Patrick Blanc (CISO Nexthink)

Show Notes

We talk with Patrick Blank about what it takes to secure a fast-growing B2B company whose product includes a privileged endpoint agent deployed at massive scale. We dig into why fundamentals beat hype, how productivity shortcuts quietly create the biggest risks, and how we frame security to customers and the board without losing speed. 
• Patrick’s career path from banking and consulting to CISO roles and security leadership at Google DeepMind 
• Why privileged endpoint agents raise reliability and trust stakes for enterprise customers 
• How identity and access management fits alongside endpoint security and defense in depth 
• Using compliance as a baseline trust signal while preparing for deeper customer audits 
• The hidden risk of productivity workarounds and the shift with agentic AI tools 
• Tool sprawl as a security problem and the value of secure-by-default standards 
• Emerging segments like IDE-integrated AI code security and the push to reduce alert noise 
• Practical ways to communicate cyber risk to a board focused on growth and resilience 
• Preparing for a faster external attack surface by tightening fundamentals like patching 

Chapters

• 0:02: Welcome And Show Setup
• 0:37: Patrick’s Path From Banking To Google
• 3:37: Securing SaaS Plus Privileged Agents
• 5:43: Identity Focus Without Ignoring Endpoints
• 8:06: Earning Enterprise Trust Through Compliance
• 12:22: Productivity Workarounds And Agentic AI Risk
• 15:59: Tool Sprawl And Secure Default Strategy
• 19:20: AI Coding Tools And Security That Scales
• 23:20: How To Talk Security With The Board
• 27:43: AI-Driven Attack Surface And Fundamentals
• 30:53: Closing Thoughts

Transcript

SPEAKER_00 0:02

Welcome to the Unicorn Cecil Podcast. This is Pedro from 33N. In this podcast, we discuss with seasons of companies reaching unicorn status, working on the frontier of cyber while balancing business speed. Let's get started with today's episode. Alright, so welcome to the new episode of the Unicorn Cecil Podcast. Today we have Patrick Blank, Chief Security and TP Engineering at uh at NextTing. So thanks Patrick for joining and glad to have you here.

Patrick’s Path From Banking To Google

SPEAKER_01 0:35

Yeah, glad to be here. Thank you, Pedro. So, yes, so I'm I'm Patrick. So, usually I like to introduce myself by saying that I grew up in Switzerland, so I'm a Swiss citizen. And as most Swiss people, like I started my career in banking. And after that, I moved to different roles in my career. I work in consulting. And then very early in my career, I got like the opportunity to become the CISO of a large energy trading company. So it was like a great opportunity, obviously, but like very uh very quickly I found out that I was a bit uh too young for this type of like political roles, and I wanted to get back like to a technical role. So after two years in this company, I moved back as an individual contributor to Google and I worked there for many years. For six years, I worked uh at Google. Uh I had the chance after a year at Google to join uh DeepMind. So I was the first security person like supporting DeepMind at Google. And and obviously, like it was before like LLMs were cool and all of this kind of uh big AI investment, but still it was a great opportunity to see like how one of these AI lab was working from the inside. After that, I worked well. Obviously, COVID happened in the middle, so it was also an interesting time at DeepMind. And then after that, I joined the GCP cloud team at Google, a team that we named secure by default. Basically, we are making sure that uh GCP was the most secure cloud. So I was managing three teams there, working on all the secure default, on Kubernetes, on like sandboxing, on all of these things. And more recently, I joined uh Nexync as their chief security officer. And basically, I'm supporting their growth, like rapid growth, I guess, and also all of the technical and organizational challenges. I think we are going to discuss about it. Uh I lead five teams, so I left I lead team across cloud, corporate, product security, compliance, and field security as well. We are a B2B company, so we have a lot of customers that are also concerned about the security of the organization. So this is a big part of my role. And uh just finally, like Nextync was recently kind of acquired or like bought to some extent by Vista for 3 billion. So uh I'm also like working, like I work also on the due diligence and all of this aspect of this uh new leadership and this like kind of what makes me busy these days, right?

SPEAKER_00 2:56

All right, very, very clear. I mean, uh the again your your profile and and and the background you have, and then the company next thing, I mean, are are quite interesting because uh you you have a deep technical background, but today you're securing the human element of organ or securing the the the how humans behave uh in organizations, right, as a third-party provider. So curious from your perspective, how do you balance, I mean, uh at Next Think, both internally as well as externally, right? Securing infra, securing endpoints, employee behavior. How do you how do you see this this uh different components tying together?

