So

do you wanna, it might be easier for you to manage, or you're invited to be here, for Governed by Risk. When we talk about technology, most of the focus a lot of times goes to the tools, the code, and the quick wins. But the truth is, none of that sticks without governance. Governance is the fuel that keeps the engine running. It is actually the work that we do to deliver value for our customers. And also we want to deliver it in a manner that is safe and secure and also sustainable. And in the landscape that we are in now, Risk is everywhere. So governance is that guardrail that lets us move fast without falling off the track. So think about you're driving on a road and on a bridge. And if we didn't have the guardrails, we will be chaotic and we'll drive off that road. that bridge, right? So I'll get started with the first question. And anyone, feel free to answer it, or a few of you. And basically, my question is, when you hear the word governance, what comes to mind first, paperwork or protection?

We have a mic. We can kind of pass along if anyone is interested in kind of joining

in the discussion. Yeah. When you hear it, what does the word governance mean to you?

Ah, there you

go. All right. So when it comes to governance, I feel that protection has got to be the biggest priority when it comes to... Especially when it comes to people's personal data, because... We live in an age where it's very easy for people to get access to people's personal data, whether they want to or not. Data brokers, just general breaches in data protection, it's way too easy. So we need those steps to protect that data in question.

Yeah. Anyone else?

So when I hear the word governance, I think of opportunity because governance normally comes along with regulation. And so when I think of regulation, I think of opportunities for moneymaking, essentially, for bubbles to be made and for people to sell software to help enable compliance quickly.

Yeah, yeah, I like that. Mr. Sean in the back as well. All right. I don't necessarily have a great answer, but I just want to. participate when i think of governance i think of like data governance and i think of uh that uh that thing where it's like if you have a file that is not owned by you but you can use it it's like drg or i don't know someone else here probably knows what i'm talking about but uh drm is that it yeah that's what i think of cool that's my answer

Well, did anyone else have

anything to add? Digital rights management, I guess.

Thank you guys for sharing your thoughts. And by the way, I think it's really not funny, but a little bit ironic that protection and opportunity are mentioned in the same concept. And as someone who has ran a club of over 300 people before, I think that governance does have the potential for both protection and opportunities. They both need to be aligned. In other words, regulations. But what it really is, I think, is a culture that people decide to make out of it. So, I mean, I don't know too much about the coding culture, but I know that there are people who hack and there are people who don't hack and think that it's the most horrendous thing in the world. And I think that there's a battle between different cultures for what governance should exactly be like, and it's important for us to consider that from a realistic personal, person-to-person point of view.

Yeah. Well, I want to jump in really quickly here because I really appreciate the engagement and the feedback, the answers you all have provided. Just so that I want to maybe level set a little bit When we first came up with the idea for this conversation, at least from my perspective, and I cannot stress this enough, there are no wrong answers. What I'm thinking of when I specifically think of governance is really this idea of oversight, the ability to understand and see what's going on, right? See how the sausage is being made. And to your points, all of you, right? There's opportunity there. There's money-making ability there. There's regulatory need that exists within that space, right? All these things have to exist as components, right? of governance right there it's almost as if these are things that come as a direct result of being able to have that oversight

yeah speaking to your point mr johnny um our own groups need to govern themselves well as well uh one of the uh when i founded this group a year ago it's because i had been kicked out of the code and coffee group and the reason was because i'd introduced the constitution and bylaws And that had so offended the self-proclaimed executive of Code & Coffee nationwide that he, without asking anybody, without following his own articles of understanding, simply revoked my access to the meetup and to the Discord. So the sharing of these permissions, I think, is a very practical need that governance has in our small groups like this.

