In May of 2021, the president issued an Executive Order on Improving the Nation’s Cyber Security. The order calls for enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain. In the latest issue of PT Buzz, John is joined by Chris Crellin, of Barracuda MSP to discuss what is included in the cyber order and what this means for the private sector, particularly MSPs.
Where to Listen/Subscribe
Any and all resources we mentioned in the podcast can be found here. Looking for something not here? Contact us, we’d love to help you out.
Executive Order on Improving Cyber Security: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Barracuda CloudGen Access (Zero-Trust Network Access) datasheet: https://barracudamsp.com/resources/pdf/data-sheets/DS-Barracuda_CloudGen_Access.pdf
Barracuda Managed Phishline (end-user security awareness training)
Barracuda MSP: https://barracudamsp.com/
SmarterMSP blog site: www.smartermsp.com
Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.
John Pojeta: Hi everybody, John Pojeta here at the PT Services Group. Hope you’re doing well. And thank you for joining me for another episode of the PT Buzz. And today we continue our conversation with Barracuda MSP, and we take a look at the executive order on improving cyber security that was passed back in May. And so first we just go through an overview of the order and what are the main components to it relative to the cybersecurity world and MSPs we zero in on zero trust architect, what’s happening in that space and how that helps support MSPs and their clientele. We look at the different sectors and industries and where the overlap is going to occur and things to be cognizant of. And then we take a specific look at the colonial pipeline attack, how that played out and how something like the zero-trust architecture would help prevent a future event like that.
But the constant ongoing cybersecurity battle for MSPs their clients. And keeping that when, not if outlook as you engage with it. So with that basic information, Chris, am I okay on Crellin, or is it nailed it, nailed it. Nice. So as everybody knows, I have one of those names that’s butchered on a daily basis, so I, I have sort of love and respect for that. So Chris, but before we dive in is always thank you first and foremost for taking the time, but can you give everybody the background on who you are, what you do inside of Barracuda MSP. And the role you play and how it crosses over with this government side of things.
Jim Crellin: Sure. Thanks for having me. So I’m the senior director of product management at Barracuda MSP. My job is to basically enable the Barracuda security solutions to fit within the business model and the environment of a managed service provider. Those that provide it security and general it services as well to small businesses that don’t necessarily have the resources to fund their own IT department and manage all those things themselves. So I basically work with all the various solutions that Barracuda provides. And then, because we’re help to sort of shape those for the, the managed service provider environment, you know, work with their tools. I work with their business model to help them understand how they work, how they fit and what they can do with them.
Tap/Click to View Full Transcript
John Pojeta: So you’re kind of that resource hub of a standalone MSP. Who’s got. Everything in, in many areas, as they’re, as they’re working to grow, to become larger and near that resource hub to not only provide the actual tools, etcetera but then also help mold them to their environments or implement them or adjust as needed that sort of.
Jim Crellin: Absolutely. So we provide not just the technology, but also a lot of, some of the expertise and how those tools should work. And sometimes even services that sort of augment their abilities as well. So for example, like a managed XDR platform that allows them to basically lean on our security expertise and manage and monitor, not just our tools, but other tools as well, outside of Barracuda.
Provide security and security monitoring on a 24, 7 basis for their customers. And a lot of cases, these managed service providers are small. They have a small staff and they may not have either this skillset the expertise or the, the bandwidth to cover threat monitoring on a 24 7 basis, which today is increasingly necessary as, you know, have hackers from all around the world, attacking at all hours and all different ways. It’s really hard. Yeah, I kind of fit that eight by five job situation.
John Pojeta: Yeah, no doubt. Jimmy and I spent last month talking about a SOC, so a security operations center, and obviously the joke around socks is his wife was literally in the, in the room to the side, packing up socks for, for what she does for work at socks.
You put on your feet, not the ones that protect the security side. So and it’s tough because a lot of. A lot of even reasonable MSPs don’t have that capacity for 24 hours a day and protection and just protecting themselves and their, and their clientele. So good stuff. So executive orders Washington, DC, it’s kind of near and dear to my heart.
I grew up as a kid. My father was a paleontologist and worked at the Smithsonian in downtown DC. So my days were spent running around and, and trying to get into places. I probably shouldn’t have been behind the scenes and see all kinds of. But obviously we get various things coming out of DC and the intentions, I think for the vast majority are always very positive.
