Embracing Disruption: Navigating the Future of Cybersecurity & AI in Healthcare

Syriac Joswin   2:49
Hello and welcome to Movate talks business insights unplugged.
I’m Syriac Joswin senior vice president and global business head at Movate, your podcast host for the day.
So this episode we are thrilled to welcome Nemi George, Chief Information Security Officer and head of it at PDS Health.
Over a career spanning multiple continents, Nemi has been a testament of truly leadership.
Innovation and disruption in this ever evolving landscape of cybersecurity. This year, he was recognized as one of the top 100 Cso’s globally.
That speaks volumes about his impact in this field. While he’s an accomplished professional, he believes in giving back to the community with his pivotal work.
The Information systems audit and Control Association, also known as ISAKA, which is the global nonprofit organization recognized for its guidance, credential, education and training to the community.
Nidhi serves as a distinguished chapter head for the for the Orange County.
Any I’m super excited to have you as our guest today.

George, Nemi   4:22
Syria. I’m happy to be here.

Syriac Joswin   4:25
Wonderful. Namely, I was.
I was going through a profile and I was I was doing a bit of research about, about your career and it’s a very impressive journey across many years and I’m sure when you talk a little bit about your journey, you know it spans across continents, it spans across.
Different culture.
Talk us, talk us more about, you know, Saul has this journey been from where you were growing up to where you are today?
And aren’t there any standout moments you know that?
That has shaped up your professional path.

George, Nemi   5:02
Yeah. So I’ve I’ve been lucky to work in several different countries and continents. As he said, I’ve worked in.
Starting from this, from the top of work to Nigeria, I’ve worked in in the UK in the US and in India and so.
Over, you know, four different continents and getting to work with thousands of of people.
It’s it’s been a.
It’s been interesting and there’s so many different standout moments for me.
Biggest things that I I look back on is just my ability to to drive change.
I always tell people that when you leave an organization, you should be able to leave a bit of yourself with that company and long after you’re gone, people should be able to come in and say, oh, this is what name we built when he was here and you.
Know we didn’t have this and he showed up and he did this.
There’s got to be something tangible.
That you you leave and my my example might be really.
Really basic, but for me this this was the the moment that clicked. I worked for a company God years ago called Yes Telecom.
There were three of us in Advanced solutions support, and there was about 60 people in customer care, and so you can imagine sixty to three and these sixty people were responsible for taking.
Customer calls and then passing them to us.
Now this company was in a a town called Manchester.
4K and if you know anything about Manchester, it is a university town and so they had about 5 universities back then in this town. And so the point being a lot of these people that work for this organization, they didn’t really care about it. These are large.
Students who just wanted to make a quick buck on the side. And so of course, they’re not taking the training seriously.
They don’t really follow.
Any real processes, they’re just not invested and we were getting.
Being swamped like three of us who are getting blown away with the amount of calls and a lot of them were just so silly, right?
No troubleshooting was done.
And so got up one day and I just fed up with it.
And So what I did was I created this little credit card size.
Troubleshooting guide and I called them tech the boxes. Right? Tch. The boxes and the idea was whenever they got a call on, you know, GPRS, PCM, CIA cards.
USB dongles, BlackBerry troubleshooting iPhones were not even a thing back then. Whenever they got a call, they had to go through this four or five questions to get basic information.
I created this guide guides on my own at the mall up, laminated them, got Blue TAC and tacked them onto everyone’s monitor. I sent outcomes to the entire customer care team the next morning.
Like, hey, you’ll find some cards on your monitor as you come in. Read those cards.
Now we will not be taking any calls from you if you haven’t gone through and text the boxes and in one one failed swoop, every one of those people had to follow the process.
They all learned a little bit of it because they had to do some troubleshooting and we had some time to breathe and that was the start. The catalyst of just looking back and saying, do you know what you can complain about?
The problems all you want or you can just season, you know, seize the opportunity and.
Do something and fix something.
And anyway, the rest is history.
Ever since then, I pretty much go around looking for what am I gonna fix today and how am I gonna make my job better and hopefully the job of others better as well.

