Building Muscle Memory: Preparing Teams for Cyber Incidents - A conversation with Bartosz Misiuro

0:00always saying that when it comes to the security and there's a lot of I would say pressure a lot of unpleasant things we need to sometimes build a muscle memory for that hello everyone this is Belen Santaolalla from Conductor Crisis Exercise Platform and you're listening to the Crisis

0:31Designer podcast in this show we explore ideas practices and tools that help you design meaningful crisis management exercises so if you work in crisis response cyber security incident management or operational resilience this podcast is for you today we're joined by Bartosz Mishuro global security incident management lead and third process service manager at Atos Atos is a global IT services

1:09and digital transformation company supporting critical systems across industries including finance public sector infrastructure and enterprise IT with within that environment Bartosz works as part of Atos computer emergency response team helping coordinate and manage security incidents at scale across complex distributed environments with over 13 years of experience in IT and more than six years in cyber security Bartosz specializes in end-to-end security incident management cert operations and

1:44crisis coordination when cyber incidents threaten business operations Bartosz welcome to the crisis designer podcast how are you today hi Belen hello and hello everyone so nice to hear you nice to be there I'm doing good hope you're also doing well today yeah so and I'm very excited for this podcast so cool cool well let's get the conversation started then tell us a little bit about your role uh how do you help your

2:16organization and what is CERT exactly yeah so computer emergency response team has so is the team which is which is usually uh people usually create this this organization with the CERT so computer um security incident response team so this is the This is the group of the people who are responding, who are responsible for the incident response and the digital forensics. So we can be treated as a third line of the support where, for example, the first line is SOC tier one, second line and SOC tier two.

2:54So we are helping the people, helping the overall organization to resolve the security incident. Yes, from very simple ones, like, for example, phishing to the most complex one, like the ransomware on the global scale. Yeah. So, of course, apart of the CSERT, we have the multiple and other teams who are also providing the support, for example, in terms of the threat intelligence, vulnerability management and many, many other things.

3:25Yeah. So I'm very close to CSERT on a daily basis, but sometimes maybe not direct, but indirectly, I'm also working, for example, with the threat intelligence. Yeah. So my role is mainly focusing on managing the group of the security incident managers. I'm also on a daily basis, the security incident manager, when there is a need to simply support the security incident management ROTA, because we are working 24-7.

3:57We are supporting the organizations all over the globe. Yeah. So this is the one thing. So we are trying, we are responsible to making sure that the security incident will be resolved in the, I would say, the shortest time, in the shortest time. Yeah. So we are simply responsible for coordination, escalation and expediting the resolution of the security incident. Yeah. Our role is maybe more complex overall if we go deeper, but this is basically what we are responsible for.

4:33We are working closely with the technical teams, so with the CSERT engineers, who are responsible for the resolution of the security incident. They are the technical leaders, but we are also working with the infrastructure teams, like, for example, Active Directory, the cloud engineers, and et cetera, et cetera. Yeah. So this is the one, I would say, side of the coin. The second, the other side is the, my role is also supporting the customers during, I would say, the peace time.

5:06Yeah. So when there is no security incident, because speaking overall about the security incident, it is not the question about if, but I'm always saying that, but this is rather the question about when. Yeah. So just during the time when there is no security incident, so I'm also supporting the clients, taking care about the preparation. Yeah. And in this case, we are also, I'm also providing the service of the tabletop exercise and crisis simulation, which is where I'm the service owner.

5:44Yeah. So during the time, just to be prepared in the practice for the multiple, for the different various scenario of the security incident. Yeah. So it is also, I'm also, I think the, the, the, the, the, the, the good thing is that I'm not only doing it from the theoretical point of view, but since I'm also practical guy, so I can also, let's say, based on my practice and also give the people additional value to the customers.

6:17Yeah. Got it. Okay. And it looks like it's very, um, important to coordinate like with many, many people and to have lots of experience in different, in different, uh, areas. How did you end up in this type of role?