There’s always some potential for unintended consequences, no doubt. But recently the executive order came out on May 12th and had a focus around trying to strengthen cybersecurity and it runs through every aspect of our society today. And really, I want to start broad base if, if we can Chris, and just talk about what those key points are that came out of that executive order, and then we can dive into some details of the individual.
Jim Crellin: Sure. Yeah. So I think this is born out of a number of different hacks. Think of like the colonial pipeline hack that happened just a few months ago. And we’ve got a lot of critical infrastructure in our society. That’s managed not just by the government, but also by private companies.
And so there was a need sort of the tie, those things together and having more collaborative relationship between the government and its security experts and the private sector as well. The executive order is really around a couple of different areas. One was sharing threat information between the private sector and the federal government.
So the federal government obviously has vast resources with the NSA. They deal with nation states. They deal with military hacking you know, nation state attacking, but they also deal with. You know private hackers, large organizations. And so they have a lot of information that goes through their organizations that can be helpful for the private sector and the private sector.
On the other hand is also collecting a lot of information, a lot of cool technologies out there. But I’ll also a lot of attack services is out there too. So being able to share what’s going on and how to detect those events and then how to remediate them is really important to kind of share that information going both ways.
So that was one piece of it. Modernizing and strengthening the, the infrastructure in both the private and the public sector is obviously critical as well. The classic VPN infrastructure of PR four is becoming increasingly obsolete. There’s a lot of threat vectors out there and how somebody can attack.
And just because someone has a password to get into a VPN doesn’t necessarily mean that’s going to be. Connection that it’s the right person or it’s even a good device that they should be connecting from. And that’s where zero trust technology comes in. It allows you to basically verify not just what person is accessing a network, but the time the place and, and the person all has to be verified. And there’s now contextual aspects that get taken into consideration with zero trust access. Now, it’s this person with this particular device they’re accessing from a public WIFI network on potentially their own laptop.
Do you really want them accessing sensitive information inside your company’s network or now potentially in the cloud? Potentially cloud services, applications, that sort of thing. So, whereas before. You know, everybody’s logging in on their own corporate device, maybe throw a VPN into a file server or something like that.
Now you’ve got people going into public cloud services that may not even connect to the company network anymore. You know, the cloud, the VPN is not going to protect that anymore. And so zero trust infrastructure is much more sophisticated and flexible in protecting resources. Within a specific infrastructure, like a company’s environment or government infrastructure.
But it’s also much more contextual to look at. That person. And did they know, you know, have a password or even multifactor but did they come from a trusted device at a time and place that you would expect? And if not, you can set policies in terms of what they can access and what they can’t access based on that.
So that sort of risk level that’s established there. And then there’s basically security standards too, that were set in that executive order. So that people have you know, specific sets of software that they have versus just any old thing that they pick up and making sure that they have security set in place that is prioritized.
And that it’s not something that it is shorter. Forget about. Another thing is that a security playbook which is really. If I get hacked, what am I supposed to do? And it basically outlined a series of steps that a business should take whether it’s a managed service provider or it’s a, you know, a business itself to basically lock down, what’s been potentially compromised.
And then how to remediate that, whether it’s, you know, from backups, how to get the government involved, necessarily if it’s a hacking. Police agencies, local enforcement, that sort of thing, and, and how that should all work versus sort of a scattershot approach and whatever somebody decides to do which may or may not be effective.
And then lastly, being able to improve threat detection processes the investigation process and remediation. Within the government. And then oftentimes that trickles down to contractor subcontractors, and then laterally across the private sector. So there’s a lot there. It was that sort of a very detailed executive order.
But it’s going to be something that I think strengthens security across the board, both in the public and the private.
John Pojeta: Yeah. And, and as you and I talked out of the gate there, there’s, we can quickly end up in the weeds and down some rabbit holes here. So there’s a lot more to those components that you discussed having those-
Jim Crellin: right
John Pojeta: That they are, that they are. So well, let’s talk for a moment. I want to expand on the zero-trust side, because I think there’s a lot of overlap with that aspect regarding. Of the MSP, what they provide, who they provided to. That’s a, it’s a great tool. It’s a great piece to, to get away from some of the traditional methods of how people invade in essence, a network, let let’s, let’s take it outside for a moment.
