A Sudden Cardiac Event

Victor Barge 0:00

In my situation, I had a risk that what I had no symptoms of, and I didn't know until it happened. But once it happened and I have the defibrillator, my cardiologist is very clear. And he says, you know, we're all gonna die of something, but you're probably not gonna die of this because you're one of the lucky guys that got one of these. And so you get your life back.

Joshua Schmidt 0:30

Welcome to the audit presented by IT Audit Labs. I'm your co-host and producer, Joshua Schmidt. Today we're joined by the usual suspects, Nick Mellum and Eric Brown. And today we have another IT Audit Labs member, Victor Barge. Victor, how are you doing today? Doing great.

Victor Barge 0:44

Excited to be here.

Joshua Schmidt 0:45

Yeah, thanks so much for joining us. And uh we've we've gotten to know each other over the last few years working together. But we wanted to bring you on today to talk about how you think about informational security, um, maybe a little bit of history with how you know Eric and uh get into some real cool stuff. So um without further ado, Victor, give us a little background on yourself and then we'll go into an icebreaker.

Victor Barge 1:06

Sure. Um my name's Victor Barge, and uh I'm our global delivery director here at IT Audit Labs, and I've been in my role about a year and a half. Um, I focus a lot on our delivery proficiency within IT audit labs at our clients and making sure that we're able to um to deliver the quality uh delivery of our products and services and have the right people in the right roles. Just from a background perspective, uh I'm located in the Twin Cities. I've been in leadership roles for approximately 20, 25 years, joined IT Audit Labs, as I said, about a year and a half ago. Eric and I go way back through mutual friends, and uh I was introduced to Eric and um and uh it's been a strong friendship and mentorship ever since.

Eric Brown 1:55

We don't know who's mentoring who, though. It just depends on the day.

Victor Barge 1:59

It totally does.

Joshua Schmidt 2:01

I was hoping for a juicier story about how you two uh just wait.

Victor Barge 2:05

So we have a tradition in my family of of everyone getting together with my parents every year down in Florida, and um uh I grew up down there. And so we're all there. We had a great um holiday celebration for Christmas, and I'm packing my suitcase the day after Christmas to fly back to Minnesota. And I'm a reasonably healthy guy. I go to the gym three days a week minimum.

Eric Brown 2:30

When you go to the gym, are you actually in the equipment area or are you just hanging out in a hot tub?

Victor Barge 2:35

I actually sweat.

Eric Brown 2:36

Okay. So you're in the sauna?

Surviving V-Tach And The IO Drill

Victor Barge 2:39

Yeah, sauna too. But but yeah, we we do some strength training, we do some some some some physical activities. So, but I digress. But um when I was in Florida, I'm packing my suitcase and I immediately uh feel lightheaded and dizzy, and I go into something called uh um ventricular tachardia, which is a type of aphib that is really deadly. Of course, now I know way more about this than I ever did before. No family history of any of that. So super surprising. And uh fortunately, my family was there and they would uh call 911 and uh the paramedics uh did heroic work very quickly, uh, got to the hospital, had three heart surgeries, and now the the remnant of that, fortunately for me, is a life-saving defibrillator pacemaker um that's implanted in my chest. And um it basically gives me life insurance, so to speak, so that if that ever happens again, uh I will get shocked appropriately and uh and hopefully bring my heart back. So um I don't think I'm highly unique from a lot of other people um that have had this type of uh of heart issue. And in fact, now that I Googled and looked at lots of YouTube videos and talked to people about my story, I find out how really common it is among a lot of people. Um and in fact, in Minnesota, we have a lot of medical device manufacturers that make these defibrillators and types of pacemakers. But um, being an IT person, one of the things I realize is that um there's so much connectivity with this device and my phone through Bluetooth, and there's so much monitoring that goes on. There's AI and machine learning uh embedded in the defibrillator, which is great because it makes it super smart as to if and when it should shock you. And it also transmits a lot of biometric data that I have around my heart rate and AFRIB and all kinds of things to monitoring uh centers that track this information. And so, as Eric and I started talking about it more, um, we start wondering how secure is this data? What data is being transmitted? How are they making sure this data is secure and they're following my HIPAA and compliance rights and all these things? And how much at risk would I ever be to uh bad actors ever misusing this device in a way that could be harmful or life-threatening to me? So, one of the things I did find out in my research is that these defibrillators are just designed for transmitting uh data only around monitoring, and they're not designed to be adjusted or reprogrammed over the internet or anyone's phone. And um, only people in person um can update these defibrillators, which is really comforting. But what's also worrisome is wondering how this data is being secured and managed and handled. And so that's what we wanted to talk about today with Eric, the responsibility that organizations that have access to this data have in terms of making sure the data is secure and what best practices would look like in order to provide that reassurance to their customers.

