Why Organizations Need A Cybersecurity Expert On Board With Ranbir Bhutani

In this digital age, almost anybody, even the big names, is hackable. That is why there can never be too much regarding cybersecurity risk management. You have to do your checks and balances to assess your level of risk and prevent future attacks properly. In this episode, the CEO and vCISO of CyberCulture, Ranbir Bhutani, joins us to discuss how they are helping organizations navigate the world of cybersecurity and overcome the biggest challenges in this area. He dives deep into regulatory requirements and highlights why, more than ever, businesses need to bring somebody with a cyber background on board. The World Wide Web is a dangerous place. No data is safe. You need to put safeguards in place to avert any breach. Follow as Ranbir brings forward the importance of cybersecurity risk awareness. Let this conversation give you insights into how best to protect your organization, people, and customers

Watch the episode here

Listen to the podcast

Why Organizations Need A Cybersecurity Expert On Board With Ranbir Bhutani

In this episode, we’re joined by the CEO and vCISO of CyberCulture. He’s an avid runner and a family man. Ranbir Bhutani, welcome. Thanks for joining us.

Thank you.

We’ve got our first question for you starting out here easily. It’s our epic question of the day. If the cyber risk was a pizza, what’s the riskiest topping you have seen, and what topping would you equate it to?

Based on that question, the riskiest topping would be putting anchovies on your pizza. It might be questionable. Not everybody’s a fan, and not that those toppings are unavailable according to the pizza business, but I’d say that’s pretty up there.

How would you equate that to something you’ve seen with your customers or somebody doing that risk factor? If you got a pizza for all your kids and everything else and put anchovies on it, now what?

It’s to your taste buds, but in relation to the cyber world, both of you have seen it. I’ve seen it. The riskiest component is when you have an organization allows its employees to use their personal laptops where you have no insight into it or know if they’re updated on the latest patches or operating systems. That’s where it starts because the idea is that an employee clicks on a phishing link, for example, through corporate email access. Yes, maybe they come in via VPN, but it introduces malware, ransomware, or a phishing campaign, and now you have bigger problems. That’s where it all starts.

That’s their anchovy on the pizza. It’s great. I appreciate that. In regards to your role as CEO and vCISO, what’s been keeping you up at night?

I don’t think it’s been necessarily keeping me up at night, but the thoughts raced through my mind as far as either organization cares about the safety or the protection of their sensitive data. For example, if they’re housing or storing any versus if they have somewhat of a cyberprogram in place but don’t understand what the next steps are. It’s because it’s all relative as far as having compliance and security stack technologies.

You put everything hand in hand. They’re doing, for example, penetration testing on a consistent basing, spreading security awareness training. Your employees have access to your organization through your networks and sensitive information. Naturally, it seems like it’s all over the place, but A) It’s honing in for business owners, leaders, C-level executives, and board of directors and understanding a story as far as how to build an effective program, and B) Educating your employees and having the technologies and the compliance in place. There are many different moving components and pieces.

It completely makes sense, and I agree with you. What do you find to be the best way to have them stick with a cybersecurity program?

It starts at the top. As business owners, we sometimes fail to do it our own selves as far as making sure we have protections in place and making sure employees are understanding the importance if they see anything suspicious and malicious. What keeps a lot of business owners or organizations up at night, especially if they’re handling or managing sensitive data, is if they’ll be a target of a next breach or cyberattack.

I don’t have to say the big names. Anybody’s hackable, even the big names. The truth be told is do your checks and balances. Yes, auditing and oversight are one part of it. Also, compliance puts the puzzle pieces together, but that’s where cyber has come from. At the end of the day, what is cybersecurity risk management? What is the level of risk an organization is willing to accept based on some of the programs and even with the combination of technology, people, data, environment, and costs at the end of the day?

Do you use a framework for managing this?

There are many frameworks. Everything ties back to NIST, like GDPR, ISO 27000, SOC 2 Type 1, and 2. I can go on and on, but naturally, it hones into NIST and the controls that the organization is abiding by or implementing. Here’s another good one for organizations that are industry agnostic. For example, the federal government all day every day uses NIST financials such as PCI, DSS, ISO, and GLBA. It’s following those types of frameworks that keep them from the compliance standpoint.

Naturally, it’s going into an organization like manufacturing. The center for internet security is a good example. Version eight tells a story of having identification and authentication or some type of security awareness program or some type of configuring. I can go on and on with the controls and not go deep dive, but it’s going in that organization. Let’s say they don’t even have anything or a program in place, but coming in as a subject matter expert, we know which framework may meet best for them. Naturally, in public and private, at least in the United States, it’s the Wild West for cyber until the federal enforces, and I think that’s happening soon.