Yeah. And, you know, I think it's really important. We really can't have the conversation about governance in a true capacity that we intend to have that conversation without talking about things like accountability, right? And Julian, to your point, I think that's exactly what I hear when I hear you describe your experience. Even separating that specific scenario, just looking at the elements of that experience, right? You have a codified document that states, here's how we expect for people to interact or behave within the space. You have an individual or a group that then looks over that as a steward and to ensure that it is being carried out in the spirit by which it was created, right? Which is effective, we're talking about from a government perspective. And then, of course, you know, the resulting of that was the accountability or potentially lack thereof within that scenario, right? So I think these are all interconnected concepts the same way that risk is an interconnected concept within that as well. So I think it's really important as we move forward through our conversation to frame out that understanding of what governance is, like from a very high level, because everything that everyone has shared is absolutely correct. And I think it's going to help to shape how we perceive not only, you know, coding and DevOps, but cybersecurity and technology as a whole. Yeah. So a couple of things, you know, I've got a quick checklist here of items that I wanted to personally discuss. And one of them was just this, right? It was understanding, you know, how are we thinking about governance? What does this mean to the conversation at a whole? And then the other thing that I think it's really important to discuss is In a scenario where we find ourselves, and it doesn't matter what industry you work in, it doesn't matter what you do for a living, you could be, I don't know, slinging coffee or slinging code, right? Like it doesn't matter. Governance is always going to be a part of everything that we do because ultimately we're trying to create a product. We're trying to deliver a service to a customer or customers. And ideally we want it to be something that is sustainable and or repeatable. In a scenario where we don't have governance, what does that look like? What are the kind of challenges that we typically find ourselves experiencing when it comes to situations where we don't have governance? I'm going to put it back to you, Julian, because I really want to get your take on that. Have you ever been in a situation where, for instance, maybe at work, where You're working on a project or maybe in your personal life where you've been doing something within your area of expertise and you've noticed a significant lack of governance. And what were the

outcomes? I would like to speak on this for a little bit. So Marcus, I met at the TechUnity event this past summer, and Marcus also spoke at DevOps Columbia. So I've got to know a little bit about Marcus's expertise on policy, which, as I said, I think is really important. I have a couple notes here for situations that I've been in a professional environment that could have used a little bit more oversight. For one, protection from insane CEOs and business people. They are a special class of people. Think Sam Altman or, to put it lightly, Sam Altman or the guy from Microsoft, Bill Gates or Steve Jobs. These are kind of people who are insane in their own way. And it just comes with their genius, I guess. They are not always hip to cybersecurity. For example, at my last gig, my CEO, he was very, very paranoid, but wound up getting a phishing scam pulled against him. It's unfortunate. It's unfortunate. It's unfortunate. And I wish them the best. But when I had set up the GitHub, as a coder, I wanted to make it very permissive. Anybody who comes on as a startup should effectively be, in my view, something like a full-stack engineer, should be able to see all the code. My CEO at the time kind of reasonably wanted me to, well, just wanted to restrict it, so divide it into front end and back end, which would have me break up the mono repo. See, I didn't really want to do that, but it would have been nice at that time to have a security expert either to back me up or otherwise, if they were to decide the other thing, I could say, well, at least I did what I could for the coders. There were a couple other situations where I wish I had a security and policy expert to kind of protect us as the employees also against snap terminations, which is a very unfortunate and very real part of our industry right now. You wake up one day and you try to log into your computer and for no reason at all, with no explanation, you can't get in. And then somebody might tell you you're fired. That

happened to me at Intel. And you feel like you're the insider threat. And all you've been doing is trying to protect the company all along.

Yeah, there's a lot of bad energy out there, so I think that's why we need some governments. Also, these policy people, they're really good at understanding the business ends and kind of translating between us as coders. I'm representing all the coders tonight. Translating between us and the business interests and kind of keeping us safe from each other. Also, cyber attacks, and there's phishing, but also there is this... There's this technique called spear phishing, which is where, in addition to, so a phishing scam is when you pretend to be somebody that you're not, like Microsoft. I saw one meme earlier today that had R-N-R-O-S-O-F-T. So it looks like Microsoft because it's the R and the N after each other. Why

are you misspelling the trick?

