Subscribe
Share
Share
Embed
Securing the Digital Future with Former Fortune 500 CISO Tim Youngblood
John Richards welcomes Timothy Youngblood, a four-time Fortune 500 CISO and current CISO in Residence at Astrix Security, to discuss the evolving landscape of cybersecurity leadership. With experience at Dell, Kimberly Clark, McDonald's, and T-Mobile, Tim brings unique insights into how security leadership must adapt to emerging threats while maintaining operational effectiveness.
The conversation explores Tim's journey from Dell's first CISO to handling security across diverse industries. John and Tim delve into fascinating security incidents, including a notable McFlurry API DDoS attack at McDonald's, demonstrating how modern security challenges can emerge from unexpected places. The discussion shifts to the critical topic of non-human identity attacks and the growing importance of managing machine identities in cloud environments. Tim shares his perspective on how AI is reshaping security practices and why education remains fundamental to effective security programs.
Questions we answer in this episode:
- How do companies integrate security during acquisitions and mergers?
- What unique challenges do global companies face in cybersecurity?
- How should organizations approach non-human identity security?
Key Takeaways:
- Security leadership requires strong business acumen alongside technical expertise
- Education and culture-building are crucial for successful security programs
- The scale of non-human identities poses a major security blind spot for many organizations
This episode offers invaluable insights for security professionals navigating complex organizational challenges while adapting to emerging threats. Whether you're a seasoned CISO or aspiring security leader, Tim's practical experiences and strategic approaches provide actionable wisdom for building robust security programs in any environment.
Links & Notes
Creators & Guests
What is Cyber Sentries: AI Insight to Cloud Security?
Dive deep into AI's accelerating role in securing cloud environments to protect applications and data. In each episode, we showcase its potential to transform our approach to security in the face of an increasingly complex threat landscape. Tune in as we illuminate the complexities at the intersection of AI and security, a space where innovation meets continuous vigilance.
John Richards:
Welcome to Cyber Sentries from Paladin Cloud on TruStory FM. I'm your host, John Richards. Here we explore the transformative potential of AI for cloud security.
Our sponsor, Paladin Cloud, is an AI-powered prioritization engine for cloud security. Check them out at paladincloud.io.
I'm excited to be joined by Tim Youngblood. He with CISO at four Fortune 500 companies and is currently CISO in residence in Astrix. In our conversation, we explore how adaptability is a crucial trait for CISOs, especially in the face of emerging threats like AI. However, digital security has never been static. It's a constant battle against an evolving landscape of dangers. From an infamous McFlurry API DDoS attack to defending against non-human identity threats, we covered all in today's episode. Let's dive in.
Hello there, Tim Youngblood, thank you so much for coming on the show. I'm super excited to get to talk to you today. I've heard so much about you from Steve, who is a co-worker of yours. I know your background is incredibly impressive. Four times you've been CISO at Fortune 500 companies. You're currently the CISO in residence at Astrix Security. Thank you so much for coming on here. I'm excited to hear more about you.
Timothy Youngblood:
Thank you, Richard. I appreciate it. Yeah, four time CISO for big brands. This means I never learned my lesson. I just kept coming back over and over again. I think I've finally gotten there, at least getting out of operational roles. But like you said, I've been the CISO for Dell, Kimberly-Clark Corporation, McDonald's, and T-Mobile.
John Richards:
Wow.
Timothy Youngblood:
I was Dell's first CISO. I helped create that job there.
John Richards:
How do you get into a spot like that? What led up to you creating a role there at Dell?
Timothy Youngblood:
That was definitely over a series of years to get to that point because I first came on to Dell to help them get out of a compliance hole. And when I first joined Dell, they had 100% failure in every IT control during one of the first cycles of SOCs that they went through back then. And so I was greeted by some pretty pissed off auditors, right? Because-
John Richards:
I bet.