Securing SaaS Plus Privileged Agents

SPEAKER_01 3:36

Sure. So as I said, like I think Nextync is a B2B company. So I mean, I spend a lot of time working with customers and prospects, doing audits and also like doing a lot of work with the legal team, the strategy, the leadership team. So the human element is very important. I think one of the unique challenges, and one of the reasons also why I was excited to join Nextync is that we have a lot of very specific technical challenges in the organization. We are not only a SaaS product uh like most of the scale-up and Unicorn scale up, I guess, but we also have endpoint agents with privileged access on the endpoint. And actually, it's like installed on more than 20 million of endpoints. So obviously, like it provides like it makes it very interesting from a security but also a reliability standpoint. Obviously, CrowdStrike comes to mind. Obviously, we had this big incident. So customers often are concerned about this element. How do you secure the agent? How do you make sure that it's secured and also reliable, right? So this is like a very interesting challenge on top of like obviously all of the SaaS elements like identity, also isolation and all of this type of thing for a multi-tenant product. I mean, the the the endpoint agent is a big part of it. So securing our customers is obviously our main focus, but obviously you you need a nullistic strategy. Just securing the customers is not possible, right? We need to secure the edge and the endpoint so we are not like getting compromised ourselves because obviously it leads also to the customer to some extent. We need to secure the CICD, the cloud infrastructure, and all like the the multi-tenant SaaS platform. So basically, yeah, this is like a big part, focusing on external attackers are often like, I mean, for all of us, it's like what we are the most concerned about. But obviously, insider they have privileged access everywhere, and it's it's a big part of the of the risk as well, right? So, and especially these days with a gentic workload, I think we are going to discuss about it as well. But this another area where I guess insiders are also a key concern. So hopefully it answers the question, but that's in a nutshell, like the multiple dimensions that I basically manage, right?

Identity Focus Without Ignoring Endpoints

SPEAKER_00 5:42

Indeed. It's interesting because there's big discussions about identity, and if you go into uh areas of interest in cyber non-human identities or identities for agents is a big topic, right? But with recent events like open clause and all the other all the variants, right? I think the endpoint is coming again back to the center, right? And you see this also with some acquisitions that uh that big cyber vendors were doing. Uh my question to you is to you is are we overconcerned about identity and how to define identity in the world of agents and forgetting that in the end the agent is running somewhere in an endpoint?

SPEAKER_01 6:23

Sure. So uh first of all, I I wouldn't say that we are over-indexing on identity, right? I mean, identity is obviously a very complex topic. And I know like very few companies that are doing their IAM perfectly, right? So, first of all, I think getting the fundamental control in this aspect right is super important. Like things like 2FA or just in time access, these days they are not really negotiable, right? We've seen like very recently attack like Striker that wiped like a very big pharma company through like just a nation state Iran like attacking them. So I think this is still something that remains a top priority. Uh, no question there. However, like I mean, you need a balance security program. If you over-index only an identity and totally disregard endpoint security, obviously it's going to be to be very hard. For example, obviously, you have all of the privileges of on an endpoint, like making sure that you're not administrator of the endpoint, you can turn off like your EDR solution, or also you can uh steal secret like a pass key. These days, like everyone is relying on pass key everywhere, or at least like the the the companies that are trying to be that to get their identity right. But obviously, if everyone is admin and can steal some of these things, obviously it's becoming like a broader challenge. So I think you need really like to understand the full chain of attack and making it difficult to compromise you like for an attacker, obviously. So that's what matters at the end of the day, and it's never like just one thing, but obviously, identity is somewhere where usually most of the gaps are, and that's why many companies over-indexed on it at some point because they were behind quite a lot, right?

Earning Enterprise Trust Through Compliance

SPEAKER_00 7:58

Yes. How easy is it to be in this uh sweet spot, right? To be having the the endpoint again. Security, I'm sure, plays a role, and here probably the security aspects of of NextThink are double-checked by customers to to make sure that they can then enable all the controls, all the productivity for the employees, right? So, how how hard is it to balance here trust and cyber to enable business for next thing? True.

