:54
Speaker
To answer my old question, I kept asking, when are you going to hit the ones that are smaller? Well, now we're seeing that more on the US side, right? With FTC rulings, with California going after. California's AG has gone after so many small to mid-sized companies. The biggest one being, well, FTC was Sephora. I don't remember that was California FTC.
00:47:22
Speaker
You see these big names, but you're starting to see the smaller ones too. And so the only thing I would say about the reporting requirements is this is why there are privacy specific attorneys. And now, not just privacy specific, I would say if you have a lawyer involved, ask them if they're on the preventative privacy.
00:47:42
Speaker
breach response, incident response, those are like two buckets. And the third bucket is litigation. And then even after litigation, you might have coverage counsel, right? So you might have people disputing the insurance ruling in the future. But litigation counsel is now coming up because it's not just data breach class action. It's also class action separate and apart just for holding the data incorrectly and storing it without telling the people you're holding it.
00:48:10
Speaker
Oh my God, big, big breath there. Did I scare you enough? Or is it the chainsaw? My heart's, my heart's kind of running a little fast as a deadly mixture. I mean, it sounds expensive. I can't even Oh, the chainsaw expensive. Probably is awesome. That's privacy money there. The expensive part of privacy, huh?
00:48:41
Speaker
I don't know. I feel like it's so expensive. It's, it's, but it's because you're all, everyone's hoarding data. That's something Ryan that you said early on is like, your own problem is solved as kind of like the hoarders where you're like, I can't move in my house. Well, yeah, because you hoard and they're complaining about regulatory requirements. And sometimes it's because they're hoarding data or not segregating the right groups. You're like, Oh, it's easier to work on a flat network. Well, yeah, but it's also easy for the hacker to work on a flat network.
00:49:11
Speaker
I think the group, and it's the group that listens in on this podcast that needs to be paying attention to this extremely closely is insurance agencies and brokerages. The amount of data that they get that's personal is insane in the way that they receive it and the way they store it.
00:49:33
Speaker
is extremely concerning. So I wouldn't be surprised if we start to see state by state privacy laws come in for insurance agencies specific. I mean, it could be financial services. Oh, you mean like NAIC? Yeah. So I've lost track on how many, there's a number of states that have adopted their cybersecurity model rule, but I still don't think it's more than 10 or so. I haven't checked on it in a while. I did like a write up three years ago on it and it was only like three at the time.
00:50:02
Speaker
Yeah, I saw one come out of Wisconsin, actually, or Wisconsin or Montana, one of those states up there. And it was specifically towards insurance agencies and having like almost a compliance framework of how they store data. Now the enforcement of it, kind of like you were saying, it takes years. So, do you have any government people that work for this, that listen to this podcast?
00:50:27
Speaker
Not that we're aware of, I'm sure. We're going to assume no, because what I'm going to offer is not beneficial to our side. It's like, why doesn't some state go hire 15 privacy attorneys and start raking in money for the government by enforcing the laws? Maybe there's a political aim where you don't want to take down businesses. I understand that. But I also don't understand why they're still operating in governments with such lean budgets for privacy and security
00:50:56
Speaker
professionals because they literally have the laws written to serve them. I don't know why the enforcement's not happening. Again, probably not the right person because I've never had anything enforced upon me. I'm sure the other companies are like, oh, they enforce plenty. Ask SolarWinds. We're okay. But I feel like the enforcement piece is this thing that everyone's been wondering. Everyone on my side too is going, well, where's the teeth? Where's the grit to this law?
00:51:28
Speaker
That's what, and that's like another thing about you brought up SolarWinds and the new guidelines for the SEC. Like, so obviously everybody talks about the reporting on an 8K, but then when you look at the other requirements, to me, they just don't seem like they have a ton of teeth. It's like, you have to report your... Yeah, but then like...
00:51:56
Speaker
And you could pretty much just say, yeah, our risk management program is to not have a cybersecurity program, and that would fit within the guidelines. It didn't seem like there was a standard. I didn't think about it in that way, like what the T's were to the 10K, like the other two.
00:52:15
Speaker
Well, I do think one of the things that I've been impressed by, I remember when people were predicting this law like a year ago and I remember listening and trying to gain everything because I was like, what's SEC doing? Because they weren't playing in the space, right? They weren't caring about these things and or not, they cared.
