Bridging All Aspects of Cybersecurity Together with Kate Fazzini

October 27, 2020

Kate Fazzini is an adjunct professor of cybersecurity at Georgetown University. She served as a cybersecurity reporter for The Wall Street Journal and CNBC here in New York City, and previously held cybersecurity roles at JPMorgan Chase and Promontory Financial Group. She is now CEO of a cybersecurity communications firm called Flore Albo LLC, one of Goldman Sachs 10,000 small businesses. Last year, her book, Kingdom of Lies, Unnerving Adventures in the World of Cybercrime was released, which included my in-depth interviews with a number of cybercriminals and law enforcement professionals.

John Shegerian: This edition of the Impact Podcast is brought to you by ERI. ERI has a mission to protect people, the planet, and your privacy, and is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States, and maybe even the world. For more information on how ERI can help your business properly dispose of outdated electronic hardware devices, please visit eridirect.com.

John: Welcome to another edition of the Impact Podcast. I am John Shegerian, and I am so excited to have with us today, Kate Fazzini. Welcome to the Impact Podcast, Kate.

Kate Fazzini: Hi, John. I am really excited to be here. Thank you for having me.

John: You know Kate, you are a fascinating person. I am so excited that you are here today because you are so unique. You are the CEO of Flore Albo, you are a cybercrime expert, you have just created this new venture, and you also have a fascinating background. So, for our listeners that do not know about you yet, share a little bit your journey has been leading up to the point of founding Flore Albo.

Kate: Sure. I am happy too. I am going to do a little disclaimer here because I actually just hosted an event for an organization called CyberPOL that is based in Europe. I was on Tel Aviv time for ten hours. I started at one in the morning and I finished at about eleven. So, if anything comes up rusty just please forgive me.

John: Wow.

Kate: I am running on fumes.

John: Got it.

Kate: I think if I forget anything about my past… So, thank you so much. I have a cybersecurity communications firm called Flore Albo. I started out a very long time ago dabbling in cybersecurity, working for independent clients here and there, and I was also a journalist, and then I was fortunate to get hired at JPMorgan Chase and I had this wonderful experience there. I was there from 2011 to 2015. So there were just– I mean if you can remember all of the incredible interesting cybersecurity stories around those times, it was a crash course. I was brought on as a communications person to JPMorgan and I was very quickly given to what was called then IT Risk and Security Management, the team that managed IT, but they did not have a cybersecurity, they did not actually have a CISO at the time. So, the cybersecurity team fit underneath that IT risk banner. It is kind of an unusual org structure today. So I got a chance to see up close and personal this incredible, very dramatic organizational shift and I was right there on the executive team working with people to communicate this.

Kate: Not long after that, they offered to help me get my Master’s Degree in Cybersecurity, and they promoted me and they brought me into the cybersecurity program which was amazing. This was all coinciding with the birth of my son, my first child. It was a really busy, crazy time. I got my Master’s Degree. I later went from JPMorgan to a consulting firm called Promontory Financial Group, which is now a part of IBM, and we were kind of the boutique consultancy focused on regulatory issues, and I, again, at this amazing opportunity to see inside some of the world’s biggest technology companies who are clients of some of the other big financials besides JPMorgan and some of the mid-sized whereas, I am sure you are aware, there is an enormous disparity in what they can do in cybersecurity, and it was again this incredible experience. Then, from there, when IBM made the excision I got laid off, along with a lot of other folks, and it was just at a time when the Wall Street Journal was trying to hire some cybersecurity reporters, and I thought, “You know, that sounds really cool. I wonder if I could do that,” and they hired me for whatever reason.

John: You sound shocked! I mean, come on, you should say “They hired me.”