Timothy Youngblood:
... people giving IT policy to auditors and saying, "Hey, we do this" when they did nothing of the sort, right? So I had to fix that. And then I eventually took over risk management, IT risk management, I created that. It was really the first formal risk department for the company, and then took over a lot of the other compliance spaces. And then the security organization was very organically built. It just came up over time and it was disparate, and they finally realized they needed some structure to it. And I was the man standing, right? So I was there to give it all the attention and the strategy and the direction it needed to become a real cybersecurity department. And I think when I left Dell, there was, I don't know, I had built it to about 124 people or so, which at that time was big. I know right now it's about 800 people in the security department in Dell.
John Richards:
Was it a challenge to get the buy-in that this needs to be a role at the C-suite level? Because I assume security was there before. It just didn't have the visibility that was needed.
Timothy Youngblood:
So true. It was very much buried down in infrastructure. No one really paid that much attention to it. In fact, when I came on board, I was a big champion for more security because it helped me on the compliance side, right? And my background was in security. But the funny thing is I had no intentions on being the CISO. In fact, I didn't want to. But I think we had a few little minor incidents that popped up and it started to become a more reality. And I think it was really some external forces that put pressure to time to say, "Hey, you need to formalize this. You're one of the Fortune 50 company in the world, top four internet presidents. How can you not have a leader over security?"
John Richards:
Yes.
Timothy Youngblood:
And then Michael came back and started buying companies. And one of the companies he bought was a security company, Secureworks. And it was right before that I got named the CISO for Dell.
John Richards:
Was it a challenge then to integrate in this external team?
Timothy Youngblood:
Yes, that was always a challenge because at that time, we were buying eight to 12 companies a year. And they were generally small companies of 100, 200 people that executed really well on some certain type of capability that was important to the biggest structure of Dell, but they were in no way ready to take on all the requirements that an entity the size and scale of Dell had to. And so you had to be really careful about how you integrated in with them so that you didn't crush them totally. And that was one thing Michael was very adamant about, is that, "Hey, I bought this for a reason and I need this to be able to continue to operate for this reason." And so you had to establish these kind of golden curtains where, Okay. You can do this side. What you want to on the curtain, on this side of the curtain, you can only do these things." So there's a lot of swiveling between computers that used to go on.
John Richards:
Yes. Well, it's interesting, because the acquisition brings up challenges on both sides. You don't want to overwhelm them, but from a security perspective, when you are dealing with acquisitions, it's a whole other ballgame because if you're doing security for one large company, at least you kind of know that company, you know the people. But as you acquire something, being able to say, "I don't know what this is. How do I get that in line?" Did you have to do work around as you were acquiring these eight companies a year or so, how you bring them inside of a functioning CISO organization?
Timothy Youngblood:
Yeah, you definitely. There was this thing I called the poverty level controls. These are the things in order to be in business. You must have these things they must be operating. It doesn't have to be a certain type or a certain solution, but you have to have something that addresses this. And as long as you're reaching poverty level controls, then I can work with you on the other stuff, right? And so it was getting a lot of those companies who had been running like startups do on shoestring budgets and just making stuff work and getting them to at least up to a stature that, "Okay, you're part of a Fortune 50 company that has SEC requirements, PCI requirements, ISO requirements. And if you're part of this environment and you have access to these things, then you have to also have these controls." And so until you're ready for these controls, you are going to at least be able to protect the brand. You have to do that regardless tied to them now, right?
John Richards:
Yes, for sure. So as you started to progress at being a CISO at some of these other companies, did you find that the challenges were unique to each... I'm sure part of them were, but how much were unique challenges and how much are CISO challenges, kind of global? As you go across companies, there's a couple details, but things are the same.
Timothy Youngblood:
The acquired companies? Yeah, it was different because it was interesting, we acquired SonicWall, if you remember that, the firewall network security company, which was very different than Quest, the software company that we had acquired.
And the interesting part about it, no matter who we acquired, they automatically wanted to have Dell use their product to say Dell uses their product, which-
John Richards:
Of course.
