In this session, experts in government and industry weigh in on the technology and tactics necessary to stay one step ahead of the next threat.
Anthony Jimenez
Welcome back to CarahCast the podcast from Carahsoft, the trusted government IT solutions provider subscribe to get the latest technology updates in the public sector. I'm Anthony Jimenez, your host from the Carahsoft production team. On behalf of GovExec and Carahsoft. We would like to welcome you to today's podcast focused around FedRAMP. How is the current threat landscape revolutionizing cybersecurity strategy? How can leaders better execute data driven responses to cyber threats? In this session, experts in government and industry weigh in on the technology and tactics that are necessary to stay a step ahead of the next threat.
Anne Armstrong
Well, good morning, everybody. Thanks for being here today. I'm Anne Armstrong as Troy mentioned, VP of strategic alliances at GovExec. And it's my privilege to moderate this morning's discussion on the role of data and risk management in the new threat landscape. In a world of ever evolving threats. cybersecurity experts recognize that an attack is not a matter of if, but when a new horizon of cybersecurity requires not only prevention tactics, but a more critical focus on risk management. And joining me this morning to discuss the new threat landscape. Starting at that end, Gabriel Davis risk operations team lead at Cisco, Susan Valverde, the Senior Manager of federal Solutions Engineering at Oracle, and Juliana Vita, the Group Vice President, Chief Strategy advisor for public sector at Splunk. Thank you all very much for being here today. Before we dive into the discussion, it's often helpful for people to know a little bit about you. And they may not have all done the QR codes to look for your backgrounds. So, you can give just a brief explanation of sort of what your job is. And maybe appropriate background like I know Juliana has a different background than one might expect. But Gabriel, you want to start?
Gabriel Davis
Yeah, absolutely. Again, thanks so much for having me here. And you know, my job is simple, right? I work at America's Cyber Defense Agency. So, we're responsible for reducing risk and critical infrastructure across state local governments and also in private organizations. So, what I do in my job is I go out and actively enumerate vulnerabilities, and drive down the risk by making targeted notifications to those organizations that hold those vulnerabilities to remediate them in time to prevent an attack.
Susan Valverde
Thank you for having me. Susan Valverde, I'm Senior Manager at the federal team managing a team of enterprise cloud architects. Each member of my team has a number of departments and agencies that they're responsible for working very closely with those customers and understanding where their direction is, as far as modernizing moving to cloud, and then helping them to see the benefits of the Oracle solution.
Juliana Vida
Hi, I'm Juliana Vida, I'm with Splunk. I lead a team of business value advisors, and industry advisors, and technology advisors to talk to customers in the public about the value that they can get out of leveraging Splunk and their investments in Splunk. If you're not familiar, Splunk is a full platform data company. We have SAS products too. And we help you turn data into doing we say, I come from this job. From a full background in the government. I'm a retired naval officer drove ships flew helicopters, I wound up in the Pentagon, and was on the CIO staff for several years. So, bring that operational focus. And that having been there done that focus from being a government leader to help have robust conversations about what we all can and should be doing with data. Thanks for having me.
Anne Armstrong
Oh, looking forward to that conversation. What are some of the emerging trends in the threat landscape that you're tracking right now? I can say personally, yesterday, I got a notification that my information had been compromised through the movement, and it's my life insurance apparently compromised me but obviously, the threats are emerging. We'll do a jump ball. Who wants to start? Gabriel, do you want to?
Gabriel Davis
Absolutely. Okay, so move it right. One of the many disclosures that we've had in recent time, that showed the vast landscape of how threat actors can leverage vulnerabilities and you know, execute on target to exploit and remove that information from the end users like yourself. So, we're seeing first and second order effects from that. So obviously the organizations themselves are vulnerable. But now what about the consumer at the, you know, at after that now the consumers lost its data? Well, we're trying to do is we're seeing that these threat actors are not slowing down. That's just not going to happen. We're also seeing an expansion of our networks, more things are becoming it connected, and we're having OT being brought into that as well. So, the landscape isn't getting smaller, the threat actors aren't slowing down. So, the question is, what do we do. And I would say, the only thing that we could do is be proactive about meeting the threat actors where they are trying to exploit taking away the vulnerabilities they like to use, implement, implementing secure by design and secure by default. So, threat actors don't have the windows of opportunity. Because what we do know is that they like to do generally the same thing. If it works, something works, there's proof of concept code out there, they're gonna go and download and everyone's going to use it. That's what we saw with move it. That's what we see with all types of other software.
