#506 Ship Fast, Stay Secure: Elipaz Tanzman on Uniting Developers and Security Teams

[00:00:00] 

Mehmet: Hello, and we come back to an opposite of the CT O Show with Mehmet today. I'm very pleased. Join me Elipaz Tanzman. He's the CEO of Cygnostic Elipaz. The way I love to do it is I keep it to my guests to introduce themselves. So tell us it's more about [00:01:00] you, your background, your journey, and what you're currently up to, and then we can.

Start discussion from there. Of course, we're gonna talk a lot about cybersecurity today, you know, the ai and also like, uh, the other, uh, you know, areas that, uh, usually you, you are expert in. So the floor is yours. 

Elipaz: Thank you. Thank you for, uh, having me with you today. So my name is Elipaz Tanzman. I'm the co-founder and CEO with Cygnostic.

Um, my background start, uh, from the military where I was a cybersecurity officer at the Navy. Um, and then a few stops in, in, in my career I had another consulting, uh, company, which is was, uh, one of the founder, and today it's Cygnostic. We are focusing and specializing in application security, ai m, security, and cloud security.

And I'm also part of the Azure International Committee for the ISO 27,001. 

Mehmet: That's, uh, great and thank you again, uh, for being here with me today, Elipaz. Now a traditional question and [00:02:00] kind of a maybe boring question. Cybersecurity is not an easy track for someone to take it in their career. We know like it's a lot of headache, it's a lot of stress, but what attracted you to, to this field?

Elipaz: Um, yeah. Uh, actually good questions. It's, uh, a big headache, I have to say. And actually, I didn't choose cybersecurity. It wasn't my, uh, uh, let's say my, my hobby or my passion at the beginning. Uh, but when I was in the, at the Navy, I started as an intelligence officer, and then, uh, they told me, you are going to be a cybersecurity officer.

Uh, at the beginning I didn't want to do it, but then I, I. I fell in love with this, uh, uh, with this domain. And today I really like it. And today it's my life, basically. 

Mehmet: Okay, good. If, if it's something you're bad about, that's fantastic. Now let's start, you know, maybe with some, [00:03:00] um, I would call them few.

Threats. Right. Uh, when we talk about security, we talk about cyber threats. We talk about like things that organizations are, uh, facing. Uh. They keep changing from time to time. Some of them, they, they are with us for a long time. But from your perspective, what are like the major ones you are seeing them today?

Uh, and maybe I would ask generally, and then we gonna talk more about like, software development, especially in the age of ai, but let's start from a general, you know, perspective. And then maybe we can dive into, uh, you know. Specific areas in it. 

Elipaz: Yeah, so I think that it's mainly depend on the, um, company, let's say industry and so on, because for every industry they, they have their own risks.

Uh, and of course today, [00:04:00] uh, the most common rate or the most common, uh, cybersecurity breaches are coming. Uh, from the human side, and we have a lot of ransomware attacks because eventually we need to remember that, uh, the, the job and, and, uh, let's say the salary of the attackers is the, the payments they receive from their attacks.

So it usually will be ransomware attack or any, uh, uh, data thi and then they, they sold the, they sell the data on the dark net and so on. Uh, so, and the final goal of each cybersecurity breach and attack will be. To receive the money in that way or another. It could be from the company itself to receive the ransom, or it could be with, uh, from selling the data and, and things like that.

Of course, we have the, let's say, uh, um, uh, national political, uh, agendas of, uh, cyber, cyber attacks, uh, group that are doing it not for money, but for, uh, um, uh, let's say. Um, specific [00:05:00] interest, uh, to influence the, the, the enemies and, and things like that. Um, but eventually we have multiple threads out there.

They are always evolving. There is new threads now coming with the ai and it's, uh, really depends and each company should do their own thinking and, and, and, uh, risk management about what they prioritize and what they want to. Uh. Defense form and, and what risk they can, um, uh, live with, with, in peacefully and, and, you know, uh, continue to operate successfully.

Mehmet: Right now while preparing for the episode, I saw that you talk about something which really attracted me because when we talk about cybersecurity in general, we talk about being strict, right? And I saw like you talk about making r and d and security, like build, like building BFFs, right? [00:06:00] Yeah. Best friends forever.

How's that possible? And before telling me how that possible, like what usually like some of the common roadblocks, uh, you know, you see organization they face when they try to move fast, especially again in the age of ai, we need to be fast, we need to, to shift fast, but at the same time, we need to make sure that we are doing this in a secure manner.