Kate: I have been a– so I started out my career as a journalist, I worked for The Columbus Dispatch in Columbus, Ohio. I had gone to Ohio State and– I mean, working at The Wall Street Journal would have been a dream and I thought, well, I am giving that up to go work in cybersecurity, and then it was sort of like it all came together. It was the most amazing experience of my life. It was incredible, just being there around the buzz of that news room. I often tell people that there was an editor who had– this kind of guy, who would call him and curse him out all of the time, and he would like put the voicemails on speakerphone and it was hilarious, and then it turned out later on that man was Michael Cohen.

John: Oh my gosh. Oh my gosh.

Kate: How cool is that?

John: That is really cool.

Kate: I love being at the center of things and that was just such a cool experience. Then I got pulled in to CNBC after that. I consider this all kind of one troublesome journey.

John: Yes.

Kate: Then I got to another incredibly cool front-row seat. I got to learn about the TV side of that business and how to talk about cybersecurity in a way that was very, very high level, even more high level than at the journal in sound bites. It was just so valuable and all through this weird and exciting journey, I just kept noticing the holes, the disconnects, and one of the things that I have talked about at this conference earlier today is the fact that if I go back and look at the metrics, I have written hundreds of stories on cybersecurity, if I look at the metrics the stories that do the best are the ones that outline for a personal cost. We spend so much time in cybersecurity and with this really kind of warlike companies, everything is very crowd strike, great company, but certainly, the imagery is there and most of them sort of follow suit. It is war.

John: Winners and losers.

Kate: Yes, exactly. Exactly. That is perfect because that is then how we end up treating employees if you do something wrong. You need to be punished if you did something stupid. I am saying there is a way to engage people. We kind of know what it is. We know what they are interested in. Let us engage with them in a different way. Let us educate them. So I have been building educational modules. I work with a lot of universities. If you see the logo, it is a tulip. It is very feminine. That is actually like I– we talk about women in cybersecurity a lot, I think we need a little femininity in cybersecurity too. We need, and I do not know if that is going to be a controversial thing to say, but-

John: No!

Kate: -the soft touch.

John: That is not, and we are going to get back to that. For our listeners out there that want to reach you or want to connect with you, your website, which is just newly been put up and it has a contact form, so they could go to www.florealbo, f-l-o-r-e-a-l-b-o.com, florealbo.com and they can fill out the contact form and reach you, and it is a beautiful logo. As you said to me off-air, before we went on the air, it means…?

Kate: So Flore Albo means white flower in Latin. It is something that has held a lot of meaning for me. So, at the early part of the century, white flowers were a term that was often used for women who were shopgirls in these big department stores, and they were the ones who would kind of take all of the chaos and make it look like you just walked into this very nice studio and, “Would you not like to sit down and buy what we are selling?” My grandmother was actually a white flower in the Lazarus Department Stores in Ohio. So, I like to bring that same mentality of we have this huge logistic operation behind the scenes going on, but we want you to see, we want you to buy into what we are trying to sell you in terms of how to be safer, how to keep corporate assets safer. That is what I am trying to do. I know that I am supposed to have an elevator speech…

John: No, you are not. No. I love this.

Kate: An elevator speech when you hit the button, stop the doors from opening.

John: You are a newly minted entrepreneur, Kate. This is better. This is actually– really, it is actually great, and it is really important. Woman moving up the ranks and through every glass ceiling that ever existed in every sector, but why not cyber, which as you said has been so winners and losers, war-oriented, testosterone-driven. This makes so sense. This makes a lot of sense.

Kate: I am glad. I am glad it is landing. I am not saying that approach is even a wrong one, there certainly are reasons to take that approach, but it often, and again, it goes back to– I am sure a lot of listeners do not– it is hard to maybe envision on the other side of the journalism spectrum how much in terms of metrics that we just as reporters are able to see about our stories, like immediately how many people are reading it, how long they are reading it for, how they are forwarding it. I mean, it depends on the tool that you are using but you can see so much, and in almost every case, the stories that did really well were stories about extortion emails, these like scammy spam emails. This was not about Iran cyber attacking a dam, which is a very interesting story.

John: Right, right.

