<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Hash-It-Out: Data-Centric Security in Fintech: A Conversation with Adam Healy

Air Date: March 5, 2024


In this episode of Hash-it-Out, Matt Howard and Trevor Foskett chat with Adam Healy, former Chief Information Security Officer at BlockFi, a financial services company for cryptocurrency holders, and current CEO of Station70.

Together they explore the heightened security and privacy risks in FinTech -- especially for anyone holding a large sum of crypto assets -- and the need for tailored security, encryption key management, and backup.  Healy, Howard, and Foskett also discuss recent developments related to privacy-enhanced cloud computing (Google Workspace CSE) and explore the idea of security architectures shifting away from the perimeter, and moving closer to the data itself.

Good afternoon, everyone. My name is Matt Howard. I'm the chief marketing officer at Virtru, and I am thrilled to be joined here today by two colleagues; Trevor Foskett, who runs our Solutions Engineering Organization. Trevor, you wanna introduce yourself?

Yeah. Hey, everyone. If you've been a fan of Hash It Out for a while, you probably have seen my face before, but you haven't, Trevor Foskett, VP Solutions Engineering here at Virtru. I've been with the company for over eight years now, and work with a lot of our large customers on their, you know, Virtru architecture, whether they're in a commercial or federal space. So excited to be here today and to talk with the two of you guys.

Awesome. Thanks, Trevor. And, grateful to have Adam Healy join us as well. Adam is the CEO of a company called Station70, and the former CISO at BlockFi.

Adam, welcome.

Glad to be here, Matt. I feel like this recording was probably along several years in the making, probably by those following. But, yeah, great to be here and talk to the two of you.

So that being said, You know, I've been in this industry a long time. I've had the opportunity to meet a lot of folks. And, you know, a couple of months ago when you and I first had a chance to connect, it was enjoyable just to kinda see perspective from a person like yourself who has such an interesting background. Can you do me a favor and just sort of start by painting that backstory of yours, kinda like where you started, kind of where you went and where you find yourself now, and just kinda give us a little bit of that, of that backstory.

Sure. I'm glad you think it's interesting. I don't know if my wife would agree. She's probably heard it too many times. But, yeah, so, you know, born and raised in Vegas. Joined the Marine Corps, spent some time in the government space. Well, I was a contractor after I got out of the Marine Corps, spent a number of years as a civil servant within the intelligence community. And then really, wanted to get some more exposure outside of the government. So transitioned out of government service after a little over a decade and joined Microsoft spent some time at Microsoft spent about three years at, at a company called Talentier. And, from there, just kind of continued my journey within security. Always been very focused on cyber security and in protecting things. The intersection, I think, for me, where I started to get very interested in the industry was kind of the intersection between physical security, and cyber security. And that having that scene there that can be often exploited by one bad actor that's focused on the other or the other focused on you know, on maybe more of a physical security threat, but using cyber to kind of target. So that became very interesting to me and really have just been in love with the industry ever since. The last seven years or so have been focused on the cryptocurrency space. So was at a small startup that got acquired by intercontinental exchange.

Intercontinental exchange is the owner of the New York Stock Exchange and some other very large platforms in the world. And from there, we spun out a company called Back to that has subsequently gone public. And I was for CSO and back as part of that spin out and that scale up. And that was a really interesting experience. And then, following that, it's been about three years at a company called BlockFi. That company kind of still exists. It had gotten pulled into some of the FTX situations for those that are familiar.

Highly recommend never having to be part of something like that, for those that lead organizations. It was very difficult to go through. But as that dust settled, Station70 and, still in the cryptocurrency ecosystem, although Station70 is more of an infrastructure provider at this point. And we're primarily focused on something we call trust and recovery, which in for those that know a little bit about the crypto ecosystem, there's this concept of self custody, being able to control your own private keys, well, for institutions and individuals. And we primarily focus at Station70 on the institutional side, although we will have a retail product coming sometime next year.

