Jeff Man 0:02
Welcome to this edition of Security and Compliance Weekly. Today we welcome Naomi Buckwalter virtual CISO, Director of Information Security by day, and also the founder and executive director of an organization called The Cyber Security Gate Breakers Foundation. We are going to discuss the cybersecurity skills gap or lack thereof, how we can solve the perceived shortage of talent in our industry, and how Naomi believes that there’s a gatekeeping issue in our industry. Who knows, by the end of this discussion, we might just add breaking down gates to our tagline. So join us as we continue our journey of tearing down silos and building bridges on security and compliance weekly.
SPONSOR 0:48
This is Security Weekly, for security professionals by security professionals. And now, it’s the show that bridges the requirements of regulations compliance and privacy with those of security, your trusted source for complying with various mandates building effective programs and current compliance news. It’s time for security and compliance weekly. Some things are best-kept secret, you wouldn’t send your company’s financial data through the mail on a postcard? Then why would you let your employees use insecure collaboration and file share tools to share sensitive business information. Introducing Cross-Claim – a file sharing and collaboration solution built secure from the ground up. Think Signal, only designed specifically for business and enterprise users Cross Clave uses blockchain technology and end-to-end encryption to deliver a true zero trust system designed to protect you and your business’s most valuable data. So if you need to share sensitive information Spideroak’s Cross-Claim is your only choice, go to securityweekly.com/spideroak and get a free account with five gigabytes of storage.
Jeff Man 1:57
Welcome to security and compliance weekly. This is Episode 83. And we are recording live on August 17 2020. I’m your host, Mr. Jeff Man. Joining me remotely as usual, are my co-hosts, Mr. Scott Lyons, Mr. Josh Marpet, and Mr. Frederick “Flee” Lee. Gentlemen, welcome.
Josh Marpet 2:24
Thank you.
Jeff Man 2:26
In fact, we’re working on getting Scott back on he had a few technical difficulties. So we’re doing a little bit of reboot. So I’m going to start by giving you a couple of announcements. The Cyber Risk Alliance, in partnership with Infragard has launched the critical infrastructure resilience benchmark study, you can measure your readiness for ransomware by completing the survey and getting your score. Go to securityweekly.com/CIRB to take the survey and get your results. Coming up on August 26th at 11am. Eastern time, you can learn how to implement cloud security in a way that actually works, which implies that people are doing it wrong. So if you want to do that, you need to go to securityweekly.com/webcasts and register now. Also, of course, if you’ve missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at securityweekly.com/ondemand. Alright, enough for that. Our guest today, as mentioned previously is Naomi Buckwalter. Naomi was brought to actually Scott and I’s attention, we were having a conversation a month or so ago with somebody else who will be a future guest on the show. And he mentioned Naomi and said you got to check her out. So we did and then we invited her on the show. And now here she is. So Naomi, welcome to Security and Compliance Weekly.
Naomi Buckwalter 3:56
I’m excited. It’s Episode 83. Congratulations. I love the prime number. And I’m excited to be here. Yeah.
Jeff Man 4:03
Every other time we have a potential of a prime number, that it’s not always the case. But thanks for displaying your geekiness right at the outset by acknowledging our prime numbers….
Naomi Buckwalter 4:14
Yeah, I should dial that back.
Josh Marpet 4:16
No, no, no!
Jeff Man 4:18
You’re in good company, unfortunately, or not. We’ll take it from there. But while we’re on the topic, why don’t you just tell us a little bit about yourself how you got your start in cybersecurity and you’re ultimately we’ll get around to your foundation. But you know, tell us how you got to be a virtual CISO at least.
Naomi Buckwalter 4:37
Oh yeah. Happy to talk about myself, Jeff. So, my name is Naomi. Hey, everyone. Thanks for listening today and spending your time with us. I’ve been in tech and security for over 20 years. If you’re watching me on video, yes, I do look a little young. I blame that on my genetics. So yes, I am 40 years old. And I’ve had experiences doing a little bit of everything started out as an application developer. Way back in the day, when Lotus Notes was still a thing, moved into Java mid-tier, we called it spring MVC, if you remember that moved into Application Security did some security engineering architecture. And it’s an incident response, a little bit of privacy. Now I’m in my third role as the security leader or CISO, however you on call it, for a midsize business. And the one that I’m in now is called beam technologies. And our mission is to do smarter dental care. And I would say I love it. Like there’s plenty to do here in the small midsize realm. There’s so much to do so much to learn so much to grow. And if you guys are thinking about becoming a security leader, I highly suggest trying to be one in a smaller midsize company you get to do so much as well.