So if I’m an MSP in the field, One of the things relative to an executive order like this that really, I need to take into account then I would think is which of my clients run government contracts in which have more overlap there. Is that fair to say?
Jim Crellin: Yeah, absolutely. So this is something that gets pushed down, not just within the government agencies themselves, but it’s going to get pushed out to the contractors and then the contract is going to push that out to the subcontractors.
So you gotta be really careful about, you know, knowing what government regulations apply to you. And potentially your customers, if you’re a managed service
John Pojeta: provider. Yeah. Because you mentioned that at the end there on the idea of the subcontracting side and I, and I think sometimes we may not understand fully what accompany is doing relative to a sub side and where some of their product ultimately goes.
And so there’s that, there’s also some ability I would think then from an MSP standpoint to be really, really great and experts in this space. And therefore being able to market to some of those subcontractors or some of those groups that do have federal government interaction and acquire clients in that space as well.
Is that also reasonable to think in that, in that realm?
Jim Crellin: Absolutely. There’s a lot of MSPs that either focus on that or they become very good at it. In terms of, you know, once you’ve done it for one or two classes now this is something that I can pitch as sort of a differentiating factor for other customers that I could be.
John Pojeta: Yeah. It really become that niche play, so. Okay. So zero trust. I know you, you talked a little bit about the parameters of it. Can you tell me if, if I’m a general user. What does zero trust mean to me as I’m trying to log in or engage with a platform, can you give us some of those basics? As we we’ve found that we’ve, we’re having more business owners and other people listening in who might not have that kind of exposure.
So can you give us some basics before we dive into more detail?
Jim Crellin: Yeah. So the philosophy of zero trust is really to never trust, but always verify. So you really don’t take anything for granted. So for example, you know VPN will do an authentication, whether that’s just the password authentication or multifactor authentication.
You’re, you’re only checking is that user supposed to be within my network, but you’re not checking, you know, now you’re kind of in a situation like a VPN and your implicit. Trusting the device that they’re accessing from, which could be infected for malware. And if it’s a corporate device that’s been off the network for quite a while, maybe it has had a, any virus, something in a while, or maybe it’s a personal device that doesn’t have any virus at.
All. Right. So there’s other factors there that We implicitly trust and sort of the old architecture that now with the zero trust or the next generation technology takes a closer look at because you can easily get onto a classic VPN with just. Get into the network and now the malware that could be, it could have been inspecting the device that you’re on is sitting there on your network and it’s allowed to propagate and suddenly you’ve got exactly what you want to avoid in the first place, even though it actually was the right user who was accessing the network in the first place.
And it becomes almost like a Trojan horse coming into your network. And then lastly, we talked about sort of what you’re trying to. Yeah, 20 years ago, everybody had everything on in the, the businesses premise for the most part, whether it’s, you know, the desktops or your servers or whatever other infrastructure has usually within the office walls now in the new world.
You got office 365 that everybody’s using for their email for business email, or G suite or whatever. You’ve got Salesforce a lot of times or other applications that are now critical to their business, that doesn’t live within the four walls of the company. And how do you protect those if you’re not actually getting into the corporate network first to protect all that stuff, you know, and verify the user and the devices.
Zero trust really helps to protect all of those interfaces by allowing you to kind of funnel them to one place, to verify all those different factors and then letting them go wherever they need to go. Yeah, the corporate network or it’s out into the world. You know, I, as platform as a service or SAS,
John Pojeta: so people were, or not let them in, obviously if they don’t
Jim Crellin: let them in or not let them in.
Right. Based on the profile, right? If I’m on a public WIFI with a personal device, you can say, all right, you can access these particular areas, but you can’t access that. Right. So you can be much more granular than a simple you’re in you’re out decision.
John Pojeta: Yeah. Well, I, yeah, as you noted, it comes from the old school, a trust, but verify out of our relationships with the USSR, but that, that concept of never trust, always verify, I think changed.
It helps people change the mentality of how they’ve used some of these things, because otherwise you can fall into some of these traps of just doing business as usual and making a lot of assumptions and not learning the lesson of how that can hurt you until some period down the line, so to speak. So a lot of interesting aspects to it.