Or Google with the Slavic O. The Cyrillic letters, right? The Cyrillic. And those are phishing attacks. Spear phishing is where they actually study you as a person because they know that you're a high-value person and then target these phishing attacks to you. So it's Um, something that a security advisor should be present to at least try to help ward and anybody can fall for him. You know, anybody can fall. I fell for a phishing attack. All right. It was two and a half years ago. They got my Instagram account. They tried to post some Bitcoin on it. some kind of ad. But I got it back. I was quick. I was savvy with it. I got it back. But phishing can really happen to anybody. And it's good to have a security person there for that. Also, with respect to governance, especially as it relates to cybersecurity, we have two big principles. The separation of duties principle, which we know in the U. S. is checks and balances, which keeps one crazy person making from making impulsive decisions that wreck your whole company and you as you know as the people who aren't going through this um you're not what we're not really being berated by marketing the same way that these people are so we can think a little more clear-headedly i guess but basically if you if you put all the um and the us took this approach as well in separating the executive from the legislative from the judicial if these things the separation of duties principles applied within your company I would say it's probably going to be more stable. The last privilege I'd like to introduce is the least privileged principle. We coders hate it. Cloud people like it. It's the least privileged principle. It means that when you're doing, I guess, well, Marcus, I still don't really know what you do. We can get into that. We can get into that. So what the heck is it? DCISO anyway. Let me get to the least privileged principle. AWS is big on this. I'm an AWS certified solutions architect associate. AWS says you should give people within the cloud. Imagine these big IM systems. Marcus knows all about them. And you make all these roles. I don't get it yet either. The users have the roles, but the roles also have the attributes involved. And you don't want to give people access that they don't need. And that's kind of a liability thing that I'm sure Marcus could tell us about.

So you make a lot of really good points, and I'm going to bring it back to the core of what we started off this little bit of a conversation about. And we're talking about what happens in a scenario where you don't have governance. where you don't have the oversight. And everything that you're mentioning really aligns with that very, very well. And to kind of even segue off that a little bit while still staying on point, you mentioned it, you know, that's my area of expertise. I'm an identity security professional. I kind of don't like to use the word expert. It's a personal... Pet peeve of mine, but I am a professional in that space. And, you know, the things that you're talking about, right? You're talking about separation of duties. You're talking about the principles of least privilege. You're talking about role-based access and defining a role and giving it the access based off the attributes, et cetera, et cetera. We can have a whole conversation about that by itself. But to just keep it simple for right now, one of the things I will say is that even from a more practical standpoint, like if we just completely erase the Any of the technical jargon that typically comes along with the work that I do specifically, it's about objectivity. Keeping it simple, it's about objectivity. If I'm the person that you're hiring to build the safe for your bank, you don't also want me to be the person who sets the combination for the safe of your bank. And to be honest with you, I don't want to be that person either for a number of different reasons. Number one that comes directly to the front of my mind is in a scenario, where there is a lack of governance and something does happen, I don't want to be on the top list of suspects. Liability. Exactly. I don't even want to be considered as a person who could potentially have just the right level of what we call toxic access traits, right? That would allow me to be able to both have the means and the what is it, the means and the, there's a legal framework. Opportunity, yes. The means and the opportunity or the desire even, right, to take those kinds of actions. And so that's one of the things that we really want to be mindful of when it comes to understanding the framework of governance and how it actually applies from a more practical standpoint within any spaces that we work in. Because these are not just protections for the business. They're protections for each and every one of us who has to operate within the parameters of said business.

Yeah, yeah,

yeah. That's it. So VCISO, Virtual Chief Information Security Officer. Uh-huh,

uh-huh. That is a thing. It is a real thing. I promise it's not like Santa Claus. It does exist.

Kind of like a fractional CTO or a fractional CSO.