6:35Uh, so basically my role, uh, so actually from the beginning, when I started overall, my, uh, road, uh, with the IT, uh, and overall with this, um, with this kind of topic, I started from the IT service management. Yeah. Yeah. So I started from the, mainly from the, um, IT framework. Uh, I was very close to that. Uh, I was for multiple years. I was responsible for the, uh, management of the, uh, managing the change changes over the ATOS globally. Also, uh, in the same model, I would say, because I was also, uh, managing in a functional term, the group of the change managers.

7:17Yeah. It was also very challenging role, which was also give me some, I think, experience, um, to be, I would say assertive because this is, I think a very good, uh, also good, um, uh, input, uh, for the, for the role of the, of the incident manager. Uh, yeah. So overall the IT service management, then I, uh, uh, I was moved, uh, to the, um, uh, security incident, uh, management roles.

7:47Yeah. I started from the, uh, ownership of the security incident management and security event management when we had to build these processes, uh, within the, within the ATOS and improve the processes. Yeah. Yeah. And, and then, uh, since I was, uh, also, I was working together with, uh, with the, uh, people who was, who was responsible for the, um, area of growth in terms of the market. So, uh, we just came into conclusion that, uh, tabletop exercise service crisis simulation is becoming more popular and we need to address it for sure.

8:25Because we, as ATOS, uh, we, we, we, we, I think we are, uh, we are very, uh, I would say, uh, we have very holistic view in terms of the delivery of the, uh, not only IT services, but, uh, for, for the cyber security services. Yeah. So we are not focusing on the one specific topic, but we are focusing on the, I would say, uh, I think the, the, I think all the areas which needs to be addressed, uh, to make the, uh, customers more secure and more confident in terms of the security management.

8:59Yeah. Uh, yeah. So, um, I was starting, uh, to, to build the team of the security incident management. Um, yeah, we have, uh, many cases, many, many experience that we have gained, uh, through this, uh, roles and then we have, uh, moved this experience. It was very good input to move this experience into the crisis simulation. Yeah. Which is, uh, I think, uh, the key in this case, it is, uh, I will say one of the most important things when we are doing this.

9:29Yeah. Because customer, I know when, uh, when they are, let's say discussing, uh, with me, this kind of topic, when I'm preparing the simulation, they are always, um, always, I would say curious how it looks like, uh, from the other side. Yeah. How I deal with this, uh, threat actors for, of, of the, uh, with the attacks, because, uh, which is also worth to mention. We are not dealing with the, I would say, uh, as mentioned a simple incident, but we are also dealing with the incident, which has, which are, um, I would say made, uh, by the, uh, state sponsor groups.

10:06Yeah. So, so, uh, advanced, uh, um, advanced, uh, persistent threat groups. Yeah. Uh, yeah. So I think this is very, very good. As I mentioned that input, uh, for the crisis simulation table. Nice. Okay. So how do you, uh, approach the creation of one of those crisis simulations? What do you take into account, uh, past threats, what's going on in news, uh, risk register, what, uh, what, how do you decide the scenario that you're going to create in, in the next simulation?

10:41Yes. Uh, so at the beginning, of course, uh, uh, we need to understand, uh, with, uh, we need to understand the, I would say the profile of the company. Uh, so with my partner, yeah. With whom I'm dealing with whom, uh, with whom we are, uh, preparing this, uh, crisis simulation, of course. Yeah. Uh, and of course, based on that, uh, the people, so the audience. So if it is, uh, the audience, which will be the technical or maybe some, uh, managerial roles and also the awareness about the security, uh, or about the it, because, uh, I have different, uh, examples where we have, uh, typical, uh, technical guys focus on the technical mothers.

11:29But we also had the audience when, uh, uh, I had to adapt the, um, wordings overall, the scenario, uh, to make sure that the people who will attend the crisis simulation when under, will understand what's going on, uh, on this, uh, on the simulation. Yeah. So I cannot, uh, use some technical wordings, uh, some, you know, fancy acronyms, et cetera. So it is very important. Uh, the next, uh, thing is the objective. Yeah. So this is, uh, this is another, uh, crucial point. What, uh, we are going to achieve.

