Detect Ransomware Before It Destroys Your Business

You found the backup wrap up, your go-to podcast for all things

backup recovery and cyber recovery.

Got a little something different for you.

Uh, Mike and I have been, um, Mike Saylor and I have been working really hard on.

Finishing the book for you, the, the upcoming ransomware book.

And we did, um, that's the good news.

The bad news is we didn't have enough time to record another, an episode.

So I reached back into the archives and found, this is, uh, a recording from

Mike when he, uh, came on the podcast to talk about, uh, detecting ransomware.

And, uh, I'm, I'm trying something different here.

Let's see how it goes.

What I actually did was I tightened up the episode, uh, looked through and I

just grabbed really the, you know, the, the really relevant parts of this piece.

So it's a tighter episode than the original recording.

Should be around a half hour instead of the 45 minutes.

It's something I'm gonna try.

I really wanna know what you think about it.

So whether you're watching this on YouTube or on, uh, you know, the, uh, uh, backup

wrap up.com, I, I'd love to hear from you as to what you think of this tighter

format and specifically the one here where I took a longer show and, uh, tightened it

up to make it a little bit more, um, you know, I don't know, easier to listen to.

This is the backup wrap up.

Welcome to the show.

I am w Curtis Preston, AKA, Mr. Backup, and I have with me Prasanna Malaiyandi.

How's it going?

Prasanna.

I am good, Curtis.

It's time to bring on our, uh, our guest.

Once again, our resident cybersecurity expert, CEO of Black Swan Security.

Mike Saylor.

How's it going, Mike?

It is going well guys.

Thanks for having me.

We're talking about ransomware.

So this week I wanted to talk about.

The actual phase or you know, whatever the things that we need to

do in order to detect ransomware.

And I remember talking about this a little bit with you before, but can

you, um, aside from like a, a SEIM/SOAR tool, sort of going off and noticing

something, can you think of weird things that have happened in people's

environments where it ended up being.

The ultimate thing was they were actually under a ransomware attack.

You know what I'm saying?

Like, like for some reason the, you know, the company dishwasher stopped working

and uh, you have weird stories like that.

Uh, I, I do.

And so there, there are, there are, there's malware.

There's a category of malware called polymorphic.

So it, it, it changes.

Uh, some of that change depends on what the malware

has identified as, as its host.

And so there, there is a strain.

There are strains of malware that are specific to certain, you know, they're,

they're targeting specific, uh, devices.

Um, we saw this with stuck net.

Uh, we saw it with, uh, point of sale specific malware.

Uh, and now there's ransomware that is looking for specific.

Uh, specific hosts.

It doesn't want to trigger the ransomware on, on an invaluable host.

Like, I don't care if that's got ransomware, just throw it out the window.

Uh, but, and then tip, its, tip its cards to what it, you know,

the, the attackers are doing.

They don't want to trigger the alarms before the, the, the jewels are stolen.

So there, there are kind of your, your.

Your analogy to the dishwasher's not working anymore.

If it's a smart dishwasher, it could very well start to malfunction or perform

poorly if malware is interrogating it to determine if it's its target.

Uh, there's even malware, uh, the ransomware that,

that cleans up after itself.

So maybe it gets to the dishwasher and decides, well, this is a

dishwasher and it moves on.

Well, as it moves on, it deletes.

Its, you know, it cleans up after itself.

So when you go look at the, at the dishwasher, you, you're like, I

don't, I don't know what caused that.

But,

Seems to be working fine now.

more, more often than not, it's, it's user feedback about, you

know, complaining about their.

their computer running slowly, or, you know, I can't watch

Netflix at lunch anymore.

Um,

Dexter.

No Dexter at lunch.

right.

So it it's usually it's system, you know, performance degradation or, or.

Um, just weird stuff.

Symptoms, uh, weird symptomatic stuff that usually get, uh, you get

notifications on to determine, well, that's weird, but then you go look

at it and there's nothing there.

Well, it's, well forensically you can still see some stuff, but at

the, you know, kind of the, the surface level, you're like, I

don't, there's no malware here.

Um.

but in that case though, like I'm guessing that that user would call

their IT help desk and the IT TA person would probably take a look and

be like, oh yeah, nothing happened.

And then they'd probably just close it and move on.

Right.

Very like does, how often does it really get escalated?