Syriac Joswin   9:30
So this is interesting and what I hear from you is you’ve tried to be a change agent, but you’ve done that creatively.
I like the way you said instead of pick the box and stick the box. That was that’s innovative.
I’ve never heard that, but that’s that’s that’s very, very interesting. And and then I think you’ve embraced change also.
As you moved along, right and one of the changes I was observing in your career is how you sort of?
Move from.
A telecom vertical to a healthcare vertical right.
So you were working with, you know, Vodafone and and before that also as you just mentioned and then here you are with with PDS, right?
So how does this transition happen and and how do you look at, you know you moving from a vertical to another vertical because these are separate verticals, right?
These are separate verticals.
It has its own nuances.
Both regulatory compliances and things like that. Or are there similarities?
Between these sectors, so your your your thoughts on change and your thoughts on your own career moving from one to the other?

George, Nemi   10:38
Absolutely. I think with a lot of these industries, there’s an underlying technology stack that is essentially the same, right, irrespective of the organization or the industry vertical, you work in the certain things that are are the same, right?
You have endpoints, you have servers.
You you have data that needs to be protected.
I think the very first thing that you need to do when you are switching industries is just understanding the nuances around regulations as an example.
Once you understand what is it that I’m absolutely requires to protect, right. When I was at Vodafone, we had our internal, you know, network IP environments.
But we also we were in the enterprise side, so we had several customers and I think for me this was maybe what made the transition a little bit easy.
Because working within Vodafone Global Enterprise.
I had a lot of global big global healthcare customers.
Novartis AstraZeneca to name a few were my customers and so the the level of scrutiny that we had to go through in managing those accounts was I guess very good preparation for transitioning into managing.
A healthcare organization. Now I will tell you that there there are particular nuances when you’re managing a healthcare organization.
And in the states, because you have different states with different laws on data retention and.
Data protection. And so you’ve got to understand all of those.
But once you have mapped out all of the different controls and you kind of you have a an overarching control set that you’re managing to, it becomes relatively easy to to manage the security program.      
But you mentioned a critical point, which is change management.
Everything I’ve talked about is really under technical and on the governance side with change management, you really just need to engage and I think that’s one of the areas that security and IT professionals in general haven’t done a great job right as much as I have worked with.
A lot of healthcare organizations I’ve never worked for healthcare organization and I’ll give you one one simple example. One of the things that early conversations I had when I came here was around.
Certain end of life equipment and for me with my security hat on, I’m like, well, we can’t be using these equipment, you know these are end of life and end of support equipment. But a lot of these were embedded medical devices and they just wasn’t anything else out.
There, right.
These were from a medical standpoint, these were the most expensive, the best.
Leading edge technology for doing certain things in the dental and the medical space.
So when you realize that you know this is not just a windows, you know 7 or Windows 8 computer, this is a $200,000 state-of-the-art.
Dental equipment that changes your mindset.
Now you’ve got to think of how you protect it, how you work within departments as you have, you know whether that’s micro segmentation.
You know, carving out separate Vlans for it or just looking at a traffic insane.
I’m only gonna allow this port communicate with that port within these business hours. Whatever restrictions you need to put in or there’s a fixed address that it works with.
You are able to be a lot more creative knowing that.
You don’t have a choice to just walk in and swap out this equipment. You’ve got to make it work.
So that’s another nuance you get in healthcare and I guess the final thing to say is when you think about.
The stakes in healthcare? They’re a lot higher than in in a lot of other industries, and so the value of healthcare data of, you know, your electronic health record is the last time I read about it with a Verizon breach report was a think over $400.
And so you look at that competitive value of a breached credit card information, which is, I mean it’s nothing.
It’s pennies to to to the dollar a cents to the dollar.
Should say so.
You know when you think about it that way, it forces you to be very diligent in how you manage and protect information.
But you know in it and insecurity, which are two areas that I work in, we don’t do chain very well.
We’re we’re often very hesitant to change.
We we we tend to resist change.
And in a lot of cases, the organizations that we support.
Move so much faster than we do now. We end up playing catch up and then we accuse the business of, you know, performing shadow it and in a lot of cases shadow. It is just a failure of it and security to adapt to the the needs of the.
Business.

Syriac Joswin   16:39
And that’s very interesting.
I mean, I picked up a few things in what you said and one thing which sort of I want to double down is.
Is healthcare technology.
Innovation and then disruptive innovation going forward.
So if I if you if you start connecting the dot, obviously you did mention, you know there’s there’s this regulatory bodies you’re gonna work within the remit and and you’ve got your challenges you know whether it’s resistance or whether it’s whether it’s inside out resistance or outside in.
Systems, but there is that right.
And then there is this customers of yours who are moving at A at a light of speed, right in terms of technology adoption and then this whole, the whole world is seeing AI being adopted at at a massive scale level speed, right?
So I just wanna double down on your perspective and I’ll I’ll get into the cybersecurity in a minute, but just in this whole.
Healthcare business, how would technology, innovative technology?
How can innovative technology rather be?
Adopted and what is your view on it?
Will it be adopted or or do you still still see the same level of resistance?
Are you seeing things changing as you move forward?
What’s your? What’s your vision in that space?