But our focus really is on the institutional side today, helping organizations that could be hedge funds, family offices, registered investment advisors, banks; doesn't really matter to us that are customizing some of their assets, meaning they have access to their private keys. They're not stored in third party custody, say coin based custody or something like that. And having a disaster recovery and business continuity sweep of services that they can leverage in the event something happens to their wallet providers.

That's super cool. You know, I know we met on your journey through BlockFi when you were a customer of Virtru. And, you know, congrats on starting Station70. It certainly is a fascinating space. And it's one that I think is super relevant given the work that we do at Virtru.

Trevor, I'm curious, given what Adam just shared with respect to Station70 idea of self custody over keys or bring your own key or privacy enhanced cloud collaboration. However, you wanna think about it Can you just share some thoughts with respect to kind of Virtru's view on that concept and maybe what we're doing with Virtru private key store?

Yeah. You know, it's funny. This takes us back to the topic that we had discussed in the very first one of these hashed out sessions, which was really a discussion around security in the cloud. And one of the points that we teased out there was that when you think about SAS or cloud, At the end of the day, it's someone else's server or someone else's end.

There is no cloud. Right? And so when we use a lot of these cloud services, you're just putting information up in that cloud. And so, again, this idea of custody agency, owning your own data or owning your own keys comes back into play because as we think about, at Virtru of people's unstructured data, email files, they're often putting them into a Microsoft cloud or a Google cloud, And how do you maintain control when it's ultimately sitting in someone else's infrastructure?

So similar to what Adam discussed with, you know, is my private key sitting with coinbase, or do I have it myself? We see that same desire for agency and ownership amongst businesses looking to control their data of, as I have this data sitting in someone else's cloud, how do I control it? Can I possess my own encryption keys for that data to ensure that I am the one in control of that data? So it's an interesting kind of parallel here you know, talking about whether it's data assets or monetary assets, kind of a similar approach to I need to protect it, and I wanna be the one to protect it rather than you telling me you're protecting.

Well, and in some cases, data is as valuable as the monetary aspect. Right? So depending upon the data we're talking about intellectual property, trade secrets, etcetera.

Sure. Yeah. Just a layer of abstraction, yeah, moving it away from a currency, but it's still still valuable. Absolutely.

Yeah. And, you know, it's interesting. I mean, you know, in our sort of journey at Virtru, you know, I think Google deserves definitely some credit. You know, we've been so focused for a long time on this idea of granular policy controls on sensitive unstructured data that's inevitably coming in and out of the business and wanting to kinda govern that with better security, better privacy. You know, Google's advanced the ball, with respect to this concept of client side encryption and saying to companies, hey, if you wanna do business, run your business on the Google Workspace cloud, with things like docs sheets, slides, really sensitive information, you can. And not only can you, but you can be the one to keep the key yourself so that it's ciphertext to us. I mean, because it's your data. It's your private sensitive data. And that idea of privacy enhanced cloud collaboration, I think Google's a real lead in.

So it's emergent. I mean, it's the first inning of that game, and we're certainly playing in it ourselves. But I imagine, I'm curious, Adam, where does the typical high networth individual with, I don't know, a hundred million dollars worth of crypto assets sit in terms of, like, the baseball game or, family office with lots of crypto assets. I mean, are they sort of looking at it and sort of saying, we know we need to get a grip on this And therefore, we wanna find someone like Station70 to manage these keys because that's super sensitive to us, and it's super complicated. We don't wanna you know, run the risk of messing it up? I mean, what's the state of the market with respect to those customers that you're targeting Station70?

Yeah. So our customers range wildly, right, very, very well established brand name financial institutions to you know, family offices with, you know, I would say most family offices, if they have a hundred million in in Bitcoin, as you mentioned, are well ahead of the curve than most than compared to their peers, which is probably good for them this week. But I I think that there's a lot of concern around messing it up. There's also a lot of concern around having a legal structure in place such that beneficiaries can take control of trusts and other, of other assets that, or other legal structures that are protecting assets, having additional parties in control.