Timothy Youngblood:
Initially, it was called Eat Your Own Dog food. And I was like, how about we call it Drink Your Own Champagne? That sounds a [inaudible 00:09:10], right?
John Richards:
Yes.
Timothy Youngblood:
But even in that, there was some that they targeted SMB, mid-market. They were not ready for something at scale of the enterprise of Dell. And so we had to of course make some decisions on things that didn't make sense for it to be part of the ecosystem. Or if it was, it'd be part of a smaller business unit so they could say they were part of Dell, but be realistic that you could be part of everything.
And so each company had its own little quirks. Some were more ready to be integrated into the full back office and others that weren't. We had policies that we would establish because a lot of these companies didn't have policies, and we put those on them and they realized, "Hey, you have to do business slightly differently." But we don't want to do things that completely kill or destroy your innovation. But you can't use Gmail as your primary email account anymore, right? You just connect your PS1 to the network anymore. I mean, those days they're gone, right? The more LAN parties, those guys. And most understood that. It was always resistant to change. But you tried, at least for me, I tried to be sensitive to the fact that I came from the startup world too. I've been in that situation. And there were things that made the company special. You tried to... And you have to use... When you're a CISO, you use your business acting skills quite a bit more than your technology skills just to get people on board.
John Richards:
There's a lot of change management in that, I'm sure.
Timothy Youngblood:
Yeah, definitely. Definitely. Time to change management. And regardless, a lot of people didn't realize when they took on the job of a CISO, that you became a salesperson too to sell your ideas and you have to get people to believe like, "Wow, it's great," or convince them that it's their idea, right? And I would. Actually, I would love to listen to some of these companies we had acquired and how they solved the problem. Sometimes they actually solved it better than we did.
John Richards:
Love it. So how did what you learned there impact as you went on to your next CISO role, whether that was T-Mobile or McDonald's?
Timothy Youngblood:
Yeah, Kimberly-Clark Corporation was my next CISO role, and that was a different industry, of course. Manufacturing, CPG company, but still some of the same type of challenges because I don't know if you've ever dealt with a general manager, GM of a manufacturing plant, but that's like their own little company, right? And Kimberly-Clark had 250 around the globe. There's nothing you will tell a GM that will make them do something they don't want to do. Not even the CEO coming out. They feel like, "Hey, this is my domain. My whole life is all about getting product out the door. And anything that gets in the way of that, I ignore it."
John Richards:
You really had to exercise those sales muscles then if you're trying to get them on board.
Timothy Youngblood:
Oh yeah. Yeah, yeah, definitely. Definitely. But that was good because Kimberly-Clark's situation was different because literally I came in and they had not invested anything in security for decades, and it was building from the ground up. And I definitely took more of a route of rallying everyone around the purpose of security and how it made their lives better. In fact, our security awareness was tagline, Protect Casey and me. So we would do things that would be helpful for not just the company, but for the employee. So I bought antivirus for the whole company and said, "Here, you can use five licenses at home and protect yourself at home."
John Richards:
Oh, wow.
Timothy Youngblood:
If you're safer at home, you'll probably be safer at work.
John Richards:
Yeah, you're like building that culture. I love that.
Timothy Youngblood:
Yeah, yeah, definitely. Definitely. And it's a trust game. People start to trust you. It's interesting. I would be in elevators and people would come up to me like, "Hey, what else can I do to help you guys out? I want to make sure we're successful." It's like, "That's what I'm talking about," right? It's not just the security team out here doing it by themselves. We're all in this together.
John Richards:
Yeah. Well, it's too often I hear of antagonistic relationships where, "I'm trying to get a job done and the security team wants to keep me from doing it." But if you can get that to where you understand, "No, we're collaborating. Security is here to help me so I'm safe in doing my job," then there's a much better relationship for everybody and people will be more secure because they're happy to follow the rules that are keeping them safe.