George, Nemi   18:02
I think there are two sides to that question and this is where I kind of look at it there is.
The clinical side, the doctors, the practitioners, the clinicians, right.
The dentists who are working.
They embrace change.
Open handed, right?
They they want to do, they want to use it and then there is the IT side of it where we are meant to be enabling this change and in a lot of cases.
We resist the the changes and I’ll kind of, you know, try and explain those a little bit.
So let’s let’s take the the view of change from a clinician and in this case, let’s use a dentist and you just have to sort of visualize this with me.
So you have a dentist who’s working with a patient.
They have the gloves on, right?
And every 15 minutes, the computer times out.
Because someone in it or someone in security says time out period is 15 minutes.
So now the dentist has to take up the glove.
They’ll type in the password on the computer ’cause they cannot use the gloves after you know, sticking it in people’s mouths to go type in the keyboard.
So they have to take up the gloves, type the password of the keyboard, get a new set of gloves, come back and start consuming the work, right?
Extremely disruptive. Now you bring in technology and say we’re going to do batch tap or we’re going to do.
Windows hello where you can just look at the IR camera and it logs you back in.
That dentist is.
Jumping at the bits because of that technology, you take something like aerial where so periodontist.
Hygienist is essentially probing a patient’s gums to see how good or bad their the gums are.
You go through and hopefully everyone has had a pair of examination.
So this would make sense to you and the dentist essentially is for the hygienist in most cases is probing the tooth to see how far those pocket depths go.
They may be probe at best.
Or maybe if you have great memory, six of your teeth and then they have to stop and then they have to go to the computer and type in pocket depth.
So it’s like 433222. Whatever the case is per teeth, right?
They’ve got to type that in.
They got to come back, continue probing. Go back to the computer and type it in. One of the things that my organization just built is an AI engine that is able to.
Sample and analyze the the doctor’s voice or the hygienist voice and essentially you just talk. So rather than type in typing in the patient’s numbers or pocket debts, you just speak.
And irrespective of the ambient noise around you, the computer using no accessories, no headsets, nothing.
Just the default mic on the computer, it’s able to pick up your voice and is able to apply the numbers.
To the right tooth. And you just look at it in the end and you validating away. You go without having to touch the keyboard.
I’ll give you one last example.
With X-ray images.
An X-ray of a tooth is an extremely small image and a lot of times.
Dentists air on the side of caution, so you might need to do a root canal when you probably don’t need one because of how you know what they’re able to detect from the X-ray.
Now we’re able to build in AI that goes in and says, oh, actually you maybe don’t a root canal or the reverse might be the case.
Maybe you did not see that a root canal was needed.
Maybe you didn’t see that there was a fracture on the tooth.
Maybe you didn’t see that it was an Abscess within the gum line.
Now we can use AI to scan that image.
And compare it with millions of other images in seconds.
And we’re then able to provide that information to the dentist and again, the the AI is not diagnosed in the patient. The AI is just saying you might want to consider.
ABC, based on our analysis.
So if you were doctor, I don’t see anyone who would be, you know, resistant to to that because you are enhancing the clinician, the clinical workflow, you’re making it more efficient, more you know you’re making it faster.
And so on.
And then you switch into the IT side and I use a different example. You think about things like cloud.
Let’s talk about AI.
Let’s talk about mobile devices working from home.
Let’s just use those four and if you know to all the security people listening to this podcast, if we’re honest with ourselves, what was your first reaction?
Ten years ago, 12 years ago, five years ago, when you heard that your company was going to adopt AI, your company was going to let everyone work on their mobile phones.
In their personal computers, everyone was gonna be able to work remotely from Starbucks. Whatever the case might be.
Or even just sass. We’re gonna go away from it having to install applications and patch those applications in your endpoint. And now the service provider can just provide patch over the air without it being in the middle. And a lot of IT professionals, a lot of security profess.
Would have freaked out.
At the very thought of their organizations doing any of these things.
Like just two years ago, when AI and ChatGPT and copilot came around.
I cannot even tell you how many Cisco roundtables I attended, and the conversation was, oh, what are you going to do?
Are you going to block it or are you? And I was like, no, I’m not going to block it.
I don’t even know what people are using it for.
I want to understand the technology first before.
Deciding whether to, you know, block it.
But a default for a lot of security professionals was just AI is evil.
You’ve gotta block it.
And they just blocked it and I can tell you that a bulk of folks are now having to reverse and use it. And I’m not saying that we should just blindly embrace all technology, but you really can’t restrict things that you don’t understand. You’ve got to invest the.
Time to understand.
The pros?
The cons of technology and then see.
If it’s a force for good, see what guard rails you need to put in place and then understand how that might be a challenge or risk for your organization. And the final point to make is in a lot of cases, even when there is a risk, it is.
Not always the job of it or security to make that decision unilaterally for the organization. We’ve got the reports into.
You know, execs of the board or whatever.
We should take the time to explain the risk to them and a lot of these decisions are business decisions, not technical decisions.
And I think that’s an area that we’ve kind of missed the mark a little bit in, in, in security we feel with the the judge, the jury and the executioner of what we feel is right for the organizations.