You started from the top down. It resonates with me. That concept of cyber risk is that we always often say compromise is a matter of when the way that businesses are being run these days. You should be part of that equation, but cybersecurity is a 50-year-old ground war that we’re struggling with it. There’s this new air war evolving about what regulatory changes and cyber laws are. These are the things that they’re trying to hold executives and board members accountable for. I’m tying into that all these regulations. What is your biggest challenge in meeting the regulatory requirements now?

At the end of the day, it goes down to the business owners of the company, the board of directors, and C-level executives, plus the resources whether they have the subject matter experts to successfully execute a program, for example, especially in our world. As big as it is, we’re a very small community. How do we go out and help them understand the importance of protecting their data and them seeing the challenges from that standpoint?

I’m sure both of you have experienced it as well. We could sell all day long. That’s great to hire vCISO or hire some expert to come in or hire even a CISO. CISOs are having a very much tough time rocking a hard place because they’re held liable if a company gets breached. That’s not fair to them. You understand the amount of stress that they go through every day because there’s a breach and the fear of getting attacked.

It’s everyone in the company that should be held liable. Going back to the classic phishing link example, it happens all the time. Sometimes they hide it or sometimes, typically, you got to report it to your IT department or your security department. Those are the challenges, and I hope you agree that securities are all over the place. Either it’s under IT or the security department that has physical security, legal, and fraud.

I hope both of you agree. It is its own entity. It always has been. Being under IT is keeping the lights on. That’s another scenario I’m running into, especially when I left the corporate world. They had security operations under infrastructure engineering under IT. The CISO was part of the board, “Why are you putting a CISO under this?” Put everybody together. Have its own business unit or department and let them do its thing. I get it. Maybe CISOs under a CIO or a CTO. They’re very technical. They’re not going to understand cyber. We understand it’s not only technical but also from a very strategic standpoint because you got to understand their business first in order to help and guide them in building a successful program.

Is there a solution out there that you’ve seen or that you’ve implemented? Let’s face it. Eradicate the bad behavior happening at the board level or in the C-Suite, and they may not even be aware of the fact that they have the bad behavior because they need the education. If you remember, it’s top-down. How do you do that?

Typically, when I speak to any potential clients or someone that wants a consultation, what I naturally do is listen and hear them and learn everything about their business. I not only do my research and due diligence but understand some of the challenges and frustrations that they’re facing because they’re not going to understand our world.

There was an article posted back then. I forgot if it was Forbes. It is one of those big ones. It’s saying that Fortune 500s are starting to recognize bringing somebody from a cyber background to their board. That’s amazing. That’s big news for us because whether they hire somebody fractional basis or not doesn’t matter. Bring the expert in that understands that the board mostly processes. They are process folks. All they look at is a process, how it’s working, how it’s not, “This has been working for some time, but now let’s look at some other avenues,” and they come from many different backgrounds.

They may have served on many other boards. If you bring in a strategic person with some technical background, you have someone that can come and help them because now they have the ability to speak rather than putting a CISO in that role who’s very technical or compliant. I’m assuming that’s most of CISO’s background. Sometimes you get the mix of the two, which is unique, but that’s only giving you some of the feedback as far as what I’ve been seeing. I don’t know about you guys or what you’ve been experiencing as well.

Let’s confess what we’ve seen. There are always two groups in the executive suite, those that believe and those that do not. Whether it’s because of culture and mindset or they believe their footprint of cybersecurity is addressed is another thing. Ultimately, we see these CFOs or any C-Suite member. It’s not only the CISO. When you start talking about risk, they’re going to want to be involved. The whole C-Suite likes to be involved in three kinds of discussions, which are those that increase revenue, those that reduce costs, and those that address substantial risk.

What we find is that you have these executives in the not-on-board area who are like, “My ground war guys got it,” as I referenced the cybersecurity ground war before. However, they don’t necessarily realize that there’s an air war happening in regulatory compliance, call it data privacy laws or what have you, emerging that they need to be aware of or don’t take it seriously.

