This episode explores how cybersecurity is evolving from point-in-time assessments to continuous, intelligence-driven operations. Galena Koh of Cyber Bay shares how predictive analytics, crowdsourced ethical hackers, and AI are reshaping how organizations understand and manage risk. We discuss how to scale security without adding headcount, why human expertise remains essential, and how governance and trust underpin effective security ecosystems. The result is a clearer model for modern cybersecurity, proactive, collaborative, and built for constant change.
[00:00:06] Welcome to MSP 1337. I'm your host Chris Johnson, a show dedicated to cybersecurity challenges solutions, a journey together, not alone. Evan, this week we are joined by Galena Koh of CyberBay. Galena, welcome to the show. Thank you. Thanks for having me. Happy to be here.
[00:00:32] Well, we are exactly 12 hours apart in time and you are on the other side of the world, hailing from Hong Kong. Tell us a little bit about you and CyberBay and how... Kind of... Just give us a little overview of CyberBay and then we'll jump into some of the ideas that were presented as far as what we should be talking about today. Sounds good. Yeah, so I am the Chief Strategy Officer of CyberBay. I'm currently based in Hong Kong, originally from New York.
[00:00:59] So CyberBay itself, like we're kind of like an overview of everything. We have bounty systems and we have, you know, like... We're also working on like a phishing simulation that we have like voice phishing and email phishing. We also have like attack service monitoring. So we kind of like...we call this CyberBay because we want to be kind of like the one-stop shop of everything cyber-related. A lot of things in general, Cybersecurity is very fragmented. And if you look at different tools, lots of tools that have like separate things.
[00:01:28] You know, this takes care of the reactive part. There's, you know, there's like the ransomware, all these things. And for us, we kind of want to be like a one-stop shop to everything. So yeah, so we... A lot of those tools out there focus on reactive security. But part of what we notice is that a lot of times when people contact us, they only raise alarms when they get hacked. You know, they come to us and say, hey, you know, we got hacked. What should we do? And a lot of times like cybersecurity, it's kind of like...it's kind of like a safe... You know, it's not like it's boring. It's really necessary.
[00:01:57] But at the same time, you know, people never really think about it until they're in trouble. They always think that it won't happen to them. And what we want to prevent is that like for... We want to kind of like promote like proactive security and also just kind of like raise idea of continuous monitoring. So a lot of our systems kind of work on, you know, it's like not like a point in time kind of like assessment. So a lot of our tools is based on like just real-time constant monitoring to show that like we're always on
[00:02:25] and we're always just, you know, seeing like what's out there. And we're always, you know, like I'm watching to see like, you know, like we have tons of data points and we use a lot of AI. And we kind of also come through like the dark web and stuff to see what's the likelihood of your organization getting attacked in the next 12 months. We also work, we're going to build like a huge database to become like a cyber risk meter. We can see like, you know, company can see, you know, like, hey, based on what's out there, you know,
[00:02:52] an attacker see what industries are being attacked and based on their own security posture, we'll analyze, you know, all these data points to see, you know, what's the particular likelihood of attack happening to you in the next 12 months. So that's kind of like, I'm sorry, in a nutshell. So it's interesting, you know, we think about all of the tools that we use and one of the things that for years, it's, you know, making sense of the noise, right? You know, firewall logs and false positives
[00:03:21] and just coming through all of that mass amount of data. And you're constantly, you know, providing guidance to the businesses that need to, you know, protect themselves. And it's like MFA and make sure you have firewalls and make sure you've got the XDRs and the fill in the blanks and all of these things. And it's like, and it keeps adding up and you start to see that there's this fatigue happening of like, I'm still implementing the next thing. So am I resilient? Am I, am I going to, you know, stand up to the threat actor that's, you know, attacking my infrastructure?
[00:03:51] And I think the question has kind of come to this conclusion. It's not how many things have we implemented. It's how we handle the pressure when something happens that matters the most. And I think that's the shift that I've had just recently, where it's like the maturity inflection point is not how well I've implemented, say, CIS top 18 best practices or ISO 27001.