Anne Armstrong
Susan or Juliana?
Susan Valverde
So I guess a different instance, but I think generative AI is what concerns me the most in that, you know, the being able to address these, you know, the rapid growth of attacks that are happening, you know, to agencies, to our companies, because of the use of generative AI is really going to take a lot of effort for us to, to monitor, and to address those issues.
Juliana Vida
And I'm going to hold off on the generative AI thread for just a minute, but really build on something that Gabriel said, and you use the word being proactive, absolutely. And the way we look at it at Splunk is being resilient. And so being able to maybe forecast or see the bad things that might happen, because we know they will, and then fly through them. And then also be resilient to take whatever hits are coming at you, you know, they're going to keep coming. So, the idea is to have a full visibility or observability. across the entire environment. Make sure all teams are sharing information, or being efficient with sharing information and data so that the whole organization can build resilience. I like to talk in analogies and little vignettes. And I'm just going to ask anybody here, right now just send your kids to college, or, you know, am I the only one, okay, so just as an example, how many pieces of that have to come together for you to feel good about a parent as leaving, you know, for leaving your kid there, you've got traffic in the town, you've got the time of drop off, you've got you know, the road closures you have the apartment building that they're going into and all that stuff. And imagine if it was all working together, you can see across all the tracks that might be weighing and wait for you and your and your child. But we know that we can, so that you're the one managing you know, you're the puppeteer, managing all these pieces, and we're and or your adult child. So when you think of that in terms of your, your technology environment, wouldn't it be great if you could see across all the different teams and all the different players in all the stakeholders across your environment security, DevOps, app dev, IT ops, you name it, that provides observability, and then you can all build resistance or resilience together. And so, we talked about that, but we're also seeing pockets of government agencies doing it. And that's, that's where we need to be going in the future. And I think that's what's going to drive to, you know, the predictability or the so that you can be ready for the next attack.
Gabriel Davis
Absolutely. To your point, it's going to happen, we have to stop thinking in terms of if but in terms of when. And when that happens, we need to be able to respond to it effectively. So, we're not taken off guard, we all lock our doors, when we leave the house in the morning, we roll up our windows and our cars, we lock our car doors, why aren't we doing that to our networks? Why are we asking ourselves, hey, is my network really secure, that I do all of the basics to make sure my network is secure? You know, it's kind of like eating vegetables, right? It's not sexy work. It's not flashy work. But what it does is it gives you a baseline level of security that frustrates the adversary.
Susan Valverde
You know, taking that a little bit further, you know, being able to respond quickly is what's going to really make the difference. And that's where, you know, AI can help us out machine learning, take advantage of those technologies so that when we detect those, we're taking action.
Anne Armstrong
What is happening, because usually you I'm not an expert here, but my impression is that you see an anomaly but you've not sure where it's coming from, and how did even identify it, especially if it's if a new one.
Susan Valverde
But the systems can detect those anomalies faster take action without human interaction.
Anne Armstrong
Yeah. Okay.
Susan Valverde
That would be key.
Anne Armstrong
What can their organizations do to use data to respond to cyber threats?
Juliana Vida
Can I take that one? Absolutely. We love to talk about some data that's flung. So, one anything? Well, a couple things that organizations can do is provide. I'm a people and culture person, I like to talk about the human aspect of technology and how humans can be more a part of the solution. And so, what we see across a lot of agencies still is this siloing of data, my data not sharing with you don't trust you, even in the same agency, which is shocking. But breaking down those silos and trusting that within your agency, everyone has positive intent to leverage data, that is absolutely key to opening up, you know, that aperture and having that full observability that we talked about, there is an enormous amount of time, energy, money, emotional energy, people's motivation, that is just kind of sucked away, by having those barriers in place. And if organizations did that one thing, and just broke down those silos, and shared information and data with the open API platforms and technologies that are available, you would get so much more value out of your investments in the technology, your investments in people, maybe people would be excited about doing work. Again, that would be great. Really, I wish people would just focus on that one thing, break down those human ego silos and just share. And you'll be amazed at what you can do with all the data that's already resident in your environment, because I would be willing to bet that most of you have more data than you know what to do with. And if you just allow it to flow and let the technology guide you to where the data can be useful. That's where you're gonna see the value.
