Cybersecurity Is a CFO-Level Priority: Key Takeaways from the CFO Cybersecurity Bootcamp

I hope, everyone is staying somewhat warm and dry for those of you who are on the right half of the United States. I’m in New York City, and it is very cold and very snowy. Alright. Let’s go ahead and dive in. I wanna be respectful of everybody’s time. So thank you again, everybody, for being here. My name is Alex Berger, and I run marketing here at Ontinue. I’m gonna be your tour guide, as it were, through this journey as we unpack how to get CFOs and CSOs effectively on the same page about cybersecurity investments today. I’m gonna kick things off now and walk through our agenda. But before I do that, a couple of housekeeping items. First of all, we are recording this session, which is great. It means we’ll be able to share it with you afterwards. But if you do want to drop questions in the q and a or chat tabs, just be aware that we are recording. No problem on that, by the way. We do have the q and a and chat tabs open. Feel free to post your questions there. And we will be sharing the slides with links to specific resources as well at the end of the session. So don’t worry when we get to the next step sections. You do not have to take screenshots. We will be sharing that information with you as we go. Without further ado, let’s get into it. So first, we’re gonna kick things off with some opening observations that we’ve made about the changing perception of cybersecurity with respect to business. From there, we’re gonna talk to Andreas Seidl and Gareth Lindahl-Wise, Ontinue’s CFO and CISO respectively, about how CFOs and CISOs can align more closely to achieve their shared objectives. After that, our good friend Mike Wilson with Interlink Cloud Advisors will offer some practical advice to organizations who’ve made the jump into Microsoft. And he that advice is gonna look like and speak to how to strengthen your posture and improve the return on those Microsoft security investments. We’ll close out with some specific next steps and share with you a CFO cybersecurity toolkit that we’ve compiled so that you can really dive right in to building a stronger security posture and improving cyber resilience within your organizations. I do wanna quickly introduce where we’re coming from. If you’re not familiar with Ontinue, you may be asking yourself, who are these guys? Why should I listen to them? A really quick introduction to us, I promise. We are the leading MDR provider for organizations that use Microsoft security tools as the foundation of their security stack. Our SOC operates in a follow the sun model across seven locations around the world. And the reason this is important is because it allows us to attract and retain top talent, which is, as many of you are familiar, one of the hardest things to do in any SOC, whether it’s an internal SOC or a managed provider. The attrition rate in our cyber defense center is actually less than four percent year over year, something we’re incredibly proud of, frankly. But most importantly, in the three and a half years since we’ve been known as Ontenu, we’ve grown to over two hundred and fifty customers across DACH, the UK, and America. And in that time, we’ve learned a ton from our customers, some of which are here today. Hello to to all of you. Which brings me why we to why we wanted to do this session in the first place. This session was really inspired by the fact that we are increasingly seeing that financial leaders like yourselves understand that cybersecurity is no longer just a technology issue. It’s actually a business imperative. Let’s zoom out for a second. It’s, of course, well understood. Right? The business risks of a cybersecurity breach loom incredibly large. A breach is going to disrupt operations. It can erode shareholder value. It could damage customer trust. Just this past year, the FBI released a report that estimated cybercrime losses in twenty twenty four were were somewhere in around seventeen billion dollars, which was a thirty three percent year over year increase. But for CFOs, this isn’t just about compliance or IT budgets. Cyber risk impacts things like liquidity, margins, enterprise valuations. As of twenty twenty three, the SEC now requires disclosure of material cyber risks within four days, which means that this is a CFO owned responsibility. Ever since I’ve been in cybersecurity, which is pushing fifteen years now, avoiding the cost of a breach has been the strongest motivation for investing in cybersecurity. But as the topic of data security and privacy has become increasingly common and better understood, more relevant in the marketplace, we’ve observed a shift in this conversation. The ability to demonstrably mitigate cybersecurity risk is expanding from a cost avoidance conversation to a revenue driver conversation. And we submit that this perceived shift is not just ours, but is actually supported by data. Companies that demonstrate strong cyber resilience don’t just protect their data and their customers’ data. They actually differentiate their business. They attract investors, partners, and customers who value the operational maturity of their cyber program. And this is according to Cisco’s twenty twenty five data privacy benchmark study. If you haven’t had a chance to take a look at that, it’s actually a great study. I highly encourage it. The net of all this is that cybersecurity is now seen as a measurable signal of enterprise trust. And as a result, the role of the CISO has evolved from a gatekeeper to a growth partner. Now what does that mean for all of you as as CFOs? Well, first and foremost, this is a strong indicator that it’s time to start treating cybersecurity as a strategic investment, not just a discretionary expense. And there are there are ways to calculate the ROI, you know, ROI frameworks, ROSI frameworks to show how cybersecurity spend translates into risk reduction and business continuity as well as business opportunity. The second thing we can do is collaborate more closely with your CSO and CIO. Building a shared language for risk and outcomes is a really good first step. We’re gonna talk about that quite a bit more. But even practical things like participating in tabletop exercises is really important and really helps facilitate that collaboration. Because when an incident happens, speed and clarity obviously matter a tremendous amount. Third, we can strengthen governance and reporting, of course, ensuring compliance with SEC rules, compliance industry regulations like GDPR, and many others that are out there. More practically, we can implement phishing resistant MFA, vendor risk management. We can track metrics like cost avoidance, risk reduction, resilience benchmarks. We’re gonna talk about all that in a little bit. And, of course, we can also plan for continuity. Right? Validate that your cyber insurance coverage and financial contingency plans are are in place and and operational as well. Last but not least, and perhaps most importantly, I encourage you to seek out trustworthy partners whose operating