Listen to this podcast on Apple Podcasts, SoundCloud or wherever you find your favorite audio content.
This week, SecurityIntelligence podcast hosts Pam Cobb and David Moulton enlist the help of JC Vega, a former military security professional and current cyber range coach for IBM Security, to unpack a growing trend: military veterans making the move to private sector security.
Keep Security Simple and Effective
Vega considers himself a gray beard — someone “who has been around and experienced a lot of different scenarios and operations and who lends their experience to the team to bring out the best in those around them.” His military experience, which includes everything from flying helicopters to watching the president’s motorcade and running operations centers, made him the perfect fit for IBM’s cyber range, which challenges IT teams in multipart attack simulations that Vega describes as “going on a roller coaster without breaks.”
For Vega, it’s about pushing teams to discover what they’re capable of, often by focusing on the simplest and most effective solution to the problem at hand. It’s the military mindset at play: As Vega notes, “The lesson I picked up is that not everything has to be difficult” — it just has to be effective.
Battle-Test Your Incident Response in a Cyber Range
Military veterans bring a critical quality to cybersecurity: immediate action. According to Vega, when faced with a life-or-death scenario such as a jammed weapon or a critically injured team member, there’s no time to stop and think. That’s why it’s imperative to perform specific actions “in the right sequence and at the right time” to increase the chances of a positive outcome.
This is an essential aspect of security best practices: When networks come under attack from ransomware threats or business email compromise (BEC), organizations can’t waste time debating potential responses. They need to establish a plan of action and execute it immediately to mitigate the impact of a breach.
Why Military Training Translates Well to Cybersecurity
How can former military security personnel make the shift to cybersecurity? Vega highlights two major areas where military experience can come in handy:
- Security by design — From day one in the military, Vega says, “you’re a security professional.” Members are taught to defend both physical and intangible assets, keep information sharing to a minimum and always pay attention to their surroundings.
- Problem-solving under pressure — Vega notes that fixing problems comes with the territory “because there’s always something broken that we always gotta fix.” This do-it-all attitude sets veterans up for success in cybersecurity.
Of course, it’s one thing to have the skills and another to land the job. Vega encourages former military personnel to become “lifelong learners” and expand their skill diversity with courses, audiobooks and community resources. Another option is employment initiatives designed to help veterans make the transition from military to civilian life in careers that recognize their passion and leverage their unique skill sets.
Learn more about training in the IBM X-Force Command cyber range
David: What’s the most adrenaline you’ve ever felt?
Pam: So I think as a mother, I’m supposed to talk about the miracle of life. And maybe like, talking about holding my child for the first time, but like, there was a lot of drugs and maybe some vomiting involved. So I’m gonna go with the roller coaster instead.
David: What roller coaster did you ride that got you going?
Pam: So here at Six Flags Over Georgia, which is near me in the Atlanta area, there is one called Goliath, and it’s kind of a standing up roller coaster.
David: I think for me, I lived up north for seven years. And one day, I got my car going down the highway at about 80, and I was completely sideways looking into the drivers, or I guess the passenger’s window, the car next to me completely 90 degrees. And then Mario Kart drove out of that and lived. The adrenaline was pumping that day until it wasn’t and my legs wobbled out from underneath me. So that’s probably the most adrenaline I’ve ever felt in my life.
Pam: And here we are on this podcast.
David: Right. But here’s the thing, I don’t think our stories hold a candle to the adrenaline stories that JC shares. He talks about his experiences in the military and crazy things to me like going up at a helicopter and then reducing power intentionally to learn how to fly a helicopter when it’s been damaged or is on fire. And not only just reducing the power but then going through how to put out the fire while still in the air
One of the things that comes through very clear when you talk to somebody who’s been in the military, and JC really exemplifies this, is how that background that he has in the military translates well to cybersecurity career. He talks about how from day one when you’re in the military, you’re in a security job, you’re guarding something, you’re protecting something. And whether it’s high adrenaline or maintenance, military vets, in particular, should be looking at careers in cybersecurity.
Pam: This is the “Security Intelligence Podcast” where we discuss cybersecurity industry analysis, tips and success stories. I’m Pam Cobb.
David: And I’m David Moulton. I spoke with JC Vega, an executive security advisor and cyber range coach for IBM Security. JC’s security career in law enforcement and in the army spans 30 years, including experiences flying helicopters and providing surveillance for the President’s motorcade.
