Avoiding Ransomware Attacks in Businesses of All Sizes

Matthew Rosenquist

Matthew Rosenquist is the Chief Information Security Officer at Eclipz, a cybersecurity innovator that develops, distributes, and deploys new technology services that secure sensitive data in transit. He also serves in advisory positions on the boards of many esteemed organizations, including the World Business Angels Investment Forum, the Private Directors Association, EC-Council, and many others.

In addition to this, Matthew hosts the YouTube show, Cybersecurity Insights, where he talks about all things cybersecurity to help viewers protect themselves and their companies from common risks and attacks.


Available_Black copy
Tunein
Available_Black copy
partner-share-lg
partner-share-lg
partner-share-lg
partner-share-lg
partner-share-lg
partner-share-lg

 

Here’s a glimpse of what you’ll learn:

  • Matthew Rosenquist talks about his 30 years of experience in security and technology
  • How recent ransomware attacks are changing corporate conversations around cybersecurity and data privacy
  • The pain point that is leading executives to implement better security measures
  • Matthew’s perspective on regulation in the privacy and security space
  • How privacy and security-focused litigation disproportionately affects businesses of different sizes
  • Matthew’s top tips for preserving personal privacy: don’t be an easy target and protect your valuables

In this episode…

Are you intimidated by the constant news about large-scale ransomware attacks, data breaches, and other cyber risks? Do you want to protect yourself and your company — but don’t quite know where to start?

Recent ransomware attacks — such as the SolarWinds data breach — have brought the importance of cybersecurity and data privacy to the immediate attention of companies all over the world. Because of this, cybersecurity is changing from a personal consideration to a national conversation. Tech gurus are no longer the only privacy and security experts; now, businesses of all sizes are beginning to prioritize cybersecurity and data privacy at all costs. So, where should you start when it comes to shielding your business from common cyber risks and attacks?

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Matthew Rosenquist, the Chief Information Security Officer at Eclipz, to discuss the importance of protecting your company from dangerous ransomware attacks. Listen in as Matthew talks about the recent cyber attacks that are taking over national headlines, the pros and cons of regulation and litigation, and the personal privacy strategy that will help you protect your data today. Stay tuned!

Resources Mentioned in this episode

Sponsor for this episode…

This episode is brought to you by Red Clover Advisors.

Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.

Founded by Jodi Daniels, Red Clover Advisors helps their clients comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional services, and financial services.

You can get a copy of their free guide, “Privacy Resource Pack,” through this link.

You can also learn more about Red Clover Advisors by visiting their website or sending an email to info@redcloveradvisors.com.

Episode Transcript

Intro  0:01

Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage we will debate, evaluate and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:21

HI, Jodi Daniels here. I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and a certified informational privacy professional and I help provide practical privacy advice to overwhelmed companies. And I’m joined by

Justin Daniels  0:38

Hi, Jodi Daniels’ husband here Justin, I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback, helping clients design and implement cyber hygiene, as well as help them manage and recover from data breaches.

Jodi Daniels  0:57

We’re also joined today by our dog Basil. He may or may not say hi. But in all seriousness, this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws, and establish customer trust that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, fast ecommerce, media agencies, and professional and financial services. In short, we use data privacy, to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. That learn more, visit redcloveradvisors.com, we’re talking about today.

Justin Daniels  1:38

I think we’re talking about how you are really dressed up today. Yes, apparently

Jodi Daniels  1:42

everyone is nursing. If you’re listening, you would not be able to obviously see, but go and check out our YouTube channel. Apparently, my daughter in every video that I’ve had today, I’m dressed up I suppose when you actually wear the clothes on hangers. I’ve been dressed up in today’s era. It’s very fascinating. Everyone’s like dusting off their clothes.

Justin Daniels  2:03

Oh, let’s introduce our guest today. So we have Matthew Rosenquist, who is the CESO for Eclipz, former strategy cybersecurity strategist for Intel and really someone who has 30 plus years of experience in security. He is on multiple advisory boards and consults globally on best practices and emerging risks to academia, business and government. He specializes in security strategy, measuring value, developing cost effective capabilities, and establishing organizations that deliver optimal levels of cybersecurity, privacy, ethics, and safe and hello, welcome.