So maybe a family office is worried about some type of phishing or social engineering attack. So they want their lawyer or their accountant to be part of a funds movement. Somebody kind of outside of the bubble, if you will. So there's a lot of concerns.Physical security is a big concern also.

So having a system in place basically, like duress infrastructure duress protocols in the event that somebody is being under duress. I actually worked a case. A couple of years ago now, where we actually did get FBI involved. There was somebody being held against their will overseas that was traveling, and somebody was trying to abscond with their crypto assets. So these are very real problems. And I think most individuals, most families, most high net worth individuals that are holding material amounts of crypto, they are really looking for an easy button.

Right? In most cases, they want something that is turnkey, very secure, very easy to use, audited, that it is tested, and something that they can just turn key and use, and they don't have to worry about it. One of whom I won't name. But one of the wallets that we work with, when you are onboard with them, they send you a PDF of thirty seven pages of how to back up your keys.

Go get two air gap laptops, go get six USB keys, just follow these steps, run this Python script, and, like, that's just not tenable. Right? For even large banks, like, that's not tenable to be entirely honest in many cases. So, we kind of just turn, we provide this kind of turnkey disaster recovery, key backup solution that's zero knowledge to us.

So we use different, cryptographic schemes that allow us to never actually know the underlying keys. It is similar to what you described, Matt and Trevor, it's ciphertext to us. And in many ways, We're just a ciphertext management company at the end of the day that uses a bunch of fancy cryptography and confidential compute.

Yeah. Super interesting. Trevor, curious to get your thoughts on that and the parallels.

Yeah. I mean, that is really, you know, lots of terms that we use for it ourselves, whether that's, you wanna call it split knowledge or zero trust, but this idea that I think we're starting to see the market finally kinda shift away from the older security model used to be based around this idea of, well, I've looked into this provider. I trust them so they can have my sensitive data. And, you know, for a lot of us that was, you know, I'll put my keys into this retail platform, such as a, you know, a coin base or something.

Or it could be well. I've gone through a search security assessment with this application I'm using, and I trust that I can put my data into it. Really now moving into this model of "Well, even that's giving up a little bit more than I'd like." The idea that I need to trust some third party with my sensitive data in the name of security is a little bit antithetical to what we're trying to accomplish.

And so that zero trust model of how can I leverage the tools that you provide without actually giving you the underlying data structure is, again, very similar to what we're doing ourselves, whether it's you hold your own keys and we only hold a ciphertext or, you know, breaking keys up into multiple parts to achieve that split knowledge? All these things geared toward that idea, but I shouldn't ever have to give you the underlying asset, whatever it may be, data, cryptographic key material, etcetera, all ties into the way that you know, it seems like there is a little bit of momentum behind this trend now.

Yeah. We're seeing a lot of it. And there's actually some numbers that we could put to it in maybe a slightly different setting, but we're seeing a trend, especially at least in our world, right, in the crypto ecosystem, this I mentioned FTX earlier, obviously, that story is still being told. But when that happened, that was a custodial relationship. Right? So you give them your assets and they manage the keys on the blockchain for you. You have an API token or maybe a username, password, 2FA, hopefully set up. And that but at the end of the day, they could do what they want on chain with your assets. And there's been a huge recoil across the industry institutions down to the individual down to the main street, you know, Joe down the street investor, to get out of a custodial relationship with their exchange or their trading venue and move to something that is what we would call in the industry self custody. And not using one of these custodians. And we've seen funds flow tens of billions of dollars worth, flow to more of the self custody model in a post FTX world.

