2025 Exposure Risk Report: Key Insights Artwork

Kitecast

Kitecast features interviews with security, IT, compliance, and risk management leaders and influencers, highlighting best practices, trends, and strategic analysis and insights.

All Episodes

Kitecast

2025 Exposure Risk Report: Key Insights

December 03, 2024 • Tim Freestone and Patrick Spencer • Season 2 • Episode 37

The Kiteworks 2025 Forecast for Managing Private Content Exposure Risk Report offers a comprehensive analysis of emerging cybersecurity and compliance trends shaping the year ahead. The report identifies 12 pivotal trends affecting how organizations manage private content exposure risk, highlighting critical areas like data privacy regulations, software supply chain security, AI governance, and quantum computing threats. With 75% of the world's population expected to have their personal data protected under privacy laws by 2025, organizations must implement robust strategies to mitigate risks and ensure compliance.

During the Kitecast episode, cybersecurity experts Alexandre Blanc and Evgeniy Kharam discussed the alarming rise in software supply chain attacks. These attacks are projected to spiral and the associated cost. The experts emphasized that while compliance frameworks like SOC 2 and ISO 27000 standards provide baseline guidance, organizations must move beyond mere checkbox security compliance. "Alexandre explained, “Organizations often view SOC 2 or ISO certification as the end goal, but that's just the starting point. What matters is building a comprehensive security program that actually addresses real risks and maintains security posture over time."

The discussion delved deep into CMMC 2.0 compliance challenges facing defense contractors. While surveys indicate most organizations believe they're prepared for certification, the reality is starkly different: the actual number of organizations ready to pass certification requirements is quite low. Evgeniy noted, "Don't wait to start your CMMC preparation. This isn't just about checking boxes. Organizations need to understand their environment, document their processes, and implement required controls - all of which takes significant time and resources."

The Kitecast conversation highlighted growing concerns about employees inadvertently exposing sensitive data through public large language models (LLMs) and other AI tools. Rather than focusing solely on technical controls, the experts emphasized the need for comprehensive governance frameworks that include clear policies, regular training, and approved platforms for business use. You cannot just block ChatGPT and think you've solved the problem. New AI tools emerge constantly. Organizations need to educate employees about the risks and provide secure alternatives for legitimate business needs.

2025 Forecast Report

https://www.kiteworks.com/forecast-report/

LinkedIn Profile for Evgeniy Kharam

https://www.linkedin.com/in/ekharam/

LinkedIn Profile for Alexandre Blanc

https://www.linkedin.com/in/alexandre-blanc-cyber-security-88569022/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Patrick Spencer (00:01.794)
Hey, everyone. Welcome back to another Kitecast episode for today's podcast. We're talking about 2025, specifically our 12 predictions for the coming year. Now, seeking insights and recommendations from industry experts, I turned to two of my friends, Alexandre Blanc and Evgeny Karam. They're joining me. Thanks, guys. Looking forward to the conversation.

Alexandre Blanc (00:24.87)
Hello, thank you for having us, really happy to join you again!

Evgeniy Kharam (00:28.343)
Same here, always happy to be on the cast.

Patrick Spencer (00:28.748)
Now, is the third time's always the charm, I guess. So this is the third time we've done our forecast report and the other two have been well received in the marketplace and get a lot of backlinks at the end of the year from various posts and articles that are written on them. And some of the media actually end up talking to us. Hopefully that's the case again this year. We do have some interesting items in the forecast. Eugenie, he's a, I'll let you guys introduce yourselves, but I'll give you a quick intro.

cybersecurity architect, podcaster, author, consultant, you name it, he's done it. His book, Architecting Success, was just published a few months ago. In fact, he and I did a podcast on it, so you want to check that conversation out on the QICAST channel. Alexander, also Harold's from the North. This is an all Canadian podcast, I think other than myself. So you'll have to bear with me and my darn...

lower 48 accent, but Alexander, he has held an advisory role and consulting role in various security validations. He consults with various organizations on security and compliance, runs his own firm. So with that, I'll be quiet. Anything you guys want to add before we jump into some of the 12 predictions, obviously we can't cover all of them. We'll cover the ones we think are most salient.