Correct, correct. There are some organizations, and I'm sure we're all familiar with this business model, where sometimes organizations exist in a space where they may be growing or they may reach the element of growth where they're not really interested in growing any larger than they are. And so they can't or they don't want to justify or there's a need for them to not have a full-time CISO on staff. However, they still recognize the requirement and the need to be protected in a way that a CISO can offer protection. And that's a lot of times where you'll see a vCISO kind of showing up and providing those specific services. So they're going to be able to provide And CISOs, this is a very interesting concept even as well, because you have some CISOs that are more business focused, right? They focus on the day-to-day running of the business, the budgetary needs of the business from a technology and cybersecurity perspective. And you have some CISOs that are very much come from a background of you know, that security focused mindset, they are very much, you know, I won't say in the weeds because that that has a whole other meaning to it. But they're they're very tapped in on the security needs of the business. And so they can they can provide a lot of informed data points on how the business really should operate, given the specific goals and objectives that the business has in mind. These are objectives that are completely separate from security. And if you have a CISO or VCISO who's really proficient in their job, they're going to be able to take those business objectives, those things that the business wants to achieve from an enterprise perspective, And they're going to be able to tie it back to the security requirements that the business would need to meet or satisfy as a means to then drive forward that growth. Awesome.

Yeah. Quick question. Yeah. Could you say V stands for virtual?

Correct.

Correct. What

does that mean in that context? So it is a... It's a bit of a shorthand. So they'll say V virtual, as in virtual CISO, as a way to kind of reference what they call a fractional CISO, or essentially a part-time CISO role for an organization. Not much different than what you would see with a smaller business or organization that uses an MSP in a similar kind of capability set. Yeah, no problem, absolutely.

Correct

with an asterisk Absolutely, 100%. There are a lot of scenarios where these vCISOs could also be fully remote as well. It's one of the elements that offers that level of flexibility for not only the business, but also the virtual CISOs who are providing that service.

Quick question. Yeah. So that CISO is also considered, sorry, is also considered a fractional executive position.

Correct technically in the C-suite because it's got

chief in it technically Are they also allowed to represent other companies being that they are fractional do you know that

yes I do and in fact most of the the VC shows that I know and even myself included within that group there are oftentimes clauses in the contracts that we sign with the organizations that we support and Because a lot of this really is hinged upon strong, effective communication above all else. And I want to tie that back into something you said a little bit earlier, but I'm going to finish this comment first. When you are approaching an organization and you're letting them know of your capabilities to offer that as a service, one of the things that you do not want to go unsaid is that you will be providing them a service, you will be able to deliver to all of their wildest expectations, and you will also be supporting other organizations. Now, therein could create some level of risk that both the organization that you're supporting as well as yourself have to evaluate. You may find yourself in a situation where you might want to pursue an opportunity with an organization that is in Opposition to the one of the organizations that you're currently supporting. So these are all things that have to be considered. It's it's not unlike Working in in the the legal space, right? A lot of times if you speak to a law professional, they have to do a conflict jazz. I Right? That to ensure that there's no conflict of interest. And that, I'm going to use as a perfect segue to talk about something you brought up a little bit earlier, which is the elements of separation of duties and the principles of least privilege. I'm only going to touch on this because I think there's a much bigger conversation that I would love to have about those specific things. But when I talk about the objectivity that comes along with having separation duties and principles of least privilege, that also kind of goes into it, right? You want to make sure that inside of that objectivity that you are able to maintain through separating those duties out and through having, you know, only an individual having the level of access that they explicitly need, that you don't introduce any undue conflict of interest as a result, right? For every organization, that's going to be a little different though, right? So For each organization and even each team within the organization, the level of access someone may need is going to vary depending on the needs of the business. So yourself as a developer, you may need wide swath access to something, right? It doesn't mean that because we have separation of duties in place and principles of least privilege that you shouldn't have it. You absolutely should have it because we need you to do your job.