SPEAKER_01 8:31

So, I mean, multiple aspects to that. I I agree that being an endpoint agent, not like an AI agent, really like uh the think of it like an EDR solution. These days, in 2025, 2026, I mean, it's very it's a very hard sell for any company, right? At some point, like 10 years ago, it was okay to bring yet another agent. These days it's it's very hard. Like uh you don't want also just like for like in terms of performance and things like that, people they don't want uh to install new agents. Next thing I think it's it's also like a 20 years old company. So basically, it gained some traction and managed to get like this uh unique advantage of being installed there and collecting this telemetry. And obviously, what you see often in the market, that's something that I learned as a B2B leader, right? But you see that a lot of these companies they are looking at each other, right? So basically, if you have one bank, for example, one Swiss bank doing something, all of the other banks they will follow. So obviously, since we have already kind of we are already installed, we are already have a footprint somewhere, other big companies they are trusting us and basically are willing to do it because others are doing it. Obviously, if you are a new player, you want to install a new agent somewhere, it's going to be much harder, especially in enterprise, right? For obviously on startup, it's fine, but if you want to go like pitching one of the biggest customers in the world, they won't like it very much, right? So, I mean, this like something unique. One aspect that works quite well at the end of the day in this massive enterprise organization is obviously compliance, right? So we are uh SOC2, uh ISO 27 and also FedRAMP certified, or at least we are almost FedRAM certified, it's still now a question of like some of this bureaucracy in the US to get this thing finalized. But at the end of the day, I mean, we are working a lot on compliance, and compliance is first of all, like kind of the common denominator that is sometimes sufficient to provide reassurance to some organization. And then we see like the most advanced organization that comes with additional questions. They have their own checklist or their own set of controls they want to ensure from our side, and then we work together with them. So I have a field security team that is working directly, kind of a field CISO team, if you'd like, that's working directly with the customers and basically trying to like give them the answer to all of their questions. And this is becoming an even bigger issue these days with, for example, for banking with Dora and all of this regulation that are pushing a lot of challenges on the organization. And also AI is becoming extremely like difficult. Selling AI to enterprise is very, very hard because basically you come people, first of all, they don't know what to ask, what question to ask. So they are bombarding you with thousands of questions, which is obviously very hard for smaller companies to answer. And also they are not really very clear about what they want to learn and they don't have also like the understanding of it. So it becomes some weird like back and forth with organization because they are very worried to be the first one to adopt something and to be the first one to get compromised or something. So it's a different, it's it's a difficult uh environment for scale up because it's it's draining a lot of resources.

SPEAKER_00 11:38

And I'm sure others are even in a worse position, right? Uh, with so many, at least that we see to some so many early startups looking to have access to the endpoint. So I guess it's it could be worse, right? Especially with Next Think's presence already.

SPEAKER_01 11:52

Agreed. We we built a maturity on that front, right? Building a maturity is hard. It it took us like many years also, like to get a sense of what customers wanted and to get this framework right. Obviously, we are it's still not perfect, but now we understand a bit better what customers care about, how we can answer the question, what we can also prepare in advance that scale a bit to the organization, questions that are frequent and so on. These things that now we handle to some extent.

Productivity Workarounds And Agentic AI Risk

SPEAKER_00 12:21

One with the visibility that you have into your customers or even internally with with your uh corporate uh security concerns, what are some of the behaviors right that you've seen employees that having that uh quietly creates I mean massive security risks, right? And uh some of them are probably now turbocharged with with AI use cases. Uh so curious how what are the the these behaviors right you've seen over the years?