Alexandre Blanc (01:53.03)
I think it's good on my end. there is great value to share about that. So I guess we should focus on the topic. Evgeny, I guess that's good for you as well.

Evgeniy Kharam (02:00.289)
Same here, let's just jump in.

Patrick Spencer (02:02.606)
Super. All right, the first one I wrote down guys, software supply chain. It was obviously on the list last year and probably the year before if I remember correctly. We had big breaches the previous year with Move It and Go Anywhere and the Go Anywhere was hacked again. The Move It stuff obviously sort of kept going on into 2024 and we still hear about it today. I read a report from

a publication that forecast over $60 billion in this coming year is going to be breached as a of the software supply chain. Alexander, any thoughts there when you're working with clients, how often does software supply chain come up? You need to guide them to the fact that, you guys aren't properly vetting all the software that you have in your environment. Here's a checklist of things you need to go through or where organizations typically at.

Alexandre Blanc (02:57.614)
Well, you know, that's falling under the third party risk assessment. And it's challenging because they are very often blind to it because of the diversity of the different sources involved in the process, either they're software publisher or they distribute things. And they see that from a low self liability issue, but they don't see how far it can be. So we have to remind them about the big event in the past.

But also about the regular thing we see online, you know, how many open source library got poised on with either fake names or things like that, that lead to incident. So they have to do that famous as bomb, like software, a bit of material, know what they have in their stuff. And it's always fall being back to the base of cybersecurity, like know what you have. And they don't think that when you say, know what you have, like how many laptops, how many software, they don't think about what they have.

in the detail of the software, the libraries and stuff like that. So when you start to dig into that, it's so granular that it's really becoming a big challenge. So and as we grow with digital transformation, it's getting another big challenge by the day. So yeah, definitely something to watch and something to work on.

Evgeniy Kharam (04:07.873)
I give back on Alexander and what he's saying, that definitely the third party management is very important. And two things happened, a couple of things happened. One, for the last five, six, seven, eight years, the SaaS component became the major part versus on-prem. And it's mean that the companies in many cases need to put their data in somebody else's basket. And what we say with SaaS,

We will do updates of the software every day, every week. Don't worry about you get the latest material and the latest bugs and the latest vulnerabilities as soon as we can. So yes, we need to mature our 30 party management, but we also need to open the eyes. How do we even create secure software by design? And if you reflect on our human life, by, mean like our day by day,

Did we pay attention what's on the can? Did we pay attention what's on this hand cream or whatever it is we have around us? No, only for the last 15 years. Like, you read this strange name that says there it's probably cancer? Or there's too much sugar, but it says no sugar? So the same here, we didn't pay attention. We didn't do secure healthy eating, secure development. So we opened the eyes.

And if you come to general developer right now and tell them security, not my problem, somebody else's problem.

Patrick Spencer (05:40.652)
Yeah, very true. Do you find organizations, the bigger ones anyway, or they have dedicated head counts who insecurity, who are responsible for vetting all these solutions that the darn marketing people or the sales people or the finance and so forth organizations are wanting to bring in?

Evgeniy Kharam (06:00.575)
In many big companies, there's dedicated departments and there's process. I don't think it could be one person to be responsible for everything, but there should be a program. And there is a program. have many friends in the industry that say, this is the process. This is the severity of the severity. mean, is the data staying with us? Is the data going there? Do we check XYZ? What do we ask them? So I definitely see.

maturity and some process. Unfortunately, sometimes I see the questions in the process are just for the process. Like, I need that. I need that. I'm like, did you ever read what I'm giving to you? You know, I'll take this two sentences and create 15 policies out of it. And I ship it to the customer and the customer will say, I use charge GPT to convert this 15 policies to two sentences.