Anne Armstrong
One of the responses that I sometimes hear to this question is well, but it's my data. And if I share it, and you change it, then how do I know what was originally my data?
Juliana Vida
Well, it's not your data.
Anne Armstrong
You know, it's my organization.
Juliana Vida
Exactly, exactly. But what if that weren't true? What if it were true, people should assume positive intent, again, especially in the organization, because guess what our adversaries are doing that anyway, you know, they're manipulating data, or they're creating an environment where we don't trust our own data, they're kind of helping us be our own worst enemy. And so that's where human beings need to be part of that solution, and just opening a little bit more trusting a little bit more, and then seeing all the value that you can get from sharing your data and deriving insights. And then we can maybe put some of those Yeah, but what if scenarios kind of to the side, because they're holding people back?
Anne Armstrong
Gabriel, are you seeing people reluctant to share data?
Gabriel Davis
Yes, I am. But I'm also very optimistic moving forward. So just this in this moment, right. I'm here representing the government at CISA. But I'm sitting here with, you know, market leaders hear Splunk and Oracle. And we're sharing ideas, we're talking back and forth, we're building a dialogue. That's what has to happen, not just within agencies, but across organizations as well. Because, you know, we're all victims to cyber threats. So, it may not be you today, but it could be you tomorrow. And if that data would have been presented to you, you might have been able to prevent it. And that's how we have to start thinking about this as a community security approach when we're approaching these issues. So, if it doesn't want to go along, we can't do it alone. It's just not possible. There's only one me and I'm here today, right? So, no one's doing my function back at CISA right now. So, we need to have a community approach to solving these issues, because we'll all be victimized by them at some point. And we can't approach it as Okay, well, I fixed it. So, you know, I hope that other org figures that out, because it could be you tomorrow.
Susan Valverde
Speaking as a representative or called been with Oracle for 27 years. So, in Oracle, we've been, you know, managing mission critical data for decades. And we know how valuable it is, and we know to protect it. And that's why we built the cloud, you know, with our cloud with security first. And we have those tools to allow the appropriate people to view the data, if it should be shared, set that security appropriately to share that, you know, the logs and you know, the risk information. Absolutely. But you know, it is the customer who owns the data and needs to make that determination. As a matter of fact, that with the Oracle Cloud, Oracle has absolutely no access to the customer's data, which I think is a little unique. So that's the way we feel about it. It's the customer statement.
Juliana Vida
Can I just build on again, something that Gabriel said, and that is the partnering between government and industry. And for those of you probably most of you, if not all in the room have been in this industry for a while, a decade or two. This is fairly new, this opening of conversation with government coming to industry, wanting our help looking at us as a partner. And we just we want more of that and need more of that seats. To your question about what trends do we see? Absolutely. We see that kind of partnership and openness as the only way we're all going Be better, we need each other. We all live on this planet; we all want to be safe. We want our information, our families information to be safe. And we've got to do it together. I'm just going back 10 years ago, when I was in the Pentagon, there was very little openness to sure vendor XYZ come on in and talk to the, you know, the buildup CIOs. Now, all federal agency leadership, most federal agency leadership knows that they've got to build those partnerships and learn and not share ideas with industry, or else we're gonna keep, you know, going down the road and not making much progress. So, I appreciate you making that point, Gabriel, and also CISA of being a leader, your leadership is out there all the time talking and engaging, and it's really making a difference.
Gabriel Davis
Absolutely. I agree with you, 100%. Because if I had asked someone here 10 years ago, when Secretary York is giving the keynote at DevCon, we all would have laughed at me. But that's where we are today, right? We're being open, we're saying, hey, the government can't do it. We can't do it by ourselves, we need the help of professionals that are working in industry, and private, we don't need you everyone to come work for the government. But we need your cooperation.
Anne Armstrong
So, we've touched a little bit on automation. But let's start again, with automation and then move into the generative AI who wants to start on what role? Can automation realistically play?