Jeff Man 5:47
It’s interesting that you entice people into becoming a security leader, I think most of us are trying to figure out whether we even whether we’re even security professionals and what that means. So, to jump forward a little bit, you’re also the founder of an organization called Cyber Security Gate Breaking Foundation, which is the bulk of the conversation today but give us a little bit of a tease about what this organization is about and why you felt compelled to start it.
Naomi Buckwalter 6:18
Yeah, happy to so it’s called Cybersecurity Gate Breakers Foundation. And we are here to win the war on cybercrime. By dismantling the myth that there is a skills gap or a skills shortage, I believe there is no skills gap, I believe there’s a demand gap in the minds and the hearts of hiring managers and cybersecurity professionals and executives. So if we can convince people who are in our roles as security leaders, and as veterans of cybersecurity, if we can convince them that it’s important and easy to hire and train the next generation of cybersecurity professionals, we will win the war on cybercrime. So as you know, in this asymmetric war, where there’s one malicious actor or one bad group, APT group, they can take that an entire eastern seaboard of the United States for gasoline, right? Like it’s an asymmetric war, one bad actor can do many bad things, we need more defenders, clearly the numbers are against us.
And we all know the numbers 314,000 unfilled jobs in the United States, over 3 million, depending on who you ask in around the world. And those numbers are just increasing. I think by 2025, there’s a report by Forbes it says cybercrime is going to be a trillion-dollar industry if it’s not already, and breaches are constantly happening. And if you if you see kind of what’s happening in the world, and this is where I’m trying to get to you, I can see a world wherein a future where cybercrime is just happening all the time, and it’s going to continuously bleed out of the virtual world into the physical world. And that’s a future that I do not want to see. And so I started this foundation, knowing exactly this, I can see a future and I have a vision of a future where my children and my grandchildren are now suffering on the daily because they can trust where their water if their water is pure, or if their electricity is going to be constant, right? Like all these things that we take for granted now can be affected in the very near future if we continue to let this trend of cybercrime happening. And it’s not just data, we always talk about this. It’s just data. It’s okay. It’s not anything like that. But it’s increasingly getting worse.
Like there’s a story I tell quite often about a midsize or midsize in the Midwest, or there’s a police station that got hacked. And cybercriminals stole some photos of crime scenes and had some murders in there and some blood and everything else, like pretty gross stuff. And the cybercriminals went up to the police station and the detectives and they’re like, Hey, we’re gonna release these photos if you don’t pay us a ransom. So a different type of ransomware. If you think about it. Now the police station actually said, well, heck, no, we don’t have that kind of money. We’re not insured for that. So they go away, right, EFF off. Do we currency on the show? Maybe? Oh, yeah, like so. So and then the cybercriminals? What did they do? Well, they’re gonna get their money somehow. So they want to the victim’s families. So the victim’s families are now victimized twice, once when their loved ones were murdered. Now, another time when the cybercriminals really, if you don’t pay us, we’re going to release these photos out into the world. And they did. And so that that is just one of many examples where people’s real lives are now affected because of cybercrime. It’s not just that anymore.
Josh Marpet 9:16
Naomi, can I ask you a question? Yeah. And I’m gonna go back…
Jeff Man 9:20
before that, Josh, before that… no, it’s okay. We just have to squeeze in the hot seat question.
Josh Marpet 9:26
Ah, my apologies.
Jeff Man 9:27
And then we can dive into this. As we’re all kind of chomping at the bit. I think, Naomi, we ask all of our guests to come on the show, because this is a show called Security and Compliance Weekly, and we try to speak to both audiences as it were, and really try to enlighten each audience that there’s another audience out there. We have simply what we call the hot seat question, and there’s no right or wrong answer. This is just your opinion, giving us a chance to get to know your mindset. A little bit. Where do you fall on what we like to call the security versus compliance continuum?