So yes, we have a policy, but do we actually pay attention? Do we read what it says? Do we validate you doing that? When it says we need to have a separate development and production environment, do we go and ask? Do we go and understand? And it's hard. Don't get me wrong. It's very, very hard because if the open source library change a code in two months, it's mean you may need to check them again in two months or have some kind of, Sandra says,

software bill of material management software that will able to dynamically constantly analyze the as bombs until by the way, wait a second, they're just not using chicken anymore here. It's beef right now. It's maybe not kosher even if it's kosher. So it's definitely long, long way from where it's supposed to

Alexandre Blanc (07:51.524)
You highlight two points. mean, the top down support in the organization is key. Otherwise it has no teeth like many regulations. And then the second point you highlight is the change management. Because very often there is a decision that's made, a strategical decision and actions, but then they need to be followed and maintained. And that's not happening. So very often the program is aligned with the business strategy, but over time there is a big divergence between where the program is going and what's the reality of operation in organization.

And if there is no stakeholder and no top-down support to enforce these things, and over time it becomes less and less efficient and even irrelevant at some point.

Patrick Spencer (08:30.434)
You think regulations, know, take SOC 2 or ISO or, and so forth, organizations going through that process every year to get certified or even more so on the federal sector, like FedRAMP and so forth. Is that going to help drive down some of the risks that we see happening in the software supply chain where organizations that just don't have those will be automatically eliminated from consideration? What are your thoughts on that front?

Alexandre Blanc (09:00.624)
Well, definitely it's helping. It's not doing it all because it's referred in the community as checkbox security, which is not the good thing because if you just say, yes, I was speaking about that with a friend, like you send that form and say, yeah, you have backup. Yes, we have it. But the question is not that, that done right? Are you maintaining it? Is it done the right way in the way, the regulation and the spirit of it?

has been brought, like, know, the spirit of it, what's that? That's not something that you can measure. So, but it means that you have to do it right. And in, mean, you spoke about ISO in the ISO framework, and this is very clear that it has to be documented, maintained and reviewed. So yes, if done right, it's going to help organization to maintain the right posture, but you do not have to be blind to the things out of scope or anything that you know is happening in the organization.

The goal should not be to try to escape from the regulation, but more to have an overall security as a whole posture and take that as an opportunity to learn and enhance the process. Looking toward what Evgeny was bringing is security and privacy by default and by design. And that should be the goal. If we have that privacy and security check and every step of the change management process, first of all, we're going to keep a better posture.

but we would have way more easy compliance toward regulation and security framework in my opinion.

Evgeniy Kharam (10:30.573)
Think about that. By having compliance as a they guiding people where to go. As Alexander says, being compliant, having a check, doesn't mean you're secure. Because I can always fabricate my answer. And let's be honest, if you pay someone money, doesn't matter if it's $10,000 $40,000, they now want to pass you. And you're like, dude, I just paid you so much money. What do you mean hard time? Leave me alone.

I'm not going to renew with you next year. I'm going to go with somebody else in different country. So now you have this game of the person that doing the compliance for you want you to pass because they want the business next year. So they may cut some small corners. And there is unfortunately stories about strange SOC 2 compliances by companies that not really supposed to be doing that. But definitely the compliance framework give you an idea. If I'm an engineer,

and I don't have time, why would I have production and real production and pre-production environment? I'm just losing production. I'm lazy. It's faster, you know, I can, but no, we know it's not the right way to do it. So this framework pushing you and in this case, do you have a pre-production environment? Do you use it? Can everybody in the company push changes right into the production? It does definitely helping you to do the stuff.

But if you don't have a security program that's focusing on program, then it doesn't matter with the compliance. You will find how to be compliant. doesn't mean let me secure.

Patrick Spencer (12:07.022)
Are there blind spots, you know, when you're working, you know, vetting a solution from a SOC two or a ISO standpoint, are there some blind spots that you should be looking for to ensure that you don't miss one of those risks?

Alexandre Blanc (12:22.042)
Well, go ahead Evgeny.