00:52:34
Speaker
I think what happened is they weren't getting people calling it material because they didn't say they had to call it material. So they were expecting, and they did get some people that said, this is a material event. Our stock price went way down. We're informing the investors. I want to know what's not a material event.
00:52:50
Speaker
Well, actually funny, you should say that one of my editing jobs that I have to do on my computer is I recorded the chief crypto and cyber unit person from the SEC. I saw him on Friday for a conference and someone asked, what's material? And I just went like this the whole time. Cause I'm like, I don't know. Still, like I still don't know. He talks to the two minutes and I have to watch it again. And do you think that's against his consent if I post that?
00:53:20
Speaker
I feel like you should probably ask yourself that. You should probably ask yourself that. I don't know. I thought you were a privacy attorney now. I know, yeah. I have a friend that's a privacy attorney. Her name is Violet. I can make the recommendation. No, wait. You said you had another privacy attorney that you had on the podcast. Oh, that's true. That's true. That's true. We'll put it in the Discord. We'll ask. We'll do a poll. Okay. Perfect. Can I? Should I?
00:53:48
Speaker
someone in the government space on my private LinkedIn and expose their definitions. Definitely the type of question you want to crowdsource. Yeah, probably. Kind of like some of the stickers that never made it to production because they were not. My marketing team at some point with my privacy jokes and insurance jokes was like, we have to run a real business here. We can only put that in writing. What was your question again?
00:54:18
Speaker
Well, it didn't seem like, yeah, the SEC. Yeah. It didn't seem like there was a lot of teeth there. Um, I don't know how to respond to that, but what I was commenting on is when I heard people talk about it first, they talked about the biggest differentiator between the SEC requirements or that because it's publicly traded companies and because the eight K's are public and 10 K's are public.
Significance of SEC Reporting Requirements
00:54:43
Speaker
This was the first material.
00:54:46
Speaker
change in people having to say things out loud. Instead of just going, Abe, I lost your information and here's a tiny little letter to say like, I'm sorry. And here's how it happened. And then maybe someone grabs that and makes a PR splash about it, right? For Home Depot or Marriott. But now we have this accountability to a much wider public and not just the affected, but also
00:55:12
Speaker
the whole world now can see your 8K like we saw with Caesars and MGM. We saw their 8Ks coming out and we got to see it live within days of this attack, weeks. I think that that honestly has moved faster than any other ... Again, it's not enforcement because it's not
00:55:37
Speaker
It's not enforcement like we think about, like a lawsuit result or a regulatory fine, but it is enforcement because they're actually properly incentivizing the rule to give information to the investors. With the caveat, there was one of those that I mentioned that didn't have anything on the 8K, right? So we're going to start seeing a standard of what is included. We're going to start seeing more detail, but I do agree with you that there's not enforcement directly in the rule that makes sense.
00:56:07
Speaker
but the public nature that's different, that's like the key, I think, to why the SEC thing has been so big. And I actually want to hear your next podcast, some D&O broker that can opine on how his life has changed. Your life has changed. Oh my goodness. I want to know your issues. I don't know. I just go to my broker friends and be like, what's a crossover for D&O, media liability, all those different lines with cyber now?
00:56:38
Speaker
It's wild.
Engaging with Discord Audience (Q&A)
00:56:40
Speaker
I think most people would agree that's probably one of the most interesting things in cyber insurance or just specialty lines in general is that growing kind of overlap between management liability and cyber, especially with public companies. I don't want to get off topic, but we do have some Discord audience questions.
00:57:06
Speaker
Oh, did you really ask them and you're a group? Should I get this versus discord and I can ask my discord too. Yeah, let's do it. So this one comes from Craig Linton. He is telling him I said hi. He, so you know, he says, I would like to know if she thinks it's okay for people to take their shoes off on the plane.
00:57:34
Speaker
Oh man, I love Craig. He is, he has, he and I have this weird thing in common where every show that he recommends, he's like my show guru or guide in TV shows. And so he had me watch or he told him had me. It sounds like he's like prescribed. Um, he told me to watch the show, the other two, which is quirky and hilarious. And at first I was like, Oh no, it has Molly Shannon. I don't really like that kind of slapstick humor. And he's like, no, this is different. Watch it.
00:58:03
Speaker
And there's a whole running gag about feet on plane. And then we've discussed, I'm like, but what if your feet just get really tired and need to mare?