Matthew Rosenquist  2:39

I’m excited to be here. And yes, your dress is beautiful.

Jodi Daniels  2:44

Thank you. Thank you. I do I appreciate it greatly. Who knew that the hanging clothes needed to get word again. It’s very exciting. Don’t pay me I’ll wear shoes next time. Now not really happening. But Matthew Rosenquist here today to talk about shoes and fancy clothes. But instead, we’d love to hear all about you. Tell us about how you got started on your journey and how it brought you to where you are today.

Matthew Rosenquist  3:13

Oh, well, it was more than 30 years ago, I was working for a company doing internal investigations for theft, fraud, embezzlement, counterfeiting things of that sort. And I really enjoyed it. I really enjoyed dealing with an intelligent adversary, or sometimes not very intelligent. But you know, and as I moved my career to my other passion, which was technology, I ended up joining Intel. And there became a synthesis opportunity where I had an opportunity to actually justified building the corporate security operation center. And so I took that and you know, built up the presentation of the recommendations and they approved it and then they actually slapped me on to it to manage it, where I was able to then build for Intel the first 24 by seven sock, which was great. And that just started the ball rolling pretty soon. And really after that I ended up landing our cert process for the corporation or emergency response process, managed security tools that protected all of the clients and whatnot within the organization and on to the next roll on to the next role. And, you know, I I really it’s a hunger and a passion and I love it. I was able to build you know, Intel’s that security capability for all of our mergers, acquisitions, divestitures, site closures and co locations around the world. So I’ve done over 120 m&a jobs, right and it’s just on and on and on. And I got to build security from the ground up for you know, 1000 person, ai group and, and figure out what security should go into the computer chips and fun stuff like that. And throughout my career, I’ve had the fortune of being able to talk and work with companies, whether they’re a fortune 100 or fortune 1000 whether their nonprofits work with academia who are training the next generation of cybersecurity professionals, and to work with governments from across the globe, and helping them understand and prepare to protect their society, their economy, their infrastructure and their way of life from growing cyber threats, though this is this is my passion. I love this. I live in breed cybersecurity,

Jodi Daniels  5:26

well, you’ve met your match.

Justin Daniels  5:27

Look, I know, I want to kind of level set for our viewers today, as we’re recording this broadcast, we’re in the latter part of June. So it’s crazy. Almost half of the year is over yet in our world of cybersecurity and privacy. A lot has happened in the last six months. And as Matthew alluded to, the two of us have talked extensively about ransomware. We’ve had conversations about cyber risk and m&a deals. And I think what we want to focus on today is, at least from my perspective, I am starting to see a shift in the kind of questions that I get from the business leaders that I work with security professionals that I collaborate with, like Matthew about what has things like colonial pipeline, solar winds this year, the hack on the water treatment plant, what is that saying about the shift that we seem to be having in the conversation nationally, not just in our geeky cyber and privacy circles? And I kind of want to begin with that, Matthew, tell us from your perspective, what have we seen this year? And how are you seeing the way that this threat is being perceived by the C suite? And the decision makers starting to evolve?