The ones that are looking at it are going, “This is important because I’m potentially personally accountable with some of these laws.” They’re in that other group of yeses. Those that are in the yes group, even if they have an incident, we’ve seen those situations of regulatory acceptance damage. If there is risk involved, it’s addressed. Those that are in the other group are the kinds where we get that call that no cybersecurity CEO or cyber risks or whatever you’re doing in this industry never wants to get, which is the help. I know what you’re going to say. “I told you so,” and, “You told me so, and I’m wrong.” We don’t want that call. Is there a solution? How are things going now?

You’re hitting some great points because we’ve seen it all. How do we go back to them from a very strategic level? I don’t know if you’ve noticed this or other folks that are focused in our realm or in our world to where “How do you prove cybersecurity is a sound return on security investment or real estate?” I’m sure both of you understand with a collection of a few data points like the cost of their assets or servers, networks, and the different business units that they have.

This is one of my deliverables. I’m not selling to you. I’m only giving you the idea that, let’s say, their HR department and, after doing a scan, the C-Suite and board of directors do not want to know what a CVE is, or they could care less. In our world, a high finding is like, “Whoa,” but in their world, a high finding doesn’t equate to dollars. How do you go to them and tell them a story, “Mr. and Miss CEO or Mr. and Miss Board of Directors, if your HR department got breached, it was rated 8 out of 10.” Meaning it’s at the high-risk level that it would’ve cost them about $300,000 if they got breached.

Now, that’s only the baseline. That’s not including the loss of customers and employees because they got breached. Just because they got breached doesn’t mean that folks are going to stop using the service. Again, it’s what the company is at and what level they’re at as far as data breaches or data leakage. Naturally, that’s giving you an example that when you showed them the data, and it doesn’t have to be a SaaS or an application, it’s hard facts, then it gets their attention because they’re like, “Wait a minute. You’re saying I can lose a couple of million dollars?” “Yes, that’s just the base.”

With a formula and a gathering of a few data points, you can easily calculate that. It puts you in that accounting realm but not really. Now, you’re showing them, “Here’s your risk level.” They’re seeing actual hard numbers, and all the technical information stays with their technical team if they have one or they outsource it through an MSP.

You’re going to see the changes coming in terms of the mindset of the larger companies. The one thing that we have learned is that there is a front of risk mitigators, primarily in legal, that are trying to pursue the market and talk to CEOs and the boards as well as to what they’re going to need to do. Perhaps, there are three messages that we tend to hear from these tech and privacy attorneys mainly.

It’s funny that you say, attorneys. Yes, they’re in either Corporate Law or follow a specific path. Their career feels past because it’s according to a law that this must be followed, etc. It’s the same thing with the accounting field, but cybersecurity is getting into that realm where it’s regulations, certain acts and laws that are coming into fruition, and even a combination of some number crunching. Especially at the board and C-level, it’s very strategic at the end of the day.

You can talk technical to them all day long. They’re going to turn you off in a heartbeat, and that’s the truth. Here’s another example. Are you both aware that SEC proposed rules on cybersecurity risk management, governance, and incident disclosure by public companies? They released this on March 9th, 2022. I believe it’s going to get passed. That’s a game changer for our industry because now, in the United States, at least, they’re enforcing that you report a breach.

I hope both of you agree that experiencing a breach is not a bad thing. It’s a lesson learned. In a lot of companies, things are running around their head or a dog trying to chase its tail. If you had put some preventative measures or hired not even a resource but a cybersecurity subject matter expert, then they could have had all of these things in place, including the technologies and compliance. Educating your employees is the most important. Employees, especially at the top, will search some sites. Maybe they get bored. It doesn’t matter. There is no judgment here. You do what you do, but my point is that this happens all day, every day, and I hope both of you can agree on this.

Generally speaking, there are a lot of people in leadership that are out there that have the mindset of, “Here’s a risk. I’m going to address it. If it starts to become substantial or revenue-impacting or there are cost increases, I’m going to roll up my sleeves and get my hands dirty.” When marketing has an issue, they know enough about marketing to lead that. If operations have an issue, as a CEO, you know how to lead that.

However, when it comes to it, there’s a percentage of CEOs out there. I’m not going to say what I think the percentage is, but it’s pretty high, “It’s got a blinking light. Toss it over the fence to IT,” and they run the other way. That’s part of the problem. What I know is that they don’t go to events at all. They have to count on their leaders to educate them. Where a lot of things tend to fall down is to get change in that mindset of that CEO, you have to learn this. You have to help the tech team as you helped all these other leaders that report to you.