00:58:14
Speaker
And he thinks that was the most, he thinks that I am disgusting, but that's okay. Got it. So it was an inside joke. He told, he gave me this long answer about how it was, you know, like a threshold type question for, you know, that should be implemented in any sort of interview. And there's only one right answer, that kind of stuff, but okay. What's the problem? There's what? If there's socks involved, what's the problem?
00:58:45
Speaker
That's what I asked him, but apparently that's still gross. Sometimes, sometimes you just gotta let the dogs out. That's what I say. I'm going to be, I can't believe you asked that question. Um, are there any other legitimate questions? Not really. Um, there's one from, there's one from Michael Phillips. Um, he said.
00:59:17
Speaker
Ask her about her habit of creating and sharing cyber insurance stickers with people to put on their laptops, bags, and stuff. Maybe where the habit came
Violet's Cyber Insurance Stickers Hobby
00:59:27
Speaker
from. So that's the question from Michael Phillips at CFC. Michael Phillips of CFC. Who is he again? I am. I'm sending Craig a message right now. I'm like, how dare you? And joking, of course.
00:59:47
Speaker
So I'm going to name drop real quick because this is hilarious story. Not that Michael Phillips wasn't already one of yours name dropping. Um, I had this hilarious interaction with Brian Krebs like six months ago in DC. I was brainstorming these stickers with him and he labeled it something that nobody else has labeled my, my issue, my focus, my intense, he called it creative Tourette's. And I was like,
01:00:17
Speaker
It is creative Tourette's because I'm so hyper focused and I just spit out these like stupid sayings. But I think what I realized is, and I realized this a while ago, like we were all, insurance people are really funny, but we have the nerdiest jokes. Just like every niche group, we have nerdy jokes. And I think, I can't remember where it started to actually do it, but I think it started with gold stars, like people love gold stars. And since then my habit or obsession or
01:00:47
Speaker
creative Tourette's has merged into just kind of two types of content. I like sticker format because it's short and has to fit on a sticker is either gold stars, like joking gold stars. Like I have a plus coverage counsel or I have, um, uh, Oh, uh, claims wizard underwriting genius with a little brain on it. Like, you know, the gold stars people want in their respective areas. I still need an actuary one. So if you have any ideas there.
01:01:17
Speaker
Um, the other, oh, in cyber broker, try cyber fixer. So I have some like gold star version. And the other one is like the super niche, weird insurance jokes, half of which they have not let me print because we have to run a business, whatever, whatever. So I'm thinking to Michael Phillips's and the question, where are we going to really air all this? You can't, you have to cut this out, right?
01:01:46
Speaker
This is what the people, this is what the people wanted. This is what the people wanted. No. Um, to answer Michael Phillips question, it is more of, um, it was more of trying to figure out how to connect with people in a joking way
01:02:10
Speaker
And I realized, okay, well the tech people do this with the laptop stickers. But insurance people, I've never seen any jokes written down for insurance. Like I've never seen, except for, I think I have Larry Guanos' book over here, which has some jokes in it. Oh, it's on, it's what I was using to prop up. Like this joke, this book has jokes in it. Like this is a good insurance book. I got mine right here too.
01:02:35
Speaker
That does not look like I have jokes in it. It looks like it's the same author. It's the same author, but. Oh, really? Okay. This one looks better. Okay. No. Yeah. Yeah. Mine's down. And the other thing I thought about, cause at the time I was on the vendor space and I was like, it's way better to have a sticker worth 50 cents than a pen you're going to throw away.
01:03:00
Speaker
And the sticker could be timely because I was basically before I did any of this brainstorming, I did research on how quickly can you print these? How, you know, how, uh, relevant do they need to be? Like, I know you're getting into way deep in my mind of why I did this, but like, how relevant do you need to be? And I was like, there is nothing else that you can do that is that relevant and that quick.
01:03:24
Speaker
I am researching lapel pins now though. I'm looking at, can I do something? I'm thinking, tell me if this would play. What if it was a juice box? Okay, hear me out. The juice box, I have two versions. One says tears of a cyber underwriter, so the brokers get to wear it. The other one says tears of a cyber broker and the underwriters wear it.
01:03:45
Speaker
I love it. I love it. I love it. But I cannot figure out how to get this designed. So it's in my head and it's in progress. But which one do you think would sell out more? Cyberbroker tiers or cyber underwriter tiers? Cyber underwriter tiers. Because it's more brokers? I just feel like brokers lean in more to that kind of like sibling rivalry. Yeah.