Naomi Buckwalter 10:07
Yeah, so you’re asking my more risk based or compliance based? I am very certainly in the camp of being more risk based. I think it’s the better way of evaluating risk. And as security professionals, we are just managers have risk. And we are enablers of the business now, is compliance, a terrible thing? No, there’s in some ways, compliance and security can play along really nicely. But I think AJ Yon says it best compliance does not equal security. But security always equals compliance. So if you have good security, you’ll always be in compliance with whatever frameworks that you’re trying to comply with, or whatever laws and regulations. But if you’re just complaining, just trying to check the box, sometimes you’re not you’re going to miss the mark on actual good security. So I am clearly on the risk based side. I appreciate compliance, I will say, but it’s not the end all.
Josh Marpet 10:54
It’s okay, there you’re wrong, it’s not a problem.
Jeff Man 10:57
Go ahead, Josh.
Naomi Buckwalter 10:58
Not a problem.
Josh Marpet 11:00
No, no, we can discuss that later. I have a very different view. But I understand where you’re coming from. But it’s, it’s cool. We’ll talk about it later. But no, I do have a question about what you said earlier. You mentioned that there is not a skills gap, there is a demand gap. And you said that there are unfilled jobs. And so I’m a little confused. And maybe I’m just thinking about it backwards. But it would seem that there is a demand. So if there is a demand, where’s the demand gap? Maybe I’m misunderstanding?
Naomi Buckwalter 11:24
Okay. Yeah, that’s a really great question. Because I need to clarify, there is a demand gap at the mid-senior and senior levels, there is less of a demand gap at the entry-level position. So I did I now analyze 1000 LinkedIn jobs about a year ago, and I found out only 12.5% of these 1000s jobs in cybersecurity are for entry-level or tagged as entry-level. Now, when I dug into the job descriptions, and I literally did this, I found on average, more than 50% of them require five years of experience just to get started in an entry-level role, or a role that was tagged as entry-level. Now, not only that five years of experience required a master’s degree, and CISSP. Now if you know about the CISSP, you already need to be in cybersecurity in order to be seen as CISSP. holder. So that kind of got me thinking, well, it’s not just anecdotal evidence at this point, I have the peer data, and it says, over half of entry-level jobs in cybersecurity require years of experience. Is that common sense? No, it is not.
So my entire foundation is trying to say, let’s make sure we can hire and train the next generation of cybersecurity professionals. Because cybersecurity professionals aren’t just going to pop out of the ground guys, we’re not groundhogs, they’re not just going to be ready to go and jump into a mid-senior and senior level, the demand is yes, we need more mid-senior and veterans and we need those people who know what they’re doing. But they’re never going to get there unless we take the curious and the hungry and the passionate and the people who are amazing contributors, if we were just to give them a chance. And that’s what I’m seeing, I talked to so many different people throughout the pandemic I’ve helped I’ve just mentees and everything. I’ve just been so inspired by them, but they are not being given a chance. And I just don’t know why I’m like you are amazing, you are way better than I ever was at your age.
You know, you’re building home labs, you’re writing blogs, you’re doing YouTube things, and you’re going to webinars and conferences and I just don’t get it. And it just like rips my heart out because I know we’re losing this war. And I know the only way we can win is that we have more people, it doesn’t matter what kind of person it is. It doesn’t have to be a person with a technical background or a CS degree, or anything. Like I literally took an opera singer. And I hired her as a technical writer as an intern. She wrote all our IT security playbook. She actually had the first one done within the first week, because guess what, guys, it is not brain surgery. It is not rocket science.
Josh Marpet 13:46
I totally agree. And I actually have an intern currently at my non-profit. That’s a day trader and he’s still day trades. We’re getting him up to speed on that. And get and he wrote an article on ransomware that we’re gonna I’m going to be submitting to SC Magazine for him, and he’s writing a processes and procedures for us. So I totally get it. I understand. So if I hear you correctly, what you’re saying is the demand gap is the demand for entry-level people is so low, that it’s hard for people to break into the industry, because there’s just nowhere for them to break into, am I correct?
Naomi Buckwalter 14:18
Yeah, I’m just saying the obvious. We all know this, but I have the data to back it up. And when I did see that when I saw the data itself, my heart just sank because I knew we were never going to reach the point where we can fill 314,000 unfilled jobs, you know, minus a 12 and a half percent. We’re never going to get there unless we start training and mentoring that next generation and or do we have enough people to do that within our ranks? Do we have enough people with that mindset of hoping? I don’t know.