model aligns to your success. Now full disclosure, this one obviously sounds well, first of all, it sounds obvious. It also sounds kinda self serving coming from a vendor. Right? But the challenge with this one and the reason it’s on the slide is really not, you know, to do this. Everybody wants to do this. It’s in how to identify trustworthiness in a partner. We’ve been asking our customers how they do this for themselves because, obviously, we wanna learn and grow from that. And here are some of the things we’ve heard. The first of all, trust is earned. It’s not given. And our clients like to push vendors that they’re evaluating to provide proof of their claims in the form of things like case studies, reference customers, metrics, proof points, things like that. But even more important than the proof points are the engagements that you have with your potential partners. During the evaluation process, how do they communicate and collaborate with you? Are they asking or telling? Are they asking about your underlying business objectives and the challenges to those objectives? And moreover, are they actively listening to your answers? Or are they just telling you what they’re gonna do and hope that it aligns? Do they feel transparent in their approach? You know, everything from the sales process all the way through to the solution execution itself. All of these things are indicators of how well that partner will interoperate with your business and ultimately understand your business. Because that’s critical if you want to connect the management of cybersecurity risk with business outcomes, like revenue growth, in addition to cost avoidance and reduction, of course. So now that you have these four bullets, you have what you need. Right? We can wrap it up here. Of course not. This is really hard, and we’ve been thinking a lot about what makes these four bullets so challenging for so many organizations. One of the things we’ve realized with the help again of of many of our customers is that to accomplish these four bullets, the CSO and the CFO have to be in tighter alignment than maybe they’ve ever been before. What are the business objectives of the organization from the perspective of the CFO? How does cybersecurity support those objectives and map into them? What are the metrics to measure that actually reflect whether the work being done by the CISO and their team is contributing to the success of the business objectives as understood by the CFO? And, unfortunately, while these two personas have shared goals, most of the time, they seem to speak different languages, which causes them to speak past each other and creates a lot of misunderstanding. So at this point, I’d like to invite Gareth and Andreas into the conversation to talk about, you know, how to how to mitigate this, what this really looks like. So first of all, welcome, guys. Hello? Hi, Alex. Good to be here. Yeah. Thanks for thanks for being here. So listen. When it comes to fixing communication challenges in any relationship, I found that the most effective tool is a really good therapist. So I am no longer Alex, your colleague in marketing, but instead, I am doctor Alex. I’ve promoted myself, your couples therapist for today. And as we’ve been discussing, we’re here because, let’s face it, right, this relationship between the CFO and the CISO can sometimes feel complicated. Andreas, your words, why are we here today? What’s on your minds? From my perspective, it’s making sure that the things that I know we need to do happen. So I’m looking to make sure the communication with Andreas is is effective, and he can support me with what I’m trying to do. That that really, for me, is the the main objective to to make sure I can position the good things that I’ve got planned into things that make sense to Andreas and and the company. So from my side, I’m I see the security budget just keeping growing year over year. So I need to understand what what do we get for it? What’s the ROI if you want to pick a financial term? Are we actually reducing risk, or we’re just spending more? How do these new initiatives that Gareth sort of keeps talking about help us grow the business or at least keep costs in check? And other areas maybe where we can be saving costs by being more judicious. So I don’t understand it, so I just have to take him at his words. That’s not the approach that I feel well happy with. I I hear you, Andreas. Right? So it both of you, frankly. It sounds a little bit like we have the classic case of sort of show me the value versus trust me. It’s critical. You know, Gareth, I how do you respond? Do you agree? Yeah. I think so. I mean so I would I’ve gone through the process of of selecting tooling partners that I wanna work with. So quite a rigorous process of making sure that I found someone coming back to the trustworthiness point that that should be able to do the job well. So, you know, I’m I’m looking at how we reduce risk, and that’s primarily where these partners are gonna be involved. So, you know, I’m looking at the operational metrics from the security’s perspective, which I know if we can achieve those are actually going to reduce risk. And I’ve got kind of costs associated with those, but that’s still not pressing Andreas’ buttons. I I could I could feel it from the body language somehow. You know, what what I’m getting excited about is not exciting him. And he’s you know, there’s something missing. And that’s that’s the bit that I I need to get over because Andreas is key to both the budget and also supporting me and the board. So I I need to that bridge needs to be crossed. This is simple. I just need to know if we invest in this, what do we get? You know? What’s the operational impact? Why can’t we do this in house and use all the massive tools landscape where everybody tells me, you know, this one tool, and then we are sort of done forever. Will it help me lower the risk of regulatory fines? That’s something that’s hard to plan for and then how to tackle that. So how does that relate to that? What kind of controls will this help us deliver and and be safe on that side? And any contractual impacts? Is this gonna be making things easier? Is it gonna reduce attrition in the company? And will this investment reduce the time it takes us to prepare for regulatory stuff? Customer audits have become a new thing well, not a new thing, but increasingly a thing. And and, obviously, does that make it easier and and less friction on the organization? Yeah. So this is where the the lexicon comes in, right, if you will, the shared language. It’s about taking sort of CISO level operational metrics and translating those into the sort of business metrics and business requirements that that Andreas has. And as you can all see, of course, I am sort of mapping this conversation out as we go to try to create this Rosetta Stone, if you will, between, you know, the CISO language and and the CFO language. So I will continue to do that as we progress the conversation here. But, ultimately, you know, you guys have sort of similar objectives. You’re