Evgeniy Kharam (12:24.013)
There's definitely many one. think we don't need to forget that ISO, it's more on the procedure part. SOC 2 is more about what you decide you're checking you against to. And one example that drives me nuts in SOC 2 is nobody cares about email security in SOC 2. Even SOC 2 security control, it asks if you have an antivirus, it asks if have an MFA, but there is no email security. There is something about data protection.

But it's very, very vague there as well. So I do believe there are more. And honestly, if you take in security controls, think NIST and CIS doing a better job on the controls perspective for a company in general.

Alexandre Blanc (13:11.184)
Yeah, I agree with that take on the practical side of things. But there is also the approach of why does the organization wants to do and implement that specification, that framework, compliance. What's the reason behind it? If it just sometimes it just because a partner is requiring that to be eligible to the contract, then they're going to take the shortcuts. If the question is more build trust, be better at security, then they will do the work in a better way.

Patrick Spencer (13:11.657)
Interesting.

Alexandre Blanc (13:40.23)
So that's an interesting take because usually, you know, the legislation has no teeth. If the goal is to match the requirement, there are going to be some short turns. If the goal is to develop a culture and establish trust and prove the value of it, most likely from what we see in the field, it's going to be way better done and it's going to be an opportunity to enhance. So, and I'm afraid we're going to see a lot of issues.

before it gets in the ads or in the decision process of doing right is the right way to do.

Evgeniy Kharam (14:15.669)
I want to add something here and it's been something on my mind for long time. And it's always when I'm talking to people on cybersecurity for the company, I always divide this. What are we trying to protect right now? Now we're talking about the corporate environment. So let's say we take a cut. Like you guys have a product, but you also have many people in the company. So you have a corporate security, email, end point firewall, SASE, data protection. But then you have a

product security, what goes to the customer. And it's not always the same controls. It's not always the same. So when we talk about compliance, there is a big part there, what's in being protected and what's under the compliance part. It's just the product or the entire company. Because if we are not following zero trust,

one person that is completely not related to a product, maybe in marketing, may have an infection and somehow it will make its way to a vulnerability or a problem in the product itself.

Patrick Spencer (15:21.781)
Yeah, that was a good point. Very good point. Well, we're not, we got to cover more than one prediction in this podcast. We were talking beforehand, CMMC too, and all the upcoming, expectations that organizations have now that it's final. have what, 60 days left to go, not even 60. It's the clock is ticking. You know, what, what impact is that going to have specifically for the defense industrial base? Is there's

100,000 plus contractors in that space, small shops to large, huge global organizations. Obviously global organizations have the wherewithal to address all the different controls in 2.0 level two, but the smaller ones that may be a bit of a challenge. What are you hearing in your conversations with your clients? Maybe start with Alexander and then Evgenia will switch over to you.

Alexandre Blanc (16:13.156)
Yep. Yeah. So that's a smaller side of the business. We speak here on my end of Canada. But yet some provider. What happened is, some of them had to rush to be eligible to the previous version of it and with the self assessment, et cetera. So sometime they took some shortcuts and now it's time to do it right. And for the ones that did actually

implement the thing and the control, the gap between the requirements is way less to succeed. But for the ones that just were, did it just to pass it? There is a bigger gap. And I think we are going to see some transformation and big changes in this organization because they would have no choice where some process were acceptable and kind of with a bent head. It will not be good enough. And they will have to rethink the way they handle the work that is under the scope.

of the CMMC because obviously again, they can obviously segment where they work on that. And we're to see a lot of that. Like the teams that work on the CMMC material are going to be probably moving into compliant platforms. And what was like patch and band-aid will be just dropped from the equation. That would be my take. Evgeny, maybe your take.