So tell me about this. Like, uh, how we can make them really BFFs. 

Elipaz: Yeah, so it's, it's actually, it's really hard. Um, but the, the reason why we, uh, um, established, Cygnostic in this domain is because from our background and experience, we solid when it comes to the organizations that have their own internal development team.

It could be 20 developers, it could be 2000 developers, it doesn't matter. All of them have, uh, huge conflicts between the security team to the r and d team. Uh, because a few main reasons. [00:07:00] It could be because the r and ds always want to develop new features and new products, new applications, and eventually the goal of the organization is to develop and, and, uh, uh, deliver the products to their customers.

And the security team, uh, goal is to secure basically the application. But the r and d team will always be stronger than the security in most of the cases. And the, the reason they have conflict is because the security teams wants to have. 100% coverage on the, on the self development lifecycle to manage the risks, uh, accordingly.

And basically to stop from misconfigurations of vulnerabilities, um, uh, deploying to production. And the way they're doing it today, it's, uh, pretty, uh, wrong because there are, uh, let's say. Step in too late into development lifecycle and, and, and, and [00:08:00] provide wrong visibility to the r and d team. And sometimes it's a false positive.

And, and they, they have a lot of noise when they are doing the, the risk management or uh, uh, uh, uh, risk discovery in inside the. Secure development lifecycle. And, uh, that's what causing the, the, let's say, the, uh, conflicts between the r and d and security teams. And our goal is to make them best friend forever because we do believe that it's possible to integrate the security efforts into the developers native workflow without, uh, a lot of.

Conflicts, fatigue and things like that. And by doing it, we can have, uh, a very good harmony between the teams and, uh, main, let's say share the, um, uh, common goals to have together and to harness the r and d team to the security team, [00:09:00] uh, efforts and goals. So. This is what you're trying. 

Mehmet: Yeah. And this all can happen without, like, how this will affect, I would say the, the, the how fast they can ship.

Right. Uh, does it, does it slow down the product delivery? Uh, or, you know, you've seen it like No. If it, you know, they apply what, uh, you know, the, the, the, the practices that you mentioned. Still we'll be able to shift fast. We will not have delays. Right. 

Elipaz: Yeah. So this is the goal to, to still ship fast, but do it securely.

Mehmet: Okay. I got you. Now with the age of AI and AI in development, specifically El PAs, uh, so there are kind of new challenges over there. So starting from. Uh, the team using LLM tools and maybe putting sensitive data over there. Two, just getting code, and I've discussed this with some of my guests [00:10:00] on the show also, that code that we bring from, from an LLM tool, like how secure is it?

Like, and what are like some of the best practices you're advising your clients to do when it comes to utilizing AI in the core thing they do, which is like writing the code itself. 

Elipaz: Yeah. Um, so today all the AI code assistance, uh, are not very much secure. Let's say, even with the, uh, private, uh, model inside tools like, you know, GitHub copilot and cursory ai, they still sending the API keys to their, uh, own, uh, cloud and the model to, to scan it and, and.

Uh, um, and, and enable the code, uh, inside. Uh, so today we recommend to use tools that allow to adopt AI code assistance securely, but by limiting the, the, the secrets, uh, inside the pumps, inside the, the code and, and basically. Uh, redact [00:11:00] them from, uh, getting into the, the model and even that, all of them saying that they're not using your code to render LLM model and, uh, use it for, uh, it's private tenant and so on, so on.

We still saw some breaches and some researchers that saw that the API keys are publicly exposed and you can, uh, get a lot of sensitive data from those LM tools, but I think the most. Uh, biggest interesting thing around AI today is that today we have a lot of AI security tools. We have, you know, security for ai, AI for securities, AI against security, security against ai.

We have everything with ai, uh, inside, but I think that, uh, um. Let's say on the roadmap of all the biggest, uh, AI and LLM companies out there, they will integrate the security configurations and features insider models. Because if [00:12:00] today in let, let's say in the last two years we have, uh, uh, significant, uh, uh, uh, development of the AI maturity.

Of the tools and so on. So I guess it won't be a problem to make them secure, uh, and, and basically have them as part and, uh, of the, the tools itself. Uh, because for open AI and, and, uh, anthropic and all the other companies, it, uh, doesn't have to be, uh, let's say a, a big issue to integrate security inside their own tools and provide a, a, a better solutions.

For both private people and of course, uh, organizations and enterprises. Uh, but I think that because we have like almost every new day, new features and new tools, and we have now the MCP and the eight two A and the, uh, the open AI agent and, uh, let's see what we'll have tomorrow. So I think we, every organization should took, [00:13:00] uh, should take some, uh, cautions while they are adopting ai.