Kate: But, people, I mean, millions and mill– the difference was millions of people engaged versus maybe a few thousand, and if you think about that in terms of a corporation you want to have all two hundred thousand of your employees more interested in this and it is that personal approach and it is not– I think in cybersecurity, a lot of times I hear, “What is it going to take for people to pay attention? What is it going to take for them to understand? They should care about this more.” Well, you might think that, but what they care more about is being embarrassed in front of their friends, losing a few thousand dollars to ransomware, certainly if they are a business owner they have a lot of exposure, but they care about, and that makes sense, and there is nothing wrong with that. So, trying to reach people where they are, I think, is one of the big solutions here.

John: It is. I want to go back to a couple– I want to unpack some of those things you just said. First of all, one of the messages, “Sex even sells in cybersecurity.”

Kate: Yes.

John: Okay. Okay, so just to be clear. I am just going to unpack this. To go back to the metrics part, because that is fascinating, just as a journalist, we will leave cyber out of that part of it, but go back to that vertical of the discussion in terms of, “Does then do we become, as journalists, a journalist becomes so metric-centric that it then dictates the kind of articles they will write in the future as they see other of their work product succeed or fail based upon– even if it was a great work product that did not get a lot of forwards or readership, will you then go cover more on the topics that are getting forwarded and read?”

Kate: No. I will say absolutely, that happens. I was really fortunate to be in a position– because the Wall Street Journal, they are really, really heavily focused on just it being good reporting. At CNBC, I found to be very much the same way where it was not– I came on as a specialist. It was not this enormous metrics heavy focus. However, it is one way to see that people are engaged and that your story is doing well. So I would try to control for things like a breaking news story. So Facebook came out with a story about a breach, they announced it and we are able to get up a headline really quickly, that story might do a few hundred thousand views, but with the caveat that people are going to click really fast, it is like a three-paragraph, four-paragraph story, I did not really count those as the ones that I would say these are the ones that did the best because they were just very kind of quick and dirty. You will see with some headlines, the clickbait headlines, which I just despise, I think we all do.

John: Right, right.

Kate: Where it says, “Find out how this thing works,” and it is just like, “Why do not you tell me? Why do not you just tell me in the headlines?” That is how it is supposed to work.

John: Right

Kate: But you do see some of those quick hit, clickbait-y things doing really well. There are other tricks like if you put Mark Zuckerberg in the headline it tends to do really well. So, you will see Mark Zuckerberg shoved into a headline where he does not belong, like a conference featuring Mark Zuckerberg starts at three o’clock, and it is like, no, that does not count. I would try, if I was going through my head of, “Was this something that got a lot of views for other reasons or not?” And then, you have this, it is a really hard for the news business right now because for a long time they had this model that was based on revenue, based on, you know, you could prove your viewers just like the guy in Times Square with the clicker, counting people looking up at your sign, and that is how they would determine how much a sign would get. What has happened with COVID is that advertisers have pulled back anyway, coverage is getting– like the news channels now, I mean, look at the news. It is insane, like every day is new insanity and they are just getting tons and tons of play, advertisers are still pulling back. So you are looking if this model is going to work anymore, I do not think it is. I think that there is a lot of– so there are going to be a lot of people trying to figure that out really fast as to what is going on.

John: When you were in a quiet place thinking about what your next venture or step in your career was going to be, what voids were you filling in the marketplace when you started Flore Albo? Why? In terms of, Kate, in terms of was it just because you think cyber is going to be one of the greatest trends in the next ten years, or is it a combination of that and also you are going to soften up a little bit the approach to it in terms of being more accessible. I will tell you, and I want our listeners to know this, I met you because you were much different than others. I am approached all the time on cyber opportunities, cyber issues, et cetera, and I reached out to you and you were very different in how you handled my reach out than other folks, more male-oriented folks in the cyber industry. So where were you looking in terms of– because when entrepreneurs are trying to figure out something that really interests them, total addressable markets and what they think the future is of that industry and if it is even personal to them, what categories were you checking there and what other metrics were you considering when you started your new company?