Eric Brown 6:15

And Vic, so they they come in, they get there in time within five minutes, they get there. And as I recall, they are trying to find a vein, an artery, what have you, to administer the medicine that you've got to get in you right now to calm your heart down and allow oxygen to circulate. And they couldn't, they couldn't get the vein, right?

Victor Barge 6:43

Yeah. So that's another uh detail that's unique to my story, which is the paramedics were not able to get a pathway, they call it, in order to administer um medicine that would slow my heart down. And so they even tried carotid artery, all these things. Many people that have gone through this may understand that. And so we were getting at the very tail of consciousness for me. And so I even remember like things starting to get darker for me, you know? And I just remember one of the paramedics saying, I'm sorry, this is gonna hurt you really bad. And they gave me what they call an IO, which is literally um a needle that's connected to a drill that they drill in a bone in your body in order to give you life-saving medication quickly. And that's what literally saved my life. Um, most people that get those do not get them when they're conscious. And most people have numbing medication. But in my situation, because there was no time, I did not get any numbing medication and I saw the whole thing. I was conscious. So that kind of leaves a memory with you. I fortunately, um, my friends and parents did not hear the words coming out of my mouth when that was happening. Um, but I think they would have understood.

Eric Brown 8:11

And then they got to take it out.

Victor Barge 8:13

Yeah, that was another experience. Um, I was in the ER, and uh, of course, my family is concerned. So we have literally sisters, brother-in-laws, parents, uh, family pastor, all these people literally like observing me in the ER, right? Just looking at me like, why did you move your head that way? You know, are you still breathing? Um, so they're doing that. And at this point, I didn't know that that thing was still in my leg. It's like in my lower leg. So then the emergency room nurse comes in and she's like, Hey, Vic, we're gonna have to pull this thing out. So they did, they got it out while my family's there, and it hurt almost as bad as it did going in. So all those people got to hear my swearing vocabulary as well while that was going on. And I just remember looking around and I just saw everyone put their head down, you know. But uh God.

Living With A Smart Defibrillator

Eric Brown 9:19

So now you're you're home and your doctor has regular checkups with you. But I I recall the story you were telling me where they have the telemetry and the data that's connected to your heart machine, essentially through your phone. It's two-way directional data, and they're able to tune that defibulator, as you mentioned, using maybe some AI to crunch numbers to dial it specifically to you, but they're making those changes remotely.

Victor Barge 9:54

Which is amazing because they're in constant communication with my heart, and it's sending that information to a monitoring station in real time. But what I have found out is they're not making those changes over the internet to my heart. Um, but what they are doing is tracking that information over um via my phone and the monitoring center. And so what's great about it is as long as there's a Bluetooth connection to my phone and defibrillator, if something were to happen to my heart, then they would know right away. And um, they don't necessarily call 911 um for you, uh, but um they are very aware and there's a real-time history of what led up to it, you know, um, what the history was, so that they can do diagnostics and figure out like how to treat you. And so this is a huge advance in terms of defibrillator care. Um, because uh I have a couple of guys on one of my teams and they have defibrillators too, and some of their defibrillators are not Bluetooth enabled, so they don't have that capability. So what would happen is their defibrillator might save their life, but their doctor's office wouldn't necessarily know about it.

Eric Brown 11:16

And and at the doctor's office, though, they're not plugging wires into you. They're doing the updates wirelessly, aren't they?

Victor Barge 11:25

Yeah, it's kind of weird. So you go in and you sit in this chair, and they have this machine, and they have this cable attached to the machine, and it just sits on your chest. And um, and it's, I believe it's probably connected through Bluetooth or something as well to your heart. And they can twist dials on that machine and adjust your pacemaker. So I do remember they were making adjustments in real time, like you were saying, Eric, to my defibrillator while I was sitting there to make it beat faster, which is really interesting to feel your heart beat faster, and you're not doing anything to make it do that. Wow. I will say you were under the care of a professional. Yeah, you uh are in a hospital setting and they're using uh machinery, but it just goes to show you the power of um the ability to affect your health and your heart through machinery that's been implanted in you.