So, you know, it's clearly not my domain. I know barely enough to be dangerous, but I continue to see sort of a theme here, which is people, whether they're individuals sort of holding lots of, you know, crypto assets or whether they're companies having lots of intellectual a property stored in emails, you know, whether it's data or a financial instrument, the idea is that we want to basically take advantage of something like Google Cloud and the fact that Google, you know, Microsoft Office three six five, they have servers and infrastructure and capital invested in applications that allow me to run my business with tools like Outlook and Gmail and Cheat Sheets and, you know, Excel.

And I want all of that as a business or an individual, but I wanna actually retain my data. I wanna have agency over my data, just like I wanna have agency over my keys in a financial sense or as you call it custody, self custody.When we were speaking a while ago, this concept of agency is really interesting to me. Just recently, I went back and reread sort of you know, for many folks in the industry, they might be familiar with Eric Hughes and the Cypherpunk manifesto, which was written all the way back in 1992, I believe, a long, long time ago. And, know, in that moment in time, he was talking about this idea of agency.

You said something really interesting. You said agencies are hard. People understand the concept, but it's hard. Curious to kinda have you pick that apart, Adam.

Sure. So if we think about this in real quick, we balance on one end of the spectrum fully outsourcing everything, whether it's your data or your financial assets to a third party. And maybe you've done some diligence on them. Maybe we should or we could at some point. Discuss how diligence is an area within the enterprise space that could use a lot of work. And why it's it? It's now become more of a checkbox than a security control. But that being said, right? There's so there's that fully I trust this third party. I've looked at them. I've embedded them. Check the box and they're good. And then there's the other which is you have that control of that data, that asset, whatever that may be. But it's hard. Right? In the crypto context, the tooling just simply isn't there to do it efficiently. You have to have a fairly nickel background to do it safely and efficiently.

And making sure that you're counting all of your taxes correctly, making sure that you're not exposing yourself or your family to undue physical risk. There's a professional athlete that I've spent a good bit of time with and holds a material amount of crypto. And one of his chief concerns is when he is on the road traveling, it's kind of known that he holds crypto based on some of the investments he's made. Is there going to be somebody that thinks all of that cryptos in a safe at home with his wife and his kids? So, you know, that's a very real concern for some individuals. So when you boil or when you take all of that together, having an agency, whether it's your data, right, I can just throw the data into Google Cloud or S3 or do whatever, and it should be good. Right?

Or do I actually want to have control over it and implement tools, implement tools like Virtru and others, and being able to have control of it. But then that assumes that one has of the technological elements and the bandwidth as an organization to do that, and that the tooling is good enough to do that. And I think this kind of comes back to something I said again, previously. It's like the easy button. Right? If you have the tools and the UXs there, and it's simple to integrate, and it all makes sense. You'll get more user adoption just, you know, clearly that's the case. So it's still going to be hard. You're still taking responsibility for some aspect of, of your data or your assets or your money or whatever that may be.

Yeah. And Yeah.You make Sorry.

Sorry, Trevor. I just wanted to sort of ask you a very specific question, Trevor. He mentioned the easy button and these conversations are never intended to be about Virtru. But I do think it's an interesting point he makes with respect to the easy button. You know, we've thought a lot about that in the course of our own journey in this industry. I'm curious to get your take on that. Whether that's the easy button for something as simple as, like, encrypting an email with our pro plugin or potentially something like, you know, our key store to kind of give somebody a fully managed way to manage, you know, keys. I mean, how important is ease of use, ease of implementation in yours.

Well, you know, I think it's wildly important. You know, I mean, Adam just said that some of these processes that exist today are out of scope for some of the more, you know, technically sophisticated organizations out there. Right? And so if that's what if that's what you're dealing with, clearly, we have an issue. You know, there has to be a better way.