just using different words. So, Gareth, you’re coming at this from a risk reduction perspective. Andreas, as a CFO, you’re thinking about this from a cost and investment perspective. You know, if if Gareth believes that bringing in a solution like an MDR tool, for instance, will be more cost effective than what he’s doing today, how would you like for that to be communicated? Well, without well, sounding like a broken record a little bit maybe, but he needs to talk me through the cost involved. You know, we’re talking CapEx and OpEx, what are we spending today, what cash implications does it have, And and and how does this whole thing develop over time if we make this investment now? So so one quick one quick question there. Are you willing how willing are you to work with Gareth on the creation of that that that model? Is that something that as you as a as a colleague of Gareth, you can you can sort of you can help him define? Address? I mean, I yeah. I I kinda hope so because I I can’t do it on my own. So, yeah, that’s I mean, if if this is if this is what’s needed, I I need some help in understanding how to pull the information together in a way that’s gonna help Andreas do what he needs to do because there some stuff on the slide already. It’s like, well, I can take a guess at what that is. I don’t know how that needs to be presented. So for me, early sight of what’s important from Andreas’ perspective is really key because at the moment, I couldn’t sit down and do it. And, Garrett, there’s more to the sort of cost avoidance side of things as well, right, from your perspective. You know, it’s not just about avoiding the, you know, the cost of a breach itself, but there there are other elements of cost avoidance as well. Yeah. And I I kind of struggle to know how to capture some of this, really. But, yeah, the the the team is suffering from, basically, overload at the moment. Too too much to do, too few resources. And, you know, they know that we’re in these conversations for more resource. But, you know, a key thing for me is is making sure that I retain some of these team members. And I think if we don’t do something like I’m proposing, I’m likely to lose some of these people. And then I’ve got all of the challenges of replacing them, getting new people, etcetera. So I I I know how to put that forward. I get all of that. So in that case, help me understand exactly how this impacts our existing budget figures and then what are current costs, additional costs, and what you’re proposing here. Also, costs and and and whatever new skills and capabilities we need to to to prepare for and, obviously, the cost around that. Yeah. I think I think this is one of those things that it’s you know, everybody sort of collectively knows that it’s it’s more expensive. It’s less expensive to retain talent than it is to hire new talent. Right? That’s that’s everybody sort of understands that. But actually being able to put the numbers down on paper and build the case for that is is something that sounds like it would be helpful in this part of the conversation anyway. I mean, listen. This is good progress. Right? You’re beginning to draw the parallels between each of your perspectives and align on the metrics needed to answer the questions about how a cybersecurity solution positively impacts the business in some way, shape, or form. But what are we missing here, Andreas? Is there is there anything else? No. But, ultimately, the thing I care about most is is our business and our business growth, obviously. So how do we sell and retain more business? This is the questions that I need to answer to my board, to my colleagues, and this is where I wanna relate things with what Gareth is asking from me. Yeah. Gareth, I mean, you seeing this you know, what is your perspective when you’re talking to customers about how they are starting to view cybersecurity in their businesses? Yeah. I think the the importance of cybersecurity is only ever increasing. But different solutions, how you go about choosing them, they’re very, very different costs to unpick And getting the right fit for what your business needs is probably the main challenge here. There’s no shortage of solutions and partners. But the ones that are right for you are far fewer. And I I think that’s that’s part of the the challenge that we need to unpick and get get the right fit for what we need to do at the right time. So I need your help tie this to things like customer retention activities, targets Yeah. Expansions into new markets. If we demonstrate how investing in cybersecurity into the solution, the tools that you want, how how this unlocks revenue potential for us as a business, Well, that’s first of all, that’s the holy grail, but that also makes it very easy to to take the next step then. Okay. I mean, I guess you’re telling me it’s not common sense. I guess it is from my point of view that I I kinda know if we if we’re doing this, if we’ve got these certifications, if we can demonstrate that we’re like this, then it’s obvious, isn’t it? But maybe that’s part of the lesson that it might not be obvious. Yeah. I think I think that’s I think that’s a good point. Right? I think we take some of these things for granted, and I know I know that I certainly do. Well, I I realize I’m playing a therapist at the moment, but even in marketing, right, I sometimes take things for granted in my function that, well, it doesn’t everybody know this. It seems it seems so obvious. But if you’re not looking at the world through that perspective, of course, it’s not obvious. I wanna try a quick exercise, Gareth. You wanna bring in an in an MDR solution. You know? Can you give me three bullet points for why Andreas should care about MDR? And Andreas, you know, likewise, I’d like for you to do the same for what you need from Gareth. Okay. So assuming that I’ve selected the partner I wanna work with as opposed to it just in general? Okay. So it it meets the security requirements we’ve got, and those security requirements support business outcomes. So for example, protecting revenue by not having breaches and protecting reputation by, you know, being seen as a good partner, not having breaches, not being in the news in in the bad way. That would be one of the the main areas. From a financial perspective, I can demonstrate that it’s more cost effective and quicker to do this with the route that I’m proposing as opposed to try and build it in house. So with the resources that I’d need, how long it would take to grow them and get it operational. But also, if I’m if I was focused on building it myself, there’s a ton of stuff that I can’t do. So I’m trying to support business growth, trying to support other activities and things. I wouldn’t have the time if I’m overseeing building this from the ground up as an internal capability. So they’d they’d probably be the the main things I’ve tried to talk to. You know, that’s already changed as a result of this conversation. I’m trying to lie in a little bit back to what Andreas has said. But at this stage, I think that’d be what I go