Matthew Rosenquist  6:35

It’s a great question. And you know, first we have to kind of level set and say cybersecurity never is boring, right? It never stays the same. There’s always a lot of ambiguity and chaos that goes on. And as an industry, we are constantly evolving. So coming into this year, you know, even before the year started, we saw a great amount of maturity where because of data breach and things that happened previously, and other incidents, there was an up leveling, of CESOs write information security officers, and so forth within organizations. So they had more visibility, they had greater budget, they had more influence, we had boards starting to pull them in, and you know, get regular reports and be part of those decision making. So you know, prior to the beginning of this year, and up leveling of visibility and importance of cybersecurity leadership, so that laid a foundation for us now, at the beginning of the year, we saw some very, very big incidents occur, that made national and international news, right, one of the biggest ones was solar winds. And it was really a, you know, third party supply chain attack. Now keep in mind, the industry back in the, you know, dark corners of where we work and talk, we’ve been talking about this particular threat for the better part of a decade. But again, if you don’t have the visibility, it doesn’t go very far. But because of this particular hack, which was spectacular, by the way, you know, that combined with the newfound visibility of CSOs and cybersecurity in general, not only in the executive suite, but also in the public eye, that was the catalyst to really raise that conversation to go, wow, this is really, really important. This is really big, there’s some ramifications, and a larger audience started to understand and grasp that. And that was important because prior to that up leveling of communication and visibility, we’ve had many major incidents, but again, it didn’t become a public discussion. It didn’t become a discussion at the board level. So you know, this is a number of factors have has led to a point in time where these big incidents, which were normally third page or, you know, news on the on the back page of the news stories, it’s now becoming newsworthy, and people want to know more. So yes, that third party supply chain, again, spectacular attack, the attackers did a fantastic job, unfortunately. But it brought the issues to bear into the forefront since then we’ve seen ransomware. Again, ransomware has been around for a couple of decades. It’s not something new, but we’ve seen several ransomware attacks that again, have captured the public eye, the public interest, so we’re having much more discussions about it. And when people talk about it, politicians and legislators, you know, are then in on the discussion. And now again, that fuels it to a much higher level where people are asking why is this happening? How do we stop it? You know, this is this is really important. Oh, my gosh, this is a new problem. Well, it’s not really new problem, but sure, right. And as a cyber security professional, it warms my heart in a sick and twisted way that even though these things are happening At least we’re bringing the conversation up because we need to change and get people impassioned, and change that willingness to have the discussion, because this is how we get things done. This is how change actually happens.

Jodi Daniels  10:16

But change is really hard on any different topic. It’s why large companies have entire change management functions, then people to help identify what we need to do. Often with big news stories, when they may get to page one, sometimes they’re, you know, they bubble up for a while, and then they kind of fade away until the next news story comes along. I’d love if you could share a little bit about what you’re hearing that’s going to make these discussions different, that’s going to actually make some of those small steps and the change that’s necessary to help companies better prepare and better prevents the type of impact that they’re feeling from these kinds of attacks,

Matthew Rosenquist  11:00

there is a whole domino effect, if you will. And again, 10,000 foot level here, as you get more technology, that’s digital technology that’s embraced by everyday users, consumers and companies and governments around the world, it creates tremendous value. That’s why we love our tech toys, right? It creates value and enables us to do great things. But accompany with that value right after you get that value. There’s always attackers that also want to leverage that value, take it from you compromise it, you know, what have whatnot. And so we see that start to happen. And when we experience the pain, the inconvenience, the issues, right? When our lights flicker go out, or you know, our water is no longer clean, or we can’t get to work in the morning, something of that sort, we feel that inconvenience and pain. And that does something right, we just generally don’t like that. But it changes something in our mind, we realize we have to act, we have to change our perceptions. And more importantly, our expectations. Our expectations is our power doesn’t get interrupted our expectations is there’s always fuel at the pump. Our expectation is yes, there needs to be food on the the supermarket shelves. And so when we see something that bubbles up, that starts to impact that that’s where you actually get that change. And when our expectations aren’t met, well, that becomes the success criteria for the companies providing that it’s a competitive advantage as well for the companies that can versus can’t. So it’s all about expectation change, typically at the consumer level, and then it pushes everywhere else as that big bubble. Now as cybersecurity issues go, if it’s a one time event, we’re all kind of like okay with that, right things happen in life, those black swan events, those rare things, but if there is a repetition, and there’s a cadence, and we see it again, and again, it stays in our memory, it reinforces the fact that we need to change, we need to vocalize, we need to do something different and be involved. That’s where you get to truly fundamental change. And that’s where the economics also shifts, because if it is a competitive advantage, now companies are going to move into that space. If security privacy and safety is something that is that they can sell, or they can gain market share, because their competitors aren’t doing something in that space. That’s where the the financial incentives are. And that’s where the capitalistic economy comes in and makes, in most cases, good healthy changes to align to the consumer expectations, which are now different.