Evgeniy Kharam (17:29.995)
So first of all, we definitely gonna have many new companies are gonna help you to pass the EMC version two. Okay, so if you're listening to us right now, please be careful before you're going with the companies that magically gonna pass you this. Look on the third party compliance, understand how long they've been, what they did and what they did before. Please don't trust anyone's gonna make you happen to you. Second, is definitely a call for you to allocate budget to be compliant because you...

don't know right now how much money it will take. As Alexander mentioned, there is a self-assessment process that you definitely want to do. if you cannot do it right now, you don't have to go all the way outside. You should go to the local IT, MSSP, people that help you to do your job. And if they're not able to help you with your job, maybe it's time to think about somebody that will give you a better way.

for you to be secure, is to understand what they're doing. Or they will find someone to help you because the worst part you can do is filling this without understanding your environment and use it as a gift to assess your environment, to understand what you have. Okay, it's not a course, it's a gift. I may find something I didn't know exists. I may find a printer, CNC machines are connected to the internet that I don't even know. Maybe a firewall with a management port connected to the internet.

and many, many other different things. So there is changes. There is also alignment to NIST, and I think it's good because now it's going to the same direction as NIST and CMMC, and you can not kill two birds at the same time, but at least align these two initiatives. So if you started NIST or CIS because you can map CIS to NIST, and you can even map SOC 2 to NIST in some cases, it's going to be a shorter path for you for CMMC.

So this is one part. So definitely start thinking about this. Don't wait to the last moment. There's policies need to be drafted. There's policy need to be changed. You need to understand who has access to what. A lot of stuff there are good ideas for self-review and self-reflection as you as a company.

Patrick Spencer (19:43.982)
One thing that I knew both have probably seen the same report where self-test station 80, 90 % of organizations think they're okay, that they're gonna pass. But then reality, when they're assessed, that's not the case. It's only like 15 or 20 % are actually going to be able to pass based on where they're currently at with all the controls they have in place. So I think your point, Eugenia, start now.

rather than waiting is really, really good advice. Alexander, do you have any thoughts on that front?

Alexandre Blanc (20:15.194)
Yeah, definitely. I agree because they're going to realize the impact that is needed to bridge the gap and the change that it's going to imply is also going to change the business workflow because that's security on the side, but because to become compliant, there's so much change to do that the existing way of doing the work, the workflows, et cetera, the documentation will have to be adapted on the operational mode as well. So better sooner than later.

Patrick Spencer (20:39.286)
Yeah, I would completely agree on that front. Well, we can talk about regulations and compliance all day. That's like 10 podcasts in and of themselves. But here's another topic that's 10 podcasts in and of itself. AI. But specifically, and we can talk about AI in terms of a risk that they're tapping into and they're leveraging it to make their attacks, cyber criminals make their attacks more complex and to accelerate them. We could talk about how

cybersecurity companies are tapping into AI to make their products more secure and to identify those attacks faster and to mitigate the risk. I would like to focus our discussion, which is the point that we made in the forecast on sensitive data and organizations are jumping into the pond. They're just not sticking their toe in the water. They're jumping head first into the water in many instances, and then they're discovering their employees are exposing sensitive data in these public LLMs.

Do you see that as a risk and are your clients talking about it? Do they realize that they actually have a risk on that front or are they discovering after the fact?

Alexandre Blanc (21:50.0)
I can start if you want. there is like, you know, it was like bring your own device. And what happened is that a lot of time, employees in organization jump on tools that are not validated or reviewed as part of the third party risk assessment. So in evenly regulated spaces, they have training, they know they should not do it. But in most organization, having it so convenient, like writing a letter, etc. And

Patrick Spencer (21:52.376)
Sure.

Alexandre Blanc (22:16.73)
they use information that is sometimes classified or confidential and put it into the platform without assessing that this is going out. They think they are just using an application and that's the culture of using a tool that looks like it's yours, but it's not. So basically we fall back on the DLP, you know, data leak prevention tool and inside, there are no, if there are no technical control or administrative control or policies regulating any of that for sure.

This is spreading information and we know how BitTech is eager to eat more data, build learning on it. And we saw many stories about, mean, prompt injection stuff, allowing to get the data from other users around. So it's not about securing the AI itself, but it's just about know what you expose and users are actually expanding the attack surface and breaching the governance. And when they do that, the effort that you put into compliance, into...

governance of the information, you just kill it because you just spread information that's out of sight because there is no way for management, for compliance people, for the position to say what was there unless they did cover that before the use. Evgeny, if you want to jump on that.

