THEOS Cybernova: The Cybersecurity Podcast for APAC Leaders

Paul Jackson: Welcome to another episode of the THEOS CyberNova podcast. Today I’m in Kuala Lumpur with the amazing legend, Steve Santorelli. Steve, thank you so much for joining me today.

Steve Santorelli: Thank you for the invitation, Paul. My pleasure.

Paul Jackson: For those of you who don’t know Steve, and it can’t be many in the community that don’t know Steve. Steve works for a very interesting group called Team Cymru, who we’re going to hear a little bit about in this podcast. But he’s also the man behind the main organiser, if I can call you that, Steve, of the underground economy events and the smaller RISE events, which are held throughout the regions. But we will talk more about these as we go through the podcast.

But Steve, you become famous for building and growing this, under the team Cymru, and I think the audience needs to know the value that these events bring and what your objectives and goals are in terms of organising these events.

Steve Santorelli: Well, luckily for your listeners that my blushing doesn’t come across very well in the podcast. We started doing these events a couple of decades ago because we realised there was a massive chasm between law enforcement and industry. Back in the day, there was really very little interaction with law enforcement at the time, lacked a lot of the technical ability required to do investigations. The industry just didn’t know, didn’t trust, didn’t have any confidence in law enforcement because they really hadn’t met them, hadn’t interacted.

So we decided to run some conferences just to break some bread to build some bridges, we decided to get everybody together to do some case studies. We have this same format that we’ve run for many years now, where we have carefully selected people that are known and trusted, as well as some vouch for new people. We talk about the confidential cases, things that we’ve worked that we would perhaps do slightly differently next time. Maybe there’s some outstanding suspects, there’s a new TTP that we haven’t dealt with before, and sharing it in this kind of closed environment can really help to build trust in the community.

Paul Jackson: No, I really agree, Steve, because what I see is so many cybersecurity conferences and events, which are great because we learn about the new tools, the new solutions that are there to protect us. But there’s so very few that focus on the investigative side. The response side and the threat intelligence side, and I don’t know how we can change that. You are doing great work in providing at least one option, but it’s really hard to get that community together talking, isn’t it?

Steve Santorelli: It is. And you know, this is not a team Curry conference so much as a community conference. It really is the community that continually comes along and makes it great to every time. So, we’re very privileged to simply provide the mechanism, the vehicle, if you like, that people can start building trust and working together.

Paul Jackson: Yeah. So when you started, I mean, obviously, we’ve known each other now for about 20 years, which scares me a little bit.

Steve Santorelli: Before I had such grey hair.

Paul Jackson: Well, sadly, I’ve never had grey hair because I’m not had hair for many years, as those who know me. But, look at you, you started this as a very confidential, almost clandestine sort of event, and understandably so, because we were talking about active investigations into the criminal groups, etc., and a lot of confidential information shared that had to be on a trust basis. I know this is a double-edged sword, isn’t it? Because, of course, you want that security and trust. But on the other hand, we want to get more people involved. So how do you kind of balance that?

Steve Santorelli: A lot of it comes down to whether we can find somebody that can vouch for a new person. We’re very proud to say that, I believe, we have 42% new delegates at the last big conference we ran with the Council of Europe in September of this year. So we do our best to bring new people into the community. But of course, it’s very difficult. It’s notoriously difficult to break into the cybersecurity community as an outsider, if you don’t know somebody that can refer you in and say this person is a legitimate cybersecurity or threat hunter, then it’s very difficult.

Paul Jackson: It really is. I think that’s one of the quandaries, isn’t it? But, you know, I think your achievements today have been outstanding because whenever I come, and I’ve been to every single event except one, to my shame, I missed one. But every single event in the Council of Europe. And each time I’m awed by the status and the level of knowledge and just the capability of the attendees and the speakers.