And, uh, uh, and they have to figure out how to do it on the best way, according also to regulations, which also the regulations out there are pretty, uh, let's say new. We have the EUA, we have, uh, uh, the ISO 40,001. Uh, but I think we will have some new regulations, uh, soon, which will have a better, uh, frame and, and standards for using AI inside organization.

Mehmet: That's good. This brought, brought to me something, um, I'm not sure when I saw it. You know, we are recording this episode for the sake of transparency on the 29th of July. So I think this week or last week I saw. One of the apps that was developed using the vibe coding tools, it leaked a lot of, um, of data and this was a disaster.

So this is why I walked to [00:14:00] Ed Pass also to explain, 'cause I have some entrepreneurs. As well or that, listen to my show, why they should take security really seriously from day one. And they should not keep it, you know, till an advanced stage, till someone comes and ask them, Hey, can you tell me what security measures are using?

Do you have any certificates? Right? So let us, let us a little bit also explain why it's important for all companies, but specifically for a startup to, you know, give that. Good attention and not leave it for a later stage. 

Elipaz: Yeah. So, uh, we just talked about that usually the RD teams are stronger than the security teams.

And, you know, once you have a department inside the organization that tells you that they have a tool that can, uh, multiple of uh, um. 10 times the faster to, to develop the code and things like that, you cannot, uh, [00:15:00] stop them. The management will want it because if they can develop faster, it mean that they, they will have new future, faster, new money, faster, and so on and so on.

Um, and, and the reason it's important to take it into consideration from from the beginning is because once you are implementing AI across your processes and, and, and other department inside the organization, it'll be very hard to make changes after it's already implement. Um, uh, I have a lot of customers that saying that they want to, uh, uh, secure their ai, but the r and d team already started using it and they don't know which tools exactly and what they're doing inside, and, and they don't have the visibility and the controls and monitoring and so on and so on.

And then it will, uh, it, it become a very out of the chase. For the security team to minimize the, the gap between the, uh, [00:16:00] the usage of AI inside the company to implement all the security controls they want. And eventually we have to remember that all of those AI tools are pretty new, and they are also focused on develop new features and new capabilities and less focused on security.

That's why we have a lot of, uh, um, uh, researchers that fund a lot of vulnerabilities. And we have one of our vendors that we're working with Pine, that they found, uh, they used Claude to hack Claude, uh, MCP. Uh, and it's a very big, uh, uh, research and because of that and because I guess all the companies want to, uh, save and secure their secrets internally and, uh, and their PI as well and other sensitive data they have to take it into consideration and not, uh, uh, fall in love with the, um, all the, the, let's say, um.[00:17:00] 

All the, the new features, all the promises coming with AI and, and go after it, uh, with, uh, uh, like, uh, uh, blind people and, and, and just do what, uh, they want to do because eventually it can cost them much more money, uh, if they will have a breach because the usage of ai or because they want to implement new controls rather than develop and shift their, uh, products and application faster.

Mehmet: Now there is something you mentioned a couple of minutes ago about the CPS Elipazs and uh, you know, and people te say that this is an evolution of the API security. Now we know for a fact that um, you know, even some organization, they didn't reach to the stage where there are securing their APIs. So how are you seeing now this, uh, I would say.

You know, [00:18:00] initiatives and, uh, what CSOs actually should be thinking now, uh, for getting their DevSecOps. In shape with all these advancements. So where should they start? If you go today and talk to a CISO or CIO, whoever is in charge in, in that organization, uh, and you see that they don't have a lot of, of, you know, maybe they have basic authentication, maybe they implemented some basic, uh, identity solutions.

So how to start to build the stack, how they can move, you know. To get in a better form and shape, and we know of course, that you will, we will never have a hundred percent security. It's not a sprint, it's a marathon. But where to start and how to build that stack. 

Elipaz: Yeah, so I think first of all, those kind of organizations should maybe.

I know that we are talking now about air security and all the risk around it and so on, but MCP is, uh, [00:19:00] let's say very new, um, um, feature in ai. And I don't see a lot of organizations already using MCP in production and really leveraging, uh, MCP for, uh, uh, uh, internal, uh, usage. Uh, but I think that. Most of the organization need to take care about other risks before they are thinking about securing their MCP.