[00:04:17] It's whether or not I have the right people, the right things in place to respond when we know the inevitable happens. And I was thinking about what you said. It's kind of like having your own agency working on your behalf, right? So let me know what the probability is that my business is going to get hacked in the next 12 months, which actually this is probably the first time I've actually ever heard that said.
[00:04:40] We always say, you know, the threat actors are out there and they're looking for businesses that match your profile, but not the threat actors are out there looking at your business. That's the first time I've heard that one. Yeah. Also, like I want to jump into this. So we also leverage the crowdsource security. So I think you mentioned that, like right now, like a lot of the firms and stuff like they like, how do we magnify?
[00:05:03] Because a lot of these, like the internal teams and stuff, you know, like we really have to like leverage, you know, the external, like we have a whole bunch of the platform with thousands of ethical hackers, you know, at our call because we run a platform. And through that platform, like as you know, there's actually a huge shortage of talent in cybersecurity right now.
[00:05:25] And a lot of the companies, they do have an in-house team and they do say, oh, you know, we do have, we run security testing once a year, you know, and we think it's fine because most security testing is still a point in time. They run a pen test to get a report and they fix a few things. And then, you know, like months later, it was really different. But then cyber attacks, like don't really happen like that. Like they're always like the bad actors are always scanning and always looking for new opportunities. Like they said, they're always like constantly sharing intelligence, you know? So I think that like, um, put a, like bug bounties, you know, are bread and butter.
[00:05:55] And a huge part of it is that like, we believe that crowdsource security is so powerful because, you know, like a lot of these attackers we have, it's, they're global. So we leverage global, like ethical hackers from all over the world and they all have different expertise and different perspectives. And they all like have different masteries and it's also all of this continuous. So we use these hackers and they continuously, you know, monitor your systems.
[00:06:18] So realistically, like none of these like service products can hire like all the specialists they can for like every platform, every app, like framework and all that. But then to have like, you know, thousands of ethical hackers, you know, like at your back and call, it's really, really strong. And it's like, because a tax service just keeps growing faster and faster. So I think like the future isn't really about like bigger internal teams. It's about like building like stronger security ecosystems.
[00:06:44] And I feel like for us, like crowdsource security, it's a way to build the strongest security ecosystem. Yeah, the time from found to the time to exploit is obviously exponentially growing. I mean, I mean, I have made it very clear with mythos kind of setting the stage and then then Microsoft released their own model that was just as powerful, if not more so using existing standard LLMs.
[00:07:10] And so it's like, OK, this is just a matter of time before all of those that would choose to do malicious things have, you know, the Mac mini in the basement. And that's all they need to start figuring out what is exploitable and set their own, you know, their own priorities and agenda. And I think we're actually talking about this last week that the CVEs that come out are going to outpace any organization's ability to remediate them.
[00:07:36] And so now kind of to your point, it's what are the likelihood and probabilities that these are being exploited? So if it's have this list of 50 or 100 or however many it is, what are the ones that are whether they're low or not, whether they're a low impact or not? You know, what are the probabilities that these are going to happen so that we can at least prioritize based on what can be reasonable today? And I think over time, the reality is, how do we just reduce, make it more difficult?
[00:08:04] You know, right now it's like pretty much any attack, if it gets through, there was some sort of ROI for them to do it. Right. And I think tomorrow, if we can slow that down or make it less financially viable to do it the way they're approaching it today, maybe we'll see some shifting in the other direction where the bad guys don't always win. Yeah, definitely. I agree.
[00:08:29] So just one question, you know, you kind of mentioned this already thinking about the crowdsourcing and ethical hackers and having those resources all around the world. How do you go about vetting, you know, the difference between what is ethical, gray and downright malicious when you're evaluating potential candidates to be part of this crowdsource team? So we actually we have, we go through rigorous vetting systems.