Evgeniy Kharam (23:28.717)
It's definitely a problem, but I think I want to expand this. It's not just the LL lamps. It's just in general, people like this problem existed for long time, but just on a different scale. People put stuff on the Facebook, people put stuff on YouTube. We kind of played with DLP. We know, no, it's not very easy. We play with URL filtering, we play with SSL decryption. There is ways to go around it.

I think there's levels there. You need to bring awareness. You need to remind people, not just police them, explain to them why it's bad. Because if I block chat GPT and I forget that Alexander will create an AB LLM tomorrow, or Patrick will have his own guest. And apparently Amazon now has one as well because they put money in perplexity. Okay. So maybe go to Amazon is now has an LLM as well. Actually Amazon just now have

It's their own recommendation tools as well. So it's more about awareness right now to explain to people. So let's start with explain why it's a bad idea. Do create policies. Do let people sign the policies why it's a bad idea because eventually if somebody messed up something bad, you want to explain why they now need potentially can lose their job. Remind from time to time and I don't know why we stopped doing this. Lisandro, you probably remember the days of Blue Codes when you

Open the browser and this is telling you, by the way, don't forget your browsing right now. Please don't do anything stupid. So we had a pop of wind of telling us that we kind of watching you and please be careful in what you're doing. We have this entire domain of security browsers that can do many stuff as well. So I'm not saying we shouldn't block. We should, but there should be also a of awareness and there, it's just going to be very hard to plug all the holes we see.

And we should attempt to do it, but we also need to spend time to educate people that they want to think why it's a bad idea. And if they need LLM, and I think we do need LLMs, and it's their opportunity to go to management and say, hey, I'm a developer. Can I have an LLM specific, especially on developers? think something called cursor or something like that. There's like many, many LLMs that people build right now purposely.

Evgeniy Kharam (25:53.153)
that you want to go to management, third party risk company will assess the LLMs, make sure they're good and you will get the LLM for you that you can safely use inside the company.

Alexandre Blanc (26:07.43)
And I want to add, spoke to organizations as well that they decide to deploy LLMs inside with local workloads of LLMs. that, yeah, did solve the third party risk of the data going to a third party provider, but that didn't fix the governance issue within the organization. If engineering data or research data go to the marketing side and vice versa, which is not supposed to happen, this is the same challenge. And sometimes it doesn't fix, although I'm not a cloud lover.

Patrick Spencer (26:07.47)
No.

Alexandre Blanc (26:34.884)
But we have to admit that if things are deployed internally, they must be done right as well. And sometimes it can bring some tough challenges, especially in the AI world where either generative or LNM or any kind of automatic processing, the data flow has to be clear before anything is deployed in production. And that can require a lot of effort, especially the technical solution are not all available yet, I think.

Patrick Spencer (26:59.118)
That's actually a great segue to, I'll cover one more prediction and we'll wrap things up. Everyone will have to go read the report themselves. But one more thing that I had written down, I think is interesting and that sort of is a perfect segue is data classification. You have all this unstructured data all over the place. You don't know where it's all stored. Plus you don't know what it is. What do you see from a 2025 prediction standpoint that organizations will begin to do when dealing with that?

Evgeniy Kharam (27:27.085)
You know what? I think this is what we'd be complaining about AI, but I think this is where AI should shine. And if it doesn't shine, it should go away home because this is what it's designed to understand that this is a picture of my dog and not my T4 or not my compliance and my other tax documents. I don't want tools that tell me that cost a thousand dollars. And I need to explain to the two what they need to look for. This is why I want the tool that goes smartly analyze the data.