Kate: So there were two things that had just bothered me for a really long time ever since I had started at JPMorgan Chase, is things– and by the way, thank you, John. I should have said that first. Thank you for reaching out to me. I really appreciate it. This has been great. So, there were two main things that had always bothered me. One of them was there was this constant struggle because somewhere between 2011 and 2015, all that listeners guess when, cybersecurity where I was working went from a very back burner arcane sort of discipline to absolutely having meetings every week with the board of directors. So they needed that board-level presentation, that was one of the things that I helped work on. They needed a weekly board-level presentations and it was not just that, it was that polish, that bankers polish, explaining things, not getting agitated when somebody does not know what a DDoS attack is. If you have talked with a cybersecurity person you know what I am talking about, where we would not spell and they would be like, “What are you talking about?”

John: Right.

Kate: Just helping the people who were decision-makers really understand what the problem was and what their role is and doing something about it. There was this huge gap between we had these amazing capable cybersecurity people, and throughout the company, we had these amazing communications people, graphic designers and things, that could never get together. We never had the budget for an outside firm because if you are a cybersecurity group, how are you going to say, “I need somebody to come in and make PowerPoints.” I remember reading job descriptions where they would describe basically a PowerPoint ninja, like that is all you want, you just want somebody who is good at PowerPoint, but it would say, “You need the CISSP and all of these cybersecurity certifications,” and I am thinking, “You are not going to find somebody who has all those cybersecurity certs who wants to make PowerPoints for a living.”

Kate: So, I wanted to bridge that gap of you have these cybersecurity organizations that have a lot they need to say, they are not necessarily a quick to say it, and you have to have somebody there to quickly not get on a waiting list, which was something we experienced. They have to be able to do it within a couple of hours sometimes, and it was not just a big breach, we would have– I saw in Promontory two issues, like a really minor issue somewhere in Japan always came up because they have a few different regulations than everybody is used to. So something would go wrong, and then you would have to do this remediation plan before you got a regulatory finding in Japanese and English, and it was sort of like pulling all of that together in a timely fashion was very, very difficult and being culturally aware and making sure that everything fit what their offices did because obviously, we do not have retail branches there. That was a huge challenge. So being able to have a firm, somebody in the middle who you can call and can quickly turn that stuff around and you know it is going to be accurate and you are not going to have to explain to a poor marketing person what a DDoS attack is over and over again.

John: Right.

Kate: And you are not going to have to explain to a cybersecurity person why he has to like chill out when he is in the boardroom and that is it is. It bridges that gap.

John: Got it.

Kate: The other thing was in education. We needed so much spot education. This came up at Georgetown too. I actually built a program for cybersecurity communications that is part of their applied intelligence program now that I teach. There were no courses out there like that. Now, there were people who, and I would meet at conferences, who would say, “Oh, we have all of the stuff that you need for that kind of course,” and this could have been the cybersecurity communications course or like a corporate course, let us say training information risk managers how to do their jobs really well, how to convince people in investment bank to slow down their production so that they can do their job very difficult. So I built these courses for Georgetown and then I saw that there is a way to do it kind of in a modular way, so that, again, when you are bringing on let us say business information security officers and your staffing up an entire organization of those people, how do you train them? What you do is you say to the CISO, “Just make some training,” or “Write down the stuff you want to do.” Again, when you put anything else on this poor person’s plate–

John: Who is already overwhelmed. He is already overwhelmed.

Kate: Right.

John: Right.

Kate: And is not an expert in education. So I brought on a couple of people too that had worked with me at JPMorgan Chase who are working with me now, and also just some people who are really good education builders and the different platforms that the technology platforms that there are for that blackboard and canvas or the big ones. We have been helping a couple of universities.

John: That is great.