Steve Santorelli: Yeah, and the Council of Europe are fantastic partners because they have funding that they make available to enable the travel of many law enforcement judges, prosecutors from around the world, not just the European Union, and that’s incredibly valuable for us. One of the biggest problems we have as a community, the law enforcement churn is quite extreme. You go and train up some law enforcement, or they get some experience, and they become very attractive in the private sector. It’s hard to keep them. You gained a certain number of skills, and in many police services around the world, you have to go back to a different job to give someone else the opportunity to come and acquire those skills. So as a community, we’re having to reinvent these relationships every couple of years because unlike in industry, law enforcement generally don’t stay in in role for as long as we’d like.

Paul Jackson: No, and such a great segue into the next part of the conversation, because both you and I are obviously former police officers, albeit in different parts of the world. I knew a lot of your former colleagues in Scotland Yard. We worked closely together on a number of investigations, cross-border investigations, back in the days when Hong Kong wasn’t such a pariah.

But it’s, we never knew each other in the law enforcement days, but obviously, we got to know each other when you joined Microsoft after, so tell us a little bit about what made you jump to the private sector, because obviously, you were part of the elite unit right in, in Scotland Yard.

Steve Santorelli: It was a lot of fun. I retired in 2004 as a detective sergeant on the Computer Crime unit, and that was such a long time ago. It was before the days of the National High Tech Crime Unit of the Serious and Organised Crime Agency. So, we had primacy as a unit for any cybercrime in the United Kingdom, which was fantastic. I think anyone that tells you that they didn’t jump for the paycheck would be lying. But I do think in my case, it was generally an additional concern. I found it slightly frustrating, that when you work for the Metropolitan Police in London, you really need to have a nexus to the UK. It’s very difficult as a law enforcement officer to justify an investigation. If you don’t have a criminal in your jurisdiction or at least a victim in your jurisdiction. So, when we had these massive cybercrime cases, if there wasn’t a nexus to the UK, it was very difficult. You basically had to give that investigation to somebody else or it just wouldn’t get properly resourced. I found that frustrating. When I left the police and went to Microsoft, we had a global remit, and we were able to refer cases without having to have a victim in our jurisdiction

Paul Jackson: 100%. I mean, I that resonates exactly with me because the big frustration was that transnational nature of cybercrime means that the criminals that haven’t committed an offense in your jurisdiction under your laws and the cooperation, it could be a lot better, couldn’t it, between law enforcement. Having said that though, I know we can’t really talk about them in this conversation, but the case studies that we hear about at the underground economy are very inspiring, because I think the public has this perception that law enforcement is a perhaps a bit hapless and that the criminals always seem to win, but that’s not the case, and we hear some very inspiring stories where law enforcement has worked together and brought some significant crime groups to justice.

Steve Santorelli: I agree, I think it’s like night and day in terms of the technical capabilities and the trust that the community has in law enforcement that are working these cases. I think that it’s very, very challenging; obviously, the criminals have zero paperwork, they have instant collaboration and a huge financial motivation. Law enforcement doesn’t have any of that; we just have obstacles. The society puts very valid reasons in the way of law enforcement checks and balances, but it does slow things down. In the age of fibre optics, any delay means that logs are going to start falling off the end of servers, and it becomes very, very challenging. Even a few hours after an attack, to actually do the investigation from a forensic perspective.

Paul Jackson: Yeah, correct. Because back in earlier law enforcement days there was, I guess fewer technologies. It was a simpler time. The capacity of storage was a lot smaller. So, doing forensics was faster and more accessible and for anybody breaking into this industry or trying to, they’ve got a mountain to climb in it because this took people using yesterday’s technology. But you have to understand yesterday’s technology, but also modern technology, use of AI, etc., and various security systems, which all can provide evidence of wrongdoing and lead us to the bad guys. So I feel a bit sorry for, I guess, those who are entering the field, certainly in law enforcement, it must be so intimidating to try and become expert in this field.

Steve Santorelli: It is, and it’s incredibly technically difficult, and there isn’t really a course that you can take, certainly not a class that you can afford to take that’s going to give you the skills. My advice to anyone trying to break into this field is go to a B-sides conference. They are all over the world, and they are full of super enthusiastic, relatively young people. That is where you can acquire the experience in the networking, and that is how you can acquire the experience and build that network of folks that are going to usher you into this community.