It's very important, but there is a lot of, uh, uh, other risks and things that they have to, uh, put into consideration before they're running to, uh, secure their MCP and, uh, and say they're, uh, doing it, uh, correctly. And I, you know, I, I remember in a lot of communities and, and, uh. Uh, groups that are talking about MCP and they want to start using MCP, but how they need to secure it from, uh, uh, uh, authorization, authentication, encryption, point of view, and so on.

But before that, they, they don't even have a co, uh, [00:20:00] a tool for, uh, uh, scan their code and, and perform dynamic testing or, uh, ever. Well established web application firewall and things like that. So I think before running to, to secure new things that even developers or don't know how to do it correctly right now, I think they need to, uh, um.

Put their attention for some bigger risks today. And also, but if they do want to secure the, their cps, uh, first of all, they have to, to gain the visibility on the CPS they have inside the company because every developer today and every simple employee in the organization can create his own MCP server.

Basically do whatever he wants. Uh, so first thing, I think it's most important thing when it comes to security in every domain is to have the, the visibility, 100% coverage and visibility on the, on the risks and the asset they have. And then they [00:21:00] can talk about how to secure it and how to do it, uh, properly.

Mehmet: Right now, few minutes ago, also, uh, El pa you mentioned about, you know, the frameworks and, and, and standardization, right? So as a member of the ISO 2,700 Standards Committee, um, how are you seeing. The support and the speed that we want to implement these new frameworks going on. Um, what, in another way, you know, if I wanted to make it more clear, um, are we evolving these frameworks at also speed that allows us to make sure that organizations have the standards in place and the measures in place.

To get a secure innovation, uh, environment for themselves. 

Elipaz: Yeah, so I [00:22:00] think the new AI regulations on, on standouts again, today we have the EU A a Act, which is uh, uh, mostly for European companies and so on, uh, or companies that have, uh, European customers. And we have the ISO 40,001, which is. AI management system standards.

It's not only related to security, uh, but mostly for AI governance inside organization. And I think it'll take some time until those, uh, standards and regulations will be, will become common. Um, we have some customers that, um, comply with those, uh, regulation and standards, uh, and we see it starting to become, uh, more common.

But I think it'll take some time and I think that we will need. Um, better standard for AI security. And I think because we talked about AI, and AI is a big world, so we have gen AI tools, we have models, we have the MCP, [00:23:00] we have rag, we have, uh, a lot of things inside ai and I think. There is no one standards that can provide, uh, let's say, uh, uh, the best framework for all those, uh, use cases.

And, uh, I think it, it'll take some time because I, I speak with a lot of organizations that leveraging AI in that way or another, and most of them are, don't thinking about this, uh, uh, regulations, the AI Act just, uh, um, uh, starting to, to started to be mandatory. Uh, about, um, uh, one year ago, and it will, and there is like a grace period of I think tools or something like that, like that until it would become, uh, mandatory and they would start to enforce, um, uh, this regulation.

Um, so I think we have some steps to do in this, uh, side of the governance and, and standards around ai. And I think also the, the, [00:24:00] the standards, uh, um. Let's say all, you know, the ISO and other we have, of course, we have also the always top 10 for LLM, which is, uh, let's say framework for LLM, uh, uh, risks and attack like pump injection gel, breaking denial fluid, but I think it will.

Be changing a lot of, uh, times during the next few years until we have, uh, mature standards that really fits to the use cases in the field of organization. And, uh, I'm really curious to see how it will, um, uh, develop and, and what will be the actions around it. 

Mehmet: Right. Do you envision in the past, do you think that the AI companies, mainly the ones who are producing the LLMs and the ones who are producing, you know, all these tools should contribute more, um, to, to, to these standards or to these, uh, new frameworks?

Or do you think it's more. [00:25:00] Practitioners like yourself, like who, who gonna, who are seeing, you know, incidents on daily basises that will be contributing more. Or maybe it's like also something that would come from the, what they call them, you know, the, the company that they are building on top of these lms they're building, you know, rappers or whatever you want to call them.

So who, who are you seeing the biggest contributor, uh, contributors to, to uh, to these new frameworks? 

Elipaz: Yeah, we, we always, uh, laughing then and saying that, thanks God, we have regulations and standards, otherwise we don't have, uh, uh, work to do. Uh, because eventually standards and regulations that are, that, that the most, uh, let's say, uh.

Uh, best way to con, um, convince company to invest in, in security because they, they have to be compliant with those, uh, regulations, those standards and and so on. And I think the biggest interest [00:26:00] of, uh, uh, to contribute to those, uh, standards are the security vendors. And we do see a lot of security vendors, publishing researchers and things like that around, uh, the security risk in order to convince.