SPEAKER_01 12:49

Right. So I was listening to a podcast recently, and someone told so said something that really like kind of I don't know, like click to me, but basically what they were saying is that one of the biggest risks in an organization is a user that cannot get their work done, right? Basically, the the people they will always try to find workarounds to make something work if they have to achieve something, right? If they have to, I don't know, like deliver some some stuff by the end of the quarter, like a salesperson, they will find a workaround and they will basically work around some of your controls. So you need to find the right balance between technical controls, so you need like proper technical controls, but also enough room for people to achieve achieve their work, right? Especially, especially important these days with agentic AI. I mean, obviously, like when you build a control internally, you know that the your employee, they understand the consequences of an action, right? So basically you will bring them, you will give them access to some of the file in your organization or some of the system, and they understand, for example, that they shouldn't like delete all the file or send all of their files to a third-party system, right? Because there will be consequences to it, right? These days, if you just plug an agentic AI tool and you let them with the same access than an employee, who knows? Like, obviously, this all of this uh solution, they won't really have like understanding of the consequences of all of these things. And also what they want to do is to please you, right? So at some point they don't have this common sense of knowing that this may lead you to getting fired, so they might do something crazy. So obviously, it also changes all of these things, right? So it's it's it's it's a very difficult thing. But to answer like your earlier point, I think the unofficial workaround in the name of productivity is often what caused the most harm because people they want to get their job done and you are blocking them. So one thing that uh personally, I I one of the philosophy I have is when an event like that happens, when someone is basically bypassing your control or doing something that they shouldn't do, the first thing that I will do is not like blame the user. Sometimes you also have to review the control and understand if it still fits the organization. It's especially important in scale-up because what I what I've seen, obviously, I took over a security program that existed, but obviously it it was also built at a time where Nextync was 10 times smaller. And sometimes like a particular controls make a lot of sense at one point in the organization, but five years later doesn't make sense, right? You have to review these things and perhaps you are blocking the velocity, or you are probably not blocking the velocity enough, and you have to re challenge some of these controls that you put in place. So, long story short, I think it's important to pressure test some of this control, think a bit holistically, and also understand like in an adjanic world what it what some of these controls may not well, basically understanding that some of them may not be sufficient uh these days, right?

Tool Sprawl And Secure Default Strategy

SPEAKER_00 15:44

Totally, totally agree. Is is there any kind of user behavior that you would you would say it's probably uh in terms of volume responsible for I mean a major a major share of of of alerts or incidents, right? 80%, something like that.

SPEAKER_01 16:02

So again, I mean I will come back to the normalization of shortcuts. That's something that in my opinion is causing most of the the security incident. If you if you think that bypassing a control is an incident, because basically you put this control to avoid something, I think this very common. What I've observed very often in organization is that sometimes you have you don't have like a proper IT or engineering strategy in place, and you don't provide the right tooling to your organization. And then you don't have an approved path for the employee, and they are forced to pick their own tooling to do the work. So, for example, there are companies, many many companies actually that have like five different project management tools or three different build systems that exist in the organization. For security, it's a nightmare because basically, uh personally, I love to do like secure default. If I have to secure one build system and put like proper security default on one build system, it's easy. If I have to do it on three systems, it's much harder. And sometimes people they add additional build systems just because one of them is blocking their work, so they are adding one that is a bit like less constrained. And obviously, like basically, if you don't control and you let a company build new things all the time, it it's a big challenge. So long story short, I think the the the the CISO in most organizations, especially in technology organizations, it's great. CISOs that work very closely to the CTO, either that report to the CTO or work hand in hand with them, that are really like working with the technic technical team and seeing everything that is happening in the organization, is a great thing. Like opinionated opinionated security leaders that really push for the right thing to do, enable the business, but also are pushing back on like the profit proliferation of tooling is very important. And another thing that I've seen working in many organizations is also sometimes to have IT report to the security team, because then you make sure that everything that is built in the IT team, like identity but also tooling, is secure by default. And you don't have like a SaaS platform that is totally unmanaged and that basically have all of the data. All of these things I think it helps because basically what you want to ensure is that data security, but also like security of your workflow are properly secured. So it's a long way to say like it's very hard to block this shortcut. To do that, you need to enable the organization, understand how they do their work, but also provide them with the right tooling and also be very like uh attentive to their need, if you'd like.

SPEAKER_00 18:37

I think the pendulum might be streaming back, right? After a few years of a lot of experimentation and a lot of C level push for people to try out new tools. Maybe maybe now is is is the time in which this this coordination is happening. At least we're hearing that from uh from our from our network. Switching gears, one of the the the the question we always ask is what are some of the emerging cyber segments, right, that you've been paying attention. This this could be ones that are not hyped and that you are curious or or a believer that are more important than people think they are. Just curious, what what are what is in your mind of new segments out there that you've been also exploring with your teams?