Josh Marpet 14:44
I’m gonna play devil’s advocate for a second but you said that there is a demand gap and you have data to back it up which is awesome. By the way well done, if you don’t mind me saying so. And so there’s no demand for entry-level people, and yet your strategy is to train and mentor people to become entry-level people, but you’re not addressing the demand gap. If you’re training,
Naomi Buckwalter 15:04
I’m training, I’m training the trainers, I’m not training people, the entry-level people are fine. They’re perfect the way they are, I need to train the teachers, I need to mentor the teachers. That’s what this foundation is doing. We are addressing the demand side.
Okay. I agree with that, like one of those statistics on my data, it’s something like less than 10% of security professionals are 29 years old or younger. Right? So it’s literally just nothing but a bunch of like, old worn out people like myself and the industry. And you’re 100% right, I, you know, I got started in security when I was a teenager. And it’s weird now that a lot of our criteria make these demands that are almost impossible to fill for skills that we actually know people actually do have. And I love the example of kind of the opera singer that you really good at communication, really good at actually understanding humans nuance actually going out and actually writing things like you open a security team. I am so here for this conversation. I wish I wish I could be more controversial.
Josh Marpet 16:03
No, no, I mean, I’ll plays devil advocate. I’ll take that job, it’s okay. Naomi…
Naomi Buckwalter 16:10
like I hired I hired my opera singer after I here’s the thing. I’ll never tell her this, but I didn’t think she could pass her security plus in two months, like I was like, if you can pass your security plus, in two months, I will offer you a job. And I honestly I was like, I probably just went too far. There’s no way she can do this. Right? She blew my expectations out of the water she studied, she took a does like a dozen practice exams, she made hundreds of flashcards studied for hours, right? And this is all after hours, right? She did her full-time job for us, and then went back and did all the studies. So she crushed it. I had no idea that this was even possible. And then I started thinking she’s not unique. There are so many people just like her.
And here’s another thing, not a lot of people know this. But when I opened up the internship position, I didn’t make it a public thing. Like I only announced it to like three different Facebook groups, right. And I did that on purpose. Because I was like, you know, I don’t want to reject 100,000 people anyway. So why don’t I just reject, like the smallest amount of people possible. But what ended up happening was we have a huge number of diverse candidates, just from posting those three Facebook groups, the opera singers, and a couple others, you know, communities of color and stuff. But like we actually got a really great set of candidates. And if when we took out, we did some blind hiring practices to check out the unconscious bias. We ended up with one military vet, middle-aged white guy, we had three females, one was not two were opera singers. One was a female of color. One was a student’s like, there’s just so many things to talk about uncovered here. But I’m kind of just rambling. But do you see what I’m trying to say? I don’t think Jessica was unique in any way. I think she’s special. Yes. But are there many? Jessica’s? Yes, yes, there are. And if we can just find them, and train the trainers and teach them what to look for. And then give them resources to like, here’s what you do with this person. And here’s how they can provide return on investment day one, which is what you’re looking for anyway. And here’s how you train the next generation. Let’s do it. Let’s do this.
Jeff Man 18:01
Yeah, I want to take a moment. Hold on, hold on, Josh. Sorry. Okay. Um, I just want to level set a little bit because this is a nagging question that I’ve had for months, if not years, when people talk about the skill shortage and the job shortage for cybersecurity roles. And it’s it may seem like a silly, maybe even pedantic question. But what exactly are we talking about in terms of cybersecurity roles or jobs? You know, what are some examples of the roles that we’re trying to fill?
Naomi Buckwalter 18:37
Well, if you look at any department that has cybersecurity underneath their purview, it’s really anything that has to do with the confidentiality, integrity and availability of data and systems. So if you want to hire somebody, give them very low entry-level grunt work, there’s grunt work in every single specialty and subspecialty. in cybersecurity, I challenge you even in my role as a security leader, I have plenty of grunt work. And I would rather just ship that off to somebody who I know I can just tell what to do, and then give them spaces to learn and to grow safely. And then have them do it. Like I don’t want to have to waste my time filling out security questionnaires. Like that’s not something I want to do that is
Jeff Man 19:15
is the grunt work typically involve writing.