for. So here’s my three, and some of which won’t be a surprise. Transparency is number one. Call it ROI. Call it metrics that we are tackling with this tool or the solution that we bring in. Then for me, important maybe is an assurance that we’re not just outsourcing risk, but manage it better. Who we work with is super important. This is, again, trust was mentioned earlier, not a light decision for us. There’s a financial aspect to it, but this is a partner we choose where risk is is is center of everything. And so we need to be careful about who we select, but then be also very strong in our opinion that this is the right partner. And finally, I need to see how the MDR supports our overall business strategy, revenue and reputation and growth. It’s also linked a little bit to what you just said earlier, Gareth. So a little bit closer already. So yeah. So, I mean, listening to this, right, you you’re not so far apart after all. And, obviously, that’s the theme of this whole conversation is that there is a shared there there’s shared motivations, shared objectives here. It’s all about translating the needs and building trust through increasing the communication. So as we bring today’s publicly aired therapy session to an end, one point I’d like to leave our audience with is that creating a shared business case for cybersecurity initiatives is a really good way to overcome this sort of language gap that often exists between CSOs and CFOs. It becomes a really good forcing function. This business case is almost always sort of underpinning everything anyway, but bringing it back out into the open and working on it together as a team and collaborating on it is a really good way to force these conversations out into the open and make sure you guys are aligned in the language that you’re using, aligned in the expectations that you’re setting. And, frankly, I would grant serious bonus points to to any potential partner who can help you build this business case along the way as well. So, Andreas, Gareth, thank you both for joining us today. Really appreciate it. At this point, I’d like to switch gears and introduce a new voice into the conversation. We have Mike Williams here from I’m sorry, Wilson, but let it slide. Mike Mike Wilson. Sorry, Mike. I apologize. This is how you do this live. Everybody. Yeah. Sure is. Thank you so much for being here, Mike. Over to you. Alright. Fantastic. No. I I appreciate it. And thanks everyone for for spending some time out of your busy schedule with us as well. So what I’m hoping to go through and do today, so my name is Mike Wilson. I’m I’m chief technology officer with Interlink Cloud Advisors. What I’m hoping to do today is to take some of the conversation that we’ve had already and try to make it a little bit more practical when we talk about how we go through and make cybersecurity investments. So again, just a little bit about Interlink. I’m not gonna spend a lot of time on this mostly so you have this in the slides that we share back with you. But Interlink specializes in Microsoft. When we talk to, like, our customers in a lot of organizations, Microsoft is typically the second or third highest line item in your IT budget, typically after the the people that are part of your IT teams and sometimes kinda competing with your ERP system. Right? Microsoft licensing is complex. We understand that they have lots of different programs. The products are changing on a regular basis. So part of what we’re doing today and part of what we do all the time with our customers is help them understand how to navigate purchasing the right way with Microsoft, getting investment back from Microsoft into your business, which we can actually do quite frequently, and then making sure that you’re staying on top of the latest sets changes so that way you’re not having to go out and seek all of that information. Alright. So I wanna try to make, like I said, some of this stuff a little bit more practical. And I wanna talk about kind of like how security has evolved. You know, the old security paradigm, right, was really what I what I would call the castle in mode method. And so this scenario, we go through and we invest in a set of IT assets. We host them in a data center, whether that’s in our one of our facilities or in a hosted environment. We put really good security perimeter around it. Right? Our castle and moat. We’ve got firewalls to go through and protect data that comes in and out. Right? We use encryption to go through and make sure that our data is secure even when it does leave our perimeter. We use strong passwords, right, to make sure that’s again, we’re trying to keep the bad guys out so they’re not able to access. You know? And then we’ve got a set of security protocols, our rules, and procedures to go through and and keep our environment secure. The problem that we have though, right, is that there’s gaps in security when we have that approach. Now some of that is because things have evolved. We’re using more and more cloud today. Right? Post COVID, we have people that are working from home. So what our security perimeter is has changed considerably over time. And then when you start to think about how attacks play out in the real world in our environments, okay, a lot we have to go through and defend in a lot of different scenarios. So what is very typical today for the most impactful breaches, which would be like a human operated ransomware attack. Right? We have someone that goes through and and either finds a target of opportunity or focuses intentionally on your business. Starts with either a phishing email or malware that comes in. A user maybe clicks the wrong thing. They go to a bad URL. You know, they infect their PC, or maybe they just go through and give up their credentials, allows for remote access. Bottom line is the attacker finds a way and and often email is the front door to get that done. You know, from there, the attacker they’re they’re not just launching an attack right away. So if you you rewind back ten, fifteen years, you know, you clicked on the wrong link and it would immediately start encrypting your files. That’s not what’s happening today. Today, they’re looking to go through and and and expand and drive a command to control infrastructure that lets them go through and launch the attack at the time for maximum impact. Right? So they’re using command to control that lets them go through and and have remote access to your environment. And then they’re looking around. Right? They’re looking to expand, their footprint inside. They’re looking to go through and compromise privileged account. They’re looking for where your backups are, right, so that they can do things like delete your backups, right, and then launch an attack that doesn’t just operate from the impact of the user who was compromised, but from a privileged account that has access to everything. You know, they’re also going through and lurking in the environment in a way that lets them go through an exfiltrate sensitive data, which becomes another vector of risk that we have to prevent. Right? If