Be like, Hey, that seems weird.

Let's figure out like, is there a security issue or something else?

It, it, the, the frequency or the, or I guess the likelihood that that

gets escalated is, is almost directly related to whether or not they've

had to deal with it in the past.

So if you've had ransomware, you're a little more diligent and

suspicious of weird stuff happening.

Like, all right, well we've had, we don't wanna go through that again.

Uh, I'm gonna, I'm gonna take every call about weird stuff happening as

if it might be ransomware or some other malware versus an environment

where maybe they haven't had the, put a fire out or go through that.

They're, they're, they're a little more skeptical about, you

know, that's just user error.

Or, you know, it's, it's Tuesday.

Uh.

do and do anybody, um, does anybody ever report actually seeing, like

someone taking over their desktop?

Like they're, they happen to see mouses moving around or

windows opening and closing?

Do they see that?

We have, we have worked a few, there's other cases, and

this is actually a a what.

In, in the, in a corporate environment, we don't see it as often.

Uh, but small businesses and individuals often get scammed into the hole.

You've got a virus call this phone number, we then remote access into your

machine and then, you know, their access persists or, or something else happened

to, to drive that, that weird behavior.

The other problem is managed service providers.

So you've got this one company that, that supports the, you

know, technology to some degree.

Whether it's everything, uh, servers and workstations and

help desk is all outsourced.

Or it's some something specific like a, like a core processing server

that does your financials if you're a credit union at, so you have

this one, one to many relationship.

You've got this one company that supports many clients and.

Uh, just human nature.

We wanna make sure that that's as easy as possible.

So what we found were what we call cons, uh, coincidental passwords.

So this one vendor uses the same credentials to log

into all of their clients.

And so what we've seen recently is, yeah, there's this remote control

stuff going on because that vendor was compromised and they didn't know it.

But now bad guys have access to the environments of all

the clients they support.

So, so what we've been talking about so far is sort of.

Users noticing something odd happening, calling in, right,

getting in, troubleshooting.

But I'm guessing though that users aren't always the best people to recognize

when things go wrong, and they're probably not always at their desk

when the bad actor is doing something.

So what happens for all those other scenarios?

So there's, there's other things that we do in a corporate environment that

we hopefully would notice weird things, our backups, our network bandwidth.

Um.

And there, there's tons of places that you can set up alerts and triggers,

uh, firewall, uh, weird IP addresses, different protocols, uh, unexpected

data going out, different ports.

Um.

There's a lot of things we could look at and, and, and it's, it's a pretty

lengthy list, but humanly possible.

Like, is there one person that's gonna go down this whole checklist every

day, you know, several times a day?

Uh, that's just not, that's not feasible.

Uh, and so you've really gotta roll that up into a tool that can automate it and

just give you a dashboard view of things.

Um.

The, the, the secret, the, the key is how many things, how

much visibility do we have?

Finding tools and the data sources and the use cases that all line up.

Like there's a, there's a ransomware use case.

All right?

So from ran, if, if we're, if, if our focus or objective

is to identify ransomware.

Then working backwards from that objective, we've gotta find the data

sources that would give us the indicators.

Uh, then we've gotta have the technology that can consume or

connect and consume that data source.

Uh, then we've gotta have some policy procedure around the source of that data.

Like, what is it?

Is it a server?

You know, uh, firewall, how's it configured?

How do we patch it?

How do we update it?

How do we back it up?

Uh, so that playbook is, is fairly extensive, but the, the detection

part of that is all about visibility.

Um, and, well, I guess fundamentally too, understanding how ransomware works.

Um, 'cause I mean, your, your smart dishwasher probably isn't gonna

get infected with, with ransomware.

Uh.

Hmm.

Not yet.

So when we start talking about this, we've got to start talking about some

sort of tools that are, and there's three tools that I'm aware of and, um, you

know, which would be XDR, sim and soar.

SOAR is more about the response, right?

But XDR and SIM tools are about the actual detection.

Did I, did I get that right?

So the, the XDR is, is the platform that you would, um, consolidate

all of your alerts and data sources from different other tools.

So it's kind of like the top, the top of your security stack.

Okay.

And then the, the sim is, is kind of below that.

So SIM is one of the.

One of the feeds into your XDR platform, EDR, you know, your anti malware endpoint

stuff, that's another data source.

Um, and, and so.