Paul Jackson: Yeah. And talk about that because we spoke earlier about the it sometimes can be a bit cliquey can’t it, in our industry because there’s a lot of folks like ourselves who have been around since the year dot when it comes to cyber investigations and a little bit intimidating, I guess, for the younger generation, they may feel left out of the clique perhaps.

Steve Santorelli: Absolutely. No, it’s also it’s very difficult to break in. It’s very hard to trust an email address, so if you’re actually able to go out and meet people, you build trust. You can judge somebody by their character by meeting them. First impressions count, and this is how you can start building your brand, for want of a better phrase, within the community. One of the most fundamental things in this community is trust is very hard to gain and super easy to lose. All you’ve got to do is make one mistake, one bad decision, and then it becomes very difficult for the community to accept your presence. For sensitive investigations.

Paul Jackson: No, you’re 100% right, I mean, trust. Yeah, it’s all about trust. I was I was talking earlier to Geert who does the negotiations, the ransomware groups, the threat actors. That’s a great example of trust in our industry, isn’t it? Because victims are trusting him to be ethical in negotiating with the threat actors are not taking a slice of their ransom payments or doing things behind their backs. I think you’re right, once you break that trust, your game is over, really. It’s the same in law enforcement. It’s the same in our industry, cybersecurity industry.

Steve Santorelli: A lot of the time it’s the same with the bad guys as well. The miscreants have marketing budgets, they have reputation, they have brands, and they have the same issues that we have in terms of maintaining trust in their community.

Paul Jackson: Indeed and you know it always stagger me when I hear presentations at the underground economy, when the threat intelligence guys talk about the structure of these organised crime groups and organised is really the word, isn’t it?

Steve Santorelli: Very much. But one of the most gratifying things, as somebody that organises this community event, is when somebody stands up at the end of the presentation and says actually, I’ve got the missing piece of that puzzle or this nickname, actually I can connect that to a real identity, or I can understand where you were struggling in this investigation. I’ve got the missing part of the puzzle. They go away, have a beer work on the case themselves, and they’ll come back at the next conference and tell us all about how they solved the case as a result of being at the first conference. That’s really nice.

Paul Jackson: I love watching that. When I am in the room, and I really see that somebody raises their hand at the end of the presentation, that is exactly to your point. They chime in and say, I know about this. It’s that meeting of minds.

Steve Santorelli: Yeah. And as somebody that’s part of this community, you do get the ability occasionally to make referrals and say, you should probably call this person because I think this person’s work in a very similar kind of case, and it’s probably the same actor.

Paul Jackson: Right. And it’s also geographical as well, because there’s been times when you reached out to me saying, Can you connect somebody in Asia with law enforcement etc.? And I think that sense of community and trust, again, that big word trust is super important. If we, you know, to be successful in, in our investigations against the crime groups.

But that also is a can be a thorny issue, right? Because sadly, cyber is synonymous with geopolitics, right? Because of the media mainly flooding us with stories about nation-state activities. That’s not to say it doesn’t happen. Of course we know it happens. Right. And that creates it with the borderless nature of cybercrime. That means that politics unfortunately comes into it. And yet our goal really is to get the bad guys. Sometimes we’re hampered by the, the, the constraints, perhaps of geopolitics.

Steve Santorelli: We are. And I think that the CTI community is a reflection of society as a whole. As you know, we have innate biases, we have innate prejudices. And you can work as much as you can to try and counter those. But there’s culture, there’s language barriers, there’s time zone differences, there’s commercial interests. And of course, there’s geopolitics that come into as well. But, Paul, this thing has been going on since the internet began. I remember as a law enforcement officer, finding a suspect was located in an unfriendly country, for want of a better phrase, and basically binning the investigation because I knew it wasn’t going to go anywhere. But I’ve also had successes working with, individuals in some of these places over the years. They have criminals, they have victims, they have crime. And it isn’t always about nation-state actors. The reality is cybercrime is global and it comes in many, many different flavours. I do think that there is some sense that the actual operation of law enforcement officers in some of these less friendly countries would love to work with us. They just don’t have the opportunity and the permission to work with us.