Timothy Youngblood:
Yeah. Yeah. And then for me, it's always been the situation where these are choices. I'm here. My job is to identify the choices in front of us and help you select the choice that's best for the company. Not best for me, but best for the company. Sometimes it's going to mean taking on more risk. And other times it's going to mean we need to maybe not go in that direction because it's detrimental to the whole company.
John Richards:
Yeah, no, really letting folks know the context there I think is important. A lot of times they're told what to do and there's no why or reason. And then people are like, "I don't even know why I'm doing this. Does it even matter?" But when you know why, you're like, "Oh, I felt like I'm a little more invested in that."
Timothy Youngblood:
Right. Right, right. Well, as someone who, I came up from being a developer, I was a developer so I was on that ops side, I transitioned into doing LANs and WANs so I was actually a big Cisco guy. I had all the certifications of deploying networks all over the country, and then that got me into project management and then IT director leadership. So I know what it takes to kind of run an operation. So very different than some of our peers who just came up in security and that's all they know, right?
John Richards:
Yeah. It's a little bit like they say, you should always do the service level role. It's a little bit like that on the security side, be somebody who had to deal with those policies and understand the [inaudible 00:15:38].
Timothy Youngblood:
It'll open your eyes. You probably heard about that series Undercover Boss where they come in and they actually... When I was at McDonald's, very similar experience where every executive in the company, when I was there I had to work in a McDonald's for a period of time.
John Richards:
I didn't know that.
Timothy Youngblood:
Yes. So you'd have to go in and you'd have to learn how to work the fry machine. You'd be cleaning bathrooms. You just like, your eyes open up on like, "Wow, the things that I asked them to do from corporate, what the impact is to them", right? And so you have a greater appreciation for changes that you make, and then how you can make their lives better, which actually helps the company.
John Richards:
I was told to ask you about some... Did you have any wild stories from your time at McDonald's around security of things that happened? Steve mentioned a McFlurry's story or something here.
Timothy Youngblood:
Oh, yeah, yeah. McDonald's-
John Richards:
If you can share.
Timothy Youngblood:
It's interesting. McDonald's is of course one of the largest companies in the world. I think the McDonald's emblem is known at the same equivalency rate as the crucifix, which is crazy to think about it, but they've done studies on that. [inaudible 00:16:58].
John Richards:
Yeah, it was going noises.
Timothy Youngblood:
Yeah. So for a company that is in 80 or 90 countries, there's a lot of different things that go on from a security perspective and the model that McDonald's has, which is more owner operator, joint licenses. So you've got a lot of companies that if they own the McDonald's brand, but they don't know necessarily all the things that are required to meet an expectation for security. And that's one of the things that, yeah, my part of my job is getting them on board like, "Hey, I know you're operating a company."
For example, you may have this Shaken that's in the Middle East and he owns a hundred McDonald's and he owns gas stations and grocery stores too. But he's running that as kind of one business, but the McDonald's side, "Okay, there's a certain standard of expectations on how you're going to run that restaurant to keep it safe, and I need to make sure that you've got those things in place. And so my job is to come in and help you figure out where you've got gaps and then things that you need to invest in to make sure that you get better."
It's amazing to me what I learned what people do to try to get a free meal. I mean, people who would go and hack the kiosk machines and figure out how to like... They would select buns, bun, buns and a meat, and then take the meat out and then they figure out, "Oh, it's a free sandwich now if I take the meat out, then I can put it back in." And they would just seltzer around everything, digital menu boards. We had folks that would go in and hack into the digital menu boards and throw up their favorite world-class soccer game or something in the middle of a restaurant or other things that shouldn't be shown up on a digital menu board.
And then the Flurry machine was the interesting part. We had a kid in Germany, and his purpose was to try to find, "Okay, where are the ice cream machines that are actually working in my area in Germany?" So that was his initial purpose. He just wanted to figure out. So he figured out how to hack an API out of the global mobile app to show him what machines were working and not working, and created a website over that. Well, within a day or two, it ended up creating denial of service attack across the entire-
John Richards:
Oh, no.