[00:08:55] So we actually use and outsource like third party vendor for security for like, it's called Enfeto. Yeah. So they kind of vet through and make sure that they do a background check, make sure they're legit. And then we also have a VPN. So we also like it's our lighthouse VPN where we monitor, you know, like every action that they do. Okay. And whatever they, yeah. So that's how we kind of make sure that, you know, like sometimes we do get asked, you know, what happens if one of these supposedly ethical hackers go bad, you know?
[00:09:23] So we're always, every action that it take, you know, like we're constantly monitoring. And also like, honestly, like most of, if they were like a bad, you know, like hacker, they probably would have just done it anyways. They wouldn't just go through the system. They could just like hack it directly. Right. So they wouldn't really have to like join a platform and adjust to hack, you know, but for us, it's like, honestly, like they're, they're just as skilled, you know, as any malicious, you know, like hacker.
[00:09:48] It's just that like, they've chosen to use their skills, like for good. So I think in general, like a lot of these different, like, also, it's like, it's kind of like a two way. It's kind of like, they want to be trusted as well, you know? So like, I think important part of it is that like, a lot of people see like these hackers as like, oh, they're just, they're not like employees, you know, but they're also just, you know, like, yeah.
[00:10:11] So they're like, it comes with like a partnership with like expectations. They need to know like, what's in scope, you know, like, how their findings have been evaluated, how rewards are determined, and whether their work is actually making an impact, you know? So I think sometimes like companies, they kind of see like my bounty as like, oh, we're just buying reports. And or like, I'm looking for, you know, like, someone to just like, do a test and give us a product report.
[00:10:34] But that's not really what Bugratty is about. It's about kind of like just building like a deeper relationship, you know, with the global security community and leveraging their tasks and stuff like that. So yeah, so I think like, for us, like, oh, yeah. Sorry, you can go ahead. No, no, you're, I was just, I was going to agree with you, but you were still going. So I want to let you finish. I'm sorry. I know. So on our platform, I've found that like, a lot of our researchers are much more engaged, like when they receive like feedback from us.
[00:11:02] And when they see that, like, their findings are taken seriously, and that we're actually going to like, fix something, you know, so they want to know that, you know, their findings are being used, you know? So I think like, a lot of times, like, organizations gain a lot of confidence that like, when this process is really structured, and really transparent, and produce like high quality results. So like, I guess hackers also feel that they already, if they can collaborate with the companies, then they also want to like share techniques and tools and intelligence.
[00:11:31] So that's kind of like a two way street. Yeah, so to some extent, I mean, I'm sure you've seen this as well. You think about what goes from, quote, being ethical hacker to questionable hacker, because of the, you know, the feeling of being ignored, right? So they find something, they report on it, they get ignored, or they get told that that's not true. And in many cases, they even follow the rules of like, okay, I gave them 90 days and not even getting acknowledged for this.
[00:12:00] I'm letting the world know that this is out there, because then at least those who haven't discovered this yet, whether they do or don't, it's just a matter of time. Because very rarely is one, one person's find bug find, the only one that will ever find that bug, right? Like, it's, it's not like walking down the beach with a metal detector and just hoping that no one ever comes behind you in the same spot and find something that you missed when you went there first, right? Like, I mean, it's still going to happen. And I think you said this a couple times, I think is really important.
[00:12:29] You kept referencing community, feeling validated, feeling you're part of a team. And I think that in our current, you know, definitely post-COVID, our, the global culture around just the human, human feelings of being belonging to something is extremely important. And especially now when so many people don't work in an office with five or 10 or 50 other people, there's no water cooler talk unless it's happening, you know, via Teams or a Zoom call.
[00:12:57] So like to, to constantly have community for what I would imagine with crowdsourced ethical hackers is largely, you know, people working from their basements, working from mom and dad's basement or, or, you know, but, but not having to be a part of an actual corporate culture, right? So this is, this is their community. I think that's really important, really powerful. I love it. Shifting gears a little bit, you know, I think I was at a conference earlier this week.