I just thought all the, all the EDR tools were calling themselves XDR tools.

That

that's

And, and they're really not.

Um,

the evolution of EDR into more of a managed service is still

missing the network layer.

So the, the eds like CrowdStrike that say that they, they do XDR, they're

still missing the, the east, west, you know, network traffic, net flow,

Okay.

EDR would be endpoint detection response, which typically what we're

talking about there is, is like desktops and laptops and things like that.

Not so much servers.

Would that be right?

Well servers too.

I mean, you can, you can put EDR on, on servers for sure.

But not necessarily networks, like network

it, it, uh, CrowdStrike doesn't do network analysis.

And so, you know, even before, you know, the, the first, the first kind

of acronym was NDR Network Layer stuff.

So that's like extra hop, uh, you know, net flow, uh, your, your router.

XDR, the extended detect is that we can plug anything into our console.

So that's our sim, that's an anti malware, uh, NetFlow, uh, and even

like some XDR platforms can do like physical security devices, like

badges and motion cameras, and, um.

I, OT things, uh, like, hey, my dishwasher's throwing errors a bunch.

Uh, you know, you can, I guess if there's a use case for that.

Um, so XD the idea with XDR, uh, and even, even broader than that, is an

open XDR uh, platform that just about anything you can imagine can be fed into

this thing, uh, to correlate events and, and if it's capable, develop behavioral

baselines and some other cool stuff.

So then, um, does Soar fit into that, all of that?

So SOAR is also not a new term.

Uh, so SOAR is security orchestration and automated response.

Uh, so the idea with SOAR is that we have this playbook, and historically

it's been a manual playbook, right?

We get out the book and we look through it and say, this is what we're gonna

do in response to whatever this.

Thing is, so it could be an incident, it could be a, a malware, it could

be a stolen laptop, whatever.

You've got this playbook and, and the idea with playbooks is you assess

yourself, like our company does these things and we have these assets, and

what is the most likely impact to us?

Ransomware's at the top should be at the top of everybody's list these

days, if you're connected to the internet and have users, uh, ransomware

is just statistically more likely than a lot of other things these

days, but it could be other stuff.

You should have a playbook on, uh, denial of service if your company

relies on internet connectivity, um, for revenue and communications.

You, if you have a, a large remote workforce and they have laptops that have.

Company data on it that you should have a playbook on stolen laptops.

Is this similar to the incident response plan stuff we talked about

a couple or many episodes ago?

it is, and, uh, however, uh, soar, uh, traditionally and, and I was kind of,

I was getting to that the, the Soar traditionally was more broadly defined.

So you could have something that might not be considered an incident yet.

Um, so, so, so back in the day also incorporated, well,

how do we analyze this event?

Hmm.

Uh, and then we, and then we started to developing more technical incident

response plans and programs that said, all right, that playbook is now part

of our plan, and here are the more technical, tactical things we need to do.

Well then the evolution of Soar, uh, from a platform or technology

perspective is, all right, how do we automate some of this stuff?

Yeah.

And so there are, there are third party tools that are, so our sim, our

XDR platform, identified this stuff.

Uh, let's integrate this automation tool or, or we have this tool now that's,

that we can then go and, and use to say, we need to handle this, this incident.

So as an example, could it be something like, I've detected some random

network traffic on this particular client that doesn't look right.

The SOAR detects it and maybe it shuts off the network port.

Yes.

And so in the Soar you would, you would again, define these playbooks

when this happens, do these things.

And so with ransomware as an example, if, uh, user account experiences, several

failed logins and then a successful login.

And then service, you know, anti malware is shut off on the endpoint and

there is internet traffic to geo, you know, whatever IP address, uh, around

the world do these things, right?

Disabled user revoke, MFA tokens, uh, uh, shun or, or quarantine

that, that endpoint, you know, take it off the, you know, um, uh.

Block its IP address, uh, notify whoever and do these things,

and you can automate that.

Um, and it can be as, as detailed as that.

It, it could be, uh, and any variation of that.

So yeah, those, those, that's a great example of how that, that

tool and it, and it would do it so quick, like milliseconds versus the,

the human version of that is, um.

You know, your sim tool pops up and says, you know, you've

got something to look into.

An analyst takes 15 to 20 minutes to verify it.

Uh, we have a valid thing.