Uh, uh, companies to, to leverage security into their AI efforts. Uh, but I also see some, uh, you know, the consumers that, uh, uh, contributing to those, uh, communities and, and, uh, uh, help, uh, the developing new framework, standards and so on, because eventually it's supposed to be, uh, uh, common goal for all the industry to have a, um, secure.

Uh, AI usage for all the world from, you know, the individual people using AI to the, the biggest, uh, enterprises out there should be a common, uh, goal for everyone. 

Mehmet: Right now, let's talk a little bit business if we can. [00:27:00] Oliaz, because CSOs, when, when, of course, they want to, to implement the, you know, the, the latest and greatest, the best for get for their organizations, but also they need to, to show ROI somehow, uh.

When it comes to application security mainly, which is your, one of your domain of expertise, um, how you know they can take that in front of their business counterparts, put it in front of them, and get the business case for adopting solutions for enhancing their application securities, their API securities and so on.

What have you seen working from your experience? 

Elipaz: So very, very good question actually. And this is a very big, uh, challenge. And I think that, uh, alongside all the security tools, uh, uh, that most of the organization are implementing inside their, [00:28:00] uh, SDLC, which is, uh, SaaS, the ca does, runtime solution, WAF and so on, um, the best way to prove and show the ROI or the management or the r and d teams and.

Really harness them into your efforts is to, uh, uh, build security champion, uh, program. And today we are doing it as part of our services and we, we train developers, uh, to develop security. And in that way, what we are doing in terms of our why is to show that. As long as the developers are more, uh, uh, they have more security, uh, knowledge, and they know how to develop their code security and how to mitigate risks in the code faster and how to detect, uh, uh, security vulnerabilities in the code faster, we can show that.

Uh, we minimize the number of vulnerabilities reaching to production, and we can show that we minimize the time [00:29:00] developers are spending around security, uh, uh, tasks and, you know, solving security tickets and so on. And I think this, this is the best hour why That you can show, because eventually the goal of CSO should be, uh, to allow developers to focus on developing and not securing their application.

The way to do it is first of all to train them and harness them to, to, to your efforts and, and, and goals. But second, uh, from the, the, the tool perspective is to provide them the right tool, uh, uh, and, and remove all the noise and false positive around it because if you will. You will do training your developers, and they will be better than you, better than the CISO in solving security issues in the code.

Uh, but eventually you provide them a list of, uh, supposed to be vulnerabilities in the code, but most of them is false positive in that way. You lose them very quickly and you, [00:30:00] um, wasting a lot of time. Uh, for the developers and, and I think that, that this is the, the way you need to prove the data y to provide them the right alerts and the right, uh, uh, risk that really affect with the, the right context that really affect their, their code, their application.

Also help them to do it quickly and integrate natively in the developer, uh, workflow. And then you can show how you minimize the number of security tickets. Uh, how you minimize the number of vulnerabilities in production, how you minimize the time they spend around solving and, and mitigating misconfigurations and vulner vulnerabilities.

And, uh, I think this is, should be the, the goal of every C out. 

Mehmet: Got you. Of course. Yeah. So this is, this is the, a very clear, uh, roadmap and approach I would say for getting the ROI now, Elipaz, I know we talked a lot of, uh, about ai, but if we want to see some other [00:31:00] trends that are affecting, um, you know, application security in general, um.

What is keeping you at night currently? When you look about all what's happening, what are you expecting the next wave of threats to be? Uh, when it comes to, to that domain specifically, um, you know, like. I, I, you know, like AI is able to do a lot of things right? Scary things. Uh, so, so what are you expecting?

Few trends, and I, I will not ask you in 10 years or like even five years because I know things are changing. And you mentioned it like, uh, couple of minutes ago. Like we, we, we wake up on something and then, uh, we sleep, we wake up next day. It's a completely different world. Um, but. From experience, from what you're seeing in the field, what are the next wave of threats that you are expecting them to, to surface, uh, and how we can be ready for these threats?

Elipaz: Uh, to be honest, I don't know. [00:32:00] Uh, I, I think a lot about it, uh, every day actually. Uh, but I really don't know. I think we have enough. Threats and risks to, uh, to think about it and, and take care of, take care of it. Um, but I think it'll still be around ai. But from the other side, they hope that, again, the AI will provide us also security features and the AI code assistant will know how to develop code, right to debug the code.