[00:13:28] And I think AI fatigue is happening, not the use of AI, not the, what AI can do or how powerful AI is, but just the constant using AI to describe or present on just about everything. Like because of AI, we can do this. Okay, great. How many things were we doing before that used AI, but we didn't use the word AI in the sentence to describe what we were doing? And I think we've kind of gotten back to that, right? Where if you told me that your firewall has AI in it, that's not a question I'm asking.
[00:13:57] I just want to know if the firewall does the job it's supposed to do. And that's it. Like, I don't care how you built out the technology to make this a reality. I just want to know that it works. So as you guys are shifting gears, and I know one of the things we talked about in here is the predictive, you know, cyber risk. And you mentioned kind of with like the research around like who's going to be attacked next and what that might look like. You know, I don't know if you can describe in detail, but like how do you see the role of AI in that cyber risk prediction?
[00:14:26] You know, how does that work in today's, you know, current ecosystem? Well, I think like, so I think like AI, like as you mentioned, like AI itself isn't like the advantage of like how do you use it? You know, because everyone has access to AI right now, right? So I think like attackers have it, you know, like defenders have like everyone, you know? So it's kind of like what do you combine AI with? You know, so I think for us, like we kind of see like AI is kind of like a force multiplier.
[00:14:52] You know, so I feel like there's already tons of information out there, tons of patterns, you know, and anybody can use it, you know? So I think for us, it's like our hackers like bring in like connectivity. They bring in like real world attacker thinking, you know? So I feel like when we have all these different things, AI brings like speed and scale. So we're actually like trying to see if we can get our ethical hackers to create their own AI agents to help them, you know, find more bugs, you know? So I don't think it's like, you know, like AI versus like humans or anything.
[00:15:20] It's more like how do you, you know, use like enable like AI agents, you know, to help ethnic hackers magnify all that. So because I'm like, like all these cybercriminers already using AI to like, you know, send more convincing phishing emails, you know, find more vulnerabilities and all that, you know? So I feel like if they're just using it, you know, as a chat bot, then they're probably like not like using it effectively, you know? But if we're using AI to help like security teams detect threats, you know, investigate alerts and all that, then it creates like more meaning.
[00:15:49] So it's like, it's not like not, a lot of us just focus on outcomes, but then kind of like thinking of it's like, is AI really helping them spot to attack faster? You know, so it's kind of like, it shouldn't be, it's not really going to replace meant for, AI can't really replace the creative professionals. You know, so I think it's like the best results really come from when AI kind of like helps us handle like the more repetitive and time consuming stuff.
[00:16:12] So I feel like it isn't really about like whether or not like they're making serious teams like faster or more informed, but it's like kind of like, how do you combine it with something to make it like go even faster? But it should be already there. You think about like being a threat analyst, which is not something that I ever wanted to do, but I could say that, you know, today with AI, it's a little bit different, right?
[00:16:36] My ability as a human to detect patterns or determine something that doesn't logically make sense in the code is going to take a whole heck of a lot longer than what AI does when it looks at the code and says, I found in these four different locations. And it specifically can call out the line of code that it's reading as being incorrect or has additional variables included that shouldn't be there is actually quite powerful. And at the same time, it's very humbling.
[00:17:04] Like if you have been a threat analyst for however long and suddenly you have these tools at your fingertips, you're like, oh my goodness, I had no idea. I couldn't see these predictions like I'm supposed to. But I mean, I think, is that not where we're at? Like it's that the human element creates the value that AI brings to be something of quality as opposed to just quantitatively scaling those, those functionality.
[00:17:29] I mean, you know, scale without, you know, oversight is, is not really all that valuable. Yeah, for sure. I think like, you know, like a lot of us, just a lot of organizations, like it's very tempting for them to just buy another security tool. You know, they just kind of, oh, there's a new problem. Let's just, you know, get more, you know. But a lot of it's actually like, it's like there's human error involved too. Because how strong are your actual teams? You know, like maybe someone in your own employee clicks the phishing link. They reuse like some passwords.