What Data Gets Collected

Eric Brown 12:30

Yeah, that is so crazy that I mean the technology is great that that we're there, uh, but it's really scary at the same time that it sounds like the distance is close, like the the machinery has to be close in order to impact a change in the implanted medical device, but it's still done wirelessly, and it just is a matter of how much energy you put towards it to increase that distance or what have you. So that that I think is just awesome that that we're there in this day and age, right? Like on one hand, what is it, Voyager one is like 16 billion miles away, and we're still able to remotely change the direction of Voyager One and get images from it, I think. And then here we are changing how a machine works that's controlling your heart. It's really crazy stuff. And uh at that same client, Vic, I had given a a talk about security, and I and I used your example there of the the heart system in when you go to the doctor's office, like you know, Vic's life is literally in the hands of that system. And would it be access acceptable to run that infrastructure on unpatched hardware, unmaintained firmware, et cetera, et cetera, right? So, you know, there's the due diligence and due care that must be applied to the technology that's literally life-saving. Why are we allowing production equipment to run unpatched, unmaintained, what have you? So it's kind of like a a pep talk, if you will, um, in that environment. The security ramifications to this are are huge, right? Not only of the the the maintenance of the critical infrastructure, but just the programming involved in that device and how that device cares for you.

Victor Barge 14:32

Absolutely. And Eric, I would say, in addition to that, for my device, it's literally a smart device. So it it learns. So um the thing, um, the defibrillator shocks you based upon your body being out of tolerances, you know, in terms of your heart rate. So it knows that Vic does these things throughout the day. And and they the cardiologist has settings if Vic's heart beats faster than this for longer than that, then the defibrillator will shock him.

Eric Brown 15:08

Does it have like a learning mode? Like, how does it know if you're at the gym versus having some sort of adult time?

Remote Care And Limits Of Control

Victor Barge 15:16

Well, that that's the thing that's so great about this defibrillator is that it's got machine learning. Maybe I'm at the gym, and as I get healthier, um, I can do more like on a treadmill and get my heart rate up higher before it becomes a life-threatening event. So it's like, oh, well, Vic's heart rate is at 190 right now. But that's okay because Vic's been at 190 three times this week and then it went down. He must be getting healthier and his heart may be getting stronger. So I'm not gonna shock him at 190. I'm gonna maybe go up to 210 before I shock him. Whereas when I just got out of the hospital, if I would have been at 180, it might have said, hmm, this isn't good. Vic, when Vic's at 180, he's about to go into another VTEC. I might need to shock him. So it does learn these things about you. And um, I think that's really powerful. And based on the research I've done, it reduces the number of false positives in terms of shocks that your defibrillator gives you, because that's one of the problems in the past is the defibrillators would shock people uh when they really weren't an aphib that was life-threatening.

Joshua Schmidt 16:38

Damn, you must be going hard at the gym if you're up uh 200 and 190 there. That that's that's high.

Victor Barge 16:44

Not for long. But yeah, I do a thing called cardiac rehab where they hook me up to a lot of sensors while I exercise. And uh they try to get my heart to be at a very elevated level to see what happens to my heart. Because another thing I learned about it is that people that go through cardiac arrest or or or even tight some types of AFib, even though your heart gets better, your body remembers the trauma associated with an event. So as you get healthier, your body, even when you're just exercising and you're healthy, still fills that trauma and tightens up in ways that are not always um healthy or feel good. So you've got to like teach your body that it's not going into a VTEC or AFib again uh once you get a defibrillator. And it's just part of the therapy. Um, they are so advanced in how they help you to um to get your life back and have a sense of well-being. I'm very impressed with the the experience I've had there.

Joshua Schmidt 17:52

Now that you've gone through this um scenario, you know, most people have some sort of a iWatch or an Apple Watch, rather, or some sort of Fitbit where they're tracking their their health data, right? So what's the takeaway uh in your advanced understanding now about the sensitivity and the permanence of that data as compared to before?

Victor Barge 18:12

Absolutely a lot more, Josh. That's a great question. Because before I I knew that my biometric data was being captured, and I thought that it was just something that was only for me and it was only able to be used for great uses that I could benefit from. But the more I understand about the level and the volume of information that's being captured by these devices 24-7, the more I realize how much these devices and the people that own this data know about me and my life. And also what types of things can be done if that security is ever compromised.