Kate: Just starting their– build up their cybersecurity program and have it be really relevant and not based on ten or twenty-year-old textbooks. Have it be just relevant from the voices of the people doing the jobs. Those are the two holes I was trying to–

John: Okay. So, commercial hole and educational hole, and I do not want to glance over the fact, you are so humble, I do not want to glance over the fact you are a professor at Georgetown University.

Kate: Thank you.

John: Right? Okay. I just want to make sure that I get that out for our listeners. Again, for our listeners who just joined us, we have got Kate Fazzini. She is the CEO and founder of Flore Albo. You can find Kate and contact her through her website www.flore, f-l-o-r-e, albo, a-l-b-o.com. You know, Kate, let us also– and by the way, I am just going to say this in truth in advertising, our firm is going to do work with Kate. I think she is amazing. That is why I am having her on the show today, and that is how we got Kate on the show because we contacted for commercial purposes. I think if you are interested or you need help, she is the person to contact. Kate, let us go back to COVID-19 and where we are in cybercrime. Is it fair to say in 2020 and beyond, so far where we are, cybercrime pays? Given that in the recent statistics that I read, but correct me if I am wrong, the cybercriminals made away with approximately three trillion dollars in 2015, this year somewhere close to six trillion. Are those correct numbers, generally speaking, and just the cybercrime still pay for the bad guys?

Kate: Cybercrime definitely pays. That I know for sure. The numbers can be so difficult as you know to quantify. I am a numbers nerd. So if I hear a number I need to go back and see the methodology.

John: Okay.

Kate: Sometimes they arrive at it through estimates, but I think that a lot of the estimates honestly are probably underrepresented. They are probably higher, and the reason is that there is a really, really long tradition of anyone but the top regulated companies not reporting the incidents that they are having. Now, we do have some regulations in place now that require those companies to report. GDPR is the one that most people know. The interesting thing about that is that if you are a victim of ransomware, and you pay two million dollars in a ransom because the way that most of these regulations are set up, they describe that the criminal has to actually have the information and be able to view it if it is encrypted on, and technically, they might not be able to see it, there is a little bit of a loophole there. So there are still a lot, a lot, a lot of companies getting ransomed, quietly paying it, and making it go away. It is not legally reportable. In the past, when ransomware first started coming out and other types of like extortion where they would actually read your emails and say your, “Geez, you are a huge jerk. Give me a million dollars and would not tell anyone.” That also was kept very quiet. So I think that those numbers, most of the numbers I have seen I think are probably low.

John: Okay. Let us go back. You just mentioned GDPR. So GDPR gets passed in the EU on May 25th, 2018, and America, as America typically does, says on the federal level, “Well, if the EU is doing that we are going to do it bigger and better,” and they start putting in all different forms of their own version of GDPR to get passed, it has not passed yet, and then the state said, “Well, you guys are too mucked up in all your infighting. We are not going to wait for you. We are going to pass our own versions of GDPR in data and privacy.” So California, Nevada, Maine, and New York go out first, many other states, about twenty other states have some form of pending legislation as well. Is this now the trend, regulating and restricting much more than we ever saw back at Starbucks and HIPAA and anything else, has GDPR come to America, and around the world, by the way, Asia, South America, Middle East, enforce and is it going to continue to tighten the noose on how organizations handle their constituent’s data?

Kate: I absolutely think it will. I think that GDPR is kind of twofold. In some ways, it is much harder on companies. Obviously, you have things like this three-day waiting period that was cut down from thirty days, sometimes ninety days, and other regimes but what has happened is that it makes almost everything, every little piddling crime reportable, many of these companies that touch the EU now, they just report absolutely everything. This is why you get like five hundred emails every month saying that your data has been breached, or it may have been breached, or we think that there was an incident. It is certainly– my opinion is that I do not think that it is very effective because you are just flooding the marketplace with information that people cannot do anything with. “If my data has been breached fifty times, what more can I do other than monitor my credit? I have already got so many credit monitoring in place, there is not much more that I can do.” But, it will definitely keep tightening.