[00:17:58] It's kind of like a lot of us just focus on how do you reduce that risk. Kind of like 10 can reduce risk, but can't eliminate like human behavior. Because I think a lot of times like we're trying to like, we're actually building up, you know, our product, what's that we call it. Kind of just see how we can help strengthen, you know, like the team, the human factor of all this. So, yeah. Yeah, going back to the staff part, you know, you were talking earlier about the shortage of staffing in this space.
[00:18:24] And I think, you know, you look at the mid-market enterprise space and these massive layoffs because they're using AI to enhance the human workload. For good, bad, or otherwise, you know, we saw this during the industrial revolution. And particularly when we started to see the assembly line and, you know, automotive, you know, scale of the factory workers.
[00:18:48] Where at a certain point, you need another manager or superintendent to help manage communications throughout the organization to get it all the way up to the leadership team. And you look in the SMB space today. Well, we've never had those layers of resources because, one, it would sort of defeat them being an SMB because they're working with a whole lot smaller numbers. But now with AI, you've eliminated really in many cases and we're seeing that happen.
[00:19:17] It's not AI has just suddenly changed the need for these individuals being part of the team. They just are no longer needed in specific organizations where all they function to do was be that communication layer. So I think that's going to help transfer to the SMB space a lot of potential candidates to help from a staffing standpoint. But the other piece that I think is just as important is what are we enabling them to do with AI, right?
[00:19:44] So, like, I was thinking about, like, from a tool standpoint when in the MSP space, if they're hiring somebody to be their threat analyst, but then they don't give them the resources from a, you know, like, I think, I don't know if you've seen this, but, like, basically hiring somebody and part of their hiring package or their salary and benefits includes X number of tokens against whatever AI models are allowed in their organization.
[00:20:11] So, you know, you get maybe a subscription to, you know, Claude or fill in the blank. And that's part of what is your compensation package because essentially it's you and we're also giving you an assistant, but you have to, you're responsible for, you know, paying your assistant, not the company is now paying your assistant too, right? I don't know if you've seen that at all, but, like, I think that's some of the things that I would ask if I was being hired to be in those roles.
[00:20:37] It's like, well, what kind of AI tool are you going to give me access to to ensure that I can be as competitive and efficient and, you know, protect this organization with what you're asking me to do? Yeah, for sure. I think, like, part of it, like, as you said, I think it's, like, keeps helping your existing teams that work smarter, like, not just, like, harder. Yeah. Because it's already, like, a short, you know, in supply. So I feel like a lot of the MSEs kind of automate repetitive tasks.
[00:21:03] They use, like, AI to kind of, like, help in monitoring, triaging things, kind of standardizing processes, you know. But a lot of it is, like, it's not just, like, a talent shortage problem. It's actually more of, like, a scalability problem because our track service is going so fast, you know. So instead of asking, like, how do we, like, you know, grow our teams, it's more about, like, how do we make our existing security teams, like, more effective? And I think, like, that's where, like, automation, you know, AI and process security can, like, help, you know, a lot.
[00:21:31] Because AI can help, like, process information, like, at scale. And automation can eliminate those repetitive tasks. And then all these ethical hackers and the AI agents that the hackers have built can continue to test these environments, like, from all these different perspectives. That kind of allows, like, internal security teams to kind of focus on things that kind of require, like, the human judgment part that AI, like, can't do. You know, kind of, like, advising customers and making strategic decisions and all that stuff.
[00:21:58] So I feel like the ones that will succeed actually aren't the ones with, like, the biggest teams. It's kind of the ones that will kind of, like, built, like, the smartest ecosystem, like, using what they already have. Right. If we go back in time, you know, 10 plus years, maybe not quite that long, we started to see where the tool space or the technology space that we use to manage the patching, manage the infrastructure changes,
[00:22:28] that largely those tools were becoming more and more common and more and more reliable. You could pick your flavor. I mean, now, instead of even buying some of those tools, you get them if you're a Microsoft 365 shop. A lot of those tools are now baked into as almost like accessories to the things that you're investing in.