Joshua Schmidt 18:59

So here's the pivot your defibrillator is continuously monitoring your health, right? And it can alert your doctors to if there's a problem or give them that data. How does this influence your thinking and Eric's singing and Nick's thinking while working with IT at labs about continuous monitoring? I I know there's been a lot of talk on this podcast about how we're we're 24 by seven now and it is continuous. There's you know, holidays and weekends are are are interesting concepts to to your you folks. So um yeah, how does that influence your thinking about that or maybe has changed something?

Eric Brown 19:36

One, I want to get access to the team that has Vic's heart data. Because I want to see what's going on in there.

Victor Barge 19:48

And this is exactly why I want to know that this data is secure.

Nick Mellem 19:54

Before we jumped on here, I saw that there was an issue in 2017 that there was a recall of like about 500,000 Abbott uh pacemakers due to a security vulnerability.

Victor Barge 20:06

Yeah, but I was all over that one, Nick.

Nick Mellem 20:10

Yeah, seeing that article, yeah, it's interesting because you don't think about it too much, you know, really, if you're not uh haven't had an episode like you are especially not in this industry. You know, this is probably out of sight, out of mind, you're not thinking about, you know, something like this being vulnerable to uh an attack or a bad actor of some sort.

AI, Learning, And False Positives

Joshua Schmidt 20:28

And I'm I'm sure, Victor, you've thought about what are the implications or the vulnerabilities to your your person as you're you know relying on this device to um enhance your overall health or actually keep you keep you in line or where you need to be. Um as we kind of extrapolate that idea out into the the broader spectrum of of data being captured on Fitbits and Apple Watches. Uh what are the risks there? You know, I mean, obviously the first thing I go to is worst-case scenarios like shutting people's defibrillators off, right? But what other kinds of other uh vulnerabilities might there be out there with this type of data being um extrapolated from bigger companies or or used by a threat actor?

Victor Barge 21:14

Yeah, I mean, you could definitely see ransomware actors, you know, that um could could have access to that data and they could send you false information about your device uh if you were to get hacked in that way, that could literally scare the daylights out of you, you know. Um, you could see um sending that type of information to your loved ones or other people saying things about you that would scare you to death or extort you for money, all those things. But what I would do is I would put this in context with other devices as well, medical devices that are implanted with people. This is um the same risk that other devices. Other people have that have um implantable devices that have connectivity uh with monitoring centers and other things. Um it's just the way the world works today, and that information is in the cloud. And so I think the opportunity to do good far outweighs the opportunity to do bad. Um, because I see things that my device doesn't do that I would love for it to do, and I'm sure compliance, security, and regulation are preventing them because it's not a limitation of technology. Like the way I think about it, wouldn't it be great if like it has proximity to know where I'm at and it has the ability to know um if I'm having a cardiac event and it could call 911 and transmit that information to that um that entity so that they could come and pick me up, you know?

Nick Mellem 22:58

And then also sending that information to the hospital when you're en route to the hospital and everybody's just ready to go.

Victor Barge 23:05

Exactly. And so, because one of the things I've become very aware of is no matter who you are, like if something like this happens, you have very it greatly depends on where you are and who you're with as to your chance of survival. Like in my situation, a whole lot of things w fell into place and they had to at the right time for me to be here talking to you today. But I can't always guarantee that those things are always gonna happen that way if this ever happens again. And I think about all the other people that may not be as fortunate or be in a situation where those things aren't happening. Maybe you're in an airplane, maybe you're on a camping trip, maybe you're you're somewhere in between in a car driving by yourself. Like you just don't know. We have to live our lives. But if technology can provide us with a greater level of security and access to medical support, I think it greatly improves our outcomes.

Joshua Schmidt 24:10

Not to minimize the uh impact of that event that that event had on your life, but to ex take away, you know, um, like a learning opportunity from this. How can we I I see a lot of parallels between what you you went through and um you know, dealing with breaches or working with organizational health. And we can we can draw a lot of parallels, like you just mentioned, it was imperative to have that that personnel on board at the right time. You know, if I can kind of relate that to how we deal with organizational breaches or we're remediation processes. Um do you guys see some parallels there that that would be worth uh exploring?