Let me escalate it to level two.

Level two looks at it, you know, another 15, 20 minutes.

Now we're looking at other, other data sources like the firewall and some stuff.

We've now validated that then we, we escalate that to the client if it's

an MSP version, uh, or, or the, the business owner or the stakeholder

in a, in a corporate environment.

Uh.

And we're waiting for a response from them to determine what to do next.

And so now that that millisecond soar automated response has turned into at a

minimum hour and a half, two hours, and who knows what, you know, that malware

is, especially the ones that, that, uh, can run autonomously, is our, they've

already done reconnaissance to look at what else this thing has access to.

And I've already spread and done other stuff.

Time is of the essence.

yeah.

Yeah.

So all, all right.

So let, let's say, let's say I'm a company, I'm an organization that

has none of these tools, right?

Just, and I'm, I'm listening to this episode, I'm like, holy crap.

Like, how many things do I need to buy and where should I start?

Um, I, I think that's.

I think that's where the average person might be right now.

Um, and that's where I am.

Um, I'm like, wow, that's a, that's an awful lot of tools where, you know, and,

and, and each of them thinks they're, they're, you know, well, you gotta have

this, you gotta have MDR, you gotta have XDR, you gotta have sim, you gotta have,

so you gotta have all these things.

And I'm sure there's an acronyms that we haven't got to, um, where,

where does, you know, I'm worried that I'm gonna get ransomware where.

Do I start with all these tools?

There's a lot of different, uh, approaches to the problem and understanding.

The problem is, is fundamentally economics, right?

I can't afford.

The people or the, the software or the whatever it is to, to

truly, um, improve my, my odds.

And that's really what it is.

I mean, you can invest everything you have in protecting yourself and

you're still a statistic at some point.

'cause bad guys are gonna figure out how to get to you.

Um, but remember that ransomware is malware.

And all malware requires user, user interaction in order to infect your thing.

So your computer, um, if it's not connected to the internet and you're not

looking at email and going to websites, you're, you're, you're good, right?

Or you're, you know, 99% there.

Uh, you also have to disable all your USB ports and Bluetooth

and all that other stuff too.

Um, which means you really can't use your, your computer for anything.

Um.

So then, but, but if you start there, all right.

If my computer's not connected to anything, what can I do?

Well, I can't do much.

Well, I need to do this thing.

Well, what do I need to do that thing?

Well, I need internet to get to this website so I can log in to do my work.

Okay, well then can we exclude the majority of other things

that you don't need to do?

Yeah.

All right.

So let's, we can write policy about that.

That's okay.

Well, what else do you need?

Oh, I need email.

I need email to be able to send and receive files and talk to people.

Okay.

Well, are there ways of restricting email's ability to, to present me with

things that, that could be a risk?

Well, yeah, that's, you know, email filtering and spam

filtering and stuff of that stuff.

Some of those tools, some of the, some of that stuff that I've

mentioned is, are probably already a capability of what you've purchased.

Like Office 365 comes with some good stuff.

They just don't do a real good job at teaching you how to,

how to use it and configure it.

And us as consumers are really poor at, at reading the manual.

Um.

comes with some other stuff that, but they do charge quite a, quite a bit for it,

They do.

And so,

um, but you know, going back to how many tools do I need to

buy, that's another decision.

Do I, do I buy more licensing and, and capabilities from this one tool?

Or do I look at, you know, what other things can I bolt

on and, and add to, to this?

Maybe it's more cost effective, but now you've got a, now you've

got overhead and having to spend more time doing these other tools,

well then all.

So you've, you've been somewhat diligent.

You've, you're, you're using your computer responsibly and you, you've

figured out how to use what you paid for, uh, to do, you know, what,

what you can with what you have.

Mm-Hmm.

Then it all comes down to just be being aware and, and you know that that email

but, you know, kind of at the end of the day, and, and maybe getting

back to your, your original question with, well, how do, how does the

average person protect themself?

It starts with just being diligent.

Just take a minute and, and think through the, you know, rationale of whatever

it is that you're, you were gonna do.

Click on something, open something, download something, go to a website,

scan a QR code with your phone.

Um.

These are all things that you maybe just, just take a minute

and, and really think through.

Do I need to do that?

Was I expecting that?

Could there be something, you know, malicious or, or, uh,

wrong with whatever this is?