Justin Daniels  13:38

So I now want to flip the script a little bit because this is something Matthew and I have talked about, but I’m opening this up because I want to hear what God has to say. And this is for the both of you. And it’s this, Matthew, you and I have always debated the role that regulation and laws may play and how companies start to change behavior because they have legal requirements. And as we’ve seen in the last couple years, California passed the ccpa we came really close to Florida and passing law, they passed a privacy law in Virginia. And as we know privacy and security are very much interrelated. But the main issue that is really creeping up on these privacy laws and what torpedoed it in Florida was the issue over a private right of action. And for our viewers, the private right of action is basically allowing individuals to sue for violations of their rights under these various laws. And obviously companies are pushing back on that because that opens the floodgates to class action litigation. But it really be interesting for our viewers to hear both you and Jodi’s perspective on how this will evolve because I’ve heard people write articles that the Virginia thing passed with a lot of lobbying from big tech. So they could say they passed it but they short it or they took out a lot of the teeth IE private right of action. So could Why don’t we start with math But Jodi, why don’t you also have your perspective on this.

Matthew Rosenquist  15:03

So first off, let it be known, I’m not a big fan of regulations, you know, especially in cybersecurity because they can’t adapt and shift as fast as our industry needs it. So in general, I don’t like regulations. However, there is a time and a place for them. And it’s the moment where those financial incentives we’ve talked about are actually benefiting the consumer. And privacy actually is a great example of that many years ago, there were no privacy regulations, and companies were grabbing data of all of us and losing it, getting hacked, and not telling anybody, and that was not to the benefit of the consumer. Unfortunately, we gave them we gave companies plenty of time to change to do the ethical thing to do the secure thing to respect privacy. And it really didn’t happen, because it would cost too much. And lad, there was really no financial incentive. And it actually took privacy laws to come into place to make sure that Yeah, when somebody is breached, they’re actually notifying those victims, right? Little things even. So when we look at privacy, privacy is one of those areas where there needs to be regulation, because the financial incentives were not properly aligned, to drive companies to do the right thing. And I think as we look around the world, that’s that there’s a continual tension. And we are seeing an evolution a growth of these privacy regulations to make sure it gets better and better and better every day. Now, two steps forward, one step back, yes, being able to personally Sue or create class actions, that creates a lot of liability for the companies. And it forces a lot of responsibility that, obviously, that impacts their profits. So they want resistance there. But they also want many companies want to show, hey, we’re at least doing something. So that’s kind of the evolutionary state that we’re in, in California, right? The ccpa, you know, requires companies to do a lot of things when it comes to privacy, and yet the individual person can’t sue them, it’s got to go through the attorney general, the state attorney general, and that was one of the trade offs, we’re probably going to see that more and more, I hope that we get to a point of maturity, where privacy is a credible, competitive advantage where those financial incentives are aligned, that drive companies to go above and beyond and want to showcase it to where we can open up the laws to say, yes, individuals, if they’re victimized because of the intentional or systematic policies of a company that don’t respect their privacy. And in California, privacy is a right the only state right and it undermines their rights. Yeah, they should have the ability to sue. And if it’s more than one person, yeah, they should be able to create a class action. And that creates that negative tension for you know, penalties as part of those financial incentives. So I hope we get there. But it probably makes a little sense, at least at the beginning not to jump to that point, because it is going to cause a lot of disruption. But do we need to get there? I think we do. It’s a matter of timing. And it’s a matter of getting the public to support that and understanding where we are in that evolutionary cycle.