Syriac Joswin   25:49
Thank you Nimmy and and our listeners have heard the till now the the creative side of a technologist in many right, you gave those three use cases on the clinical side which.
I think they’re that’s just tip of the iceberg.
There’s so much to do.

I want to highlight on Nemi the cybersecurity expert right and Nemi, the the expert who, you know, wears a different hat and wants to protect.
Data wants to ensure that while the experience is given, but guard rails are kept and regulation is followed right?
What’s what that side of Nemi talking.
What’s that side of Nemi looking at the challenges and how is Nemi trying to adapt all of this yet being innovative?
Does it make sense?

George, Nemi   27:38
Total totally and I think this is where my answer might be interesting to most people.
It’s the same Nemi, right?
It’s the same person and I think a lot of times.
We we we mix them up, we feel like there’s got to be a completely different persona and that there’s nuances to, you know, being the the you know, CIO or you know, CTO versus being a CISO.
But ultimately, if you really strip it all down.
Our jobs at the end of the day is using technology to advance the strategic business objectives of the organization. And if you strip your job is not to protect the company, your job is to advance the business. The strategic business initiatives of the company. In doing so you.
Have to protect the company.
You have to ensure you align with regulations and so on and so forth.
But what comes first is what value is your organization.
Deriving from technology and if we all agree to align with that first, then at least we have a North Star. We’re working towards the same thing. The second thing is.
Understanding the organization and this is where again very similar to.
A technology enablement role you’ve got to understand the organization ’cause. If you do, then you focus your efforts on what makes sense.
Now let’s talk about the security.
Part of it, a little bit more. The first thing I talk about cause in security, we talk about controls, which sometimes I think we do a little bit too much talking about controls because it’s it’s gotten a certain negative connotations, but a lot of controls that we imp.
In security.
Are restrictive, but don’t really achieve a lot of strategic or frankly security value. And I’ll give you some examples. I’m going to try not to mention any particular products here, but let’s take.
Let’s take.
E-mail protection.
Link protection URL protection as an example.
You have a solution where if you had a link in your e-mail and you clicked on that link and that link was meant to be restricted for whatever reason, then that link is restricted.
However, if you had your e-mail open on one screen and you open up a browser.
And you simply type in the.
In the browser directly but not going through your e-mail. It allows the browser to open.
So it’s like putting a a gate right in front of your house where door and you push the door and the door is locked.
But if you just had the common sense to turn the handle, you could get in a lot of controls and security are that way. We put in barriers that, you know, certain people.
Are restricted and certain people. I’ll give you another example and I have I can do a whole podcast about these.
Let’s take BYOD.
You have BYOD implementation on a.
On an Android device versus an iOS device.
An iOS devices.
You simply have one profile. You have one app.
So if you’re using let’s say Outlook, it’s one outlook. If you use a mail, it’s one mail client. If you were on a Samsung device or an Android device, you have a business persona and you have a personal persona.
So now you have two different apps. If I wanted to copy.
A contact.
From.
My business app to my personal profile.
In this case I’m restricted from from doing so on an Android device, but if I was on an iOS device it doesn’t matter because there’s only one client, so it lets me do it anyway.
And so I’ve challenged people as using this as an example.
How many iOS devices do you have in your organization versus Android devices?
And in some cases it’s 80 to 20, right?
80% iOS, 20% Android and you’ve implemented a policy that 80% of your organization.
Simply bypass.
Even better, they don’t even know it exists, because it doesn’t apply to them, and it only applies to 20% of your organization because of the device type that they’re on.
Like it makes no sense.
However you look at it right? And so with my security hat on, I’m always looking at how effective are my controls.
How far reaching are these controls? Am I putting in a control that just gives me the illusion of security and my users are just able to walk right through it, especially if they just tried a little bit right?
And when you have security controls that are porous, like, you know the Swiss Swiss cheese approach to security.
Those are the sort of controls that people hate because they just look at you as getting in the way of them doing business.
But if you take a step back and going back to kind of where we started, what is the business trying to achieve?
What are the strategic objectives?
What is the value stream that that organization is trying to do and looking at the value stream, you got to look at, you know people.
Suppliers, technology. All of those things. And then based on that.
You ensure that you have the right set of controls that are appropriate to the assets that you’re looking to protect, and whatever you do, you’ve got to do it in consultation with the business, right?
You cannot have security going South and the business going north.
You you’ve got to have the business alongside you.