Paul Jackson: You nailed it. There because living in Hong Kong as I do, I have this kind of perspective where obviously I’m from Britain. Yet I’ve worked in Asia for a long time, and part of my role previously was actually to help train Chinese police. They don’t care about nation-state stuff; they’re trying just like us. They’re trying to catch the criminals that are involved and I do sense a lot of frustration from them that they can’t be. In many ways, they’re hampered from being part of these conversations when all they’re really trying to do is catch the bad guys. Yet the media just obviously focuses more on the nation state that they rather than the criminal activity. And yeah, it’s I don’t think there’s any real easy solution to this is the.

Steve Santorelli: Yes, and I do think there’s a lot of young people coming into the community now, that they can see the wood for the trees, but they are still going to be stymied by this fundamental issue, this fundamental dichotomy that you can’t get investigations done without essentially some diplomatic assistance. If you have a mutual legal request or some kind of requirement to get evidence from another jurisdiction, you can’t just pick up the phone and call your opposite number. In a foreign police service, you have to go through diplomatic channels, and that’s where it will get stopped, because it’s not considered to be appropriate to do that investigation. And that’s very frustrating for everybody.

Paul Jackson: Oh, absolutely. Yeah, I think this is also one of my big frustrations. And I know we’re going to talk about it later on the panel discussion here at the, the RISE conference in Malaysia is around cooperation at a working level within the region. So when I was working in the States with JP Morgan, for example, I just noticed a different sort of world in a way that the actual technical guys would talk to each other, would share IOCs, indicators of compromise, would share, attack vectors and help even competitors, in the banking world to be better prepared against similar attacks.

Steve Santorelli: Yeah. To criminal defence.

Paul Jackson: Yes and it works. But out here in Asia, it’s there are pockets in in individual jurisdictions. But across the region there is very limited conversations going on and try as I might down the years, I’ve never been able to really bridge that. So, there’s definitely a cultural element to it.

Steve Santorelli: There is. And, you know, it would be fantastic if we had the resources to come and bring a RISE to the Asia-Pacific region a couple of times a year, but it’s just not practical. There’s no easy way of generating funds to support this kind of a program. So, I suspect the worst is incredible technical expertise in the Asia Pacific CTI community. I don’t necessarily think that they’ve had those opportunities to break bread, to share a beer, to actually meet somebody over dinner face to face. That’s what’s really important. So there’s potentially an argument that the Asia Pacific region is a little bit further behind than the West in terms of building this community.

Paul Jackson: 100%, yeah, without a doubt. That brings me on to Team Cymru itself, because whilst you’re very well known in the US, Europe, etc. of the West, not so well known in our region. When I talk to folks, companies, clients, etc. in our region about availability of threat intelligence, good quality, they don’t seem to have heard of you guys. So perhaps it would be helpful if you could just explain a little bit about what your company does and what you can bring to the table in terms of threat intelligence.

Steve Santorelli: As much as I can within the bounds of breaching confidentiality. We do a lot of processing of network telemetry. We do a bunch of work with honeypots, with malware samples, detonation of samples, looking at our data ocean and extracting X5, and I stuff a good passive DNS and such, making that available to the community and to commercial partners, which means that people can do network forensics beyond the border.

So obviously, if you are a bank, for example, you generally have good visibility up to your network border. But when an IP address departs your network, that’s it. You can’t see it anymore. With Team Cymru, you can. And we spent a lot of time listening to what the community actually needs, and we found that we’re very good. Just as with our committees, we have a preponderance of international law enforcement, much more than other communities. We’re very good at infrastructure and tracking, for example, botnet infrastructure as it migrates from one provider to another. We can actually see that happening virtually in real time. And that’s something that no one else can do, right?

Paul Jackson: Right. So I mean, you are open, though, to working with clients in Asia and helping them with that.