That's

why we need to work together. Absolutely. It's about how we deliver it to you. It's about how we disposition that level of access to you. Once again, I'm going to stop there because I can easily see it going into a very different rabbit hole.

For the sake of the audience, I'd like to let you know that Marcus, as a policy nerd, is very familiar with NIST standards on cybersecurity as well as FedRAMP. And I believe has participated in bringing companies to the authority to operate.

Correct. Correct. Correct. Correct. And those are just some of the control frameworks that operate. I mean, there's countless others, including NYDFS, PCI DSS, SOX. Yeah, so there's tons of them.

The Sarbert-Oxley Act.

I'm

sorry?

Yes, I have. I absolutely have done some CMMC work, and that is a very big conversation. I would

love to

talk to you about it. Yeah,

absolutely. Absolutely, absolutely. Everybody find you a policy nerd. Can I move on to some of my statements? So kind of wrapping up statements. Yeah, let's do it. So some notes from the community. Rest in peace, Pavel Leper, who was murdered two years ago yesterday. She was the founder of Ecomap Technologies. And now the Pavel Center, formerly Fast Forward U, the Pavel Center at Johns Hopkins is named in her honor. Also, a note of, well, Code Collective is a bit of a political organization, so we do have our own set of politics. I felt, it was me for a long time, I felt that the H-1B program was too big and that it was to our detriment as U. S. employees in the tech space in the U. S. because we couldn't compete with cheaper labor. Yesterday or two days ago, Trump signed an executive order claiming he nukes the program. What it does is it puts a $100, 000 fee on people filing for new H-1B applications. So there's still 730, 000 H-1B holders working in this company, primarily in the IT space, but theoretically that should slow down. I'm considering, I'm personally considering, can't speak for these two, but I'm personally considering this a win for the US tech worker. Finally, and we have, if you'd like to see more of what I've called our advocacy or our politics, they're on the website. And like I said, I'll have to clear all those by these guys. It's some pretty wild economic stuff. Pretty wild stuff. Y'all don't know what you signed up for. And one final note, Code Collective offers the version control basic proficiency certification. So this is what I consider to be some of the most fundamental learning that you have to have to work effectively on a team. This is something that I will be introducing to people who are not coders. I haven't discussed this with you all before, but I think that this would help us to come to an understanding on GitHub. And GitHub has its own set of permissions, which I'm sure you'll love setting and digging in. They have very deep

menus,

and it's not very intuitive. GitHub version control basic, it's the version control basic proficiency. I've done here, I've done it at Baltimore Indie Game Devs, I've done it as far as Nigeria, virtually. and um i think our indian friends would appreciate it as well um and that's it that's all i've got

yeah yeah that's awesome um so one one thing i did want to point to you know you mentioned about the uh the training that you're providing to be perfectly honest with you i i um i imagine even sessions like this being very well aligned with exposure And to some level of training. I'll just speak for myself. When I was coming up into the space that I'm in now and even predating working in cybersecurity, a lot of the knowledge that I gained was through being able to just participate in discussions or at least be able to observe discussions between industry professionals and their experience. I think there is a lot that can be gained just from being in the room where it happened. And I really appreciate all of you for joining us here this evening, taking time out of your busy schedules. You could be anywhere else in the world right now, but you're here with us and I can't thank you enough. All right, do you have some closing remarks, Gia?

Well, why don't we kick it to another question for the audience? Yeah, let's do it. Okay, so, all right. So if you had to pick one, would it be speed or stability? Which one do you think your organization values the most right now?

That's a good question. That's a great question. And, you know, I'll start if anyone is interested in kind of like jumping in as well. There is a saying that someone shared with me not too long ago, and they use the analogy of vehicles and brakes. They said, you know, oftentimes people think that brakes are in a car because, you know, people want to be able to stop. And they shared with me a very interesting take, and I really, it blew my mind. They said, brakes on a car, not because people need to be able to stop, it's because people need to be able to go fast. And brakes offer that level of assurance that you can go fast safely. So to your question, G, I think that's an excellent question. I think in my mind, at least, I'm kind of curious to get everyone else's thoughts as well. You know, in my mind, I imagine that they are two vectors that intersect on the same plane for the business.