Wearables, Privacy, And Risk

Nick Mellem 24:52

I think the one I'm thinking off the top of my head right now, and I don't know if it's the best answer, but this is what popped into my head. Oh oftentimes we hear as especially as contractors, they bring us in after the fact, right? So you're getting this, you know, life-saving measure after the episode. That's what happened to Vic as well. But if you know this is a potential issue, why are organizations waiting to make that fix? Because they know that they spend the money. Okay, well, if you don't spend the money now, maybe your cybersecurity insurance premium goes up, right? And if you were to fix it months ago, that would go away, or you might have not had that risk. So for me, is Vic is explaining we have this technology, why don't we use it to do these three, four, or five things better? Well, this is the same thing we're dealing with in our industry. We know we could implement these five tools or devices that can make our lives easier, but instead we know about it, but we're not doing it. We're not taking these uh measures, you know, this medication, you know, if in this in the medical medical industry, you're not going to see the specialty doctor. To me, it's it's the same sort of thing.

Eric Brown 25:58

And it's got me worked up, Nick, because let's go. This era we love. We've we've recently had a few conversations with customers or potential customers that have suffered a security event and they're working with some managed service provider. So we'll get in there and we'll see, okay, what's going on? Well, they had a breach, and then we find out that they didn't have MFA. And it's like, well, what are you doing? How how could a managed service provider allow you to operate without having MFA? Like, there is no excuse that you would run an organization and not have multi-factor authentication enabled. The response from the managed service provider is just like laissez faire. It's like, well, you know, they they didn't want to put it on. It's the no, that's not an excuse. Like, you will put this on and, you know, we will help you put it on, but you are not going to operate an organization with people's data that you don't have MFA on. And, you know, we'll draw a hard line in the stand. We're we're not going to take on any customers that don't have the internal fortitude and respect to want to operate in that capacity where they're going to have MFA. So that's fine. You don't have it on today. But if we take you on as a customer, you will have it on, you will have email security, you will have endpoint security, all of these things that, to your point, they're, you know, Josh and Nick around how is this happening? Well, it's happening because parents, in this case, managed service providers, are allowing their children to eat nothing but glazed donuts instead of fruits and vegetables, aka have a heart attack years later. Vic, I'm not saying that you're eating just donuts, but you know, the analogy be is applicable where there's just not that due care. Uh, that is really the responsibility of that managed service provider.

Continuous Monitoring Mindset

Victor Barge 27:59

Yeah, I agree with you, Eric. And from the patient's perspective, like I didn't get to pit the type and model and brand of defibrillator that got put in my chest. You know, like with medical experiences in our country, there's not a lot of transparency around um being able to make those types of selections in life-threatening situations. So I would think that the burden of that should probably be more federal compliance around device makers. Um, and I would say that from a product development perspective, security and best in class security has to be part of product development for these types of devices, or else those companies will go out of business. Because if they build devices that are not secure from a data security perspective and they're compromised, and that information gets out in the marketplace, then the amount of litigation and the amount of people that would not be interested in buying their products would probably end that product and possibly that company from being in existence. So it's not an optional thing, it's a requirement to do business.

Joshua Schmidt 29:18

You know, if we think about the analogies here, it's just rife with analogies. So thank you, Victor. One, I'll just like to put that out there for letting us pick apart this, you know, very serious, life-altering event and and relate it to things that but I think I think that's an awesome opportunity you're providing us because it actually provides weight to just how devastating personal events can be. But um, if we kind of can relate, you know, maybe not having MFA to the doctor not sterilizing his equipment before performing surgery. What could we relate this IO thing? Because that sticks with me as a part of your story. Extremely painful life-saving measure. What kind of things have you guys had to implement, you know, that are, hey, this is gonna hurt? You know, I mean, I can see Eric coming into a boardroom and be like, this is gonna be extremely painful, but this is this is what we're doing today, and we have to do this.

Nick Mellem 30:13

You know, it what's getting painful these days is not the uh probably the typical answer, but I'm thinking about how much I hate to do a cybersecurity insurance audit. That you know, that can that's not uh a fun audit to go through, I think.

Eric Brown 30:28

You don't like those?

Nick Mellem 30:29

No, it's kind of fun because you know the money train is coming. It's not my money, it's not coming to me. But I do love the audits. But I think I was thinking about it in the audit world, and I think for some reason those things are so long. They're so long. Oh, you yeah, you know you got to strap in for it. Oh, it's a brutal. But that that's not a good example because it's not that painful. I can't compare it to Vic's way more badass than that.