Gabriel Davis
I'll go ahead and start in this, you know, ties back to some a lot of the work that we do. So, there's only so many cycles a human being can take and if everyone in here says that they can multitask. I mean, we all know that that's not true. You're just backburner in some other things. And you're reducing the efficiency at that topic at the sake of another one. So, automation, alleviate some of that for us, say we're looking for a ball and say we're looking for move it out in the public sector. We're asking ourselves, how many of these are out there? How many can we make notifications to automation comes into play where we can write scripts, and we could write custom fingerprints to say, hey, we're going to, we're going to look at open-source information. And we're going to make notifications to, you know, state and local governments to say, hey, you have this critical vulnerability on your network, you need to make a change, otherwise, you can be victimized in the way that others can, that others have done as well. And right along with that, another Advent, another idea that's coming about is security dot txt files. And there's an RFC has been written on that one as well, where it just provides contact information on your domain set, lets security professionals know how to count who to contact in the event of a disclosure. And that being able to automate that process takes us from identifying vulnerability, identifying organization, making notification, you know, with a few button clicks, as opposed to everything being done manually by humans.
Juliana Vida
Just think about your personal life and how automation has helped you, you know, with your smartphone, do you have to go to the bank anymore? Do you have to stand you know, stand in line at the bank? No, you use your app on the phone automation, back to the college example, the new smart app, or whatever it's called the college application on the phone instead of all the paperwork and sending this in the mail, and that in the mail automation, automation. So since this is the FedRAMP Summit, I'll just say what if the FedRAMP process was automated, and it happened in not the nine months or the however long it takes to get the sponsor, do the paperwork, get the phone call from the person, you know, paperwork going back and forth. It's not efficient, let's just say it is not an efficient process. What if tomorrow, there was an easy button solution to say, here's the beginning of the process. And by 30 days from now, you are going to be FedRAMP certified and ready to go. That helps the vendor save a ton of money and resources and allocation of all resources. But most importantly, it helps the government who needs the software, and they need that mission application to help them out. There are 1000 different examples of how automation of routine administrative paper-based tasks alone could just free up the productivity of the workforce and put the dollars that the government's already spent on those technology investments put them to work faster.
Susan Valverde
That's so funny, because I was having that same conversation with a security specialist did not agree with me. But automation that Oracle is made so many innovative endeavors into automation, we've got the autonomous database and, you know, autonomous operating system. I mean, it just continues and continues and continues. And it definitely will, you know, reduce the human interaction time and make things so much more efficient. And so, I absolutely agree with taking advantage of that capability.
Anne Armstrong
Gabriel, you look like you want to just say something.
Gabriel Davis
I'm gonna throw a wet blanket on this. So yes, 100% and I know what I said previously about automation being an awesome tool for success. However, we should not risk security. And let's think of automation, right? Everything has to be done in a process and it has to be the right size for organization, there are amazing tools out there. But be mindful when you're applying these tools that they're the best fit for your org, right? You're saying, I have a need, what tool fits the need, as opposed to let me buy a tool and try to fit it into, you know, this need that I have, you know, what FedRAMP is doing, right? It's taking those organizations that have already been vetted, already have a process to get there are a part of the government to say, hey, this is your baseline, if you want to do something outside of that it's completely possible, right. FedRAMP in itself is an easy button to a previous problem, which was just getting acquisitions done as a whole.
Susan Valverde
Right, just making sure that agencies take advantage of that baseline, I think is very critical. I agree.
Anne Armstrong
Well, we've talked around generative AI for a little while now. So how do you think generative AI is going to work in the whole FedRAMP universe? Who wants to wrestle this one?
Susan Valverde
It needs to be monitored, and agencies need to set guidelines. And they need to be very clear, I believe, even at Oracle, we've set guidelines for the use of generative AI will use it within our products. But you know, allowing our own employees to just, you know, use it at will is not allowed at Oracle. So, I think that's, that's key.
Gabriel Davis
So generative AI, which is what is going to do is it's going to make all the things that we're scared that it's gonna make threat actors, you know, it's gonna make their job easier. However, right? Conversely, that could also make our jobs easier, assuming we use things the proper way, and we implement them appropriately. So, there's no, we can't be afraid of technological advancement, right? We need to be cautious of it, we need to apply it appropriately. But being afraid of it, I think is the wrong answer. There are a lot of risks associated with generative AI terms, like, you know, we've seen what it can do, you know, fabricated pictures, voices, it can pretty much do anything at this point. What we need to do as professionals is ask ourselves, okay, we do know that there are some marketers there that can tell the difference between a genuine generated a genuinely generated product, and something that was AI generated because AI still is a learning model. Right? It is still, it is not a human. So, we need to understand what are the things that make us unique to the AI. Because there's always going to be a human as a part of the programming process, it's going to learn from some type of test data. So, we need to understand where the test data is coming from, and how, how we can address it. When we are seeing it.