And it never hurts to phone a friend.

Um.

And, and, you know, making friends is important in this, in, in cyber.

'cause you know, as, as a individ, as an individual, you, you're

probably not gonna be exposed to or experience a lot of things.

Um, and then the more people you talk to about what you see and and your questions,

the more likely you're gonna get somebody that's probably already made that mistake

and can help you not make it yourself.

Yeah.

And Mike, just on that last point, I think it's a great thing, and I

know we did an entire discussion about like cyber insurance,

right?

And how they're like a trusted advisor.

You should talk to them because I'm sure they could give you good advice on sort

of how to shore up your defenses and be able to detect and protect yourself

against ransomware and other malware.

And there's a couple of, a couple of real quick, uh, like things to consider

if, if you think you've got ransomware or malware, just turn your computer off.

Power it off, take the battery out, unplug it.

'cause that, that stuff needs power to do its job.

And if, if you really think, you know, I've got my critical, my

whole life is on this computer and I think I have malware, shut it off.

Unplug it.

Take the battery out and find somebody that can help you get your data

off of it and make sure it's clean.

Um, and that way at least you've got a backup.

Backups are, are critical with ransomware.

Um, but yeah, don't.

Don't just sit there.

It's kind of like, you know, especially guys, and I'm, I'm definitely guilty.

I'm a little hardheaded when it comes to illness and health.

If you've got symptoms, call the doctor.

Right.

Don't, don't sit there and go, oh, I'll give it.

I'll give it another day.

Or maybe I just need a nap.

Yeah.

Yeah, I, um.

Which brings up, and, and this is a giant tee up, and, uh, but you know, it would

seem to me that this is too important for you to try to figure it out yourself.

Like if you, if you're not a cybersecurity specialist, if you, if you, if

you're not living your life, this thing, it's kinda like backup, right?

Where it's like, it's way more difficult than you think it is.

Right.

Um, and that, and that's why MSPs exist, right?

And so it would seem to me that I. Rather than try to figure out which of

10 different, you know, I mean, somebody showed me a, um, it was like the, it was

like the, one of those things where they have just company logos and it was like

the cybersecurity landscape and there were like just hundreds of these logos up there

of products and services that I could buy.

And, and it would seem to me that what I need, I need two things.

I need.

Tools that work, right, that, that, that do the things that I need.

And more importantly, I need somebody that knows how to use those tools.

'cause it doesn't do any good if I buy this great.

You know, uh, detection tool to find, you know, what's going on and, but I

don't know how to configure it so that it works and I don't know what to do.

And of course, one of the most common things is that I configured it such

a way that I get a whole bunch of false positives and then very quickly

it, it just ends up becoming ignored.

Right.

So I, I think that's where the, where the MSSP and obviously I'm, I'm, I'm

teeing it up for you, but I, I. I don't know what else, what else would

be right for, for a small organization or even a medium sized organization

that has never done this before.

No, I appreciate that.

Uh, and, and you're right.

Um, going back to kind of the initial comments of, uh, you know, just good

visibility if you wanna do it yourself, make sure you have the fundamentals.

Good anti vi, anti malware.

Um, that gives you consolidated, a consolidated view of all your assets.

You know, you don't have to go to every computer and see if there's an infection.

It needs to report up to a, a console that you can log into and, and get real

updates and know where the problems are.

Um, the, the other, the other gap, I mean, you, you managed, I mean, you

mentioned needing someone that knows the technology and you know, an expert.

To expand on that, it needs to be someone that's available 24 hours a day.

'cause bad guys aren't gonna go, oh, you know, they're probably still

at work working on the computer now is a good time to attack them.

No, it's, it's when you're asleep and you're in middle of the

night, uh, you know, Thur Thursday morning or Thursday after midnight

is when they're gonna hit you.

And, and because they also know that you're not gonna wanna,

uh, be at work over the weekend.

So they, for whatever reason, all right, they're, they're not gonna make it.

Uh, uh, easy for you.

Uh, and, and in a lot of cases, that's also because they're, they're

overseas in a different time zone anyway, so the fundamentals are good.

Endpoint protection, the, uh, good visibility across your environment.

Um, good firewall, uh, cloud, uh, office 365, Google AWS, whatever

you got, whatever's being used.

Um.

And then someone that, that you can call or someone that is looking

at your stuff 24 hours a day.