No doubt. So if, if I’m with an MSP in the field, what are some of the things I would want to think about when it comes to zero? And implementation and supporting my clients and spend a little bit of time on the, on the actual, in the field behavior with MSPs and zeros.
Jim Crellin: Yeah. So this is fairly new to MSPs.
It’s I think something that for the most part, the market is aware of the technology, but hasn’t necessarily fully adopted it yet. I think that adoption is actually in progress as we speak. So I think you’re sort of in the relatively early adoption, but I think this executive order.
It’s going to really spur that on now, because as we talked about how that usually propagates into the private sector, it’s going to become a bigger and bigger deal as you get through the, the contractor subcontractors and then laterally across the private industry. You know, the government is going to be explaining a lot about how important this is for protecting not just critical infrastructure, but the economy in general.
As you get out into, you know you know, B2B Conversations and that sort of thing. Exactly. So today you know, we just switched to a work from home environment over the last what 18 months. And so what MSPs have to realize and think about with their customers is how much is of the workforce is now going to be remote.
How often how much of. Infrastructure is going to be on prem and a classic business and an office environment or wherever it’s going to be versus how much is now gonna be in the cloud. And how do you going to protect that? And how, how are users going to be interacting with these what I would call a tax services, right.
Is it going to be on their own devices? Is it going to be on corporate devices? Is it going to be on mobile devices? And how secure are they? How, how secure can you count on them being and then potentially basically devising the policies that should apply to that. And then looking at the technology you have, can you do that with the technology you’ve got today?
And for the most part you know, your classic DPMs, which have been used for remote access. Aren’t really applicable to a lot of those use cases anymore. And that’s where zero trust really comes into play, where you can implement that and really funnel all your users in. And it will be. Basically the device in the profile of that device, does it have any virus?
Is it up to date, up to your standards? You know, are they on public WIFI or not? You know, and it basically all these different variables that just aren’t looked at in the classic infrastructure that MSPs typically employed today.
John Pojeta: Yeah. What you’re describing is that overlap. And I oftentimes is, as, as you guys described to me a scenario like that, I think about it in my own, in my own little world.
And so I have my company issued laptop and my private cell phone. I have my private tablet. I have my home network. I have my office network. I have what I would consider a third-party network. I friend’s house, other business, whatever the case may be, that that I’m at a given time. And then I have those public ones and they’re all the, all those devices are crossing all or all of those platforms with a lot of regularity.
And so it makes it even more challenging. So can you speak to a little bit, but knowing your, your description around the front-end aspect of zero trust and the support you provide to MSPs, if I’m an MSP in the, in the field side of things, and I’m looking at zero trust, can you tell me a little bit about how you Barracuda, where the support comes in or how you can help somebody start to develop what that should look like for them in their environment and their clients?
Jim Crellin: Yeah. So You know, typically our conversations start with, you know, what do you expect to are going to be protected? And, you know, the, the areas that you’re using SAS, are you using infrastructure as a service? And then typically, you know, your, your perimeter type of protection and we’ll, we’ll go through the various I, you know, a potential attack services and the attack vectors with them.
And we encourage MSPs to do the same thing with their customers too. This is something that. The, the world evolves, right. And it evolves faster than the droplets. And so MSPs have to be constantly reevaluating this with their customers. So I’m from Barracuda MSP. We’re constantly having these conversations with MSPs about you know, making sure that their, their standards are evolving with that an IT environment and asking these questions about what are you bringing?
And do you, are you aware of the threat factors for those various sectors? And then, you know, we work with them as far as solutions go. Our zero-trust solution is quite effective at basically going through a lot of what we just talked about. It’s a basically setting up a proxy where customers can basically get directed to that pro proxy before they access anything.
Right. And then it basically can decide what you can. That’s based on a lot of the different factors that we’ve talked about and many more factors than we talked about as well, quite a sophisticated solution. And then that integrates with a lot of our other solutions. Allows you to get a kind of a clear picture of what’s going on with the network you know and being able to detect threats and then remediate them hopefully.
So you know, we’ve been talking for a long time in the security industry about a layered approach. You’re not going to necessarily have one layer that’s going to solve everything. And making sure that managed service providers are using that layered approach to make sure that if something bad does have.