Real-World Device Vulnerabilities

Eric Brown 30:52

He's sometimes we'll go into an organization and and they've got you know some tech debt or what have you. And you some you get in a wrestling match sometimes with developers or engineers that have really been allowed to behave in certain ways that have been uncorrected. So it's like bringing in a wild animal from into the house and expecting it to use the kitty litter when it's just it's all over the place, right?

Joshua Schmidt 31:24

Um, one of these is the analogy episode, by the way.

Eric Brown 31:28

One of these is I don't know what it is with these system engineers that think it's okay to store passwords in a spreadsheet on their computer or on a shared drive. Like, hey, it's 2026. What are you doing?

Nick Mellem 31:44

Put it on a post-it note.

Eric Brown 31:46

It's the same thing. On the table. What are we doing? And I'm talking not, I'm not talking about, you know, the coffee shop down the street. I'm talking about billion dollar plus organizations where this behavior is is occurring. And I mean, it can't always be the security team to say, hey, you can't do that. And they're like, oh, oopsie, you caught me. Okay, you know, I'll put the passwords into the pan tool. Like, we got to have some personal accountability as adults and engineers to do the right thing and not put passwords in spreadsheets and think that that's okay. Everybody, every engineer knows that that's not okay, but yet we're still doing it.

Victor Barge 32:30

All of those systems and things had to come together, right? And so, like the the maybe the learning from that is um you never know what the outcome would have been if you didn't take precautions, right? You may never know until it's too late by putting that password in that spreadsheet what the outcome of that would be. But you do know that if you take the appropriate measures, you reduce or eliminate that risk.

Eric Brown 32:59

We ought to be able to, as consumers, see some of these scores, right? Like you're in the ambulance, Vic, you can go to one of two hospitals. One of the hospitals is a one out of five on their security practice. Yeah, the other one is a four out of five.

Nick Mellem 33:15

Where are you going? Well, that might be a feature maybe coming up if Tesla may start speaking like ambulances or something. Like, you know, you just get a click it on the screen and it just takes you to the hospital.

Victor Barge 33:26

Well, I tell you, now that I have this uh supercomputer in my chest, maybe and if it can start making those decisions for me based on my preferences, maybe uh that's the next level, right? So it knows that I have great insurance through my employer and it knows that I want uh great cardiac care. And so whenever it calls 911, it can tell the 911 guys where to take me.

Joshua Schmidt 33:56

Uh would it be safe to say that you you you have kind of um a more of an ease going into the gym and and living your life knowing that you kind of have that insurance to back you up? And I would probably relate that to you know security in general, whether it's personal data or like organizational data.

Ransomware Scenarios And Harm

Victor Barge 34:12

Absolutely. So in my situation, I had a risk that would I had no symptoms of and I didn't know until it happened. But once it happened and I have the defibrillator, my cardiologist is very clear. And he says, you know, we're all gonna die of something, but you're probably not gonna die of this because you're one of the lucky guys that got one of these, and so you get your life back. And um, that's how I know that um I got another chance to actually, you know, uh return back to a healthy lifestyle. But a lot of people don't have that, and we have to have those systems in place to make sure that if people are fortunate enough that they actually experience positive outcomes like me.

Joshua Schmidt 35:02

Excellent. Well, thanks for sharing that again, Victor. It's been an awesome time chatting with you today. We've been joined by Victor Barge from IT Audit Labs. We also have the usual suspects, Eric Brown and Nick Mellum. My name is Josh Bushmid, your cohost and producer. Please catch us every other week. We release on Monday, and then we have random Field Note live episodes throughout the month, each one each month. And we also have Sip Cyber presented by Jen Lotsi of IT Audit Labs as well. And you can find all that stuff on our website, ITAuditlabs.com. Please like, share, and subscribe. And uh please re leave us a review if you get a chance on Spotify or on Apple Podcasts. Thanks so much for joining us, and we'll see you in the next one.

Eric Brown 35:41

And most importantly, follow me on LinkedIn. You have been listening to the audit presented by IT Audit Labs. We are experts at assessing risk and compliance while providing administrative and technical controls to improve our clients' data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, where all our security control assessments rank the level of maturity relative to the size of your organization. Thanks to our devoted listeners and followers, as well as our producer, Joshua J. Schmidt, and our audio video editor, Cameron Hill. You can stay up to date on the latest cybersecurity topics by giving us a like and a follow on our socials, and subscribing to this podcast on Apple, Spotify, or wherever you source your security content.