That’s what’s changing because of the regulations, but what I’m trying to understand is that’s only the top. It’s going to take forever to cascade down to all the other mid-size businesses and small businesses. It’s going to create years of frustration and incidents. We’re trying to find the light at the end of that tunnel, whether it is how you’re doing things now, the events that you attend, or what books you tell executives to consider or read, even if it’s the Blinkist version, that 15-minute version read.

There’s a saying. You lead water to the horse, and it’s up to the horse to drink it or not. These are the scenarios that I’m sure all three of us run into. It’s interesting because the CEO has a lot of responsibility even in our own companies where we come up with some of these challenges and try to say, “How do we solve these challenges?” That’s what we’re doing to these companies and listening to their challenges.

You get the CEO that wants to be the jack of all trades and master of none. This happens all the time. Even we become culprits ourselves, but not in a bad sense because then now we realize, “What do we need to focus on? What worked? What did not?” Having a conversation with a C-level executive, at least for me, is the easiest conversation. Not only because they’re at the top but because they make the executive decisions to successfully run that business regardless of what industry. The beauty of cybersecurity is it applies to every single industry.

It doesn’t matter if somebody comes to me and says, “Ranbir, we don’t have sensitive information, but what about your human resources and Social Security Number for your employees or the identification number? A lot of personal information is there. How are you protecting them?” “We have it on a Dropbox.” Even in law firms, $10 million, $15 million, or $20 million contracts, “How are you storing it?” “It’s on Google Drive.” “Do you have that MFA-enabled?” “I don’t know.”

This can go over and over in our heads because we’ve seen it, and we try to help. Sometimes I feel like I’m his advisor or therapist here. It’s a scenario. It’s not about closing the deal, grabbing the sale, or becoming their virtual CISO because every client is unique on its own as far as how you’re trying to help them. You’re coming in as the expert, not the other way around. They’re looking for you. It’s like a legal counsel.

Do the CEOs or the board of directors try to say, “Let’s look up the law books?” It’s a 1,000-page law book on Corporate Law for example. They’re not going to go there and read it, but you’re paying for that. That’s where we’re going. Once it’s enforced and acts come about in the US, it’s going to be a game changer. The culture of cybersecurity is changing, and I hope you both are seeing that as well.

Along those lines, what excites you about the future of cybersecurity?

We’re just getting warmed up. It took about twenty years. AV wasn’t a solution for security because it was still part of IT. The classic, “We have antivirus.” We have a sim now from the DARPA days, but it’s definitely changing, and we do not even have technologies in place. How do you even know that technology’s secure? You have all these companies selling SaaS, and they don’t even have half of that stuff secure or they’re whitelisting a lot of that. They’re using even another third party to sell something. With startups, let’s be honest, security is not the first thing to think about, and maybe that might change.

When we talk about excitement, I have to concede. For me, it’s not about technology. It’s beyond technology. It’s the footprint of technology that the technical teams are generally going to be working through. It’s how you address the behavior and the mindset of the executive team to adopt a culture of cyber risk awareness and often all security awareness training. You can send everybody through a bunch of classes, but are they going to listen? Are you sending the right message as an executive that makes sure people are doing the right thing, especially when nobody’s watching? Those responsibilities own them as well.

Those are excellent points that you’re bringing out. Let’s hone in on Zero Trust Architecture. NIST pushed that out not long ago. Every company was scrambling to say, “We’re Zero Trust,” I hope both of you agree that it’s not an actual technology. It’s a concept and a mindset. “Let’s go back to our Active Directory days and lock down everybody’s access and not even give them access to the web.” Good luck with that.

My point is that the World Wide Web, you could call it a very dangerous place because sometimes there are a lot of sites that are malicious out there. There are billions and trillions of domains out there now. How do you keep track of all of that or at least limit access to your employees? Going back to the Zero Trust concept, that’s one aspect of it.

Somebody was telling me that it stemmed from a Russian. I forgot the gentleman who created the theoretical component of it, but literally, it’s somebody standing next to you watching what you’re doing. We put it in terms of being here, at least in the United States and perhaps Canada. My point is that zero trust is like, “Trust your employees to have limited access to do their work.” Putting my technical hat on, “Why don’t you give them virtual machines that will lock down and give them access to applications that they only need that don’t even go out to the web?”

You could build that right now through AWS. It is one big vendor. There are many others out there. The idea is to limit access. Mostly, everybody’s working from home so you would assume that the big names telecom companies have those protections. I’m sure they have an internal team that’s monitoring that stuff, but always add another layer. Employees may not be too thrilled about that, but that gives you more relief at the top to say, “They’re accessing what they need to do their work and not just surfing the web all day,” if that’s what people do.