12:08If this is something like, uh, uh, they need to check, uh, if, if, uh, the, the, the, the certain, um, company would like to check if they're, uh, prepared and ready for the, uh, for the specific type of the attack, for example, ransomware or handing the zero day attack. Or, uh, uh, they would like to check, for example, if the provider that they have, uh, started with, uh, with, uh, where they have started the, uh, cooperation, uh, they are, I would say, providing the service as, as expected.

12:42So for example, it can be the incident response team, like the CSERF. Yeah. So, uh, they would like to also check if the integration with the other, um, with the other, uh, teams, uh, are at the, uh, expected levels. Yeah. Because CSERF is not doing, uh, uh, things in isolation. I would say they are, they need to work with the other teams. Yeah. Uh, so this is, this is, uh, something that, uh, where, where, uh, we can also check the other crisis simulation of the tabletop exercise. Yeah. Uh, the last thing is, uh, I would say, uh, the scenario, uh, of course, uh, it, it can be like, uh, customer can choose from one of the predefined scenario, but sometimes the customer can choose from one of the predefined scenario.

13:24Sometimes the customer would like to have the, uh, scenario, which is the crafted, especially for the profile of the company. Like for example, we will be targeting some financial, uh, application and, uh, overall the threat, which is, uh, which is, uh, happening on, of the, over this application. It can be, for example, something which is, uh, popular at the, at this time, like, uh, topic with the AI, with the deep fakes. Yeah. So, so yeah, this is, uh, another, uh, I think the point that needs to be taken into consideration when, uh, when the scenario is created.

14:00How do you make sure that the training audience sees the value of what you're putting together, that they show up, that they are ready to engage? How do you build excitement, uh, or at least, uh, you project the necessity of doing this type of simulations? Yes. So I think that, uh, the most important thing in this matter is to make sure that the people understand the objective.

14:34Uh, so I will always making some kind of a briefing before we will go with the scenario. So to make sure that the people understand, uh, the background, uh, to make sure that they understand that, for example, the ransomware or any other, uh, uh, any other threat like data leak, like, uh, deep fake related scenario is real and it can happen to any company. And I, I, I, I, I'm also making sure that they understand the consequences.

15:06Yeah. Yeah. So I also, uh, building some kind of, uh, uh, you know, uh, uh, uh, so I'm trying to attracting the, uh, the audience to the, the overall, the topic. Yeah. Uh, another thing is that, uh, we need to create the, uh, scenario that is, uh, I think this is very related to what I, to the, to the thing, which I was set, um, already. Uh, we need to create realistic scenario.

15:36So it is good if we create the scenario based, for example, of, uh, uh, some, some topic, which was already happened to one company. I'm also using that. Of course, I'm never, uh, I have never, and I will never, uh, disclose, uh, on which company it happens, uh, unless it is, uh, publicly disclosed. Yeah. Already. And, and then this, uh, yes, uh, this, this, um, company in question agreed to that.

16:06Yeah. So I'm doing a specific scenario. I'm telling also the audience, look, this is the scenario, which we will, um, which we will run through. And, uh, this scenario already happened to one of, for example, uh, biggest company in the healthcare sector. Yeah. For example. And, uh, yeah, so I think this is something that, uh, is also needed. So as mentioned, to make sure that the people will be attracted actually to the, um, scenario, the roles, uh, speaking about the roles.

16:40Uh, I think, uh, this is also worth to mention to make sure that the people understand what is the requirements to every participants. Yeah. Uh, and speaking about the roles, actually what I can say more, uh, roles, this is another, uh, thing and another topic, uh, another question, uh, because one of the, um, one of the, I would say, uh, most, uh, difficult, uh, topics. Uh, and then one of the findings, which I'm always, uh, let's say, um, um, highlighting the customer is the under in the understanding of the roles and responsibilities.

17:21Yeah. Yeah. So in this case, at least for the sake of the crisis simulation tabletop exercise, I need to make sure that they will understand the roles at least for the sake of the exercise. Yeah. What is needed from them and what is the, what are the requirements? Uh, yeah. Yeah. And based on that, so we can build also some understanding of the responsibilities overall in your company. Yeah. But this also needed. Got it. And, uh, you mentioned in before, like realism, uh, as in, uh, is based sometimes in things that has, that have happened to other companies.