Syriac Joswin   34:01
Yeah, and. And as your partner at MOBIT and and now that we’ve been working for some time together, one thing we particularly liked about your leadership style Nemi is how you actually don’t see this as two different persona.
That’s what you said at the beginning as well, right?
It it has its own nuances for sure, but at the end of the day, more importantly security it.
Have to be or should be seen as an enabler rather than as a detractor.
So, and that’s what we love about, you know, working with you, working with your team.
I wanna now sort of pivot a little bit towards your passion, right on.
And I was giving my introduction about you at the beginning.
I was talking about, you know, your way of giving back to the society and and one of the things, at least, what we learned is through isaka.
Yeah, the chapter lead in the Orange County as well.
Want to hear about?
You your involvement with Osaka. and for the listeners also right.
You know people who have achieved a certain position have achieved a certain, you know, or at a certain phase in their career where they can give back to the Community.
Like what would your two cents be to them?

George, Nemi   35:43
Absolutely. I think we’ve talked long enough in, in it and especially in security about the lack of talent. And as I say to my team and everyone else, talent is not going to fall from the sky unless we discover aliens from a different planet that will show up.
On earth and be security experts.
The the talent that we are looking for.
Or the talent we have, it’s there’s not a special group out there.
There’s not a special country with special talent.
There is not a special state.
It’s what you have is what you have and as leaders and practitioners, we really need to to get up this, this bandwagon of, you know, we’ve got a talent shortage and and where I’m going with this is organisations like Isaca and ISC squared and Sands and and all.
Of these are great organizations for, you know, just networking and understanding what’s new, what’s coming.
How should we interface with technology?
What are the new standards out there?
And we do several like, you know, so many different activities. We have a monthly.
Evening meeting most other groups have, you know, different meetings.
We work with other sister organizations like the IIA, the a CF E and the several.
Organizations to work with the CSA to Cloud Security Alliance is another one that we’re partnering with locally, and we organize academic events.
So there’s training, heavily subsidized training.

And they can come in. They can get the training, they get the exam vouchers and, you know, in a lot of cases.
Pass the exams.
We refund all or most of their exam fee, so it’s all about giving back.
It’s about training people in these core certifications that they need for for their career. In addition to that, we’ve partnered with a number of organizations just to mention a few Trend Micro Palo Alto Attack IQ.
Are three great partners that we work with.
We organize training events, capture the flag events, red Team Red teaming events.
Pantera is another one that we’ve worked with, and they provide labs and training and hands on training for our Members so they can learn and, you know, sharpen their skills. And I will tell you that of all the things we do, the training at the technical training about.
The best things that we do because we’ve had in, so there’s about 50 people usually maybe a little bit more than attendees sessions and we have everyone from.
Ci OS sissels all the way to interns.
All in the same room. We break them up into groups and then they work in these exercises and for a lot of people that might be the only time they get to sit with A/C level it leader as peers working together, brainstorming, trying to solve a common problem.
And they don’t get that when they go back to their jobs or when they go back to their colleges and so on. So.
You know, to those listening, if you’re not a member of these associations, I would.
Struggle would suggest that you you join one.
But we are in Orange County, so if you’re in Orange County, feel free to reach out to us.
But if you’re not Isaccurate global organization and several countries around the world.