JC shared his take on a broad number of topics from being a gray beard in the cyber range to reading sci-fi as a great resource for those interested in security. Here’s our conversation.
JC, can you share your professional background, as well as maybe a little bit about your current role here at IBM Security?
JC: Sure. I’ve been doing security for about 30 years, ever since I was a teenager, from law enforcement into the army, and various roles in the military. Everything from, you know, what you would think traditional military guys do, to flying helicopters, to running operations centers, to watching the president travel in his motorcade as we’re providing surveillance to make sure that he and his entourage get places safely.
David: And maybe a little bit about what you do here at IBM Security.
JC: So I was brought on to be an executive security advisor. And in the military, we call it a grey beard. And that’s where a person who has been around and experienced a lot of different scenarios and operations, lends their experience to the team to bring out the best in those around him. So I look at myself as a coach, which is actually part of my title, also cyber range coach, a mentor, and like the free safety to come in and help out wherever needed.
David: So any lessons that you’ve learned as that gray beard or that coach that’s in there that really stand out, you think might be interesting to others that are in your position, to look out for or to, you know, commiserate on?
JC: There’s one lesson that stands out over some of the others. And being a technology company that IBM is, and coming from the government that stresses technology, a lot of times we look at technology solutions, primarily, and we’re focused on that. Well, there was a large company that was having some issues with tailgating or piggybacking coming into an office. That’s when you individually scan in or identify yourself and you go through the mantrap or the gate, but each person has to go through individually. So you individually scan and you get access.
So piggybacking or tailgating is when two people go in through one scan. And now you lose control of who’s in the premise, or who’s out of the premises because there are people who are piggybacking on top of each other, or tailgating depending which group you’re talking to. And that’s a bad thing because then you lose control of your physical security. So this organization put out, you know, the feelers to find out what is the best way to teach their employees that this is bad hygiene, that this is bad behavior, bad security, bad practice. And they came up with the man traps smaller, making someone actually observe the man trap and all these different things, from video to physical barriers, that’s gonna force you, that only one person can go through.
But what ended up happening was the CEO and the founder went through and someone was filming. And the CEO went through and the founder piggybacked off of him, these are two older gentlemen now. And the first person that went through when he saw that that person was, again, tailgating or piggybacking whichever word you wanna use there, he grabbed the person and took him to the ground — it was the founder — he took to the ground, and it’s like, “You can’t do this anymore.” And he did it very abruptly, very suddenly. And it was videoed, and it was shared across the entire company, that this is bad behavior.
That got the message that at the top of the food chain, at the top of the organization, a senior leadership is in it to win it when it comes to security. And that’s part of the culture, you have to demonstrate that as senior leaders, one, that you believe in the culture of security. And two, that you’re willing to take the action necessary. But being a high technology company that they were, this was probably videoed on someone’s iPhone or smartphone at little to no cost. And what you see there, the lesson learned that I picked up is not everything has to be difficult.
You have the find a way to communicate to your audience. And in this case, here, they did more than just create a training piece on this bad behavior. It was actually where people watched and were laughing, and they were sharing it, and now people got the message. And it was a very low tech solution to a very important problem the organization had.
David: Yeah, that’s an incredible story. I know, when I was at a former company, they had a very serious badge surfing policy. And we never had anything quite as memorable as that. But it’s definitely one of those things that not everything has to be tough. You don’t have to rip out all of your physical security, you just need a founder that’s willing to be tackled or makes the mistake with somebody who cares to do their job well.
So earlier, you mentioned the cyber range, and I realized that not everyone is aware of what the cyber range is. Could you talk about that a little bit for those that are unfamiliar?
JC: Absolutely. What we do in there, the range part of it comes from the experience of where you go and train and practice so that you can improve your skill. So we can do that at a very technical level, where we can configure that space, that facility, to challenge technicians on their best day against a very talented opposition. We can configure that space to where you can go force on force, a blue and red team, where you can hack…you know, kind of capture the flag. And we can make it fun, where you’re actually competing to see who’s better than whom at different tasks.
And then we create a scenario that slowly starts to unwind. And as it starts to unwind and you’re learning, inject starts to come in. We start to introduce some scenarios, and before you know it, you’re in a very unique cyber crisis, and you’re taking charge of this operation here. And over about a three-hour period is like going on a roller coaster without breaks.