[00:22:46] But now we get into, you know, this sort of new cycle, this next cycle from a technology standpoint where the tools and the evolution obviously are happening at a much more rapid scale. So it's not tools or we're going to have tools for tools. And then we'll have tools just to monitor the tools to monitor other tools.
[00:23:06] But what comes to mind is we have a huge shift happening where our reliance on tools, as important as it is, we're seeing the shift back in the other direction where the human element is becoming the critical component to scalability and success. And we kind of keep hitting on it without actually saying it. Like, there's a culture shift that has to happen, particularly in the MSP-ITSP space, or we are going to have a very complicated, chaotic environment in the not too distant future.
[00:23:37] Yeah, for sure. I agree. Yeah, definitely. So we've got a little bit of time. Yeah, go ahead. Sorry. Oh, no. We're good. We're good. No, you've got a thought. You've got to share it. No, I think just a lot of it's just like a lot of there's like a shift from being like a resource-based mindset to kind of like shifting towards like an intelligence-based one. So I feel like, you know, like instead of just like hiring more people and doing all that, like it's just like a lot of it's just building like intelligence networks. I think that's what I've seen with just like AI.
[00:24:06] And that's like, I think instead of using AI to just like replace tasks, it's like now it's for next shift for AI. It's like kind of like how do we use these, you know, like tools and stuff to build like networks to leverage any expertise, which is before. And how do you just want to like magnify all that? Yeah, we heard both Microsoft talking about this recently and earlier this week at the Pax8 event. They were talking about the MIA or the Managed Intelligence Advisor.
[00:24:35] And it's interesting because that is what we're being asked to do. We're no longer constrained by not being able to build a software package or a widget or a dashboard because of not having enough people or skill set from a project and time and money standpoint. We now have, you know, tools like Claude and others that can build those applications in minutes, if not seconds in some cases.
[00:25:01] So going back to the human element piece, what determines whether or not it was built correctly or that it doesn't have some underlying vulnerability that syncs it for everybody? Is that how we scale this? Is that really the answer?
[00:25:17] Like the scalability of providing the technology tools and services to the larger ecosystem of the SMB and even up into mid-market and enterprise, it ultimately comes down to that human element, right? Yeah, I agree. Yeah, I agree. I think a lot of it's just like the human, that's the most important part, you know, because like AI, there's still a lot of things that like AI tries to replace, you know, but there's a lot of things that like just for intelligence, it just can't do it.
[00:25:47] And so I feel like how much intelligence can we access and opportunity to deliver to our customers? You know, it's like, it's not like about like, how can we hire? So I feel like the organizations that kind of succeed like in the future are the ones that can combine intelligence from all these different aspects, you know, like from AI, hackers, you know, screen analysts and turn that intelligence into like actionable outcomes and insights, you know, for their clients.
[00:26:11] So that kind of goes to the last question I had really is, you know, what's the, the MSP world right now is in is at a pivot point where AI adoption has already happened. In fact, we did some research at GTA that shows that we're in the 96 to 98% of basically our space having adopted technology.
[00:26:33] So like that's not a differentiator anymore, but the strategy part and the governance part of how we use AI and technology in general is. So I'm just curious what your thoughts are from a, from a strategy standpoint, you know, right now is critical for all the ITSPs because they are the ones that can provide the governance, especially in the SMB space.
[00:26:56] And they can be narrowly focused with that expertise to help the businesses navigate with good governance, as opposed to, well, I'm just going to go hire a third party developer to build my app and AI and then hope bad things don't happen. Well, I think that I had mentioned, like, I think it's more of like that shift from like a resource and tool mindset to like the intelligence based mindset.
[00:27:20] You know, so I think for us, it's like trying to think about like, how do you use like for organizations, a lot of them try to just scale by hiring more people, more tools, you know, more platforms. And then that works up to a certain point, you know, but eventually like growth gets constrained by like recruitment, training and retention, all these things. But I think when they think of like a global, you know, like aspect, it kind of operates differently.