Syriac Joswin   40:03
And and I must say, on behalf of the listeners ourselves, namely, thank you for what you’re doing. I think you’re doing a great thing, like you said.
We’re all in dearth of talent, and instead of just cribbing about it, can we do something to to, to elevate that that quotient?
Right. So. So thank you for what you’re doing.
What the organization is doing, we are towards the *** end of our of our podcast and I’m itching to ask you this because I’ve learned about this.
That you’re a tea collector.
So I’m I’m very very curious.
How did this all start and what are we talking about when we say tea collector?
You know, I see.
I I hear there’s a cupboard full of tea bags or so.
What’s? What’s that hidden thing about Nemi?
Which which our listeners don’t know.

George, Nemi   40:54
Well, I love tea.
I don’t even know where it started or how it started.
Maybe growing up in the UK or, I don’t know, but I I never. Here’s the first thing I would say.
And the tea purist out there would be would be stabbing me through the phone. I never drink.
I never have a single teabag.
That’s almost a golden rule.
I always mix up my tea, so I look at tea like I’m craving.
Cocktail, right?
I I want to have.
This flavor and that flavor, and I’m always combining the flavors together, so it makes tea a lot more interesting.
Whereas, whereas if you wanted to get the same flavor profile with coffee and nothing wrong with coffee for the coffee drinkers out there actually read an article yesterday that said that EU KS becoming a a country of coffee drinkers and no one is drinking tea anymore, which.
Is upsetting a bunch of folks, but with coffee, you know you can achieve.
Similar, but you know you have different flavours and a lot of artificial bits and bits and bobs to.
To achieve various different flavour profile, but anyway I do love tea. I collect tea from everywhere I can.
India, obviously the UK and South Africa.
As much as as much as I can, I I sometimes I’m lazy and I don’t.
Do you know loose leaf leaf teas?
But when I can, I let it brew.
And just and plus it’s my.
Frankly, it’s my way of drinking water.
So felt selfishly.
So I’m always drinking tea.
And yes, I do have a.
Mini if you think about the Big Red London phone booth, I have one of those.
A mini version.
Not quite.
Minis about maybe 1/3 of the size in my office and it does have just tea.
So yes, it is a thing.

Syriac Joswin   42:50
Good, good, fantastic nemi.
This has been enlightening and and I enjoyed the conversation. I hope you liked it too.
Thank you for the valuable insights. And as we wrap up, you know any last two key messages for you know for the audience in terms of a professional take away a personal message as we conclude this podcast NEMI.

George, Nemi   43:16
I’ll say two things kind of summing up what I said earlier.
The first is you have to drive change.
You know, I speak to a lot of people and they ask me, how did you get so far in your career and relatively in a relative short time?
And I say, well, there’s no secret.
The secret is if there is one, it’s as you’ve got to drive.
Change as simple as that and I use an example of the coffee table. You know every.
We we we live in an age where everyone feels they need to have a coffee table.
And the problem with coffee tables is even those who don’t drink coffee all want to have a coffee table, right?
And it sits there at the corner.
It gathers dust.
It becomes the bookshelf.
It becomes a stand for the remote control.
It becomes everything else other than a coffee table, but it’s there and everyone knows it’s there and that’s the way some of us are right at our jobs.
You’re the guy who does X and everyone knows you’re there.
But people don’t really know what value you offer.
But they know you’re the.
You’re the endpoint guy.
You’re the off guy.
You’re the whatever guy.
We have all these labels and I think you’ve got to break away from labels and titles and we all need to be able to go home at the end of the day, right? And in my case, my 4 year old holds me accountable.
I come back home every day and he has the same question for me every single day.
What did you learn today?
Dad, what did you do today?
And I don’t know if he knows why he’s asking it, but it forces me to think.
Like I actually did this today and the days I go home and I’m like, you know what, kid? I don’t know.
I just had a bunch of meetings and I just have a bunch of stuff and the day was over and I didn’t what I did.
And so you’ve got to solve business problems. You’ve got to make a change.
And then the final thing, and this is more in the security side, just embrace the business, right?
And that starts with communication speaking to people.
Understand what you are protecting.
You cannot be a security professional.
If you’re not in the thrills of power.
If you’re not in the corridors of power, if you’re not speaking to the people that matter, so you know what ultimately matters to the organization, you would just be advancing your own selfish, you know, myopic agenda and not driving the strategic objectives of your organization.

Syriac Joswin   45:48
Thank you.
Thank you, nemi.
Thank you once again for your time.
Enjoy this conversation and look forward to talk to you soon.

George, Nemi   45:57
Through time and all those listening.
Thank you.