If charge GPT can analyze a picture and tell me where to can cannot park or tell me that traffic ticket or tell me something else that all these tools should and some of them already able to discover scan the data across my cloud, across my devices, across my SharePoint, my SAS and give me an accurate place on an explanation. Hey, Evgeny, this data shouldn't be actually in the company. This is all.

private data, let's tag it and remove it. And I'm not even need to classify this data. I it shouldn't be gone. Okay. And then let's classify the data. And unfortunately we know, and this is where you guys I think shine and helping the industry is let's not just classify the data. Let's also encrypt and protect the data. Because if I have this amazing SWL PowerPoint, it shouldn't be going to everywhere. And

As somebody that worked for a very big MSSP bar for a time, this was very annoying to present to a customer and then seeing how my salespeople so easily sending the PowerPoint that we spent two months building and then six months after or even two months after, somehow somebody telling you about a competitor to have the same pictures you were like, Hmm, I wonder how this happened.

Alexandre Blanc (29:21.838)
I think this is also defining a nice evolution of AI, which has been very generic right now to reach the market and, know, time to market stuff. But where it really shine is in specified application, properly scoped application, and data classification is definitely one of them. And on top of that, because the model can be trained and deployed, it means that it doesn't have to ingest a ton of other data from the third party. Right now, know, all the last time you spoke about chat GPT, it's eating the data that people feed in.

grow and learn. But when we have defined scope application and the engine is working well, then you can have a lot of benefit from it without raising the risk level. It's the same when we see, you know, it's amazing at scanning radio X-rays to find cancer and stuff like that. It's doing great at that. And it doesn't mean that it's going to mine all the data and pull it all. So that side of it, I think it's going to be where it performs.

and it will be able to focus application, properly scope. It's going to also make governance and security more, way more easy because we know what it's supposed to do and we can actually restrict it to what it's supposed to do. So in the future, that's, I guess, the evolution for business to have dedicated AI work. It's going to make life easy for many, many people and for the regulation and security people as well.

Patrick Spencer (30:41.462)
Yeah, I agree. Classify it, track it, control it, secure it. That's the task before us today, right? Well, we're unfortunately out of time, guys. There's a bunch of other predictions, as we know, in that report. I encourage your audience to pick up a copy. can do so at kiteworks.com slash forecast slash report. Pretty easy to remember. So make sure that to check it out on our website. Alexander for...

Alexandre Blanc (30:50.63)
Yeah.

Patrick Spencer (31:09.996)
Those in our audience who are interested in engaging with you, LinkedIn obviously is a good starting point. Any other suggestions for them?

Alexandre Blanc (31:18.566)
LinkedIn is just fine, know, reach out and always happy to discuss and broad technology spectrum you like just Sometimes opening the discussion. You don't know where your strategy is going. I'm not selling products So that's something that I don't do I don't sell product so I just bring analysis I can guide you help understand that's what I do basically bought advisory kind of stuff as well And yeah, that's what I do I'm LinkedIn to reach out

Patrick Spencer (31:42.424)
That was great. Evgenia, audience, they need to pick up a copy of your book. They can engage with you on LinkedIn, any other suggestions for them.

Evgeniy Kharam (31:52.653)
LinkedIn softskillstack.ca the website. Definitely spending a lot of time on LinkedIn. Always happy to connect. Always happy to help you if you have questions how to get cyber. Actually just a bit of small promotion. We just created a small training for people that want to have interviews how to use soft skills, how to be on camera, how to relax and have a convoys, not using filler words because I believe the younger and not just younger generation is definitely missing.

this part and we want people to get hired, we people to get jobs.

Patrick Spencer (32:26.114)
That's great. And the snowboarding conference is coming up a few months away.

Evgeniy Kharam (32:29.513)
Yes, yes, February 27. Everybody's welcome.

Patrick Spencer (32:35.677)
Well, guys, thanks for joining me today. I really appreciate your time and your insights and your ongoing support. For audience members, go to kiteworks.com slash Kitecast to check out other episodes. Happy holidays, guys.

Alexandre Blanc (32:48.752)
Thank you. Thank you, you too.

Evgeniy Kharam (32:50.103)
Thank you.

People on this episode

Patrick Spencer

Co-host

Tim Freestone

Co-host