AI Coding Tools And Security That Scales

SPEAKER_01 19:20

Yeah, so uh personally I like to explore a lot of things and I'm very curious about some of these platforms, but it's also draining a lot of our time. So, first of all, it's it's hard because the market is evolving very fast these days. Personally, I like also to build a lot of things, so I'm not always looking for yet another tool, but still sometimes you want to see some of these things and understand how they work. If I think of like all of these autonomous like penetration testing platforms and so on, you want to get a sense of where they are and so on, right? So I think you you always need to come back also like to first principle, like what's what are some of the the issues that you have in your organization? And basically adding a tool won't like adding a tool without like a proper need, they won't solve much things, right? So if if I have to pick one uh area that is quite interesting these days, is obviously like what I'm saying, especially in a product company like uh like ours, is we have a lot of basically AI ID platforms, like the uh like basically development tooling, basically assisted with AI that is coming, like cloud code and all of these platforms. And obviously, it's creating a lot of additional code that uh is not always secure by default. And basically, the the the the traditional tooling that we have, all of these scanning platforms that we use in the past, SCA, SaaS tools, and so on, they are working, I guess, properly, but also like even in the past, we could see that these platforms they were creating a lot of basically alerts to the teams, and the teams were already not patching them or fixing them, right? So now that they are building 10 times the amount of code than before, perhaps I'm exaggerating, but like a lot more code than they used to. Obviously, the this the this approach is no longer scaling properly, if you'd like. So I'm seeing a lot of platforms, and one that we we tried and that I found very interesting, for example, is Corridor, Corridor Dev, which is also one of these platforms that is trying to do AI security by default and trying to really like getting plugged into the IDE and securing all of the basically the code that is generated by this platform. So this is a clever, like basically they are identifying an actual problem that CSOs are facing, and then they are trying to fix it. Then we are seeing a lot of also platforms that are kind of assisting one of the areas, like for example, penetration testing, it's an area where you see basically platforms that are helping there, same with SOC platforms and so on. I mean, this is also all interesting. I would say over what I'm saying is there is there is always like a lot of other hype stuff in security in general, so it's not new, and we are saying a lot of to That are also rebranding themselves now with AI first, while they were it's exactly the same tool than before, but they are tackling now an AI problem, right? So this is like probably what is over hype. I would say also autonomous platforms in general are also often over hype. I mean, many, many people they are trying to come early in these platforms and then trying to then catch some I get breakthrough to become a bit more scalable. But we have tried a few of these autonomous platforms, and actually they didn't work as well as we thought. So I wouldn't like put them as over hype because perhaps in six months they will work perfectly. So I I won't put my name on this thing, it's not not going to age well. But my point is these days there is a lot of hype, and I'm also trying also to push back a little bit, trying to come back to what matters to the organization and focus on that uh because we have limited resources. So this at a high level, what I'm seeing in the platform. Obviously, like last thing I would say is anything that also generates even more alerts and finding to the organization is something you want to avoid because there is already like this like enough noise for us. So obviously, you want things that help with remediation or that are easy to fix rather than yet another platform that is showing you that you are not doing everything perfectly.

How To Talk Security With The Board

SPEAKER_00 23:16

Very clear. Thanks for for sharing super insightful. I wanted to share to to move uh switch gears and and talk a bit about the role of security at the board, right? And here I think it's a bit special case that that you also have a very tech-savy but also very specialized and I'm assuming demanding investor in your board that uh looked into supporting uh the growth uh of a fast-growing company like like Next Think, right? I I'm curious how you communicate, right, with the board and what are some learnings that you had there to make sure that security is properly seen in the context of uh a fast-growing uh unicorn company.