Jodi Daniels  18:21

I agree with much of what you’d say, I think the challenge is, when we look at small companies to big companies, I’m a big fan of the small company should also have to adhere to the same privacy and security safeguards as the big company. And unfortunately, the big company can withstand litigation in class action suits more than the little company. And so that I think, is part of the big challenge. Your California has tried to put in place in many other states where they they have floors kind of in place with a small company, you’re technically out of scope. But that really doesn’t always apply when you’re a service provider. And in even your customers expectations, you’re talking about financial incentives to me part of the financial incentives going to be my customers or my customers not going to buy from me because they don’t trust what I’m doing with their data. I think that’s a big part of the financial incentive piece. So at the same time, I hear from companies that they won’t do much because the likely the hood of them hearing from an attorney general or getting a fine is really low. So if the regulation is there, and the only piece that’s going to be that hook is that attorney general potential fine that you’re not going to see a whole lot of companies move because of the regulation. They are motivated by the risk of a class action lawsuit. They are motivated by the risk of penalties. And a few companies are motivated because I want to just do the right thing because that’s what I should do. When there’s a limited amount of resources, whether that be people or time or money they have to make decisions and when part of that pool is balanced by the threat of an increased risk that could impact their resources, then they start to think about privacy and security more. I’d agree, Matthew, I don’t really love regulation, my entire company is based on helping companies comply with laws laws are here because companies don’t do the right thing without the loss. It’s why kindergarteners get rules after someone broke it, or did the wrong thing up. Now we have to have a rule you can’t draw on the chalkboard because you drew on the chalkboard and you use depends. So now no one gets drawn on the chalkboard. Right? The rules are here because someone made a decision that was harmful to the overall environment. And goal.

Matthew Rosenquist  20:36

Yeah, I would agree with you. Right. And, and I, you know, let’s go back to that small company. Unfortunately, many of these privacy regulations are written to where there is an exclusion, right, you have to have so many employees or handle so many records before you report a breach or things that like that. And personally, I think it’s absurd. The reality is if we were talking about a safety issue, right, okay, if you’re a small car company, does that mean you don’t have to put airbags and seatbelts in? No, you it’s, it’s for the common good, right. And there’s a lot of small companies out there and in reality that, you know, aggregation of small companies that we have holds a lot of data about us. And in many cases, it’s sensitive data that we don’t necessarily want shared. So, you know, I would agree with you that these types of rules, it needs to percolate and be applicable to everybody and all sized organizations, if they represent a common risk to the greater community. You know, but the reality is, again, there’s, we’re in the beginning steps, we don’t even have unified, you know, privacy across every state has a different privacy policy, it’s already confusing. We’re in those infant steps. Unfortunately, I would like to see an acceleration of the maturity so that we can get there. And when we do what, you know, some other important fundamental blocks fall into place. For example, small companies tend not to have their own HR system or payroll system, right, they’re going through a third party service provider. And as privacy matures, guess what those privacy controls and regulations and everything else start percolating into those services that guess what the small businesses are using. So it begins to help them and the cost of compliance for privacy and for safety and security again, the more we implemented, it becomes ubiquitous, the lower the price, the lower the friction, and it’s just expected it is a normal part of doing business just as you lock your door when you leave your small company at the end of the day, you lock the door. Yeah, that’s inconvenient. But yeah, I’m gonna lock it because this is what we do. It’s should be the same exact thing when you’re talking about privacy when you’re talking about security when you’re talking about safety.

Jodi Daniels  22:49

Yeah, I was just gonna add, I always say, Can you imagine someone saying, you know what, that’s okay. You can do whatever you want with my data, your smile, I’m okay with you, Dad, putting it out on the dark web, I’m okay with you sharing it with the entire universe. That’s fine. You’re small, I get it. No one would ever say that. The small company mentality tends to be I’m small, whatever threshold small is. And the large companies say you know what, because you’re small, I still care. So if you want to work with me, the big company, these are the steps you have to do. And they are generally the same. The only nuance should be the type of data that is involved, not necessarily the size of your company. See, this