David: Well, that sounds pretty stressful. Is that how the customers start to feel that realness in the range?
JC: I talk to the participants that are there and I ask them two questions. What I ask them first is, “Describe the feeling you’re having right now,” single words. I don’t need a big description, just tell me what you’re feeling right now. And some will say, “I’m feeling very anxious, I’m feeling nervous, I’m feeling stressed, I feel a sense of urgency.”
And then I follow on and ask them, “When is the last time you felt this way?” And I will get some participants who will give me the exact date several years ago of when a breach or they were the victim of a hack at their organization that it brought it all back to life. This is how they felt when this was happening.
Well, it gets better than that. I asked another individual, you know, “When’s the last time you felt this way?” He said, “Oh, two weeks ago.” I said, “Okay. What was going on two weeks ago?” He said, “I was in the back of a plane and I was stepping to the edge of the door, I was getting ready to skydive.” And if you think of that, that’s the feeling that he was having.
And another lady we had communication teams from all over the world and industry who came through. And as they came through, I asked a young lady, I said, you know, same question, “How do you feel?” And she said, “I feel like this every day.” And I thought, okay, I don’t know what — inside, I’m thinking, I don’t know where this is going. But the following question is, when’s the last time you felt this way? And she said, “Every single day.” So that begged the third question, what do you do? Where do you live? And I’m thinking how difficult must her mornings be in her household.
And she tells me, “I’m a communications chief for a major organization in the country of Venezuela right now.” And as you know, in current affairs, Venezuela is going through tremendous challenges. And she’s managing the communication there right now every day. And she was, “I feel like this every single day.” So what that does for us and in the range, is it validates that we are bringing up the stress level at an appropriate level that mimics how they would be responding to a crisis. And what’s important is, as you’re going through that crisis, you may think you’re acting very rational, but your body responds in a fight or flight scenario.
And we actually measure and evaluate decisions that are being made immediately and decisions that are being made later on once you have a chance to actually calm down and rationally look at what’s going on. And it’s amazing how different the decisions are, and how much clarity you get. As soon as you start to step outside of, say, that fog of war, of you’re not really sure what’s going on. But that’s a reality. That is how a scenario may develop, you’re only getting some indicators, you don’t have a clear, picture. You’re trying to make a decision based on the best information that you have.
David: So not too long ago, we talked to Caleb, and he was talking about those that excel in the environment. And he mentioned, EMS, right, he mentioned military vets have a different ability to respond. And I think you’re uniquely situated having, you know, observed and been in the military. What is it about military veterans that they have that give them the skills that they need to keep cool to respond well in this pressure cooker you’ve described?
JC: Well, it’s interesting, a lot of these organizations that you just talked about, first responders, EMS, military, we have this concept called immediate action drill. When this happened, you have to do this immediately beyond thinking about it. It’s if your weapon gets jammed when you’re in a firefight, how do you clear your weapon? There are steps that are automatic you do to clear a weapon and 99 percent of the time, it’ll do that so you can fire your weapon.
Same thing goes, if you see somebody who has a severe cut and is bleeding and potentially can die from bleeding, there’s immediate actions that you do. So we stress this, I was an instructor pilot for several years, and there are certain emergencies that you do that if you fail to do them in the right sequence, and at the right time, you’re potentially gonna go from a very bad situation to a situation that you cannot recover from.
So you practice those and you practice, and you practice, and you practice, to where you’re not even thinking about it anymore. So when you see that indicators come up, you start to react immediately, you don’t get emotional about it, you just react.
What I found as I’m training the students when I was doing that — and these were high-stress environment because when you’re actually in a helicopter and you’re simulating an emergency procedure, you actually are reducing the capability of the helicopter — and you’re reacting immediately, and you want the student to start to pick this up so that they know how to react.
David: So JC, what are some of the most challenging experiences you had making the transition to working in the private sector and in cybersecurity from the military?
JC: Wow, you know, that’s probably one of the most stressful times in my life. And I’ve been through a lot of stress in my 29 years in the military. Everything for me in the military, there’s a set plan on what you’re going to do, your next year, the year after that, and you have a lot of options. And you can deviate from the plan, but success is defined for you. You know what job you’re gonna get or what type of job you’re gonna get, you know the level of responsibility, about how many people you’re gonna be leading.