Timothy Youngblood:
... ecosystem, crashing the global mobile app that hundreds of thousands of people use every day. So interesting day in McDonald's every day, I would say.
John Richards:
I bet. And it's fascinating because those are challenges I would never expect. I'm like, "Oh, CISO there, you're just worried about regular technical challenges and what the technical teams are developing," but you're talking about store level access. How do you stay flexible enough to handle what's being thrown at you? This isn't a, "I'm coming in tomorrow and it's just going to be the same thing, a little bit different." You're getting constantly new challenges thrown your way. How do you stay prepared to handle that?
Timothy Youngblood:
Yeah, definitely. Well, I mean partnerships is a big part of it. And that quick service restaurant, it's a tight-knit community. What happens to McDonald's is probably going to happen to Burger King and young brands with KFCs and that kind of stuff. So staying connected in and what they're seeing, what we're seeing, just sharing their intel and stuff was really important.
And also, McDonald's is very progressive because several years back when they started their digital transformation journey, they got into AI as well. And even in that case, I mean, I work with the privacy officer pretty closely on, "Okay, how do we define what our ethics is on this," right? When you're starting to track what people eat, there are things you can discover that you may not be looking to discover that, but you could. And we need to figure out, "What's the grandma rule here? Grandma wouldn't want you doing this, you shouldn't do it." Right?
And they got to select their cell or they're giving offers to certain people based off of what they eat. And I said, "Well, it's a security issue too because if someone gets that information that could be detrimental if they can figure out things about their health." As well as sort of the ethical line of like, "Okay, John always gets this offer, but Tim never gets it, so what's wrong with that picture," right?
John Richards:
Yeah. And it's a great segue there to, part of why I was asking these unique challenges is so many folks now are dealing with AI showing up either in the tools that they're using or in the methods that attackers are using. So all of a sudden it's like everything, "Oh, there's all this new stuff and I've got to pivot." Even if you had a very bland CISO role, if that even exists, but say you're at a company that doesn't have as much prominence and maybe you've got this regular thing, all of a sudden there's a new stuff to deal with.
Do you think, in your mind, do you need to come up with a lot of new ways to handle this? Or do you go back to maybe some evergreen principles that you say, "Hey, I apply this kind of ideology regardless of whether I'm dealing with a McFlurry machine or AI"? Or is it, no, you've got to really be flexible and adjust your framework to fit with these new challenges that are developing?
Timothy Youngblood:
Yeah, it's really interesting because I saw in the industry how of course AI has been around for a long time. Gen AI in its current iteration has been around maybe two and a half years. And I saw back in the end of 2022, 2023 that the security industry started to take interest in this because all of a sudden you have all these new processes that are connecting into data and no one's really regulating what's happening here.
And the knee-jerk reaction that I saw in the industry was like, "Block it. Block it all. We don't have a necessarily established business process for this, so why are we allowing it in?" And of course, trying to block everything is, I think, a futile effort because you'll never block it all. There'll be a version of it some place tomorrow that your scanner referral is not going to catch.
So you might as well get people to understand and be educated on what's appropriate and what's not appropriate, and take that route and trying to understand what the right guardrails are, particularly when it comes to sensitive data, which is at the root of a gen AI. It's all about the data at the end of the day. So there's safe ways to experiment and try to understand this. And then there's more riskier ways. And you have to go on kind of an educational draw because at least back then there weren't enough tools to help you do anything otherwise other than block it and not allow it at all, right?
So that became important to me, and I started to see other folks build these sort of governance models around AI first just to kind of establish what's the policies and rules and how we're going to play in this new playground that we've got.
And even though I may not be able to enforce the policy in the way I want people to understand why it's inappropriate for certain types of activities to occur, why you shouldn't use the internal data to train a OpenAI model that's out there on the internet, and what does that mean just so you understand that, right? And then when you finally get to the point where you have approved AI platforms and those that we consider riskier that are unapproved, and we're going to block those, and if you need access to them, then there's a permission process to do that. But the general rules and how we connect these things to our data always stay in place.