[00:27:43] And it's about like building like really, really smart ecosystems, you know, and leveraging, you know, like crowdsource security and leveraging, you know, like global networks. You know, so I feel like, as I write, one of our core like beliefs is that like there's not like a single company that can like possess like all the different expertises needed, you know, to defend a modern digital environment.
[00:28:05] You know, so the ones that eventually will succeed are the ones that like use like everything, you know, and just they're just, and they're very open minded and also just like, just embrace like using different tools and different, like just knowing, you know, like their restraints as well. It's a lot of them to say, I think they're kind of still like thinking back and saying, like I mentioned, like there's very, very reactive. And they say the only thing about cybersecurity when something happens and they still believe in like point in time.
[00:28:32] So it's all of just like embracing continuous monitoring and continuous testing. That's one thing. And also just knowing that like, it's not just the best time to, you know, kind of like embrace cybersecurity isn't when something happens or has happened already. It's before it happens, you know? So it's also just knowing like, you know, it's kind of like imagine like a house and there's like open windows and there's like maybe have like, you know, open doors or like locks that don't work. You know, like a lot of times like they actually don't even realize how many windows they have in the house in the first place.
[00:29:01] So they think that like maybe they think they have like four or five windows and they think it's fine. But and they say, oh, we have done our testing. You know, like we tried to open the windows once a year and they seem fine, you know, but they really don't. They're not aware that there are maybe like 10 more that they're hidden and maybe like someone's like a little bit rusty, you know, and all these different things. So continuous monitoring kind of helps that because you're always like looking to evaluate everything all the time and you're always like stress testing.
[00:29:28] And it's always, you know, like there's always something on. And it's always, it's also just like continuous attacking from all different perspectives and all over the world. So it's like not just from like a point in time where we ran a test and we passed because that's like a simulation and it's not really real. So I think a lot of it's just like about like how do you like leverage like the global ethical hacker system to kind of just like magnify that.
[00:29:53] So, yeah, it's interesting if you think about it, we're shifting the mindset from a me model like my company and my what I do for my clients to more of a we model so that, you know, yeah, we may be competing against each other in our own geographies or for particular client, you know, opportunities.
[00:30:14] But the reality is the things that we're trying to protect for if we want to really be in the winning camp, we can't do it in a silo. We've got to bring a much larger and to your point, a crowdsourced community together to actually make a difference. Yeah, definitely. So last question. I don't know if you were prepped on this. I think you were based on the notes.
[00:30:40] Is there a book that you're reading right now that you would like to share with the audience, whether it's fiction, it can be historical, it can be it can be a textbook that that you found valuable that our audience might be interested in? I recently read a few books. Like one was actually it's called How to Know a Person by their books. And it's actually like more it's not about cybersecurity, but it's more about like how do you really see, you know, people, you know, like how do you understand people and how you bring out the best in people.
[00:31:10] Because a lot of people just go through life and they just, you know, just like they're like just, but it's about how do you make someone feel, you know, deeply seen or heard and valued. So it's like kind of the difference between like being interesting versus being interested in what people are saying. And so I think kind of like to tie into like what we're talking about today and a lot of it's just like because with, you know, widespread usage of AI, you know, that human element has been decreasing.
[00:31:37] But I think like a lot of it's just like how do you go back and like, you know, like to truly get to know people and connect on that human to human level. And in cybersecurity, there's still that aspect of trust, you know, because a lot of times like when we say, oh, it's a platform. You know, we have ethical hackers, lots of them, and they help you find bugs. But they still want a person to kind of manage all that because they want to hear from a human person.
[00:32:01] Because, you know, when it comes to like private data and the sensitive data and all this like security stuff, you know, like they still would rather trust, you know, a human being versus trust like an AI system that will like comb through vulnerabilities and stuff like that. So I think at the end of the day, like there's still like with all this, you know, like the last years of AI, there's still a great need for that human element and the importance of, you know, connecting at a human level. I like it. For those of you listening, this has been an episode of MSP 1337.
[00:32:30] Thanks and have a great week. Thank you.