Kate: There is going to be I think a huge reckoning with what the China cybersecurity regulations, China cybersecurity regulations is, I am sure you have been following, require companies they are doing business there to use china-based and operated cloud service providers, and in some cases to open up their source code, and it is a way of, some might say codifying the IP theft that China has been accused of in the past. Others would say that it is just they are trying to protect their own IP from other people who are trying to get the information. Those are the two sides. I think that that is going to be very difficult, as you see with GDPR going towards increased privacy. But some of the other countries, Russia is another one, going towards more surveillance of the corporate activities going on within their borders. You are talking about a really complex back and forth because is it a privacy breach if the Chinese government sees all of your information and you did not give them permission to, but we will require to, so I think that basically, it is a good time to be a lawyer. That is my answer. My mother was right. I should have gone to Law School, unfortunately.

John: I think you are doing just fine Kate. Before we get talking about your great book, Kingdom of Lies, which I have read myself and I want our listeners to read as well, and we are going to talk about that, I want you to share some of the communications, pearls of wisdom that organizations can learn from your experience of being both on the Wall Street Journal and the media side of things but also on the Cyber expert side of things. What are organizations missing in how they relay and share information about their own skillset and other issues that they might have surrounding privacy and data controls in cybersecurity?

Kate: I mean one thing that I have certainly observed is there is definitely a sales mentality within the cyber security space and I see a lot of executives who are in cybersecurity and they have to brief the board, and they come at it with this big agenda, and it is sort of the same thing as a sales call in a way. It is not that I am going to inform them of the real threat, or perhaps they are, but it is not as if I am going to inform the board of a down-to-earth, “Look this is what we are looking at today. This is what we need.” It is that I need money for something and I am going to try to tailor all of my materials to convince the board to give me money for that thing. A lot of times, that will come across as a square peg in a round hole because the board is just reading the Wall Street Journal and they saw that Target’s CEO was fired as a result of this stuff and they want to know like how does that happen and it is a different level of bringing that stuff. You just cannot wedge all of your wishes and hopes into that one meeting or it is not going to go anywhere. I believe that corporations do a better job when they open up a dialogue where there is understanding on both sides of why they need one another and there is not– I think that it is wrong to say that it is bad to be overly technical. It is bad to use big words when they have no meaning.

John: Right.

Kate: I think that you can allot people who do that especially in the technology world. But, boards, Executives CEOs, like C-suite, they do want to know how things happen. They do want to know sort of the technical steps required for things to go wrong and being able to describe that like that inside baseball, “Okay, here is what happened to Equifax. There was a memo. A guy did not get the memo. Chaos ensued.” Just being able to put those steps into clear action, I think that boards really appreciate that. They want to be a part of the solution. They do not want to feel like they do not understand the topic.

John: Got it. For our listeners out there, I have in my hand Kate’s great book. I have read this book, Kingdom of Lies. They steal your identity. They take your money. They ruin your life. Welcome to the Kingdom of Lies, the unnerving adventures in the world of cybercrime. Kate, the book is coming out this week in Poland. It is already out on Amazon where I bought it from, and I asked our listeners to buy it from Amazon or other great book stores in your area. Tell us a little bit about what they could expect to find in your fascinating book because I loved it and I am in this business. So I love you to share what our listeners could expect.

Kate: That is amazing. Thank you so much, John. I am actually blushing. I have not done that in a long time.

John: It is just the lack of sleep. It has nothing to do with my comments.

Kate: Oh, no.

John: I am teasing you. I am teasing you.

Kate: My book actually just came out. It comes out in Poland this week, in Polish, which I think is the coolest thing.

John: It is very cool, by the way. That is very cool.