And now you evolve. Now you've got some really great solutions out there to help you assess data leakage via LLMs. There's frameworks now that have come out, like the top LLM. CSA has a framework. NIST has an AI framework. So you've got some structure you can start to put to this to understand your risk a lot better than you did just two years ago.
John Richards:
I like too that you started with the point of it begins with education and you kind of all the way back with the antivirus like, "Hey, let's get people educated on what this is. Let's give them some access so they know as kind of a throughput of, 'Oh, when there's change or something unknown, education's such a vital part of that'."
And I saw recently you just were doing some educating, wrote an article around non-human identity attacks. And I've heard a ton of people talking about identity access management and the importance of that, but I actually haven't heard so much around specifically this area of non-human identity attacks. I would love to hear a little bit about why you think this is an area that people need to be paying attention to now.
Timothy Youngblood:
Yeah, it's really critical. And in my roles, I felt several challenges around what is now termed non-human identities. I think we called them machine identities before. And they're basically identities that are not tied to human being and they're part of every environment. They are the connective glue in many cases that allow applications to connect to other applications. And we've had them for years. It's like old wine and new bottles is what I call it. So you talk to a CISO or anybody in the security community, they will tell you there's always been problems with service and process accounts.
Interactive service and process accounts are found in just about every audit that goes on every year. And there's no silver bullet that has ever solved that. There's plenty of produce access management tools that are out there. You can vault these things and keep them in, but there's so much that's being created that it's hard to keep up with.
And now because we've gone through this revolution where just about everybody is processing 90% of their workloads in the cloud, it's created a whole new volume of non-human identities that people did not think about before. So now you've got to think about things like webhooks, API tokens, regular tokens, you've got secrets. These are ways that are allowing some application or some asset to talk to another asset, and they have to log into something for that to happen, right?
I think it was Gartner came up with this figure. Every thousand employees you have in your environment, there are at least 40,000 non-human identities in the environment.
John Richards:
Wow.
Timothy Youngblood:
So you just imagine the swarm that is going on in most people's environments that they don't even realize that's happening. And threat actors know this now, it's becoming a much more likely threat vector that they will find some non-human identity that may be part of the AWS instant. And that's their pathway in, and it's their pathway to move laterally, right? And so you've got to first discover, where are they all at? What's my inventory? Which is not something we're very good at. In this industry, it's just asset management. "Let me talk to the person who has solved asset management. I want to hear from that person. I have never heard from them before." So you got to go in and do that in inventory.
And then you've got to go through and prioritize, "Okay, what's the risk? Which of these are actually exposed out onto the internet? Which of them are tied to GitHub? Which are kind of hard-coded into my environment through some development repository?" And then after you've done that, prioritizing risk, you've got to have a governance model to remove and eliminate the ones that don't provide value to anymore. So they're not to sitting around and creating risk for it. So you've got to have a life cycle model for that.
John Richards:
I mean, you do an audit out of places, and it's amazing how much you find backlog that nobody even knew would just sitting around everywhere.
Timothy Youngblood:
Yeah, yeah, absolutely. It's amazing. And again, I've had challenges with them in the past, and that's why I'm definitely an industry advocate for addressing this because to me, it is the biggest security blind spot that most people don't address. And there's definitely a perception that, "Hey, I invested in enterprise tools like CyberArk, and I've got Microsoft Azure AD protection. I've got all this great stuff. Am I protected?" And the short answer to that is no, you're not because they don't address these things in a holistic way, right?
So if you get a pair, maybe you are addressing your service and process accounts. If you've got a vault manager, maybe you're addressing secrets in some way. But you still have all the other non-human identities that are out there and exposed.
John Richards:
Yeah. And needing to stitch together all of those tools to understand where there's this lateral movement may be possible or things like that.