17:58Um, but what does realism look like in an exercise? How does it materialize? How do you make sure that it feels real throughout the simulation? Yeah. Yeah. So, um, it can be, uh, I can use the materials, which is also, I think, uh, publicly available. If not, so I can also speak to my colleagues from the threat intelligence. They can also provide me the materials, uh, which, uh, are real. So, for example, I can provide the tactic as techniques, uh, and also overall models of operandi of the specific threat actors groups.

18:35Yeah. For example, ransomware cases. So I can show them the real, uh, I would say screenshot from the ransom pages, uh, from the, from the, for example, uh, ransom messages. So look, this is real. This is nothing that I have crafted. This is something that was taken, uh, that it can be taken from the dark web. Uh, yeah. So I think this is also very interesting. Uh, I can also explain them how it works. Yeah. How it works, how, how overall, uh, the ransomware propagation works.

19:08So somehow, sometimes, uh, uh, apart from overall, uh, typical, uh, crisis simulation, I'm also doing some kind of a workshop to also making sure that they will understand, that people will understand what is the ransomware, the consequences, et cetera. Then I can show, okay, this is how it works. This is how it looks when you are facing the ransomware cases. Yeah. And I am putting that on the, uh, let's say on the, on the real scenario.

19:38So for example, uh, in term of that, uh, uh, we can use, uh, we can use, uh, conduct. Yeah. Uh, crisis simulation tool when I can put, uh, for example, everything in a, uh, player desktop and then they can, uh, they can, uh, they can, uh, see, uh, they can feel and touch how, for example, it will look when the ransom message will appear, how it will look, for example, when the, uh, threat actors will use the deep fake.

20:11Yeah. So, yeah. So something like this, I think this, uh, apart from the, uh, showing the real threat. On the other hand, this is, I think a good fun for the people because, uh, still we need to, uh, we need to remember that, uh, we are, um, running in a very safe environment. Yeah. This is of course still simulation. This is not real, but again, uh, I'm always, uh, making sure that the people understand that this for now, this is a fun, but it can happen even today, tomorrow.

20:44Yeah. Uh, every day. Uh, yeah. So, so, uh, apart from that, apart from that, uh, I think that, uh, uh, overall, uh, we can, we, uh, what is also worth to mention, uh, is to make sure that we will agree with the customer, how far we will go. Because as mentioned, it can be like, uh, fun, but maybe sometimes customer, and it is also happening, would like to have the crisis scenario, which will make a very big pressure.

21:27So I will make a very big pressure. It will be some kind of a nervous situation. It is very seldom, uh, this kind of where, way of working because overall, I see that people doesn't like to be challenged, but, uh, which is natural, of course. Yeah. But, but to be honest, when it comes to the, I'm always saying that when it comes to the security and there's a lot of, uh, I would say pressure, a lot of unpleasant things. Uh, we need to sometimes build a muscle memory for that.

21:57Yeah. This is also very important. Definitely. And, and how do you, um, prepare the simulations? I mean, um, for how many participants are they all happening in the room or in a hybrid environment remotely across regions? How long do they last? Do you have a specific way you tackle this or how do you approach it? Yeah. So these are the different way I would say I made it, uh, I made it based on the, of course, on the customer preference.

22:29Uh, it can be, uh, remote. Uh, so if I think this is the most, uh, this is the cheapest version, which is, of course, I totally understand. We are all scores speaking about me. I'm flexible. Uh, I'm also, uh, I would say, uh, adjusting, uh, also my delivery to the customer needs. So for example, on the previous year, I have the multiple, uh, occasion when I, uh, came into the customer premises and we performed the scenario. We made it also in a hybrid mode.

22:59So I think that speaking about the hybrid mode or the remote mode, this is, I think usually convenient for the global companies. Uh, it can be also like, uh, in a two rooms, like I'm performing the crisis simulation in the one room. Uh, then, uh, the, the, the, for example, the situation is, uh, upgraded to the crisis because we are starting from the, I would say, not so, uh, dynamic points in the not so dynamic situation.