Justin Daniels  23:33

is why I wanted to have Matthew on because he gives you this perspective. But I guess Matthew, I want to talk a little bit about one of the things you talked about, of how you know, we get companies to change behavior. And my best example is I view cybersecurity as the digital seatbelt of the 21st century. And what I mean by that is when I grew up, my parents got in the car, they didn’t use a seatbelt but everyone today when you get in a car, you don’t even think about it. It’s just part of your routine of getting in your car besides putting your iPhone into the jack to get Apple CarPlay. We use our seatbelt. And why do we do that? One we were educated that putting on your seatbelt saves lives. It was the Mothers Against Drunk Driving that really educated us however, it wasn’t just education. It was also there’s a seatbelt law in all 50 states. And so well, I enjoy Matthew’s perspective, and I enjoy the fact that we can disagree healthily, I think we’re going to need national laws because we have a breach notification law in 50 states plus Guam and Puerto Rico. If California and all these other states develop their own privacy laws, all of that compliance is going to deter innovation and make it more costly to do I view this as how does Congress going to get their act together and say we’re gonna have to sit down and hammer something out because the Biden executive orders they’re really nice. words, I don’t know that they’re going to do all that much. Now, if Biden had teeth into the contractors who want to do business with the federal government having certain requirements, and they check it, I would pay attention to that. But my thing is, from my own perspective, putting my lawyer hat on, I don’t know how this changes without some really good regulations where company, no companies know there’s a real consequence, if they don’t mind the cyber hygiene, because as you know, better than anyone, Matthew, we are so interconnected. And much of our infrastructure is owned privately not by the government. So the government to degree without laws cannot dictate what these companies do. And they’re the ones who maintain our critical infrastructure. Colonial pipeline is just one example. And I just don’t know how we get there quickly, without company starting know, here’s the consequence, if you don’t do the Jodi’s point, what’s best for the environment in first grade,

Matthew Rosenquist  25:54

I would completely agree with everything that you said there, we do need to have more expansive regulation and to make it consistent, because when you have this fracturing, it’s confusing. It’s difficult for companies small and large, to maintain compliance when you’ve got 50. What 54 different privacy, you know, regulations just within the US. And then they also have to do with international, if they’ve got international customers or clients, you know, we have to simplify it. Otherwise, it’s too expensive. There’s too much friction, right? We’re making it hard. Why are we making following ethical privacy? You know, guidelines and practices difficult, we should be making it easier, right? So yes, absolutely. And I think the federal government should have a mandate to unify that at the highest standard and align that to global expectations as well. So I’m in agreement with you there. And also, when it comes to making sure that there is that baseline in general and cybersecurity, you mentioned critical infrastructure, yes, most of the current critical infrastructure is run by large companies or private companies. And yet we rely on it and citizens, again, put food on the shelves, you know, gasoline in the station’s products in the stores, water coming into our house sanitation, basic health, and support critical, you know, things that we need to have every day and also during emergencies. Yes, we need to have a higher level because the attackers are going after these critical infrastructures, we’ve seen ransomware attacks come and just, you know, start to take these things down. And these attackers are pretty good. They’re even targeting law enforcement. That’s pretty ballsy to be able to go and attack a law enforcement organization, you know, encrypt their files and go, yeah, you have to pay us. Okay. You know, normally criminals don’t go after the law enforcement authorities, but when they’re targeting them, yeah, so we are way behind the curve when it comes to establishing robust security that is cost effective, right? That’s efficient enough to be able to be sustained, right. And that can evolve with that constant shifting that those intelligent attackers are doing, we’re not dealing with just it problems. These are smart, intelligent, highly motivated, very creative people, teams and organizations out there that are taking advantage. And the United States is a great target, we need to get better.