Timothy Youngblood:
Yeah, definitely. Definitely. And that's where I've been working with Azure Security now for the last six or seven months. I helped them on the product side and how a product like this can easily fit into a enterprise security stack, what's the messaging. Because there's education that needs to happen, I think, in the CISO community on why this is important and how you get in front of this.
And it's so funny, it reminds me like years ago, I deployed the latest McAfee product in my environment when I was at Dell, and I was so proud of myself and the partnership we have with McAfee, and that fell out. And I swear it might've been a quarter later, my guys came to me and said, "Hey, we've got a lot of malware this summer." I said, "What are you talking about? I've got the latest and greatest McAfee. I aged it out there, deployed on 100,000 stations. And if I do have it, it should've be taken care of." And they're like, "No." We just met this vendor that came in. We did a proof of concept and they found that, "Yeah, McAfee is missing 40% of the malware environment."
John Richards:
Oh, no.
Timothy Youngblood:
And that product happened to be FireEye. And then FireEye became a staple, right? Because even though you had standard AD, it wasn't enough. And I see the same thing happening in this whole non-human identity space where you're going to realize, "Wow, this problem is bigger than I ever thought. I need something that's going to help me manage it." And Astrix was one of the first companies to get into this space, and they helped actually define non-human identities with Gartner as a category.
John Richards:
Oh, nice. Yes. And the reason we're hearing so much about this, just to kind of circle back there, is the scale you're saying. Now that so much is on the cloud, as you said, this existed before machine identities, whatever, but now you've done that digital transformation. And, "Oh, we're all up there" and all of a sudden realizing, "Oh, actually there's this huge new risk that we aren't properly assessing."
Timothy Youngblood:
The other part to this too, which is really interesting, one of the other dirty secrets in security and just in the industry in general is third parties, right? Third parties present more risk than anybody else, right? And now in this day and age, mostly these third parties are coming in through some non-human identity.
John Richards:
Wow. Wow.
Timothy Youngblood:
And they're connected. Somebody in business unit has got a relationship with some company and they need access to this data share somewhere in your AWS unit. And guess what? They're connecting it through some token.
John Richards:
Yeah, "I need some temporary elevated privileges" and we forget to lower them down for this machine. And then now all of a sudden-
Timothy Youngblood:
Oh yeah, yeah, yeah, exactly. "Oh, we got to deploy this." In order to do that, it's going to create 10,000 identities that you know nothing about. And that's a great way and why I suggest to people and using tools like this, you can actually identify third parties you didn't even know about.
John Richards:
Well, thank you so much for coming on, Tim. I would love to talk to you more. This has been fascinating, but thank you for coming on. Before I let you go, anything you want to pitch or how can folks meet you? What's going on that you'd like to give a shout-out to to our audience?
Timothy Youngblood:
Excuse me. I would say connect with me on LinkedIn. I'm very active on the platform. And in addition to what I do in the cyber world, I'm also an angel investor, and so I look at a lot of different solutions out there. I comment on those things. I also sit on a couple of boards and I mentor several CISOs and just provide advice on how to learn from mistakes I made in my career so you don't make them, okay?
John Richards:
Well, thank you so much, Tim. It's been such a pleasure. Have a great rest of your day.
Timothy Youngblood:
All right. Take care.
John Richards:
This podcast is made possible by Paladin Cloud, an AI-powered prioritization engine for cloud security. DevOps and security teams often struggle under the massive amount of notifications they receive. Reduce alert fatigue with Paladin Cloud. Using generative AI that model risk scores and correlates findings across your existing tools, empowering teams to identify, prioritize, and remediate the most important security risks. If you'd like to know more, visit paladincloud.io.
Thank you for tuning in to Cyber Sentries. I'm your host, John Richards. This has been a production of TruStory FM. Audio engineering by Andy Nelson. Music by Amit Sage. You can find all the links in the show notes. We appreciate you downloading and listening to this show. Take a moment and leave a like and review. It helps us to get the word out. We'll be back December 11th right here on Cyber Sentries.