And so a lot of this is, you know, what we find when we talk to security professionals who are managing data for organizations like this, is they're trying to find that balance. Right? At the one hand, they have an obligation to protect this information or these assets, whatever it may be, but they also have an obligation to their workforce or to the usability of those funds or whatever it is. You know, you can put it on a USB and throw the trash.Then those funds are never accessible, but you gotta be able to get them back you actually want to have any value in holding them. So trying to understand what is our own risk posture here. I'm looking at this holistically. What does the ecosystem look like?What is our risk tolerance? And where can we strike that balance between what's gonna make sense for us, as an organization? Versus what makes sense for our, you know, security posture and how do we meet those two in the middle?

Yeah. When we were, Adam, when we were discussing this earlier, you said that some organizations go as far as say, you know, we're not gonna do anything because it has to be usable. So we're just sort of, you know, not addressing the security concern because we're so far on the ease of use side, it's about that side of the spectrum. Others have found themselves in places where they have user populations rebelling against the administration because of the tools they put in place, making it so hard to do their jobs. And so finding that balance, I think, is one that, you know, for certain workflows, we've done a great job at Virtru of how can make, you know, easily approachable unstructured data.

You know, protectable. Let's bring in tools that leverage those cloud services that we love have those economies of scale built in and the sort of minimum viable requirement, you know, to protect that data, but make it usable to the user is is a tough spot to find yourselves in, but it sounds like Adam, you guys have sort of honed in on where that that balance sits for the crypto space as well in terms of how do you leverage a lot of these popular wallet softwares that are out there, but also have some of that control yourself rather than going full, full managed or full cloud.

Yeah. I mean, for us, like, a lot of it is core to the term I use often, especially when talking you know, maybe mid-sized hedge funds. They're they've they've got a few hundred million, or maybe up to a billion in assets under management, things like that is ;Well, what's your core competency? Your core competency is making money for your investors. Right? It is generating a return. It's trading, it's analysis, research, etcetera. Your core competency probably is not, you know, moderately advanced cryptography and making sure it works in a globally distributed way at a high assurance multi zone, multi region, multi jurisdictional context. They're like, yeah, that's not really our business. Cool. Well, those are areas where it makes sense to have a trusted partner that can, one, do it for you, but more maybe more importantly do it for you safely.

And there are absolutely organizations who, and it's always shocking to me today, even today with all the headlines, that almost feel like it's not gonna happen to us. Or, we're not worried about that. And it's one of those situations where you can't, you know, you can lead a horse to water kind of thing. Right? So you hone in on the customers or the customers that actually know that there's a problem, and then they wanna they wanna address it. And you help them along that journey. I think the big trick in having built several security programs at this point, BlockFi being a fairly sophisticated security operation, is you have to strike that balance. Something I said a lot at BlockFi was, there's no such thing as risk zero. It's we're we're going to try to get there, but we'll never get there. So it's risk management.

How do we enable the organization, the trading desk, the lending desk, the retail services folks? Like, how do we enable that while managing the risk in the best way possible for the organization. And you do occasionally have to make hard trade offs. And I think in some organizations, they're very hard trade-offs. Especially when you see things like Joe Sullivan or, what happened recently with the CECO, the former CECO from SolarWinds. Like, those are very jarring for the CECO community And and it really makes you kinda step back and and wonder the first question that most CECOs should ask before they take the job is, are they covered under the DNO policy?

But assuming that's a yes, you know, it really does make you step back and think, well, the defense can't simply be if it comes to that. I built the roadmap and the CFO didn't fund it. So how are you mobilizing across the organization to get traction to solve a lot of these security challenges? And a big one that we've kind of honed in on is this kind of third party risk idea. If you fully outsource everything to a third party and you have no agency over what's there, then you've opened yourself up to a fairly large risk. It may not be the risk of you doing that service, but it's the risk of that third party. Whether it's HubSpot or Octa, or CloudFlare or any of the major breaches that we've seen recently. These are real issues even for what I would consider. I would consider those three companies you know, kind of top tier companies, they invest quite heavily in cybersecurity, but they're still victims.