23:30But after some time, after some, I don't know, few minutes, it might be very dynamic. We need to, for example, uh, we need to upgrade the case to the level of the crisis. And for example, it, there was a situation when I, uh, also, um, moved to the, uh, other conference room, uh, with the executive committee of the company. When I also start the, uh, executive community, community, um, crisis part, then it was downgraded.

24:03I moved back to the level, uh, below. Yeah. Uh, yeah. So, so this is one of the example. Yeah. So it can be also everything, everyone in one place. So for example, uh, I think very interesting, uh, interesting, uh, example was when I have one company, uh, and I, I, I, uh, we, we had, uh, the people from the various departments. And then we decided, uh, we did, uh, with the CIO, uh, which was my, I would say, uh, crisis simulation controller, uh, let's put it, uh, let's name it, uh, this role like that.

24:43This, uh, so she was my partner for that. And, uh, yeah, we agreed before that we will mix the people. So we, uh, uh, we, we mix the people, uh, on the, within the, for example, five tables. Like for example, ladies from HR, uh, was sitting with the, uh, with the, with the, um, with the gentleman from, from, for example, uh, from the, uh, financial department.

25:13Yeah. Uh, we had, for example, um, person who was responsible for the production line. He was sitting, uh, with the guy who was responsible, for example, I don't know for the it. Yeah. So. Something like that. It was also very interesting. And, uh, I was asking, okay, uh, you have this situation. We need to decide you have, for example, five minutes for decision. We will see what will be the best option. Uh, okay. And then we will do a, uh, round table.

25:43When I, we will check the option. There was a discussion. It was, I think, very, very, very, uh, good one. And I think very, uh, not only, uh, effective, but I think very efficient.

26:02How do you approach the, um, once the scenario is over, once the simulation is over, the after action review? How do you make sure that what's been experienced translates into, uh, better procedures or better, uh, preparedness? Yes. So I divided overall the, uh, everything, watch what is, uh, what is done after the simulation. I divide into two parts.

26:33I would say two perspective. The one perspective is, uh, I would say, uh, is, is rather for me as a facilitator and I'm, uh, sending the survey to the participants. Yeah. So they can also share with me their thoughts, their feelings. Yeah. What exactly went well, what went bad, what needs to be improved. For example, uh, what was their, uh, I would say perception of the exercise overall. Uh, yeah.

27:03So, so, uh, this will, this is also very crucial for me to be sure that I am constant, uh, continuously improving my service. Mm. So this is the part, uh, typically, uh, internal for me, but of course, uh, another part, uh, which is the integrated, uh, part of overall the crisis simulation and the tabletop exercise is the after action report. Uh, or I'm calling that, uh, um, evaluation report.

27:36Yeah. So in this case, uh, I'm formulating, uh, very similar to, to, to the, uh, uh, after, uh, exercise, the after similar, very similar to the survey, which is provided after the exercise. Uh, in the, uh, evaluation reports, I am also capturing the, uh, information, the overall, the assessment. Uh, uh, about what won't, what went, uh, well, what needs to be improved over with recommendations.

28:08Yeah. With recommendation based on my knowledge, based on my experience, uh, in this case, based on the best practices overall, which is done in the industry. Yeah. So this is also very important. So of course, I think that this is the definition of the service. Yeah. I need to provide the, the, the overall, uh, the feedback, the information, uh, which is the base, which is, which is based on the, uh, best practice in the industry. Yeah.

28:38So in this case, uh, uh, apart from that, I'm also, uh, giving the, the, the, the, for example, the hints. Yeah. Yeah. And, uh, sometimes, uh, when there is a need, I'm also helping the customer to, uh, implement this, uh, this recommendation within the, within the company. So for example, it could be, uh, some documentation. Yeah. Yeah. I'm, I'm, I'm also, for example, I'm, I'm big fan of, uh, of, of creating, uh, uh, uh, one pagers.