Juliana Vida
Absolutely with it, don't be so afraid of it that we put it off to the side, we just can't do that.
Gabriel Davis
The threat I can say, okay, you don't want to use it.
Juliana Vida
Every day that goes by they get anyway, agree with your point. Anybody who's familiar with the Gartner Hype Cycle knows that any new technology and it's not new, sorry, big disclaimer, before I someone comes at me with a pitchfork and spears, AI isn't new, it's been around for a long time, like you mentioned, it's in your products, it's in Splunk products. It's been in many vendors products for decades. What's new is the democratization of the generative AI tools that anybody can touch will have heard of Chad, GPT, and others. So not being afraid is really important. So that we can kind of get people used to this is how I might use it. This is how it might benefit me. And this is how it might not benefit me. At the same time while we wait for policies to come around and governance to come around in terms of privacy and who owns the data and what the guidelines are for government. In terms of FedRAMP. I think there's lessons there, there are so many government programs that are already in place to make sure that vendor solutions are secure FedRAMP certification, let's take the lessons that we learned from the FedRAMP process of the FedRAMP PMO, and all that they've been doing over the last decade or so, and use that to inform what worked, what needs tweaking what something new that needs to be going into the governing policies that are going to have to come out. We're not starting from scratch with general AI and policy. Let's look at where it's worked in the past. And where we can change some things to make the future policies about AI, more relevant, easier to comply with, let's say.
Gabriel Davis
We have got to get comfortable with the changing landscape. It just has to happen. Everyday something is going to change in our environment. That's going to move the goalposts it's going to change the playing field that we're going to have to adapt to. So, the policies have to do that as well. We have to be adaptive. And it's very interesting to hear, you know, private sector talk about policies and, you know, regular regulatory guidance behind some things. I'm happy that private sector is you know behind that, but also Nothing is stagnant in this industry, we cannot be stagnant. We have to adapt just as rapidly as the threats do. Otherwise, you know, one day missed, we're already in response mode.
Susan Valverde
And we can monitor what's going on with the AI in our organizations. And I think that's key. So, we know about our tools for that.
Anne Armstrong
Let's talk about some of the key areas where CISA is helping organizations to manage risks.
Gabriel Davis
Absolutely. So Susan has a number of different programs, initiatives and resources to help organizations particularly those that are, you know, target rich, cyber poor, those small local governments, those that don't necessarily have the resources to fend for themselves, where we're seeing personnel that are being multiple, multitask, and IT security and the functionality of the networks. So, think school districts, or think municipal water utilities, what we're asking ourselves is how can we best help these organizations, one of the key initiatives that came out of the COVID task force was initiative called stuff off search. And what that is, is it just encourages organizations to be very introspective about their networks, to go out leverage tools and say, hey, what is my attack surface? What does it look like outside looking in, because that landscape looks completely different from the inside looking out using internal vulnerability scanner, versus me on the outside doing a security assessment of your home? Right, so we're asking organizations say, hey, use some of these open-source tools, use some, you know, vendor product that you may have on hand, but just be mindful of what you're looking at your organization. So, you can drive down the risk and secure and harden your networks. Also, there's the vulnerability scanning program that says offers completely no cost. So, everyone in here is paying taxes, right. So, as you know, as a benefit says, offers vulnerability scanning to organizations that within critical infrastructure, and one of the unique things about that is sizzle will give you an automated notification. If there's a vulnerability detected on IP space, that report to CISA is completely self-reported. It's subscription based, we're not going out hitting in map on the internet, it's Hey says we would like you to monitor our network. And we'll do that. Because what we understand is, the more we have insight on the environment on the larger landscape, the better we can predict, and look at the proliferation of vulnerabilities and or threat actors across, you know, the environment. One of the other things that was recently launched, and I'm sorry for rambling, because I could go on is the ransomware vulnerability warning pilots. And that's something that came directly out of this or CEA legislation, the critical infrastructure, excuse me, cyber incident reporting on critical infrastructure act of 2022, that was signed into law. And effectively, what that charter says that to do is to establish a pilot program to actively monitor vulnerabilities that ransomware gangs like to use as part of their initial access process, and that they leverage to escalate privileges and move laterally throughout the network. So that's in conjunction with also the known exploited vulnerability catalog. So, there are numerous resources out there, and I'm gonna stop there because I can go on and on and on and on about the resource that says offers. But the key factor there is It's no cost to the end user. That's, I would say, is the key factor there. So, if you're a small organization, you're on a tight budget, scissors, your best option? Because it's no cost to you because you pay taxes.