Yeah. There's so much to pick apart there.You mentioned an area of cyber security or cyber governance might be a better term that needs to be rethought is this idea of diligence. And I think it's easy to look at an Octa or pick your favorite, you know, publicly traded multi billion dollar cloud provider and think of them, check the box on diligence. They must be good at what they're doing.

Everyone uses them.

Everyone uses them. I mean, nobody ever got fired buying from IBM. That was the story.

The funny thing was one of the, one of the things that we heard, during prior to FTX collapsing was; Well, everyone trades on FPX? How bad? Like, like, what do you, like, of course, they're safe.

Yeah. And nobody in the federal government, you know, doesn't do business with Microsoft and yet the state department this past summer, you know, have found themselves in a really difficult situation as a result of Microsoft making a pretty basic mistake. I mean, it's just like I don't know. I don't wanna get too depressed. I do wanna maybe kind of, recognize that this is hard stuff. And to your point about Joe Sullivan and and and the CSO at, Solar Winds, or at, what was the Solar Winds victim? Anyhow, you know, I'm talking. What was the name of the company that got reached by Solar Wings?


First There are several companies, but the Solar Wind CSO recently found itself in legal troubles. The former CSO Solar went down. Right.

Well, where I was going is that the CSO job is brutal, as you know, and the new reality with respect to, you know, the regulatory realm and CSO finding themselves potentially subject to, you know, legal action. It just put a whole new light on this. And as hard it is to do the job well, the job needs to be done. And, you know, architecturally, I'm just kinda curious to get your thoughts on this idea that you know, for twenty years, arguably, we as an industry, writ large, big industry have been spending tons of money, tons time, tons of energy, tons of effort trying to organize and govern and structure.

You could argue perimeter centric controls to protect sensitive data from a number of bad actors who are intent on stealing it. That's the identity world with Octa and paying. That's the endpoint world with crowdstrike and Palo Alto. That's world with, Zscaler and, you know, whoever, you know, it's even the application security guys And then, you know, we are here today, and and we're having this conversation where, you know, for all of that investment, for all of that effort, we we continue to see challenges, breaches, and compromise.

And is there a time coming? You know, I'm curious. Is there a time coming where architecturally, there's a shift in mindset where it sort of goes from protecting data by proxy and moving policy and governance and control to a more granular level where you're actually doing it at the object level. Is that plausible or is that just so hard that it'll never happen?

I think it's plausible. But I think it is very difficult because, you know, I even, like, think about my time within the intelligence community. We were chasing a number of different very interesting initiatives to get incredibly granular with data control. And, you know, this was peak of global war on terror. So some would argue that our budgets were effectively unlimited. And we had every resource kind of at our disposal, especially in a post snowden world, to do things, and to protect data. And it was incredibly challenging. Right? There's something I coined during that era of my career was the fallacy of uniqueness. You know, agency one and agency two really have the exact same problem. But when they show up to the working group, it's "let me tell you about my unique problems on why your solution won't work for me."

So there is a good bit of that, but I I think, you know, zooming out. It is a really hard problem. For as long as we've had these problems, these organizations have been building, especially the larger, more sophisticated organizations have been building massive infrastructures. Like, there are some systems, there's a, you know, up until twenty fifteen, there was a large, you know, national retailer that was still running, Windows2000. This is in 2015, Windows2000 to run their fax machines.

And it was just too hard to rip out. So this stuff gets very difficult and it becomes a priority. And I often do. There is an architectural shift. And, you know, we talked a little about this before. The concern with the architectural shift is as an industry, especially the larger, more sophisticated, therefore, the more targets, potentially the threat actors. It takes so long to pivot to what we would consider, the best security practices of the day. The threat actors pivot in in record time. Right? Like, it was weeks until probably even I mean, I saw weeks. I'm sure others saw hours or days, before things like chatGPT were weaponized, by threat actors. It didn't take long. And meanwhile, you have companies trying to discuss their AI security strategy that are still using SMS 2FA. Like, there's, like, pro there's priorities here folks.