I imagine that there are quite a few service providers that are out there, and there are different types as well. When we talk about large service providers, that’s where I come from. I come from what essentially was a backbone engineering design function and what was once Verio NTT years ago. Service providers are unique in the sense that when they’re doing the traditional IT function, those engineers and people who work, that’s revenue-producing.

Believe me, there’s support, and things are going down. Things are staying secure, but for the customers and users that are using that service, it’s meant to be neutral. The internet is supposed to be neutral and free in the traditional sense. You do wonder, from a service provider perspective, whether it be software as a service provider, IT service providers, integrators, professional service providers, and content companies that are providing content services into the service provider category.

In my mind, I often wonder, when you get into enterprises that are maybe going through digital transformation, part of the cultural problem is it might be this issue of, “I manufacture a widget to ship it. That’s what produces revenue for me,” but IT cost centers and those sorts of things, that’s a cost. I’ve had situations where I’ve had leadership from CFO to CEO, especially the CFOs, they see the IT leadership groups, and they go, “I don’t like you guys. You cost me money.” Part of that function is, are we in a losing battle when it comes to these organizations that haven’t adopted the reality that we’re living in an internet-delivered world and how important it’s to them?

Those are great points. I don’t believe we’re in a losing battle. We’re in that battle that is finally getting some recognition. Even NSA posted something not too long ago in regard to an act for cybersecurity. It’s happening. It just took time. If you go back in time, I didn’t experience the past, but assuming where roles like lawyers and accountants because of the development and building of an infrastructure and environment that had all these policies, procedures, acts, etc., because of technology, I would say it’s still new even though it’s been around for a long time.

 

We’re getting to the point of, “Where are some of the breaking points as far as what we’re doing in our mission and cause to continue to keep at it because things are going to change?” Again, there’s not enough of us. There are over three million jobs in the US for cyber. Most of these jobs want some experience. You got a college graduate. How are they going to get in unless they interned for that company? Those are some of the challenges, but there’s something bigger that’s happening. I don’t know if both of you’re seeing the shift too.

Ranbir, tell us a little bit more about yourself. I understand you’re located in Virginia.

I’ve been in the cyber industry for many years. I was fortunate enough to work everywhere, from an individual contributor, security operations, and engineering to response and insider threat all the way up to the CISO level. Naturally, I saw something bigger here because I’ve been in the industry. Working in the corporate world was great. I’m truly blessed to have been in that world, but for me to tell my story, I had to branch away and build my company, which on August 31st, 2020, I started a company during a pandemic. I can’t go to events. I can’t touch cardboard. Everything had to be virtual, and LinkedIn has been one of my biggest saviors here. At least to say that building a company is easy, George, everybody would do it.

It’s been a very interesting journey. Both of you will start to see there’s going to be a lot more traction. In our world, you don’t know what you don’t know unless you speak to someone about it. Cybersecurity was never taught, like manufacturing. The internet of things is getting hammered right now. I’ve seen this through one of my business partners. He’s also the CEO of a manufacturing firm.

They have a bunch of clients. The diagrams have their machines connected to switches with no layer of protection and no firewalls. It’s no joke. I don’t know if you’ve seen those types of diagrams. You get attacked easily, and that’s it. You’re down a million dollars because all microbes have a very limited lifespan, and they have to clean those machines, an administrative nightmare, at least for that manufacturing firm.

That’s my background, and I’m going full force. Consulting and services have their challenges, but the SBA has over 30.2 million businesses registered. There is plenty of business out there and even some medium size and even larger businesses that have CISOs in place. My goal is not to replace the CISO. It’s to come and support them and guide them into success or at least get through the board or C-level executives that they may have been challenged too right now.

POP – DFY 4| Cybersecurity

Cybersecurity:
My goal is not to replace the CISO. It’s to come and support them and guide them into success.

Tell us something about your education. Where did you go to school? Where did you get all this great knowledge?

In school, it’s dated 7 to 10 years back all that knowledge you learned, but it’s the same principles and concepts always, at the end of the day. I went to the University of Maryland in Baltimore County. I graduated in December 2003. I pursued my Master’s in 2013 at the University of Maryland Global Campus in Cybersecurity. I have about two graduate certifications.

It’s all relevant to what I’m doing now, probably but no security certifications. Those are important, whatever floats your boat and whatever can get you into an opportunity. Education does tell a story that you know you’re an expert in knowledge, but sometimes the output may not be that great. It all depends on what things you’re good at, in general.