we go through and are not being seen as good stewards of our and our customer data, those are types of things that impact shareholder value. Okay. And so with that, what can happen here for a lot of organizations and one of the things I’m gonna talk about here is how we think about purchasing tools to help us go through and defend in these scenarios. Right? So one option is to go through and provide a set of tools here where I’m gonna go through and buy an email security tool. I’m gonna provide an endpoint detection, and response platform. I’m gonna drive an identity protection, tool. Right? I may have stuff to protect my specific cloud workloads and my my servers as part of that. And then I still have to go through and monitor and buy, you know, potentially buy a service like Continue to go through and and do all of that stuff. And again, the tool proliferation becomes a challenge then from an organization where, you know, I have to worry about do these tools work together or do they integrate? Do they work well? So one of the things that has been done here to go through and combat some of these changes that we’ve seen here is we start to think about security from this concept of zero trust. So what does that mean? It means that given sufficient time, okay, we we are gonna go through and have to deal with a breach or some level of cybersecurity incident that we have to deal with. And so our thought process is to make sure that first, we have to have business enablement. That’s gotta be at the top of the list. Business still has to be able to go through and perform all of their important functions. One of the jokes that I like to make is that I can build you a completely secure IT network. Right? It can be a single computer sitting in a Faraday cage in a locked room, right, with armed guards on the outside. It would be incredibly secure, but it would be of absolute zero use for our business. We’ve gotta make sure that business enablement stays at the center of everything that we do and everything that we deploy. Now okay. Assume breach. Right? What does that mean? Given enough time, security is not perfect. There’s always evolution between the attackers and the defenders and what’s going on. So we’re gonna assume attackers are gonna try to attack everything and that eventually they’re gonna have some level of success. Now that doesn’t mean that we’re we want that to happen. We’re obviously gonna take actions to go through and do it, but it means that we can take actions to do things like rather than having kind of that secure moat scenario that I talked about before, right, where once someone is inside my perimeter, they can kinda move, around without too much, impact, or our ability to detect them. We wanna take every single connection across all of our IT assets, whether it’s on our network, whether it’s in the cloud, whether it’s someone working from home, and we wanna verify those connections explicitly. Right? We wanna use a lot of telemetry to make sure that those are valid before allowing them to deal. So that means that even if we have one user that goes through and, you know, has their account compromised remotely, right, maybe because we have, you know, multifactor authentication or we have a set of rules that identifies an account that has been had their password compromised on the dark web. Right? Again, we can then go through. And even though we had that initial breach, we’re able to contain by making sure that we’re using a lot of telemetry to explicitly verify all those connections. The other thing that we wanna do is make sure that we’re using least privileged access. Right? And so what that means that when we’re going through and granting access to our tools, when we’re granting access to our data, we don’t wanna give people too much. And that means that when someone goes through and compromises an account, they’re gonna be limited in the content or the resources that they have access to. And so the goal there is that if we have an issue of any kind, we’re hopefully gonna contain it and grab it and block it sooner rather than later. And even if they do, we’re gonna limit the impact to our business, which is incredibly important. Right? And so, again, because of kind of the changes that we’re talking about here in terms of, like, what IT looks like at this point, right, we’re not trying to go through and defend the network anymore. We’re not focused on what is our security perimeter and how do we how do we go through enable that. We wanna make sure that our users are capable of being productive anywhere they’re at. So the goal is really fundamentally enable secure productivity on any network. Now what tools do I need to go through and do that? Alright. So there’s gonna be a test on one at the end. So I I hope you go out and get your notes and start no. I’m just kidding. Right? I don’t I don’t expect anybody to go through and try to absorb this. This is intentionally an eye chart that I’m looking to to go through and and frankly scary a little bit with. But it gives you an idea here. This is Microsoft, which again, big the number one security company in the world at this point. They are the largest in terms of their investment. They’re the largest in terms of their security sales. They’re the largest in terms of an amount of security telemetry that they process through their footprint on Microsoft three sixty five, their footprint on Azure, and don’t forget their consumer footprint with things like Xbox and Live dot com and things like that. Right? But this becomes a reference guide for the types of things that need to be in place to go through and protect your environment. Right? And so I I I do this again not to scare you, but to give you an idea of the number of things that are available, whether it’s through Microsoft or other vendors that we have to think about, what do we have to have in place, and how do we go through and integrate them? Alright. So so practically, how do I buy security as a CSO, as a CFO? Right? I wanna go through and be thinking about what is my security TCO? Right? What are the give me the cost of the tools that I’m gonna invest in? Most of those are subscriptions these days, so it’s typically OpEx and not something that we’re seeing as a onetime investment. Right? What does it take to go through and get those tools in place? If I’m replacing an existing tool, right, is the the cost of the deployment, right, enough to go through and offset either the additional security, reduction of risk, or the cost savings that I get with that? I’ve gotta think about those considerations. What does it take for me to monitor, maintain, and support those technologies going forward? You know, does any of this stuff impact my business? Right? Is it gonna go through and slow things down? Right? I may not have a choice to to go through and reduce risk, but, you know, as I think about tools, some of them may do a better job of supporting the business with less with less friction versus a different set of tools. And then, obviously, I wanna think about the cost of a