If anybody wants to come up, I can vacate my seat as well and you can get on the video.

I had something to say, but I don't know now. I'm still looking for work. I think with most things, you kind of got to choose your battles. So in many cases, like especially people involved in the AI space right now are working their behinds off to push as fast as possible and stay competitive. So obviously, security will be in the hindsight. Personally, I come from working in security operations centers as an intern. To me, it's really important that we have the guardrails there and in place so that when stuff does go bad, inevitably, whether from a phishing email or from a poorly implemented JavaScript PHP plugin on a WordPress site or what have you, that we're prepared to handle that gracefully and minimize impact and minimize outage because obviously the reputational damage, the potential for that is just as damning as a poor product release or a slow product release or no product release at all.

Yes. I think in a word, catastrophic comes to mind.

Unfortunately, that's only if we live in a perfect world. Considering how many companies prefer, like, I want this out by this day. I want this operation done by this date. Yeah, you can tell that stability isn't going to be on any of their minds. They want to get it out as fast as they can and make as much money as they can, regardless of any sort of security risks that may incur. Yeah. Or

deficiencies in the project. Quality assurance problems. Quality assurance. They will willfully be willfully ignorant of that.

Yeah, and I've experienced that on some of my programs in the past as well. I won't name the company, but yeah, just introducing new technology, it needs to be done in a responsible way, not just about the bottom line. Because at the end of the day, we want to be proud of... what we're building and we wanna make sure that it's scalable as well as sustainable for it to be future proof, especially with things that's being built around AI. It may sound cool and may look like we're making progress, but at the end of the day, if it's not interoperable, especially like, and also in a quantum space, then everything is in its own silo and then it ends up costing more money to the customers. And then they're like, hey, how come this situation is not working? And Marcus and I, we always talk to you about companies creating things on purpose where it's not interoperable so that they can keep using the system as a cash cow. And we should not be in the business of constantly fixing broken systems. solutions, we are supposed to want to innovate and compete with other nations, and that's how I see it. Also, in terms of AWS, I

also... Our favorite cloud provider.

Yes, hopefully we can have them as a sponsor. Yes, but with AWS, I've had instances where when two teams the cloud team and the developers are not in sync with each other there's all these new servers being spun up and it's causing more issues with cost and that at the end of the day it goes to the consumers or depending on who the um who the output is for it's also our tax dollars that it's just being wasted so i'll stop there and i think there's somebody else that want to add to this Does

this thing work? Victoria.

It's actually being...

It's wireless. I'm actually going to play devil's advocate a bit. I'm kind of a believer in fortune favors the bold. Yes, in the sense that when it comes to just trying to push a project for the sake of trying to be the first one and trying to try to make as much money as possible, then I don't really agree with it. But I also think that when you're the first to do something, tech is always about who hops into it first. I think everyone recalls a moment in time back in the day when if you knew HTML and CSS, you were... You were looked at as like the next Mark Zuckerberg, right? And like now that's not the case. But I think the people that hop into things first and they try, fail fast so you can be better, then I think you have a leg up. Because I think sometimes, especially like small startups, right? I have a startup that I'm trying to do. If I kind of spend too much time on trying to have everything picture perfect before I launch, I'll be behind because there'll be a new... Now there's a new thing and there's a new tool out there and somebody's beat me to it because I was kind of just taking my foot off the gas. Now, obviously, it's kind of nuanced. It's a gray area, I think. Some stability is important and also it's a good balance to have speed and stability. So... I think that's just my own thing. Even with AI, even people like cybersecurity, people who hack, it takes time for you to even learn the vulnerability in the first place. You don't know what's vulnerable if it's just fresh off the market. That's why I say I value speed. as opposed to stability, because you're always, tech is always going to change. It's always a race. So it's just, I think it just matters your intention and how you operate your business or your startup or your organization. So that's how

I see it. It's a fine balance. Yeah, balance.