And there are some service providers where, you know, maybe you do have a

staff during the day, uh, and so you just need nights and weekends and holidays.

And so there are some providers like us that, that are flexible

in that, in that regard.

So that does help with, uh, cost and the economics.

Um.

But at the end of the day, absolutely, um, make friends with some experts,

uh, that you can call for nothing else.

Uh, if nothing else, just to ask questions.

But ideally, uh, someone that can help you identify the right

solutions, uh, to give you the right visibility and the right coverage.

Uh, and again, I it's gotta be 24 hours a day.

Yeah, so Mike, most of these organizations, right, they

don't have unlimited budget.

Right.

Cost is always a concern in terms of priority.

Right.

I know you talked about endpoint, you talked about XDR,

you talked about sim, right?

You talked about all these things.

If they're looking for sort of what is the first thing that they should

go after and try to protect or detect ransomware on or malware on, what

is, what is sort of like the most important thing in their environment

that they should be concerned with?

It depends.

So you've really got back to understanding yourself before you

can understand your, your enemy.

'cause your enemy's gonna probably know you better than you.

You do.

In order to be successful, uh, you've really gotta understand your business.

And so again, if your business is, uh, highly driven by your workforce and your

workforce is out, you know, on the, on the, you know, they're road warriors or

they're working from home, absolutely.

Endpoint protection is a priority because they're prob, they

probably have company data on that.

Device or they're using that device to log into, you know, VPN or, or your cloud.

And so if that device is compromised, then your, your

production network, your production environment may be compromised also.

But what if, what if you're, you're a data center and you don't have, all

your endpoints are servers, right?

Uh, and then so, but then there also.

Co, uh, co-managed, they're, they're not yours.

You, you own the hardware, but you don't own the, the, the, the virtual

machines or, or, or what have you.

So now your, your focus is your perimeter

and your connectivity.

Uh, so I think those are two extreme, you know, one, one end of the other.

Uh, but truly understand your environment first, uh, and where you're.

Your critical assets are, and your data and your use cases, uh, and what's

most likely impacting your business.

Uh, and then from that, uh, derive your priorities.

And,

Hmm

and there are some, there are some organizations that fit smack dab

in the middle, and you just have to have good hygiene across all of it.

There's a lot of organizations that aren't real familiar, uh, or

real accurate with all the things they need to protect anyway.

Similar to backups.

You know, I can, yeah, I can run back up.

But I can only back up what I know about, uh, and ideally even, even more

so to the next level, how important, how do I prioritize those backups?

Security is the same.

Uh, I can only secure what I know.

And if, if there's stuff on the network and there's stuff in the cloud and

there's people working from home that I don't know, then I can't protect that.

And if I am gonna protect it, how do I protect it?

You know that, that visibility part.

How do I get the data from those things, those tools?

To know if there's a problem and how to respond to it.

Is it automated?

Is it a person?

Um, and then all of that is going to kind of bubble up to what are my options and

what does it cost and what do I need?

Is that, is that something I can do on my own?

Is that, uh, opportunity to bring in a managed service provider?

Um, and I think real quick on, on, on the, the cost, I think

there's a big misconception that.

Yeah, I'm a small company.

I can't afford cybersecurity.

Uh, that is a huge misconception.

There are, there are a number of providers out there like us that, that

are flexible and scalable and I mean, our, our smallest we have, we have

clients that just have two employees and they work out of their garage.

But they are, they've determined, uh, from an analysis of themselves that

they, they are, they have a huge cyber risk and they need that protection.

And so, uh, it, it can be affordable, um, if we know what we're protecting and,

and what the, what the playbooks are.

Well, hey Mike, it's been great talking to you again.

And Prasanna, thanks for, thanks for, uh, being here as, as always.

This was fun.

And Mike, it's been great chatting.

It's been a while.

So glad to have you back on.

For sure I missed you.

Yeah.

And, uh, thanks to the, uh, our listeners, uh, we'd be nothing without you.

That is a wrap.

The backup wrap up is written, recorded and produced by me w Curtis Preston.

If you need backup or Dr. Consulting content generation or expert witness

work, check out backup central.com.

You can also find links from my O'Reilly Books on the same website.

Remember, this is an independent podcast and any opinions that you

hear are those of the speaker.

And not necessarily an employer.

Thanks for listening.