breach. The more that this that that the investment in a set of tools does to reduce the cost of breach, the more return on investment I see in those scenarios. Couple other things that we wanna go through and think about. Some spending is gonna be mandatory. Right? It’s it’s a yeah. There’s a government regulation that says I have to go through and do this. I I have to go through and implement certain security technologies for my cybersecurity insurance. So things like multifactor authentication, which as recently as ten years ago were kind of an optional best practice only high security organizations. That’s pretty much mandatory across the board these days, where we have to have that stuff in place. If you have EU operations, I have to comply with GDPR. It’s not an option. Right? So, obviously, it’s gonna have some level of of where you’re at, what the industry is, but some spending is gonna be mandatory. But although I still may have some some ability to direct what set of tools I invested in that space. Right? But my ultimate goal is I wanna try to go through and invest to match the risk plus the impact of a breach. If I think a breach might cost me three million dollars and I have a one percent chance of of doing that, right, then that means that I would be willing to spend up to three hundred thousand dollars to in to to go through and mitigate that breach. The challenge though from an organization is how do you quantify that? How do you know what security isn’t is enough? There’s no way to formally go through and do that. So I have to make the best guess that I have and and try to drive, like, the best set of security tools kind of in that space. So when we’re we’re also thinking about security, it goes back to what I was talking about there before. Right? So two two kind of paradigms that we see for around tool deployments. First is best of breed, and this means I’m gonna try to look for for each of the areas that I’m gonna make an investment. What is the very best tool in that space? Right? I’m probably gonna pay a premium because I’m I’m buying what I perceive as the best. I’m gonna end up with point solutions that cover one area because my goal there is not to buy a suite, it’s to buy individual tools that are the best at what they do. And then I’m gonna have to take the time to integrate them to work together. You know, the the other side of the paradigm is to go best of suite. Right? I’m gonna look at a set of tools that are that come, pre integrated, that work together, that are more comprehensive, which typically is gonna be less expensive overall. Now they may be less capable at the same time, but that was where, again, the the conversation there between the CFO and the CSO. CFO is saying, hey. I would prefer best to suite because it’s less expensive. The CSO’s job is to make sure that the CFO can be confident that the tools are still capable of doing the job in that scenario. Alright. So Alex promised that we were gonna talk about Microsoft because that, again, is kinda like what we’re here might both on Tinuum and Interlink specialize kind of in the Microsoft space. But what I love about Microsoft is that their approach is exactly what we talked about here where we’ve got a comprehensive set of tools that work together out of the box at a very attractive price point, which again, when we think about security, nobody has infinite budgets. This is a way to go through and maximize where our investment goes. Alright. So so Microsoft, you know, as as part of that, they’re driving a lot of continuous innovation as well kind of in the spaces. And so you can see here as we go through and look at kind of, over twenty twenty two to twenty twenty six, they’re continuing to add things into their, suites, that that have come out as well. Actually, this is not the right order. So I’m gonna go through and reshare here. Bear with me just a second. Made a couple changes while we were, watching here, and it didn’t reflect in, the presentation here. So alright. So we’ll come back on here. Alright. So a lot of the focus on the conversation today has been around threat protection. So what Microsoft has done with their Defender XDR platform is to go through and provide a set of tools that work together to to to prevent those types of human operated ransomware attacks that I mentioned before. So I’m not gonna go into a lot of technical detail on here, but Defender for Office three sixty five focuses on kind of that front door giving us enhanced email protections. Defender for Endpoint, helps us go through and and protect our endpoints where we may have malware that’s executed things like that. It lets us go through and do automated incident response or isolate a host, so that an infection doesn’t spread. We’ve got tools to go through and protect the user identity, both in the cloud and on premise. And then even to connect up to other software as a service like, again, Microsoft three sixty five would be part of that, but it could be things like Salesforce or Google Cloud or Box dot com. But but, again, most of the common tools that are out there are supported by that. So it kind of extends our security perimeter kinda into that space. And all of these tools work together out of the box, which is nice. So if I find malware in email through Defender for Office three sixty five, okay, it can then go through and automatically identify where I may have malware that had been downloaded to a desktop using Defender for Endpoint. Right? So from the perspective of an administrator, right, we’re able to go through and save time from an incident response. We’re able to save time and and ultimately, overall lower cost of ownership through the ability to manage things more tightly together. Click forward here. Alright. Okay. So this means that we’re talking about unified incident management. I don’t have to log in to four or five different portals to go through and manage things. I’ve got everything together with all of the signals correlated into a single platform and product, which is really nice. I’ve got integrated vulnerability management. Right? So this is again a tool that organizations are typically buying in addition to their threat protection platform. And this is around identifying where I have vulnerabilities and applications that have to be remediated, as part of that. So, again, this comes as part of kind of this platform. So it’s a value add where I’m not having to go buy another tool to get that done. I’ve got attack simulation and training. This is another thing where I have to check the box for cybersecurity insurance. I mean, I should be doing this, but it’s it’s again one of those things that I would term as mandatory at this point. And, often we see organizations investing like tools like Knowbefore. Microsoft stacks up really well in this space from an attack simulation and training standpoint. And and, again, that’s a way to go through it, kinda save money while still providing, a a service that goes through and checks that box and is good. And they’ve got the potential to do multi cloud protection. So