Naomi Buckwalter 19:21
Yeah, in a lot of cases, and that’s why the intern was hired for technical writing. And no, she didn’t know how to technically write technically, but I could train her. She’s a good writer, you know, you can break down arguments, you can find things you can think critically about things. And so that’s all I needed. And those are the skills that are hard to train. Think of all the human skills and the people skills that a lot of people just don’t have, especially in cybersecurity and believe me, I used to be one of them. I used to be rude and smug and just glib in like all these things that you’ve seen a lot of different cybersecurity professionals. And I used to be that way because I was deeply insecure about myself.
I used to have to pretend to be the smartest person in the room, and that hurt me To like so much in my career, the one the second that I had, like a, something happened to me where I was just humbled beyond belief. I started realizing I don’t know everything, and I need to improve. And once I had that growth mindset, and understanding that to be a better person, and to be a better security person, I need to be more self aware and understand what my strengths and weaknesses are, and then really work on myself. And I realized I am the common denominator to all my problems. Why am I blaming other people for my problems? Why am I not getting headcount? Why am I not getting resources or budget, it’s because of me, like, I am not doing a good job explaining to the business what we need, explaining what the risk is, and getting them on board winning their hearts and minds. Once I realized this, I’m like, wow, the skies opened up, angels started saying, and I said, that’s what I need to do. And it’s been night and day ever since.
I do have a controversial take. And this is a name. And I want to keep challenging on your phrasing here. I don’t believe I think that calling it grunt work is that key negative and dismissive of what you know, a lot of people are actually doing, a lot of it is really actually supplying that connective tissue inside of a security organization for that broader organization. And in particular, some of those areas that we often neglect to polish fully, like policy writing is one of the areas we often neglect to really, truly do a good job of things like bone management is one of those areas where I’ve seen a lot of entry-level people be extremely successful. And it’s one of those areas where oftentimes, we just kind of, you know, get it started, but don’t actually really finish it and polish it. And so I can view a lot of this work as being additional work brekkie people that can come in and help polish things and really help complete things. And I hope that there aren’t people out there who view these kind of roles as being diminutive, or maybe, you know, like small was, it’s actually really, really valuable roles. And it’s how a security program really scales is out of a company.
Yeah, you’re right. And I shouldn’t say the word grunt work. I just do that for like, shock value. I guess I agree with you there. I’m gonna change my phrasing. Thank you. And I agree, like, so especially for a small and midsize company like my, we don’t have security automation, and we don’t have that sore. I like the amazing acronym. We have a lot of manual processes. Like for example, my, my cybersecurity analyst, Jessica, now, she looks at our demark reports. And then we have everything filling into report URI. And, you know, I have her take a look at every day like those are the kinds of things that I don’t want to spend my time doing, I would rather have someone like Jessica learn and grow in a safe space, like, okay, are demarker…
Jeff Man 22:29
Is there an implication… Josh – you’re cutting me off again?
Josh Marpet 22:33
Like, no,
Jeff Man 22:35
you’re no, it’s my turn, because it’s my show. And
Josh Marpet 22:37
Nnnnnhhh.
Jeff Man 22:37
then I just, I just want to make an alternative observation. And anybody can weigh in, including Naomi, what you said and what Flee called you on in terms of the grunt work. To me, I heard that there’s, and I think this is pervasive in our industry. There’s an implication whether you meant it or not, that there’s more value in a quote-unquote, technical role, or a technical task, versus a non-tech task.
Naomi Buckwalter 23:13
It hurts me so much. Anytime I hear somebody say technical versus nontechnical and security, and please, one devil want to hear your perspective on this Naomi. I think that’s a misnomer, and actually just outright lie. If you’re in security, by definition, as a technical role, you’re always doing technical work inside of security. In order to be effective, you have to understand the technology behind some of the things that you do inside of corporations. Are there things that require different disciplines from a technology standpoint? Yes. You know, can you take an opera singer and overnight making them a reverse engineer, maybe not, I don’t think it’s actually without outside of the grasp of somebody from that background. But but I do think it’s harmful for us in an industry to have this idea that there are technical non-technical roles. And maybe that’s also partially because we have this, I don’t know, we actually kind of see like being technical, as a badge of honor. And being non-technical is almost dismissive and derogatory, and I can’t see them, even because we have to think about the overall impact because our goal is security is delivering secure outcomes. Both of these people, like people from all you know, you know, all walks of life, whether they’re technical or clinical, non-technical, they all are there to help deliver secure outcomes. And I think that’s actually the thing that we should index more on as opposed to, Hey, is this person, a good C++ developer, etc. That’s my, you’re touching a nerve there.