01:04:10
Speaker
Yeah. The things that nobody talks about like, okay. So this is, I don't know if you can see this, but this is one I made that says don't ask people. I love that. Um, can you see this one? I got bored. Right. And so this is one of the other favorites right here. Oh, I love it. I love it. Do you own a cricket?
01:04:36
Speaker
No, I do these on Etsy. It's probably way more expensive, but it's not me doing it. I just, there's a person I know on Etsy and I send her a design. She like prints me 150 for like 30 bucks. Can you imagine what she thinks when she reads these? She's probably like, what in the world? This one's the bad one that I wasn't supposed to print. I'm not going to. And then this one's my favorite because of the story I accidentally, when I first started doing this, I was like,
01:05:06
Speaker
My thought was I'll just put it on people's backs and it'll be a fun like party trick. It would be part of interaction and it has helped social anxiety because you just start talking about stickers and they either think you're a weirdo or they just like laugh, but they don't talk the stupid small talk. So that's the good thing. But this one I put on the back of someone, I don't remember who it was, but I remember he took, he turned around and he goes, did someone tell you to do that? And I was like,
01:05:32
Speaker
What do you mean? It says best cyber loss ratio. Like everyone wants to be best cyber loss ratio. And he goes, yeah, but we had the board have the worst cyber loss ratio. And I didn't know, and I'm like a vendor just gliding around. Yes. He thought it was a joke. He thought it was a mean joke. Like I was being spiteful and hateful. So Mike Phillips, I will never stop printing stickers, but I, I will say I'm running dry.
01:06:00
Speaker
And I need to brighten more drinks for brokers because brokers are really good at brainstorming these. Margo Weinrob, she made up like half of them with me brainstorming. Love it. Love it.
01:06:11
Speaker
It was once you made up that I didn't print that was like, I'll test it on you guys. She was like, it was more, it was closer to when Tom Brady retired. We was like with Tom Brady down, I'll be your cyber quarterback or something. Like it was Philly. It was like some kind of Philly specific joke. And I was like, yeah, I feel like it's, I don't know about that one. That's way, that's so, that's so I don't, it is really niche. And so, but there's some youth to workshop and there's one.
01:06:38
Speaker
Oh, wait, here we go. Dad jokes work too. I may be another writer, but I over deliver. And this is IBCs for breakfast. Nice. This is compromised. Have you ever considered like, like if somebody, if somebody wanted to get their hands on some of these stickers, how do they, how do they do that? You just have to meet, have to meet while at a conference. Now you bind the policy with CNF, I guess.
01:07:08
Speaker
Oh, there you go. There you go. I don't know. I haven't figured that out yet. I haven't figured it out. I have, I have, um, I have one coming to my boy Ross. I got one coming for you and I'm going to recommend. Yeah. I'll tell him, I'll tell him you said hi. I didn't know he, wait, is he on this for you? He, I don't think so, but I'll try to get him on. Um, I need you to, our binary is going to increase if we can get some stickers out of this. I'll put it that way.
01:07:38
Speaker
Well, I could even make some very specific stickers. You never know what's in, I have things, a lot of, a lot of sticker ideas. Again, I just like to verbalize the fact that we are funny and we do joke and we all think each other are funny, but like nobody's actually written it down. Well, you did say that you liked that one, um, that one statute cause you didn't have to write things down as much. So maybe that's the reason why. Yeah.
01:08:07
Speaker
Maybe that's the reason why. Well, this is a, this has been a lot of fun. Um, got to talk about some technical things, got to talk about a lot of stuff that's not technical, which is exactly the way that we love to have these shows. So where can people get more information about you? Um, obviously with this new job change, pretty exciting. Um, just filling everybody in on how to get, get ahold of you.
01:08:35
Speaker
I am on LinkedIn, mostly. I think you can just go to LinkedIn.com slash TX, Texas, TX Cyber Lawyer. Same with Twitter, TX Cyber Lawyer. And I usually like to engage with people on LinkedIn a lot. So it's a good place. Yeah. If you're not following Violet, you're totally missing out on a ton of fantastic content that
01:09:04
Speaker
probably hundreds of us hop on every single week to hear her talk with other great people in the industry. So it's definitely one that you got to go follow and connect with. Um, but this has been a lot of fun. Um, I appreciate you coming on.