Where did you gain your wisdom?

With time comes wisdom. To share a little history, this is the fourth company I started. The previous ones were lessons learned for my success now. It’s trial and error and meeting great folks like you two. Also, spreading the word and getting to know folks. That builds over time. I hope both of you agree.

We all must fail to know success.

Failure is not an option, George. If all else fails, go back to the corporate world. I’m not going back to the corporate world. Not that it was a bad experience, but it was an experience that led me here. Sometimes it takes time for you to see a vision.

If you could go back in time and give your younger self some advice and wisdom, what would that be?

Tune out the noise. That’s it.

What do you mean by noise?

We’ve all been in the corporate world. We all have dealt with the dramatics. We’ve all dealt with, “He said, she said, Sally and Harry said.” When you move away from that and focus on your own success to where you want to be, that’s growth. If I go back to my younger self, I would tell myself to keep my mouth shut and listen and don’t talk much.That definitely will get you places as opposed to, “The loudest person in the room is typically not the person that’s excelling,” in my opinion. At least, I could be wrong. I’m sharing you, at least in my younger self. I learned through a lot of rocks and stones and rumble and brick walls to get to this point. If you want to build success in your life, always be passionate about it and love what you do. That’s very important. That’s the way I see it.

Speaking about passions, what are you passionate about outside of work?

I like spending time with my family. I like to sometimes build some model cars. My son’s crazy about this Pokémon. Every day, he’s been wanting a different Pokémon. I should be investing in the company that owns it, whoever owns it; maybe Microsoft knows. My point is that spending time with family is very important. It’s having that well-balanced life. Working 10 to 12-hour days, at least for me, is quite effective. Outside of work, focus on things that you love to do, like listening to music or going for runs and getting some nature in whatever you want to call it. It’s those types of things that sometimes break you away from business for a moment. I hope both of you do the same.

We do. I can relate to the Pokémon thing. I’ve had three kids. One was train tracks. I can’t even remember what they’re called. I’m trying to forget because they were so expensive.

There are so many names. If you think about it, I used to watch Pokémon. I probably was in my twenties. It’s not that age matters, but some of those cards are worth hundreds and thousands of dollars. I didn’t think to collect them. I just watched the show and then was like, “Did you ever collect Pokémon?” I was like, “No.” I collected baseball and basketball cards and Michael Jordan days and Cal Ripken Jr. if you guys have followed. The point was there’s a binder somewhere in my parent’s house that I told my son to ask my mother because I have three. We’re done. We got a village of kids.

That journey of spending time with family and each one can be so different. Roll with the punches when you got to take the pocketbook out. I can relate to how some of those things can get a little expensive now.

They are their own people, and they’re figuring it out. We’re there to guide and lead them to their own success. At this point in time, I believe in our kids’ generations, it’s going to be very different than at least the way we were raised. To share with you, my mom was pretty strict, like, “Get your degree. Get your education. Become successful.” I am giving you some of my background.

Ranbir, how can people get in touch with you?

They can either visit my website or connect with me on LinkedIn.

Go ahead and tell us your website.

It’s CyberCultureLLC.com. Hopefully, I can get rid of that LLC, but domains are limited, unfortunately or they’ll cost you an arm and a leg. Both of you know that sometimes.

Do you have any personal websites or anything else that we should be aware of?

No, just a business website and LinkedIn. That’s where it starts. That’s how we all connected here, which was pretty cool. You meet so many phenomenal folks, and I’m blessed to have met both of you and to be doing this show. It’s pretty cool.

Ranbir, I appreciate your time. Thank you very much. This is one of the first shows that we’re going to be producing. To our audience, thank you for reading. We hope you learned something, laughed, or something. Please feel free to tell a friend about this. Thank you for your time.

John and George, it’s a pleasure meeting both of you. It was a pleasure to have this conversation.

Thank you.

Take care.

Important Links

About Ranbir Bhutani

Well over 20 years of cybersecurity experience.

Worked in multiple industries, including Federal Government (Contracting), Financial, Healthcare, Manufacturing, Technology, and Consulting Firms.

Worked in all realms of cybersecurity including; Security Engineering, Incident Response, Vulnerability Management, Penetration Testing, Insider Threat, Threat Intelligence, Governance Risk & Compliance (GRC), Network Security,

Security Architect, CISO, and vCISO.

Partner at Ingram Advisory Group

vCISO at many companies