with the set of tools, it’s it’s something that works in on premise data centers. It works with, you know, people that are on our networks working from the office. It works with people that are, connecting remotely over VPN or working from home or working from the coffee shop down the street. And it works with other platforms. Right? So if I’ve got resources that are on Microsoft Azure, Amazon Web Services, or Google Cloud, right, we’ve got a set of tools that lets us go through and provide comprehensive kind of protection in-depth. And interestingly, Microsoft has the most single party protection for workloads of any vendor that is in the space these days. And so the real world impact of this, Microsoft did a study here kinda looking at working through Forrester Consulting, kinda understanding if I go through and do this vendor consolidation strategy and I go through and kind of invest in those set of tools that work out of the box. Right? Typically, we’re seeing some pretty significant vendor licensing cost consolidation. As an example, I I’ve worked with customers who are running CrowdStrike plus another set of tools. And so you can essentially kinda kinda go through and put together kinda apples to apples, the same set of Microsoft technologies to the same set of technologies from CrowdStrike. Microsoft can provide pretty much the same set of capabilities or better in most scenarios at about a half to one third of the cost when we’re talking about apples to apples. That’s significant vendor license, cost consolidation, and we see that across pretty much every player in the security space. We see improvements to threat investigation and response. Right? So because we’ve got an integrated set of tools, one dashboard, we’re able to respond more quickly, which means again that we’re reducing risk for our business. Right? We’re reducing the risk of a material breach by having the set of tools in place. It also means that, again, because we have, one of the most common set of tools that are in the industry now, and people are very familiar and comfortable with Microsoft environments, we see a reduction in the amount of time to onboard new security professionals. So it’s easier to go through and hire and retain talent in that space. And again, Microsoft is is investing in a lot of tools to drive automation, continues building things on top of that to make it even better. Right? But again, if we’re trying to do some of that stuff herself, the tools that they have here are reducing the amount of time to do some of the security tasks that are done repeatedly in a much faster and better way. Now going back to, you know, the that that challenge here between, you know, what is the cost? Where is my best value? But are the tools good enough? Right? So I can tell you the Microsoft stuff’s great. I mean, I’ve been working with this stuff for thirty years. I remember when Microsoft was a bit of a joke, as a security organization, that’s not the case anymore. But you don’t have to trust me. So Gartner and Forrester are out there doing these impendent validations. And if you look at specifically just the endpoint detection and response, this is the, you know, protecting my PCs, protecting my mobile devices, my servers, and things like that. Essentially, it’s Microsoft and CrowdStrike and then everybody else at the very top here to the far upper right of the Gartner Magic Quadrant. But if we look at how these tools work together, okay, that extended detection and response platform, you see that Microsoft is far and away to the upper right compared to everybody else. And that’s where you see them start to differentiate versus other companies that are in the space like CrowdStrike and SentinelOne, and Sophos, that are in that space. And so and when I buy, kind of these tools, I mean, I’ve got the ability to buy some of these things independently, but most commonly, you’re gonna get this stuff as part of the Microsoft three sixty five platform, typically with an e five license. And so with this, you’re seeing not just, this this set of tools. I’m also covering other areas of security. I’m covering my identity and access management. I’m talking endpoint management, My information data security, which is incredibly important in our our AI world. Plus a lot of the productivity tools that we’re probably already invested in and already using on organizations. So if you start to think about, again, what is that total cost of ownership expanding beyond just IT? Okay. Again, we have a comprehensive set of tools that work together, out of the box where Microsoft is an is an enormous differentiated solution kind of in that space. And as I mentioned before, Microsoft’s continuing to add value into some of these suites. And so we are seeing some price increases going live July first, but we’re also seeing that dwarfed by a bunch of new technology being rolled into the platform. So if you’re working on Microsoft e three or e five today, you’re gonna see new functionality come in, which again, a lot of times includes either gaps in your security solutions or a place where you may be investing in another tool where you’re gonna be able to have cost offsets that go with that, which is pretty awesome. So from a practical standpoint, you know, what what Interlink and Ontenue do, is help customers kind of, again, deploy the Microsoft stack and then manage it on an ongoing basis and maximize your ROI by reducing your your risk of a of a bad outcome. So get a couple couple scenarios just to go through and share as part of that, that we’ve worked on together as part of that. But one, we had a customer, about seven hundred users. They would have been using Sophos, for endpoint protection, and had their managed detection and response. Now the challenge for them was that Sophos was just taking telemetry from the endpoints. They weren’t getting data from the email. They weren’t getting data from the identity. And so they wanted to go through and upgrade to Microsoft e five, and leverage kind of that consolidated tool set. But the challenge was if they did that, they they would have to switch MDR platforms. Right? So we were able to work to go through and help them get, the e five and the security stack, fully deployed to their environment, and then onboarded them to on Tinue, okay, using Microsoft Sentinel and their SIM as well. So in the end, what was the outcome? Significant cost savings, right, by not having a disparate set of tools, improved visibility into their threats, and then improved, ultimately their their overall, detection response capability. You know, I’m I I will admit I’m being a little biased here, but I think continue backs it up, in terms of, them being kind of the best in the industry, especially when we look at them, focusing on the Microsoft platform. Another scenario, very similar because you’re gonna hear a lot of the same here where, again, you know, tool consolidation, cost savings, better responsiveness, things like that. That’s really kind of the pitch that, you know, we’re we’re we’re kinda bringing out