29:09Yeah. One pagers for the, uh, you know, for the procedure. So let's imagine we have, uh, executive management, like a C-level management and they need to use, for example, some kind of procedure. So of course, also let's imagine that crisis doesn't happen every day. It will happen as I mentioned it sooner or later, but it doesn't happen every day. So let's imagine that, uh, they need to, they need to, um, run the crisis based on some procedure and how they can start.

29:41So for example, uh, we can, in this case, we can, we can suggest to create, for example, one pager for, uh, for the customer, uh, how to overall react in the first hour of the crisis. Yeah. So they can see this one pager and, and, and I, and I think they can feel way more comfortable than, you know, they can look on the procedure, which will, which will have, for example, 30 pages. And, uh, let's be honest, they will not read it and they are not treated at all.

30:14Yeah. Because they are keen and focused on a very different area. Like a guy who is CFO and he will not look on the, uh, crisis, uh, crisis management policy. Yeah. Of course we have crisis manager. Yeah. Yeah. But overall the, um, the, the overall, the way of working, how to behave, what I can, uh, expect from the crisis manager, et cetera, et cetera. So we can create some kind of one pagers. Yeah. So, so this is something that, that, uh, one of the examples, yeah.

30:46What, which I'm, uh, where, where I'm helping the customers to, to, uh, to make it, uh, yeah, make it real. Great. And, and can you tell us a specific example, like, uh, one of your most, uh, challenging scenarios or what a simulation that you enjoyed a lot or that you felt very, uh, exciting to put together? I think that, uh, um, I can, uh, um, when I say that, uh, which I'm going to say will be not so maybe original or original, but, uh, every exercise is different.

31:28Yeah. Every exercise is different. And, uh, but of course some exercise are less demanding, more demanding. Um, I was, I, I had the exercises when, uh, there was a people who are not very, I would say, um, let's say, um, uh, who are not, uh, who, who doesn't like to be, uh, when, when we are asking the questions overall, when asking the questions. So it can, of course, some, uh, we can, we can show that, uh, based on the question, we can show that they have, uh, lack of some kind of knowledge.

32:04They need to improve something, et cetera, et cetera. And people doesn't like that. So do not, uh, and, and, uh, in this case, uh, we, I had the exercise when there was a kind of, you know, uh, argue on the exercises when the people, uh, didn't go and didn't, uh, well, uh, listened, uh, to the, uh, briefing and, uh, they didn't understand overall the, uh, goal of the exercise. Yeah. And it was very, I would say difficult to run the exercise, uh, when the, for example, some of the people doesn't understand the goal.

32:39So in this case, uh, it is very important to make sure that everyone will understand what we are going to achieve. The, uh, the, another thing is, uh, always the, the, the, um, I would say the most difficult part for me, the most difficult type of the exercises are the ones with the, um, non-technical, uh, audience. I would say I'm not the entirely the technical person. Uh-huh. I'm always saying that I'm the, I'm, uh, I'm running the management role, but I'm, uh, let's say, uh, semi-technical or I have technical awareness because I'm, uh, as I mentioned, I'm dealing a lot with the C-Search, for example.

33:19So somehow I'm adapting the knowledge from them. Yeah. And it is always very difficult to me to make sure that, uh, for example, the, the scenario shape will be, uh, I would say, uh, free from the technical, uh, stuff. Yeah. Because in my perception, from my perspective, it can be, okay, this is non-technical scenario, non-technical wording for, for example, that of course the customer perception might be different. Yeah. Yeah. And I know where, where, when I, uh, had a first exercise like that, I remember how, uh, how I struggling.

33:58Yeah. To get to the point when the customer was satisfied, but of course at the end customer is, uh, satisfaction is the key always. So it was, of course, at the end, we, we reached the point, we reached that point that customer said, okay, this is what I want. This is what we need to, uh, what we need to do. Uh, yeah. So I think this is the, uh, uh, that the, um, I would say most difficult part. And of course, also, uh, when we have the people, uh, and also when we have the, uh, let's say audience, when they are, I would say, arguing to each other, maybe not arguing, but the discussion is very dynamic.