And you basically just focus on preparing to do the best at that job. So when you leave the military at the end of your term of service, ETS, what you’ll do is you’re starting all over again. And there isn’t a plan, there isn’t a goat trail that you can follow the guy behind you because everyone is so unique. And so that being said, there’s a lot you can do, there’s a tremendous amount of planning and preparing you can do.
And the Armed Forces gives you the time and the resources to do that. So I would encourage them to, one, utilize those resources and take the time to prepare. You’re given the time, you have to use it. Now with that, whenever I advise or mentor a group, I talk about the types of jobs that are out there in a very, very high level. I share that there are really only three types of jobs out there. You can just narrow it down to these three types.
The first one, and there’s no order of priority here. But one is quality of life, there’s a job you’re taking that’s going to allow you to live a quality life that you desire. And that’s, you know, simply defined if you wanna live or work somewhere that’s close to your family, or in Hawaii, or wherever it is. But you’re taking that job for a quality of life as a priority.
The other is career advancement or opportunities. Think of someone who is going to school to get a degree, you’re not going to school for the sake of just going to school, you’re advancing, or you’re preparing yourself, this is a stepping stone to something else. So you’re taking this for the experience, what you’re gonna learn and there’s career advancement opportunity in this next job.
The third one is job satisfaction, is you’re taking this job because you’re gonna get a lot of satisfaction out of doing that. That if you had one of the other jobs, this is what you would be doing at night on your free time, you’re really enjoying what you’re doing. All of us are at different stages in our life, in our careers, and what is a priority to us. And this is constantly changing. So the idea is that as you’re preparing to get out, first define what is it that you seek. Do you seek a quality of life job? Are you seeking a job satisfaction job? Or are you seeking some career progression, a position that has opportunities beyond?
So that’ll help scope what type of employment you’re looking for? Where are you gonna look for it. And it will also help shape the questions if you’re going into a job where you’re being hired on that there’s no advancement, that’s it. That would not be a career advancement opportunity but it may be one of the other reasons. And so the idea is find the right job that’s a fit for your needs. Then you start getting into the details, but that’s really the higher-level guiding light that I like to share with individuals as you’re deciding what they’re going to do, and why they’re doing it.
David: So JC, it seems like military veterans, in particular, are well suited for careers in cybersecurity. Would you have any advice for how vets can get their foot in the door?
JC: You know, it’s a very interesting question because when I talked to some of the individuals in my career field, which was the cyber career field also, I have to convince them that they are qualified to be in the cyber career field. Because they don’t necessarily see themselves as something that they do every day as a specialization.
What I tell everybody in the military, there’s two things you are in the military. Number one, you’re a security professional. From day one, when you enter the military, we are talking about security, that is what the military does, we guard things, we defend things. And oftentimes, that’s in a physical sense, but everybody also knows operational security what that means in the military. And that means you don’t share too much information that may compromise or hinder or negatively impact an operation. So we understand that from day one, whether you’re a private, or whether you’re a general. And we’ve been sharing that with our families.
And we share operational security so that your extended network of friends and family aren’t sharing too much about what’s going on as they’re watching you. Because they know when you’re about to leave, they know when you’re about to go do something, because your tempo changes, you start focusing on different things. And the idea is that we have to be able to protect ourselves and defend ourselves, and what we do at work. So we’re the weird guys who sit in the back of a room because, you know, we’re always observing everything. But that’s something that’s ingrained in us, the security part of it.
The other part is every guy in the military is a maintenance man, too, because there’s always something broken that we always gotta fix it. And that’s a big joke, you can do anything, but you sure can sweep also. So we’re all security and maintenance.
David: So security is ingrained. Are there any particular roles in the military that translate well to cybersecurity jobs?
JC: So there’s a few. And first, I don’t have to explain security to you, to a military person, they get it. So if you’re gonna take any kind of technical course, if you don’t have a security background, that is another aspect of the domain or the discipline that I have to explain. But for someone who’s never been involved in that, you learn security through experience, by doing it.
If you come with that experience already, you’re gonna come up with your own scenarios, your own insight on why this is important, I don’t have to create that for you. But someone who doesn’t have that background, I’m not only teaching them the technical aspect of what they’re doing, I’m also teaching them why it’s important. And oftentimes, they don’t get it right away, that comes with experience.
So the idea of planning for security is a major component of what someone in the military does. So that part comes very natural, that’s what we get back into the EMS, and the firefighters, and first responders. And it’s because it’s something we do every day, it becomes part of your DNA, part of your culture.