You’re able to respond. You’re able to detect. And make sure it’s not sitting out there you know, propagating or, or making things worse as time goes on. You know, if you’ve got a hacker in your network, they can do a lot more damage in a week than they can. And so, Making sure that they are able to detect that remediate it quickly, or we can certainly work with them to help with the detection or remediation as well with the you know, the SOC service that we talked about.
Yeah, no good
John Pojeta: stuff. And I think oftentimes as you started our conversation in terms of your role, it’s tough for an MSP in the field and the resources and where they want to focus their time and energy to understand who they can. To get help and support from and where they try to or firms, they look to partner with to deliver some of these components.
And it’s a, it’s a vital, vital reality in their world. So let’s, let’s go back to sort of the real-life scenario for a moment. And you mentioned it early on in terms of, of the colonial pipeline attack, take something like zero trust or anything else that you want from the executive order or, or time that’s evolved.
And let let’s say we apply it to that scenario. Can you give us a sense of how something like zero trust would have helped stop, slow down function as a layer to, to what you’re describing? So people can really understand a little bit about what played out there and how this type of solution element can come into play to prevent future.
Instant instant. Sorry. I’m working with my new tongue today. Pizza situations. Let’s go there. Future situations like
Jim Crellin: the. The colonial pipeline. The, from the information that we have it appears that some bad actors penetrate the infrastructure based on an old employee’s password that they got off the dark web.
So in your classic VPN case you didn’t clean up the users maybe, and they got the password, the hackers got the password and they were able to go to the VPN and log in with that username and password that they got on the back dark web and bam they’re in. Right. And then they can basically. Attacking this case, they w they use ransomware to basically lock critical infrastructure and basically ground the entire operation to a hall with zero trust.
Yeah, it may have had a password, but w zero trust solutions will look at where are you logging in from? Have I seen this device before? Is it using a corporate mandated profile? Is it using any virus? What part of the country or the world is it? Access thing, have we seen it and access from there before?
And it looks at a lot of other factors and it would have likely flag this as an extremely risky authentication and access point. And I think in almost every case, you know, a policy would have prevented this any sort of standard policy of, of access would have blocked this particular. User from being able to log in.
And with a, you know, he’s talking about wider set of tools and situational awareness you would have been able to detect that, Hey, I have users that are that are no longer authenticating with the company. Maybe I should be cleaning those up, you know, as a best practice. And They there, there are a threat hunting services you know, and that are built into solutions now that will detect passwords sitting on the dark web.
And they probably would have found this particular password in advance and potentially have blocked that altogether in the first place. And then, you know, as you detect ransomware malware going across the day, The solutions, pick those things up. And that’s where we come into mitigation and remediation.
And then of course, this is a good old fashion backup, right. Having a backup ready so that you can always fall back to that if somehow ransomware does end up infecting a device. So that’s where that multi-layered approach comes into play in conjunction with the zero-trust solution to that would’ve picked us up in probably many links.
Accident chain, we’ll call it. Yeah,
John Pojeta: no doubt. There’s kind of some universal truths that are coming out from the series of episodes we’re doing here. And the first that consistently comes to the table is think when not if anymore. And I think for a lot of us, it’s so hard to think of this happening to us, or we just always think of it as it’s a news story somewhere else, somebody else, not our problem sort of scenario.
And that it it’s tough. There’s some, some natural illness to that, but we need to shift the thinking side. The other thing that always comes to play for me is sort of the employee education or the individual education. And I think about our, our own MSP and how that gets delivered and policy components and how you, what you’re describing is how you have policies in place that people will actually execute and live by.
And oftentimes that’s a bit. Eight in the, in the process that MSPs provide to companies is they, they say you can stay in your world of not us if you want, because we’re going to have all those pieces and layers behind you to protect you. But we’re going to constantly remind you that you and your people need to do X, Y, and Z to stay protected if you will.
Jim Crellin: So. And people are always the biggest vulnerability in any company, right? They’re the ones that are clicking on the emails. They’re the ones that are surfing the web. Those are always the most vulnerable. So doing security awareness training is so important and getting people to buy into a culture of security awareness is absolutely critical.
Again, I have all the tools in the world but if the people are, you know, within the company, Are not practicing you know, good security hygiene, we’ll call it. You’re going to be a very, very busy guy as an it provider. And you will, you know, there’s a lot of danger there. So having rules, set expectations, and just an understanding of, of security and, and how you can do your part as an employee.