there. But, you know, another organization, two thousand users had been using Rapid7 for a number of different services on that one. They already had some investment in Microsoft three sixty five e five. And for these guys, they they wanted to be able to go through and and have, a managed detection and response service to do to go through and and handle the twenty four seven, to go through and and, you know, ultimately, kinda do a lot of the low level stuff while still being able to go through and collaborate in the process. So with that, we were able to, again, kinda make sure that they had kind of the full deployment, of the tools that needed to be in place. And then from there, as Ontinio went through and deployed their solution on top of that to go through and manage, they were able to go through and set. Again, on Tinyu works really well kind of within the Microsoft stack inside of teams. So they were able to set up like a solid set of rules of engagement, around what on Tinyu was gonna handle versus what would be escalated to, the customer’s internal team as well. It’s pretty awesome stuff. So, Alex, I’m kind of at the end of the slides here. I know we talked about some next steps and things like that. Is that am I presenting that or are you presenting that? Yeah. So I have some next steps. I think you have some next steps. You wanna present yours, and then I can flip to flip to back to my deck. Sounds great. Sounds great. Cool. And, again, any questions here, please feel free to put them in the chat. If you’re if you’re thinking of it, just a reminder there. If you’re thinking it, someone else might be as well who would love to go through and kinda answer those, for you as well. So one of the things that that we help customers with here is is looking at where you’re at today from a, like, Microsoft’s, investment standpoint and making sure that you’re using just the technology you already own. Whether it’s e three, it’s e five, it’s something else, from a combination standpoint. We take the time to kinda take you through an in-depth review of the licensing and then demonstrate the features and functionality. So often this is me jumping on the phone with you. We’re gonna do demos live from our environment so we can show you how the tools kinda work. As part of that, discuss how you are, using the tools or not, in some cases, and then how to go through and get the value. So again, no cost to to you if you wanna go down this path. Please reach out to us as a follow-up. Happy to go through and kinda take you down that path. If you wanna look focused specifically on some of Microsoft’s threat protection technologies, often we can go through and help customers with getting investment from Microsoft to get this done. Microsoft has versions of this for threat protection around Defender and their Sentinel platform, and then also for the Purview platform from a data protection standpoint. And then we’ve got a, again, we we with all of this stuff we go through and coordinate with, continue on next steps, things like that. So you don’t have to worry about who’s supposed to do what, things like that will work out and make sure that we support you together effectively. And then one thing I do wanna share with you, little little off topic here, although I think everybody’s worried about, AI these days. We do a lot more than security. And so we do have a webinar coming up on February tenth, Copilot chat and agents updates. That’s a super fast changing area of technology. So we help bring you that information so you’re up to date on the latest and greatest. So, Alex, I will turn it back over to you. So thanks so much, Mike. I appreciate it. I’m going to go ahead and reshare from my side just to bring us home here. Do let me pull this on. Perfect. Okay. So fantastic amount of content from from Mike and the team at Interlink, close partners of ours, really the best in the business in terms of, you know, helping to orchestrate, navigate, deploy, and and tune the Microsoft environment. And that technical, you know, that technical depth that they bring to the table combined with the business acumen to sort of help you navigate the the craziness of the Microsoft licensing world is critical, right, and is is a big part of the conversation we’ve been having. We, of course, approach that from the managed side. So, you know, as Interlink does their work, we come in and and Mike’s success stories really highlighted this. We come in and help you extend that into, you know, day to day operations ongoingly. So what’s next? As we wrap the wrap up the session, I wanna quickly recap some of the takeaways from today. First of all, cybersecurity investments aren’t just about avoiding costs. Right? They help you grow revenue too. Keep that in mind. To ensure you’re making the best investment you can, the CFO and the CSO should team up on a shared business plan. This helps avoid the language gap trap, align on the positive business objectives you care most about as a company, and provides a shared set of metrics to evaluate success from the outset. Things like the envisioning session that Mike was talking about are a good way to help include some of the details into that plan. Pro tip, and this is exactly what I’m talking about, ask your potential partners to help build this business case with you. Their ability to do so collaboratively and transparently is gonna provide you an opportunity to evaluate whether they really are a good fit for your business and and, you know, and also evaluate their trustworthiness in general. Once you’ve made an investment, find the partners who can help you maximize the ROI on those investments. Now to help keep the conversation going, we’ve pulled together a bunch of resources from Gartner, McKinsey, and other experts at building business cases that we think are useful. So if you’re looking for some in inspiration about how to do this, these are some really good assets. Again, we will send these links out to you after the session today. Additionally, we are also help happy to help you templatize some of this and create that lexicon translation, you know, between CFO language and and CISO language and metrics. So feel free to reach out to us for that. In addition, we have a very similar offering to Interlinks in terms of our security strategy review. This is a no cost consultation services team where we sit down with you, understand your challenges, understand your objectives, and then help you build your business case around that. You know, as Mike said, we work very closely together with Interlink. It really doesn’t matter which of us you use for this piece of it. Ultimately, this is all about us getting deep into your business, understanding what you’re trying to accomplish, and aligning your security program to those those ultimate business objectives. That’s what it’s all about. So with that, I just wanna thank everybody so much for joining today. We look forward to seeing you again on another CFO enablement session and to continue this conversation in the future. Thanks, everybody. Have a great day.