Yeah, balance.

Yeah, latency is everything. Getting out there, being the first, that sounds great. But that's why governance ensures that all of the right key players are in the room making these decisions, like PMs, product owners, as well as the coders, the cybersecurity. You have multiple perspectives creating that governance. And then you can all go to market at the same time speaking in alignment instead of just, oh, like for example, on my team, it's always sometimes coders are not understanding the importance of a PM who understands the business case that the customer wants to prioritize, and that has to be quality as well, because it could ruin the company's reputation. So I have a great appreciation also for people who push innovation, coders, and solution architects like you, so congratulations. So yeah, it's a fine balance, and governance is that thing that is going to keep us all in alignment, so with that.

Well said. A couple notes since you brought up Mark Zuckerberg.

Oh, no. It was a

joke. I'm sorry.

The either the current or the past motto of Facebook was move fast and break things, which to which I've seen the retort move slowly and fix things. But that's kind of in line with your point of moving quickly.

Yeah. But ultimately, though, I agree. Right. Having good governance, even if you do push more speed over stability, if you have the foundation, then everything else will kind of fall in place. So I'd still agree.

I like your take, and I will say this in support of your position. Because once again, I don't think there's any wrong answers here at all. Because these two things are separate vectors on the same control plane, there are always going to be scenarios where speed is more effective. than stability because you can still maintain a certain level of speed while not sacrificing stability. And there are going to be scenarios where you find yourself where in order to go fast, you have to go slow. Right. So I think it's all about understanding your appetite for risk, understanding what's what you have to lose as a result. And sometimes what you potentially have to gain is worth it. So I don't think these are decisions that any one person can make for any other person. I think these are all deeply personal decisions that we, even as we work for other enterprises and businesses, we're there to help them understand the complete scope of what's possible versus trying to tell them, here's the right way to do it versus the wrong way to do it. So I definitely appreciate your take.

Thank you, thank you.

So why don't we have some final thoughts from you both, and then I'll close us out here.

Yeah. So we're in Guilford Hall. Thank you, Guilford Hall, for having us. This is the luxurious cigar lounge. You can smoke in here if you'd like until they kick us out, I guess. Our friend Joe has moved on to other things. So Guilford Hall is looking for a general manager who has experience in the hospitality industry. This is really a happening spot in Baltimore and would be, I think, a great opportunity for an energetic person who wants to be part of the heart and soul of Baltimore. So if you or a friend is interested, I can introduce you to Josh, who's the acting general manager now. They've got probably 150 people upstairs for trivia right now. So that's why they're not coming in to check on us, I think.

Yeah,

we could bring the whole trivia team. We might do that code trivia. And that's all I

got. I'll

just say as a final note, it's been an absolute pleasure to be part of this community, especially as a newcomer to the community. City of Baltimore, I feel like I've been greeted with open and warm care and affection. So I thank all of you. I thank you specifically, Julian, as well. And I really am greatly appreciative to be part of this work that you all are doing and even be representing Well-Secured IT and be able to co-sponsor some of these events. This is something that I've always held near and dear to my personal heart, just being part of the community and wanting to give back. So that's it. That's my final note. And

yeah. Great to have you, Marcus. I wanted to say the bottle cap was invented here.

Okay, and also thank you Julian for having me be a part of this group and I'm new to Baltimore. I've been living here for about a month and a half. Thank you. So this time finally, this is the last closing statement I have. So at the end of the day, governance isn't about slowing us down. It's about making sure that every risk we take is an informed one. And if we stay governed by risk, interoperability, sustainability, as well as coordination, we just don't keep the lights on. We actually can build a future that is stable, secure, and worth believing in. So that's all.

That's it. Awesome. All right. Thank you all for coming.

Thank

you.