Jodi Daniels  28:27

Well, thank you so much for sharing all of these very insightful tips. And since you’re so passionate in this area, and obviously advise companies all day long on what they should be doing, what is best personal fiber tip that you would offer,

Matthew Rosenquist  28:44

you know, and again, it’s it’s not a real high level, we have to understand who are those threat agents who are attacking us, because it’s really important, and to understand their capabilities and whatnot, and when we distill it down, in most cases, most of the attackers out there, they’re just the people or they’re like you and me, right, they have an objective or a goal cybercriminals want personal financial gain, and that’s why they do it. But they’re also looking for the path of least resistance. They don’t want to work hard at it, they want to get to their goal with you know, the least amount of effort, effort and friction. So they tend to go after easy victims. That’s number one. The other thing they tend to go after are areas of significant value. So you know, when we look at all of this, the best practical advice is understand what’s valuable to you, and disproportionately protect that right. And the second thing is, don’t be an easy target. Look at your peers around you. Do you have better security significantly or are you kind of subpar? If you’re subpar? You’re a prime target. That’s where the bad guy is are going to go after. It’s like the old adage, right? You don’t have to outrun the tacking bear, you just have to outrun the person next to you. Don’t be an easy target and protect your valuables. That is the core of some of the best practices that companies, large, small individuals apply that and you’re way ahead of the game.

Jodi Daniels  30:18

Domestically if there’s a bear I’m gonna run faster than you know.

Matthew Rosenquist  30:23

She’s already planned this out. A little worried there, Justin.

Justin Daniels  30:28

Matthew, she got it wrong. We need to be out running the cozy bear and you know what I mean? That’s the callsign for the Gru one of the Russian had

Matthew Rosenquist  30:40

one of the rescue designators the cozy bear?

Justin Daniels  30:45

I don’t want to get cozy with the cozy bear. Well, as much as we could keep talking about this. We cannot so I want to wrap up by asking you a question that has nothing to do with cyber security, which is what does Matthew like to do for fun that isn’t across the digital divide?

Matthew Rosenquist  31:06

Well, you know, I honestly I am so passionate about cybersecurity. This is what I do. I live in breathe this even on the weekends and late at night. I’m doing research and I’m exploring cyber threats and attackers and new methodologies. And to me, I am so fortunate because my career aligns with my passion. So much of my hobbies are around cybersecurity and protecting digital technology and enhancing trust and in all the toys and everything else that we all want to embrace that are coming around the corner, the next generation stuff but outside of that, the number one thing in my life is my family. I love being a dad absolutely positively loved being a dad. So that is that’s my focal point. What I do need to get away and just break for a little while. Yeah, I just got my new motorcycle. So I love jumping on that and going for a ride. I live in the foothills. So it’s great hitting some twisties and getting my mind off things before I get to jump back into it.

Jodi Daniels  32:12

Excellent. Now where can listeners find you if they’d like to stay in touch or learn more?

Matthew Rosenquist  32:18

I’m active on LinkedIn. I’ve got a little over 190,000 followers on LinkedIn. So I publish a lot of blogs, videos, I do you know, I joined a lot of different conversations. So following me on LinkedIn is probably the best. The other thing is I just started a YouTube channel where I get in front of a camera and I talk about the latest industry issues and the challenges and what it means from a strategic perspective. It’s called Cybersecurity Insights. So if you search that on YouTube, you can find my channel and you’ll see a mix in there of me ranting about things too because I get frustrated just like everybody else. And so I’ll go off on a rant on something or, or or whatnot. So I hear it can be entertaining. It’s cathartic for me just to get all these thoughts and issues out. So if you’re interested in short videos and me ranting about different things, you’re welcome to join and follow the Cybersecurity Insights channel on YouTube.

Jodi Daniels  33:13

Awesome well we’ll also make sure that we include that in the show notes so Matthew, thank you so much for sharing your great wisdom knowledge the latest of what is happening in the industry with us today we really appreciate it

Matthew Rosenquist  33:26

absolutely my pleasure I’d love to come back and do it again there’s always a new new story there’s always a new challenge we’re always changing so yes let’s do this

Jodi Daniels  33:35

again a direct you just need the direct like telephony line to each other yeah you have your neighbors you can have a little call thing with the rope going through I can see it it’s it’s very similar.

Matthew Rosenquist  33:50

You get along will be secure will make it secure. Indeed,

Jodi Daniels  33:53

of course you’re well absolutely.

Outro  33:58

Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.