That translates very direct so that when you’re taking a security course, you’re coming into a security operations center, it feels very natural. And the things that you have to learn, the bar isn’t quite as high as someone who’s coming into that that doesn’t have that background that you have.
I want to get back to that question of what advice do you give someone get into cyber security, I get that a lot from both junior people just coming in, and people wanting to make a career change. And how do you know when you know enough? First, you never know enough, lifelong learner in this field, you’re always going to have to stay on top of it. And if you are a lifelong learner, and you love to do that, this may be the career for you. But there’s also so much diversity of skill sets that you need.
A way that I used to inspire people to get into it is to read or listen to audiobooks, because there’s so much out there. Just in science fiction alone really, cyber accurate books are plentiful, they make movies out of that the experts not only read these books, but we study them to say, you know what, that is plausible, that really is likely.
You know, a great movie is “Minority Report,” how many of those things that those in the security field say that is kind of happening right now in a lot of ways. Think of the targeted ads that are occurring, the biometrics that occurs, the scanning of groups to find out information that’s all automatic. It’s pretty amazing what you can get from science fiction, and it’s fun reading. So it’s not just boring books on how to do this or how to do that. It’s actually enjoyable to read, and your community is reading this book.
It’s almost standard practice that you have to watch “Star Trek.” And you have to watch a certain comedy skit because everybody knows them as references. So it’s a bridge that we…back to operation centers, a bridge in the government a operation center in the government. This one they call it the bridge, like a ship bridge. It’s actually modeled after “Star Trek” in the enterprise. And the idea of this is where Captain Kirk would sit observing the entire scenario, and those references are real. And it’s amazing how much science fiction comes into our field.
And I say that as not the end-all but as an entry point, you have to understand some of these things here. And what better way to do it than to get into science fiction, to get into just books that are really meant for your pleasure. And then you get into some other books, and there’s a lot of good reads out there that give you a good history of these things really happen that read more like a biography or a documentary on history, but they’re actually cyber-related. And as you’re going through it, you’re actually learning a lot. When do I say, you know, you’re in it to win it now and you really are onto something is when you start picking up these books, and you start skipping chapters because you already know what a zero-day is, you already know what a worm is, you already know what a virus is.
And it’s really, really good reading and there’s a lot to learn out there. And so it doesn’t have to be hard, it doesn’t have to be boring, it could be fun. And there’s a lot of community resources. IBM itself has programs that will teach veterans how to learn our products where they would become certified professionals in IBM products. And they can go to a company that is using IBM products, which we’re one of the largest security companies in the world. Odds are one of the larger companies are probably using one or two aspects of our products and services. You will come they’re qualified. IBM does that for veterans for free.
And IBM is not the only one, there’s a lot of programs out there for veterans, and some people think it’s the geek guys who are doing it. We didn’t all start out as a geek, I’m a geek, I say that very affectionately, I love being a geek. But I started out as an aviator, and before that I was a combat engineer, means I blew things up for the army. I built bridges and carried explosives and did all those things that you thought, you know…the things you played when you were a soldier, those little green army guys, I did that when I entered the army. And then I went to college while I was in the army, I got asked to become an aviator. So I flew helicopters and became an instructor pilot. And when I was looking for my next challenge, the military offered me the opportunity to study security.
And started out at a master’s degree and went on from there and really got into it. And the neat thing about it is that this community is small. You are two or three degrees of separation from the founders of cybersecurity, the luminaries are walking among us still. And so you get to meet with them right away. When we study history of any discipline, it goes way back. Well, for our discipline, they are amongst us now. And it’s exciting to be a part of it. And you’re still at the beginning of the cyber career field discipline, we’re still learning, we still haven’t figured it all out. And someone joining now is still at the beginning of the discipline. And that’s what I find exciting is that you can make a difference right now.
David: JC, I love that passion, and I think there have been a couple of things that I would go back and say, think about the type of job you want, that’s perhaps the most clarifying way of thinking about a career. And I think all three types can be available in cyber security if that’s the thing that you’re interested in.
And of course, I would echo that idea, that lifelong learner, every time I think I’ve got something figured out in this business, I wait a couple of weeks, wait a couple of months, and then I go back and read it again and there’s another level of depth or understanding. So you’re absolutely on the point there.