Like, Like, there's an order of events that we have to work on things. So there is a lot of work to be done and you know, if I knew what the right solution, the right recipe was, I would write a book about it and sell a lot of copies. But I don't because every organization as much as I joke about the fallacy of uniqueness, every organization is a little unique. Right?

There are unique politics, unique accuracies, unique policies, unique regulators. It becomes primarily complex to shift, you know, to turn any of these aircraft carriers. But I do think a move away from the perimeter security. We still need that. Right? There's still a place for that.

But getting towards something that is more focused on the object. Right? Whether it's a private key or a file or whatever. Getting more focused on the object is inevitably where we have to go. We have to move to an or to a model where we assumed breach. Some of these organizations are so large and sprawling. I'd wager that there there there's probably very few that don't have some type of ongoing breach. They're just not aware of it yet. Right. So if we shift into that model, and go with more of like a red team focused approach, I think we end up in a very we end up in a much better position.

And at the same time, I draw a lot of flack because I joke about this Windows2000 fax system. Like, I'm the first one to say, you know, when the patch management vulnerability management team comes running to me with this list of patches that need to get done and they're they're shocked. Like, like, well, let's prioritize these. Right? Is this on a system that is behind six firewalls not connected to the internet and you need a Ubiqui to get to? We don't have to disrupt the business to patch that. And I I think that's also a lens is kind of that pragmatism and making sure that as security professionals, we're not framing everything as the sky is falling. And then we get more traction to make those changes.

Yeah. Yeah. It's, eighty, twenty, ninety, ten, but in a world where everything's a priority, nothing is a priority. So something has to be the priority, and, you know, you have to chip away at it. There's a lot of debt back there for sure. This has been a lot of fun. I wanna maybe just kind of close with this thought you mentioned it. Well, I am again, grateful for the time, but, you know, for the same reason that a mid market hedge fund will partner with you in Station70 to kind of leverage your competencies with respect to managing keys associated with crypto assets. It's about doing what's right with respect to protecting sensitive data. And in that case, assets, you know, with tools, services, and expertise that scale. And, you know, in the same view, you know, unstructured data that sort of lives and breathes in a cloud collaboration platform called Google Workspace or Office365, know, a middle market healthcare company will partner with Trevor and the team at Virtru, to to, you know, implement, Virtru private key stores so that you know, they ultimately possess, control over their destiny with respect to their data because it is their data. And at the end of the day, it's about self agency and having, you know, the opportunity to take advantage of all of the wonderful things that the public cloud infrastructure offers all of us but at the same time having the ability to kind of have granular controls over the data and being able to selectively reveal The information that we choose to share with public cloud providers is, you know, very much the ethos of the cyberpunk manifesto written by Eric Hughes, which I think is super cool way to tie this all back. Trevor, any closing thoughts from you?

No. I mean, I think you both made points in your last little pieces there that do kinda tie this all together. Matt, you mentioned from the cyberpunk man manifesto that line that we have had Virtru of all seen so many times before at every one of our all hands meetings that ability to selectively reveal. And, Adam, you mentioned, you know, the perimeter is still important as is the data object. You know, I think all of this goes back into making the right tools available so that you do have that ability to be selective and stand up the controls that make the most sense for your needs, your preferences, your risk posture, whatever it may be. Your uniqueness. Your uniqueness.

There you go. You don't have to do everything this way, but there are options out there for you so that you're not pigeonholed into one of these mechanisms of ,"well, the only option is to put everything in the cloud and hope that it's okay. Right?" We wanna make that you if you don't feel okay with that, then you have options like a Station70 like a Virtru to pull some of that back and be as we say selective about what you're revealing to the world.

Hundred percent. Yep. Trevor, thanks very much, Adam. Thank you very much. Kudos and congrats on Station70 super cool company, and we very much appreciate your time today.

Enjoy a coffee on Virtru!

Fill the form below to claim your gift.