SPEAKER_01 23:56

Right. So I will so I just like so we we got like basically kind of we changed board very recently, right? So obviously, I don't have a lot of experience with the new board. I mean, in general, I will say I will I will talk like more generally, but I I try also like to frame security as kind of a resilience and growth function to some extent, right? Just to help also with some of the investors. Obviously, investors that come for scale up are looking for growth, are looking for basically managing key risks, and they don't care so much about like obviously anything that is part of your day-to-day work. Like, how can you enable the business while not getting like compromised so your uh investment goes to zero? I think that's a bit like how most of these companies operate. And obviously, like then you need to understand like concretely what an incident, the impact of a breach or the an incident on the business, right? And the cost of it, I would say. I I early in some of the program, I mean, pushing for compliance is often quite easy because it's often a driver of business, right? You can sometimes sell to an organization or differentiate yourself from competitors because you are, for example, FedRAMP certified, or you are, I don't know, you are basically getting like compliant to like some esoteric like uh German uh certification that only you have, and so you can sell to one customer, right? So this is something usually that works well early when your maturity is a bit lower. Once you have like broader maturity and you start basically having like the the the foundation that are good enough, then that's when you need to really understand the risk to the organization and push for broader things, right? And often you have to take like the cost of like some of this security control versus velocity and innovation. So I mean generally I like friction. I like to I mean friction is usually when you see like uh that a security program works, right? If uh you have if you never have friction with your product team, it's either because the it's not like there is not enough innovation or because the CISO has has not like has given up on trying to secure the organization. So I think it's a natural thing, and you have as a CISO to pick your fight, have convincing arguments, and sometimes like you can pick these things by looking at what's happening in outside organization, right? Obviously, for us, like things like Proud Strike, I think obviously like the board will be worried about that because they know that you as an organization you are facing the same thing. Same with Striker, for example. Listen to your customer, look at what is happening elsewhere, do things like offensive testing, like penetration testings and so on, bug bounty, all of these things. So try to gather data, try to put a narrative and to be convincing to the board without coming with things that are too technical. And try obviously to find allies in the board, right? If you have someone in your board that has a security background, that used to be an investor in other security firms, or that got was an investor in a company that got compromised very bad, those people they can also be your allies and push for some of these things. You can probably also work with them to frame something a bit better, and then try to also benchmark yourself against like the what good looks like or other organizations and try to use this level to push for something. So that will be my main way of framing things. Obviously, it doesn't answer, but often like providing metrics that don't make sense or so on is usually not something that works very well, right? Sometimes board they just don't care. So you can go with those type of things and they will say, Yes, good. Uh it's just like a compliance checkbox for SOC2 that you present to the board. But sometimes when your investors and board care about it, they will change challenge you very hard. So you need to come with proper things in order to get things done.

AI-Driven Attack Surface And Fundamentals

SPEAKER_00 27:39

Very clear. A lot of it, a lot of experience there. So thanks for sharing. Final question before we wrap up, and this is a bit of the news regarding uh how how the new models developed by Entropic are creating a lot of buzz and and cyber. And this is also I think reassessing or or pushing people to think about how external attack external attack surface is is kind of evolving quickly, right? Versus hacking through your employees and uh and and the social engineering uh path, right? So, how how do you see this balance? Uh how do you see the external attack surface space evolving?

SPEAKER_01 28:16

Right. So uh first of all, like obviously like predicting the future is hard. And I mean, what what I'm saying often is like obviously you come with like one view at some point, and then six months later, it's really like age like milk, right? Because either like if you have an opinion on both sides, it's not going to go well on both sides, right? So, I mean, obviously these days with mythos and all of these new offensive capabilities, I think you can see it's kind of scary out there, right? Also, like I mean, the world is very unstable. So you can see obviously AI, we don't know where we go. All of the conflict everywhere, we don't know where we go, but basically, we have a lot of enemies. We have also AI that is pushing. So it's difficult for CISO these days. And obviously, we need as a company to prepare for this reality, right? We we've seen like very recently, I think today or yesterday, there were like this cloud security alliance work that is that has been published with some of the like that they were pushing for some of the good measures to put in place in order to prepare yourself for a model like mythos coming to play. If if you look at it, I I I I went through it like without like too much, I I I just read it once to be to be frank, but a lot of it is coming back to the fundamentals, right? Like getting your patching well, getting like clear understanding on who is who needs to patch what, and being like able to patch things quickly and have great fundamentals on how to secure your product properly, like having multiple layers of defense and so on. So basically, what what matters these days is to get the fundamentals very, very, very right, and you don't have the space to kind of being like mediocre in the in this in this field. You need to be very good and understanding what you do, especially if you have a product that is that can be that it can be a vector of attack for others. So I mean it it it's it's a hard it it used to be very hard to be a CISO, it's even harder these days to be a CISO, I would say, and and and just understand your threat model, push very hard for getting better investment on it and make sure that you get the support from your leadership, because obviously things is going to be harder than it used to be in the past. And uh you don't want to be like obviously the the the the the company that got breached because you don't have your fundamental right. I mean if obviously if you get compromised because of like a very clever attack, it's I mean it can happen, but obviously if it's just because you you you pushed back on this like 2FA project for six months, obviously it's not going to land very well for you, right? So that's that will be my framing in general. So I mean like obviously like put like your seatbelt on, I guess, and I mean it's going to be interesting in the in the next few months.

SPEAKER_00 30:53

Excellent insights, Patrick. It was a pleasure to have you and and the conversation. Thanks once again. Speak so