Kate: It has got this cool cover and I just am so excited to receive my copies and I am doing some Polish Media stuff too. So, my book, it was a lot of what had ended up on the cutting room floor from my previous life and my journalism days, a lot of stories. I got to meet a lot of criminals in my journey, including when I was a consultant. I had a remit from one client to find a certain group of cyber criminals and just find out why they were doing what they were doing and that led me into this really interesting world. I met some really, really interesting people. I met some people who I found out, that despite their turn into the dark side, I had a lot in common with. It was just lots of long-term interview. So you get to see, especially, there is a young woman who I interviewed extensively who grew up in this village in Romania that eventually became a very centralized kind of cybercrime village where you have a lot of people who are doing ransomware, other types of malicious software, living in the same area. She just described this scene of this little very quaint village that she had grown up in and then all of a sudden there were lots of money, people coming in flashy cars, and the whole tenor change and then she ends up sort of inadvertently going to work for one of these. I am in quotation marks saying companies. I was just struck by as I continue to be the business like structure of the criminal organizations and how it is often similar to the corporate structure. There are so many overlaps. There are often just as many bad guys. Some of them just happen to wear suits, others wear suits but are… I do not want to do a hoodie thing. I think most people would kill me for that but…

John: But they are organized. They are very organized.

Kate: Exactly. They are very organized. They are very businesslike.

John: Right.

Kate: I ran into some of these groups that had customer service lines where if you were being ransomed you could call. There was a nice lady and she spoke English and she could tell you like, “Okay, do not panic. You can just send the money here and it is all–“

John: It is unbelievable. It is just unbelievable.

Kate: It is such an interesting world and I am lucky to have it had been picked up by a big publisher and it has been a wild ride for sure.

John: Is Poland just the beginning of the international journey? Do you feel other countries will–?

Kate: So it was out in the UK, it did really well-

John: Yes.

Kate: -there, later last year. I am interested to see how it will do with coronavirus. I have a few other I think European contracts. It is fun. Once it goes international, I do not have a lot of control over there, so I just sort of wait, then they tell me. Then it is also coming out in Taiwan, which would be the Chinese version, which I think will be interesting because there is quite a bit in there about a former Chinese intelligence official who just kind of goes into a life of crime, and he describes being able to basically steal information and sell it as business intelligence on some freelancer platforms, which I think is a pretty interesting way to do it.

John: I have read a lot of cyber books. Yours is my favorite. I highly recommend it to our listeners. Again, it is Kingdom of Lies. It is on Amazon and other great places you can buy books. Kate, this is your show. I am so honored to have you today. I want you to have the last word before I have to say goodbye.

Kate: All right. Well, first of all, thank you. I feel like maybe my mother called you before this and told you to say only nice things to me.

John: She asked me not to say anything.

Kate: Okay. Oh, no, I mean, I am so honored. I have had a really wild journey. I have had– with COVID happening I think we have all had a chance to re-evaluate things. I had maybe thought about launching a company very far down the line, but I was really fortunate that my company got selected for the Goldman Sachs 10,000 Small Businesses program, and I am now learning how to be an entrepreneur and think in a different way. I think it is going to be a great journey. I am a mother too and this virus has hit families really hard, and in a way, it was the perfect time for me to leave the nine-to-five world. When I was thinking about my goals, and it is going to sound kind of low level, but when I was thinking about my goals at the beginning of this year, I thought, “I want to be able to pick my kids up after school.” I can work after that before, but I just want to be there and I am tired of working through that moment, and this has helped me do it. You know what, at the end of the day, that is what makes me so happy.

John: Kate that is all that matters, if it makes you happy. That is a great goal by the way. That is a great goal, and good for you, and you should. For our listeners out there that want to find Kate and want to hire her firm or her services, either for commercial purposes in cybersecurity or education, please go again to www.florealbo f-l-o-r-e, albo a-l-b-o.com. Kate, you are making a huge impact as a woman entrepreneur in the cybersecurity space, thank you. As an educator, thank you. You are making the world a safer and therefore better place, and thank you for being our guest today on the Impact Podcast.

Kate: Thank you so much, John. I really appreciate it.