And, and do it securely. And, um, maybe even to, you know, uh, um, I, I guess that we will see some of the security tools that, uh, we are using today, uh, coming not efficient because the AI will do it alone. So this is really what I hope from, from other, from the other side. Uh, but, but honestly, I, I don't know. I think we have enough threats and risk to, to think about them right now.[00:33:00] 

Mehmet: Yeah, we have, we have a lot to deal with, to deal with already today. To your point, um, you know, again a traditional question, but as we are coming to, to the close, if someone today Elipaz comes to you, he's, he's, or she's a student, uh, or I don't know, maybe, maybe drop out of college, but they, they're interested in cybersecurity.

What advice you would give them to be better prepared for the a, a career in this domain, which is changing by the day? What are some of the lessons you can share with the, uh, with the new generation? I would say. 

Elipaz: Yeah, so actually I talked with, uh, lot of, uh, students and, and, and young people recently. I, I'm also very young.

Yeah. But, uh, 

Mehmet: yes you are. Yeah. 

Elipaz: But, uh, I, I talk with lot of people that want to start their career in cybersecurity, and of course the first thing I, I, I tell them, or ask them that is they, they really want to do it because they love it or because the, the [00:34:00] money. Um, uh, they think, uh, they can earn during their career.

Uh, but, but the second thing, I think it's depends on what you really want to do with, uh, cybersecurity, because you have, you know, we have, uh, a lot of different roles under the, the cybersecurity domain, but I think to, even if you want to be a ciso, not a, or a GRC guy, not a technical one, like, you know, penetration test or DevSecOps and things like that.

The best way, um, uh, uh, to do it is to. Understand and have experience from the technical side. So, for example, I started my career as a intelligence officer and a cybersecurity officer, and so on and so on. But during my career, I took, uh, uh, DevOps schools in order to speak the same language of DevOps. And also I took, uh, uh, uh, development, uh, course to, to, you know, to really talk their language.

And today [00:35:00] because they know how to talk the, the DevOps and the r and d developers, QA and so on. Because I know to, to talk in their language, I know how to do, uh, uh, how to help them, uh, with the security a lot better. And, and in that way, you know, the most important thing, and I mentioned it few times, uh, during this, uh, episode, is to harness the, your consumers, which in, in my case, uh, the r and d team.

To your efforts. And, and the best way to do it is to understand what they're doing. And I think, of course, with the, the ai, uh, I think it's also important to take some AI course to understand how it works, how, how to build the rug, how LLM working and so on and so on. Because I think this will be, that will be the futures in, in every, in every, not only in cybersecurity, in, in every other domain.

So this is what I need absolutely. 

Mehmet: Yeah, absolutely. I thank you for sharing this Ari Pass. Final question. Pass where people can get in touch [00:36:00] 

Elipaz: what, 

Mehmet: where people can get in touch with you. 

Elipaz: Um, so, um, you can get in touch. Uh, I, we can share, uh, my, uh, uh, my email. It's, uh, it's Cygnostic, aeo. We have our website, LinkedIn.

Uh, we have our one, uh, uh, slack, uh, community. Uh, so people can get in touch, get, get in touch, can book a meeting directly. In, uh, to our website with me and we can discuss everything we want. We can consult about how to make, uh, S-S-D-L-C better and how to make your r and d BFFs with, uh, your security teams, uh, with all the lab.

Mehmet: Again, thank you so much for, you know, the time today, and thank you for, uh, you know, being here with me. Uh, and this is usually, of course, the links will be in the show notes so people, they don't have to look right, left. Uh, everything will be in the show notes. So this for the audience. This is how I end my episodes if you just [00:37:00] discovered us by luck.

Thank you for passing by. I hope you enjoyed it. I think it was very informative from any past to talk about how you can make your r and d. More secure, but at the same time BFFs. So that means ship fast and being secure. So thank you Elipaz, and if you are one of the fans, we keep coming again and again, thank you very much for your support.

Thank you for making the CTO show with Mead Reach more than 500 episodes. We just aired our 500 episode, uh, two weeks ago. And. Again, we will take us this year to new level by being on the top 200 charts across multiple countries to be specific, eight countries at the same time, I'm hoping to go to multiple countries more and more, of course, all with your help because my aim and goal with my guests, of course, is to, uh, get you the latest news about technology, cybersecurity, startups, entrepreneurship, and of course inspire you to do something.

Uh. [00:38:00] To change the world to become a better place. So thank you very much for being on this journey with me, and as I say, always stay tuned for a new episode very soon. Thank you. Bye-bye.