Josh Marpet 24:40
I’m gonna smack; And I’m not gonna smack you Flee. I’m just gonna point out that your definition of security may be very different than other people’s. I’ve talked to a lot of people that their definition of security is you’re a pentester, right? No, well, then you’re not in security. And that’s because that’s been a cultural thing for the infosec world. Are you security if you do forensics? Are security if you do technical writing for a security facilitator, the technical writer for red team? I would argue, of course, you’re doing security and I think you would do fluently. But I think the base problem there is the definition of security is very different for very people and the unconscious biases. I don’t think it biases the right word, but the unconscious sort of scripting of what is security is very different for different people. And so it’s all it’s probably,
Scott Lyons 25:24
You’re sort of hitting the nail on the head, but you’re a little bit off-center. Realistically, in our community, it’s always been the technical people that have done the work in the non-technical people that have been relegated or related to your management
Josh Marpet 25:35
No – you’re wrong!
Scott Lyons 25:36
You know, so…
Josh Marpet 25:37
You’re wrong!
Scott Lyons 25:38
No, no I’m not. Whenever we have somebody that’s coming up into management, we say, Oh, well, then your technical skills are going out the window because you don’t use them. So…
Josh Marpet 25:50
but that’s wrong…
Scott Lyons 25:50
trying to make that correlations in different ways.
Josh Marpet 25:53
You’re absolutely wrong, Scott, I’m terribly sorry.
Jeff Man 25:55
No, it depends how you define technical. I mean, I have not been hands on a keyboard other than writing Word documents and spreadsheets in probably 17 years. And I say I’m not technical. And people argue with me as I will, yes, you are sure you do. Because you understand ones and zeros. But yeah, so I think it all has to do with how you define technical. But I think we’re touching on part of the issues and problems that are just sort of, you know, part of the fabric and the undercurrent of our industry, which is what creates these problems where there are no entry-level jobs. There’s only the mid-level. I mean, this industry began with no entry-level, everybody was coming, coming to it from somewhere else already having a background in something. You know, that you and that’s, I think that’s possibly one reason why the job postings are mid-level. Because you you need to have or at least there’s a perception – and I’m willing to be corrected on this Naomi, there’s a perception that you need to have some sort of prerequisites in order to get into this field of cyber security.
Scott Lyons 27:04
No, no – the precept the prerequisites came in, when recruiters started recruiting. Yeah, they said, How are we doing this and other industries? We’re gonna mimic this over here. And we’re gonna hope that it’s effective. You know?
Jeff Man 27:15
Naomi? What do you think? Correct all of us.
Naomi Buckwalter 27:17
I have so much to say, I’m just waiting for you guys to talk. So yeah, So I just want to just one thing, somebody mentioned that technical people have more value than a nontechnical person, I will explain this to you think about how we treat each other in society? Who is the higher paying people? Is it the teacher? Or is it the software engineer? Is that a person who cleans bathrooms? Or is it a person who cleans logs? Right? That’s the only analogy I get… that the reason why is because we end up venerating and paying people more, the more they act like computers. So the more they act, non-human, we give them more money, the more they act for humans or as a human, you know, teaching mentoring coaching, taking care of people stay-at-home parents, we give them less money. And why is that? Because our entire value in society is fucked up. Like we literally have no idea what we’re doing. We’re like, Here’s $300,000. And you can be a security engineer, or and here’s $30,000 to teach and mold. the brains of children like that is fucked up. How is that not fucked up? And so that is my argument. The reason why we do see and I agree we do value technical people over nontechnical people because of that reason because society says it’s okay to venerate the people who act more like computers than the people who care for the human side of ourselves.
Scott Lyons 28:45
No, no, unfortunately, C-levels are putting a lot of money towards tools versus people in process. And that’s why we’re saying that we put the technical people above because they know how to run the tools. Fight me.
Jeff Man 28:59
I just want to ask, and it’s somewhat of a rhetorical question. When Naomi drops her microphone and it bounces. Does that lose its effect and impact?
Scott Lyons 29:11
No, it’ll go it’ll go <inaudible> because its a snowball.
Jeff Man 29:16
Hey, we’re just getting into it, but we need to take a break. So we’ll come right back and jump back into this very heated and interesting conversation that we’re having. So stay tuned, we’ll be right back.