Steve Santorelli: Oh, absolutely. We’ve had some huge successes with commercial and community partners in the Asia-Pacific region, and things are going very, very positively for the community and for Team Cymru in the Asia-Pacific region as well.

Paul Jackson: Right. Got it. Yeah, because it’s a question I do always get asked, I think getting intimate knowledge not just to what you were talking about, you know, the network traffic and understanding. You know, what threats are existed beyond the borders, if you like of their own IT infrastructure. The challenge I think we’ve got is understanding what threat actors are operating in the region, their motivations, and their targets. I don’t see many companies doing very well at this, you know, whereas a lot of focus on the Western or and the Russian former Russian states, etc., the groups operating there. So, are you seeing or yourselves providing any good intel on the threat actors in our region?

Steve Santorelli: It’s excellent intelligence, but I’m not going to talk about it in a podcast.

Paul Jackson: A very good answer, Steve. So yeah. Anybody listening to this from the, from our region is I know we got a lot of listeners and you want to understand more about, what Team Cymru can provide in terms of that more specific threat intelligence to your organisation, then obviously you’ll have to have a one on one conversation with Steve.

Steve Santorelli: Absolutely. Yeah. Give me a call

Paul Jackson: Digressing a little bit about your career, is there any particular investigation or story that you could share that you’re proud of? I know a lot of it’s sensitive, right, but is there?

Steve Santorelli: It is, and also, you know, from an ethical perspective, it’s not really ethical to talk about any of the details. But I do remember one case that has stuck in my mind. There was an individual who had written some malware, and it had escaped. It, of course, did a little bit of damage, not a catastrophic attack, but this individual was very naive. They had committed the criminal offense, but in my opinion, in the totality of the circumstances, it wasn’t appropriate to put that person through the court system.

In the UK at the time, we had the caution system, which is when a senior police officer will authorise essentially a severe talking to, this individual was relatively young and it was quite apparent that he was going to get a far worse punishment from his mother than he was ever going to get from the judicial system. All he was going to do is pick up a criminal conviction. Now, put the case to bed, forward 15, 20 years. I get a LinkedIn message from this individual. He actually bought me a cup of coffee at Black Hat a few months later, and he told me that he was very grateful that we made that decision. It was a very difficult decision to make because there’s obviously victims of this crime, but because we made that decision, he was able to get a visa to come to the States, and he now works in the antivirus business, and he’s completely trusted and the system actually worked in that his bad behaviour was corrected. And now he’s a member of this community. So that was one of those stories that sticks in my mind is one thing that went particularly well.

Paul Jackson: Yeah, because obviously when you pick up a criminal record, getting those kind of jobs is virtually impossible. Yeah, that’s sensible policing, isn’t it? Yeah. Not so sure. It’s quite so sensible these days. But back in the day.

Steve Santorelli: I think policing these days is a completely different realm. I don’t think you or I would enjoy it.

Paul Jackson: No, but perhaps that’s a topic for another day. Over a beer. Yeah. But yes. I don’t know if I would join the police now, it’s a different world, but obviously we need police. I don’t want to discourage anybody listening to this from what is a very rewarding career.

Steve Santorelli: I think it’s a fantastic career. I had an amazing adventures, loved meeting the people. It definitely made me the individual I am today.

Paul Jackson: But yeah. But this brings me on to quite an important point, because when we’re talking about career choices in law enforcement, it is obviously a way into the cyber world, isn’t it? Because you get good training, you get the exposure, you get leadership skills, and you get good communication skills training in the police force. But what other ways? You know, because I often guess we’re elder statesmen, I guess. Hope you don’t mind me saying that, but we are elder statesmen in this, in this realm. I’m sure you get asked, and I get asked a lot How do you get a foot in the door? As a young professional, you want to get involved in cyber on the investigation or threat Intel side. How do you get a foot in the door these days other than law enforcement?

Steve Santorelli: Perhaps a lot of the time, you start as a junior SOC analyst. A lot of the time, you’ll be working in IT, and you’ll have an interest in cybercrime, and you start going to conferences, and you start subscribing to certain mailing lists. You start contributing to a subreddit, for example, and you can start imbuing yourself with this community without having to have it as your full-time paid job. You’ll find that as you get a reputation and you start meeting people, a full-time job could be a very reasonable goal.