Is so critical. We do it here at Barracuda quite a bit. And you know, there are tools out there for example, our fish line tool which does security awareness training particularly around email. But there’s a lot of programs out there that, that help educate employees. And hopefully keep that in the back of their mind.
That security hygiene is. I think what they do.
John Pojeta: Yeah. W we call it the humans, actors, there’s, there’s just a reality to mentality and what happens and the best intentions are just those, their intentions, whether or not they actually play out as a whole other ball game. And. Owners and principals of companies will always view things differently than employees it’s natural.
And so having those, those components in place, I, I like the phrase, the security hygiene, and I’m starting to change sort of the mentality of how it’s viewed is, is vital. So no doubt. So Well, there’s two things. One, I made a full pop front. I’m supposed to ask everybody what their affiliation is when it comes to football and I failed.
So my apologies there what part, what part of the, the, the good old U.S. of A. do you reside in today,
Jim Crellin: the Massachusetts in the, I would call it the greater Boston area. So. New England Patriots fan through and through.
John Pojeta: So even though, even though Tommy has moved along yours, do you still follow Tommy to some degree of, if not the Patriots, then the box or?
Jim Crellin: Yeah, I would say you kind of have to, you don’t really want to, I’ve kind of tried to pretend that he just retired try to ignore that. You’d want a Superbowl with somebody else, but, well, we’ll always love Tom Brady. It’s. Yeah, he’s always going to be part of the new England culture here, but it definitely hurts.
John Pojeta: So
Jim Crellin: hopefully
John Pojeta: he brings you the same next 20 years of Patriots football. So as we
Jim Crellin: say up here and bill, we trust
John Pojeta: how old is.
Jim Crellin: And he’s like 68, 68. See
John Pojeta: how much longer that goes to so interesting. But one person I talked to, and I apologize for the life of, I can’t remember name their son Brady. I can’t remember who it was. So I didn’t, I didn’t know if it was something where there it’s that embedded inside the family or no,
Jim Crellin: I think every other kid is either Tom or Brady up here these days. And now what’s going on in Florida. Probably.
John Pojeta: That’s it. No doubt. So we’ll Hey, before, before I let you go, is there any last kind of thought or commentary you want to leave people with is a, Hey, if you take away anything from the, from the 30 minutes we spent this shit.
Jim Crellin: Yeah. You know I think the, this security world is evolving. It has been evolving and continues to evolve and the technology that you use has to evolve with it and the people that you use have to evolve with it. Whether that be the employees or the actual security experts that you have.
And I think this executive order sort of illustrates that evolution of the, the threat environment that we’ve got out there. It’s not just nation states, it’s, you know criminals out there that are making a fortune around the world on a 24, by seven basis in all different ways. And you gotta be ready to protect yourself.
It will happen to you. As you mentioned, it’s not a matter of if it’s a matter of when. And so it’s really important to stay up with the times, or at least work with people that are able to keep up with it. And. And be able to, you know, leverage new technologies like zero trust or potentially partner with people who can help monitor on a 24, 7 basis for something like a security operation center, a SOC services, we call it to make sure that your customers or you as a direct.
Our protected and that you’re ready in the event that it happens to you and, and that you are not one of those companies, those victims that ends up having to pay a ransom or shut down, God forbid, if it does happen.
John Pojeta: Yeah. One of the big things we talk about too, as we talk about growth requires discomfort in what you’re describing.
And sometimes we just become comfortable in our relationships and assume that they’re doing everything they need to do to your point, whether it’s a partnering relationship or employee relationships, you need to stay on top of those things, because maybe what they did for you before. Isn’t what you need today.
So that can be a tough pill to swallow. It needs to happen? No doubt. \
Jim Crellin: We live in a world where Tom Brady doesn’t play for the Patriots. It’s the world changes and you have to adapt. So,
John Pojeta: yup. Yup. Like it or not like it or not. So, Hey Chris, thank you so much for the time. Greatly appreciated today. Yeah, of course.
And thank you everybody for listening in and please, as always, don’t hesitate to visit theptservicesgroup.com/buzz. You can see the recording from today’s episode comment. There’s also resources that will be listed there. If there’s something that you picked up on in particular, and please always share anything relative to future subjects you’d like us to talk about. So with that, everybody have a great day. Thanks.