And then I think that all of us can develop that muscle memory, whether it’s something in the cyber range, or remembering to brush and floss every day. So when the dentist asks, yes, I’ve been really doing it. Real quick, which “Star Trek” do you like to watch? What’s your favorite?
JC: So I’m probably the non-Trekkie one in the group. And I actually had to watch it to study it so I can follow along. But if I had to follow on, I’m probably more into the classic. So Captain Kirk and all but…
David: Okay. I grew up with Picard, but I can go back to Kirk. Well, this has been an absolute pleasure. Thank you for giving us your time and your insights. And we’ll be looking to talk to you again.
JC: Thank you for the opportunity, anytime.
David:Pam, am I right in guessing that you’re a “Star Trek” fan?
Pam: I don’t know what would give you that idea, sir. I’m flashing Vulcan symbols right now, yes.
David: Yes. Live long and prosper.
Pam: Absolutely. Yeah, so I grew up watching “Star Trek” and “Star Wars” and “Buck Rogers,” and the OG, “Battlestar Galactica,” like this was quality family time, like both my parents were super into sci-fi.
And one of the things I really love about “Star Trek” that we see successful, even modern-day cybersecurity is the diversity of thought and the more success the teams have. And this is one of the reasons I think, in the cyber range we encourage people to come in with their entire teams, and not just the security division. Because there’s people that are much better at messaging, and you don’t necessarily want your security experts talking to the media if you’re faced with a breach.
And I love the Prime Directive as a theory, but I fully admit to sometimes fiddling with stuff and maybe not exactly doing no harm. But I think that’s a good takeaway in terms of the context of science fiction here. What about you?
David: Yeah, I grew up watching Picard, that was my favorite as a kid. And even now, you know, I kind of measure all “Star Trek” against, you know, that crew, and that experience. And looking back, it just painted this picture where that team came together. And it really didn’t matter where you’re from or what you were doing, you were part of the team and that was what made it successful. And you know, it seemed like a great metaphor for security.
And for any team that really wants to work well is to have that diverse set of skills, different points of view, the ability to have, you know, an emotional reaction that’s very quick, tempered by somebody who’s maybe a little bit more analytical, and or somebody with a lot of experience, or somebody who knows that they can get it done because they don’t know it’s impossible, and therefore they can get it done that. That to me is “Star Trek,” and also security.
Pam: So when I think about the application of cybersecurity and science fiction, and I think about how that manifests, you know, in my home life, and how I reflect and treat events for the week. And you know, it’s like a Friday night tradition, you pour yourself a little drink, you’ve done the work week. And I can tell if it’s been a good week in cybersecurity. I drink out of the Spock glass and I have a Spock-arita. But if it’s been maybe a little chaotic then I drink out of the Sarlacc Pit Glass from “Star Wars,” and it’s a Sarlacc-arita. So you know, that’s how it rolls at my house.
David: I feel like we need to give our listeners some recipes for some particular security drinks, or I guess sci-fi themed drinks to think about security with.
Pam: We had an amazing purple cyber smash at our big IBM event earlier this year.
David: It was pretty good, I had one of those.
Pam: So David, have you heard any news this week that would inspire me to have maybe a Spock-arita instead of a Sarlacc-arita?
David: I did actually, is a little bit of a backing into security. But there was a story that came across in Twitter… and I’ll have to find who posted it. But the idea was that, you know, we get these security patches coming out all the time on our devices, and it’s no different in my household than anyone listening or yours how do you keep up with it? And one of the things that I found really fascinating about the story was that emoji, that’s how you get security patches out and get people to install them.
And it was just amazing to me to think that you’ve got a company like Apple that’s releasing the new parrot emoji. And along with it, you know, it’s dragging in security patches and updates at a incredible rate, because people really want those little pictures. And so, you know, sometimes if you can make it fun, you’re going to get your security update. And I think that that was my uplifting story, so that’s the Spock-arita?
Pam: That is the Spock-arita story of the week.
David: Toast the emoji when you have your Spock-arita.
Pam: Well, that’s all we have for this episode. Our thanks to JC Vega for joining us as a guest.
David: Listen to this podcast on Apple Podcasts or wherever you get your podcasts.
We want your feedback, leave us a comment on our SoundCloud page. And if you really like what you hear, why not toss us a five-star review on Apple Podcasts.
For more security stories, visit SecurityIntelligence.com. A big thanks to our producers, Megan and Ted, and most of all, thanks to you for listening.