Anne Armstrong
Since you stopped before you listed all of the things, is there a website that you can go to, that people can go to?
Gabriel Davis
Cisa.gov. Absolutely. So go to cisa.gov and navigate from there, there are things called Cyber performance goals, which is a baseline level of security that organizations can implement. So, they have some set of some baseline level of hardening on their networks. You're there multiple resources, very numerous resources, there's self-assessments, there's all types of things. They're highly encourage everyone to go to cisa.gov.
Anne Armstrong
Gabe, your office has also been developing products for target rich cyber poor infrastructure owners, some of those I think you've just been talking about, but are there any others that you want to mention? I'll give you an opportunity to.
Gabriel Davis
So, I'll mentioned one more, which is cyber risk summaries and that's something that's generated within our group. And it targets a particular sector within critical infrastructure. And it has a very retrospective look at the previous year on how it performed against known exploited vulnerabilities. And also some key metrics as far as you know, risky ports that are being used, vulnerable protocols that are in use, and a hell To the sector as a whole, understand if there are sector wide issues, because that's sort of what we're seeing out there in landscape that each sector has its own little Nuance of how it does things, how it operates, and what it likes to use, as far as you know, their mission. So, we know that in OT, or in, you know, ICS, you know, they like to use Modbus, BACnet. Know, these protocols that are, you know, inherently unsecure. So, with that idea, we can better fixate. And, you know, if we only have a handful of cycles, say, alright, if I'm operating in this sector, how do we want to best get the bang for our buck, in our interaction with this sector, in order to improve as widely as possible, their security posture?
Anne Armstrong
Juliana, you look like you were wanting to say something there.
Juliana Vida
Um, no. I was listening about the tools actually, kind of tying back to some of the questions you asked before about trends, and what's different, this notion of the Cisco providing tools, and they're free, and they're accessible, again, huge improvement over the last, you know, five years decade, when we engage with customers, we encourage them to use those tools. And other there's a lot of free stuff out there to uplevel, the baseline understanding of everyone in the workforce, not just the IT people, not just the security people, but finance folks, operations, people HR acquisition, every single piece of an organization where data is flowing through, which is all of them. And the people that touch it, we've got to uplevel our baseline knowledge of the average person and how do I use it? What does data mean? What's the cloud, what's a hybrid cloud, there's so much free training out there. I know all the major cloud providers provide it; a lot of vendors provide it. And so, you know, on top of cisco.gov, and all the tools that are available, a lot of vendors have that too. And going back to this theme of we all live on this planet. And we all want the world to be better and safer than it is now. And then it appears it might be in the next few years. So, I would encourage everyone, whatever role you're in, or you're all probably technology people or you wouldn't be here, but your peers in across your organization or company, just encourage them to encourage their teams to get as much of the free training as they can. Because the tech isn't going to stop. And the threat actors aren't going to stop. And we're already pretty behind. So, I would say tap into what's free, and then you can up level from there.
Anne Armstrong
Is there anything else that I've missed that you all want to make sure that that we discussed before we open for questions?
Susan Valverde
Can I just mention one thing, when we talk about reducing the attack surface? The one thing that is so critical to what Oracle has done with its generation to cloud is it's isolated the network virtualization. So, it's not on the same hypervisor with the host where there's data other VMs and that absolutely is going to be you know, is already very important to, you know, maintaining better security, reducing threats, especially with, you know, the AI threats that are happening. So, I just want to know.
Anne Armstrong
Gabe, anything you want to add?
Gabriel Davis
I'm just happy to be here. Having everyone's listening as your own on and on about vulnerabilities and government. This is what it's going to take, or it's going to take private industry and government coming together saying there is an issue here. It's going to affect us all how do we solve it together?
Anne Armstrong
We are out of time. I want to thank you all for a wonderful conversation.
Anthony Jimenez
Thanks for listening, and thank you to our panelists Gabriel Davis, Susan Valverde, Juliana Vida and Anne Armstrong. Don't forget to like, comment, and subscribe to CarahCast and be sure to listen to our other discussions. If you'd like more information on how Carahsoft can assist your organization, please visit www.carahsoft.com or email us at fedramp@carahsoft.com. Thanks again for listening and have a great day.