34:40Uh, because of the injects, which I am, uh, adding to the crisis scenario, it may, I would say trigger some kind of, uh, I would say gaps, which will be, uh, which will be, um, let's say, uh, short, uh, which will be, uh, I would say, uh, highlighted in this case. So for example, one person might be not very happy with that. Yeah. And there might be some kind of, uh, you know, very tough discussion.

35:11Yeah. Which is also natural. Uh, yeah. So many, many, I would say, uh, challenges. So this is not that, uh, every exercise, every crisis simulation is very smooth. Yeah. I need to be always prepared that this build, this might be unpleasant, uh, discussion that people might be, you know, uh, might be, uh, mad. I mean, people might be not happy. Customer can have the, uh, the, the not very good day at this moment.

35:45Yeah. So I need to be, I need to also understand that. Yeah. We need to also take this into account. Yeah. The, the most important thing is to make sure that we will, uh, we will, I would say, uh, articulate. We will give the people, the customer understanding that we are on his side, on her side. Yeah. And we are helping and we are making sure that, uh, when the incident happens, when the situation happens and there will be a real threat and there will be less stress, stressful situation.

36:20Yeah. Yeah. So we are always on the side of the customer. Got it. Okay. Okay. Okay. Great. So this is going to be my last question for you today. And I always like to, to ask this question to, to the guests. So to wrap up, what advice would you give a younger version or your, of yourself starting out in this field? Uh, younger version. Uh, younger version. Uh, so, uh, I think that, uh, to start working with the crisis simulation and tabletop exercise, even sooner, I would say even sooner.

37:01Uh, to pay more and maybe not pay more attention because I'm always paying very big attention to the security incident, but always, uh, something like, uh, uh, based on the, every, I would say incident, which I. Uh, even I think forgot the scenario for the incident, the big cases. I'm also, of course, the biggest one I'm remembering and I remember, and also, uh, I'm creating this now based on this, uh, also situation. Uh, but I think there's a lot of, uh, I think, uh, security incident overall cases, which I meant it before, which I do not remember.

37:38Yeah. So if I, I think, uh, uh, uh, started, uh, the crisis simulation tabletop exercise, which I, of course I was not aware about this topic. It will, it evolves. Yeah. And then it was very dynamic, uh, a few years ago when I started. Uh, I was focused mainly on the incident response, uh, stuff. Yeah. So on the, on this, uh, security incident management. Yeah. So if I could start sooner, I think, uh, there will be much more scenarios based on the, uh, my experience.

38:14Yeah. But I think from the other hand, this is always a positive way. I have, uh, from the other hand, the, uh, have the, uh, I would say, uh, the bigger experience, uh, overall. Within the crisis relations. So from the other hand, when I'm, um, um, let's say, uh, having the, uh, some other cases like ransomware, uh, over the, uh, customers, which we are supporting. So from the other hand, I can also still, uh, have the different, I would say view the different, uh, mentality in term of the management of this, um, of the, of this extras of the, of this, uh, security incident.

38:52Because, uh, overall the, uh, tabletop exercise, uh, apart from overall helping the customers. It is also, it is, uh, I see this as a big value for me myself, because it is also helping me, uh, helping to, to develop myself. I would say, yeah, my, my, my, um, uh, I would say, uh, uh, uh, cooperation with the customers. The overall, uh, the, the, the, uh, the compassion, I would say.

39:25Yeah. Uh, for the customer. Uh, so in this case, uh, again, this is a good thing. Uh, good thing is that I know, uh, the staff right now from the other hand, I'm still the practicing the, uh, security incident management on a daily basis. Yeah. So still, yeah, I can, I can, I can, I can, let's say combine these two, uh, I would say these two, uh, superpowers, superpowers. Exactly. Yeah.

39:55And I think that, uh, um, based on synergy of these two superpowers, I think that, uh, I can create a lot of good things. Yeah. For the, for the, for the customers, for the people who are working with. Awesome. Well, Bartosz, thank you very much for joining us today, for sharing your knowledge. My pleasure. It's been fantastic to be able to pick in your brain and learn more about, uh, what you do. Um, thank you for sharing. Uh, I'm sure that the audience has really taken good note, uh, of best practices and how to approach this.

40:30Um, thank you. Thank you again. My pleasure.