Paul Jackson: Yeah. It’s interesting you mentioned SoC analyst, because I was having a chat with a couple of folks the other day who were in the CISO sort of world, and they were saying that one of their concerns is the AI is going to be taking over a lot of these junior SoC analyst roles. They’re able to make decisions faster, more accurately, and obviously lower cost. Therefore, we’re limiting the opportunities for young professionals to get a foothold or a start in their careers. I don’t know if you’ve had any thoughts about the AI implications of our industry.

Steve Santorelli: I think we’re already seeing in the last couple of weeks some very smart, usurping of the AI safeguards. I think that criminal use of AI is definitely accelerating far more rapidly than legitimate CGI use of AI. I think that it’s a hugely challenging situation, and you’re right. How are the new people coming into our community going to acquire the skills? There isn’t really a de facto training class or certification that you can go to become a threat analyst or a cybercrime investigator or part of this community. There is no roadmap; unfortunately, you have to make it up as you go along. Now the foundations are shifting right under your feet. I’m just glad I’m all in business.

Paul Jackson: Yeah, 100%. It’s. Yeah, as we just spoke about with law enforcement, you know, times have changed, and I’d guess those who are going to survive and be successful in this field are the ones who are smart to adapt. Obviously, leveraging AI as well, rather than treating as a threat, but using it as a, as a weapon.

Steve Santorelli: The way it was explained to me when I started getting into this businesses, it’s very difficult to train someone to be a police officer unless you are actually a police officer. The rules of evidence, the way of interacting with a suspect, following your nose, following your instinct, is something that you build up over years of working burglary, robbery, and racial crime, just as I did. Then you can start to acquire some of the technical tools, but if you come in with the technical tools initially and you try and learn how to do an investigation, that’s where some of the problems come in my experience. Being able to do and a criminal investigation is a fundamental skill, and then you can become more technical as you go.

Paul Jackson: So, Steve, it’s something I get asked a lot is who makes a better cyber investigator? When I was in law enforcement I was asked, who are the best cyber cops? Is it a police officer who trained to be a technical investigator, or is it an IT guy, a cyber guy who you trained to have an investigative mindset? What are your views on this?

Steve Santorelli: I’m obviously incredibly biased, but for me it’s the former. I think it’s very difficult to train somebody from a technical background and teach them about the technical law, but teach them about instinct, about how to interrogate people, about how to persuade people to explain a little bit more about a circumstance than they would rather do.

I think being able to prove that you can do an investigation into burglary, robbery, racial crime or whatever is much more important, and you can teach that experienced detective the technical skills they need to become a decent cyber crime investigator.

Paul Jackson: Yeah, 100% agree. Although you know, there are exceptions, of course. We’ve had folks in the Hong Kong police who have just come from a computer science background, and we pulled them straight into the team, and they’ve adapted and adapted well, but on the whole 90% of the time, I would agree. It’s the mindset that is critical. And having the broad-minded the way of thinking, thinking of all possibilities, IT tends to be a binary subject, ones and zeros and much more precise, whereas investigation is more broad.

Steve Santorelli: Yeah, but there are also some requirements to have decent communication, the ability to try and explain a case to a prosecutor or judge when you’re giving evidence can be very difficult if you don’t understand how that part of the world actually thinks.

Paul Jackson: No, I agree, I agree entirely. So let’s talk a bit about the upcoming Underground Economy conference in Strasbourg if you’re able to, because again, you don’t get as much participation, perhaps from the Asia-Pacific region as you would like. Obviously this is a try to be a global event. Can you just explain where it’s at? I know we briefly spoke about the Council of Europe, explain a bit more about the venue and who might be eligible to attend and what the dates are.

Steve Santorelli: So we started running these conferences at Interpol headquarters in Lyon, France, many, many years ago. Unfortunately, Interpol has a facility there that only holds about 200 people. We have a massive demand for people that want to come along to these committees because they proven to be very valuable. So we’re talking about 600, 650 people coming out to Strasbourg, France, with the Council of Europe. They’ve got an amazing building, and they are fantastic partners, and they are very generous with their support to the community, but it’s a long way away from the Asia-Pacific region. This is why when we can, we do things like coming out to Singapore, coming out to Malaysia, we did an event in Hong Kong. They were very successful. I wish we could do them, as I said, a couple of times a year. But resources such as they are, we do the big event early September in Strasbourg, and I thoroughly recommend that if anyone from the Asia-Pacific could come along, it definitely would be very valuable because it’s essentially four days of back-to-back case studies. You’re going to meet pretty much everybody who’s anybody in this community, and they are by virtue of the fact that they’re able and willing to collaborate and cooperate with you.

Paul Jackson: And the dates are, again?

Steve Santorelli: We’re actually still working on the dates. One of the great things about this community is there is a very vibrant conference circuit, and there’s conferences popping up all the time. And of course, we don’t want to clash with something else that’s going to impinge on our delegate demographics. So we try and do conflict as much as we can. So watch this space for the formal announcement of one. The date of Eui 26 is going to be right.

Paul Jackson: Okay, good to know. And if anybody wants to keep abreast of this, then obviously, Steve, you’re on LinkedIn.

Steve Santorelli: Absolutely.

Paul Jackson: You can be found there, as am I.

Steve Santorelli: We’ve also got, this Dragon News Bytes newsletter, which is been running for about 20 years. It’s a plain-text newsletter. There’s no HTML tracking. It comes out 5 or 6 times a day with some of the latest summaries of the latest news stories from the community. If you subscribe today, we will automatically tell you when we announced the registration site for Eui 26. So you can just Google Dragon News Bites, subscribe to it, and then you can notify it automatically.

Paul Jackson: And I am a consumer of this, and I can heartily advocate that this is a great source of Intel, because you do keep us abreast of what’s going on, some great leads and some great information, very topical. And as you say, there’s no, well, I should say malware. No advertising, there’s no advertising. It’s not a sales and marketing thing.

Steve Santorelli: It’s not run by the sales and marketing teams; it’s run by us. People like us.

Paul Jackson: Okay. All right. Good. So, look, it’s a great honour, and I know how busy you are here, but Steve, thank you so much for giving me half an hour of your time to chat with you today. Yeah, but I always close, because I’m a music lover. I ask my guests what they’re currently listening to, and I’m always intrigued by what people, you know, when they switch off from their work and what they like to relax to. So, Steve, I’m going to ask the same question of you. What do you what what’s currently on your playlist?

Steve Santorelli: It is interesting because I’ve just had my Spotify Wrapped, for the year and my Spotify age. Have you heard of this thing that.

Paul Jackson: Yeah. Well, I’m getting loads of really great feedback. People are messaging me saying, you’re my number one listed, listed podcast and I’m go, wow, that’s pretty cool there. So, we got some great listeners

Steve Santorelli: It’s a great podcast

Paul Jackson: Don’t forget to hit the like and subscribe button if you are out there listening, because that gets us out to more people. But go ahead Steve

Steve Santorelli: My Spotify age came back as 21, and the conclusion I’ve come to is that probably one of my kids is hack my Spotify account and change it or most of my listening is electronic dance music. A lot of my current playlist is actually an Australian rap group called the Hilltop Hoods. Fantastic people.

Paul Jackson: Yeah, you’re a rapper?

Steve Santorelli: No, just Australian rap.

Paul Jackson: Interesting. Well, obviously, we listen to different music because my age came back as 55; that Spotify wrap was very interesting. That’s how to do it isn’t it? I think a lot of people, we’re talking about that. Look, Steve is another great event. Congratulations on all the work you do here at Team Cymru. These events, they are superb. They are the event. I make time to go to. And honestly, it’s largely thanks to you and your tireless efforts and what you do for the community. So thank you, Steve, for all you do for the community. And thank you very much for joining me here today.

Steve Santorelli: You’re welcome.