The Logic of Deny by Default: Building the Ultimate Security Guardrail

AI is obviously it's got potential to be used from a defensive perspective, but it also has potential to be used by an attacker as well. Current estimates are somewhere about 560,000 new pieces of malware released every single day. Lots of them. I saw estimates of about 40% of them are either created by, enhanced by or augmented by AI. And the question is then, how do you possibly keep up with that level of new things being released every single day? Welcome to Cult Products, a podcast by hi EIR Digital. I'm your host, Phil Keaney Bolland, and on this show we sit down with the founders and leaders shaping the next wave of cybersecurity innovation. You'll hear the stories behind how they found their first customers, defined what made them different, and built products that earned a loyal following in one of the toughest markets on earth. Let's dive in. Hi everyone and welcome to another episode of the Cult Products podcast. Today I am joined by Rob Allen. He is the Chief product officer at ThreatLocker. Welcome to the show, Rob. Thank you. Good to be here. It's great to have you here. I think it's always nice just to start these conversations with a little bit of the story of how you got where you are and some of the things that kind of made you. So could you tell me a little bit about your journey into cyber security, please? Sure. I spent 18 plus years working for a MSP IT company basically in Ireland. So fairly significant proportion of those 18 years were spent trying to clean up after ransomware attacks, particularly towards the end because it was getting worse and worse, more and more prevalent. So the way I like think about it is I went from cleaning up after ransomware attacks to helping organizations like the one I used to work for and others avoid being the victims of ransomware attacks. So it was a pretty well. Well, I'm not going to say it was a logical progression, but it was a pretty logical progression that I was really, really, really, really tired of ostensibly doing all the right things and ostensibly helping people be prepared, but still waking up on a Monday morning to a phone call from a customer going, I can't access my things. So as I said, I went from that side of the fence to this side of the fence, which is helping people avoid it happening. That's great. So I guess, is it, when you think about the kind of ransomware attacks back in the day, are there any kind of notable ones that stand out? Talk about. There was one that basically changed the game for me and it was actually quite ironic because it was the Last one I dealt with before I came to work for Threat Locker. So it was literally the Monday of the week before I started working for Threat Locker. As I mentioned, one that finished you off. Well, I'm not going to say it pushed me over the edge, but it was very much an eye opening one. So prior to that incident, prior to that case, it had pretty much been a cleanup in virtually everyone that we had done. So it was always a case of, well, look, restore from backups, get them back up and running and go about our day pretty much. Some of them would take a couple of hours, some of them might take a couple of days. We had to restore from online backups, all that kind of stuff. It was fine, it wasn't a big deal. Generally speaking, that particular incident started like most of them started, which is I got a call at 8 o' clock on a Monday morning saying I can't get into my things. I got logged into the system, realized pretty quickly what was going on, managed to shut it down relatively early. So it was lucky because the company actually had organization or parts of the organization in the U.S. they had parts in Canada, I think the attackers, who are probably Russian based, had kicked it off of what they thought was the middle of the night US time, but was actually like 7 o' clock in the morning Irish time, which was lucky. So we shut it down. I think in the end one or two servers got encrypted, but it was nothing that we couldn't recover from relatively easy or easily. The thing that did stand out about this one was the ransom note that was left behind was different to anything I'd seen previously. And it wasn't just the pay us X bitcoin and we will give you a key to decrypt your things. It was we have stolen one point something gigs or, sorry, one point something terabytes of your data and if you don't pay us by this date at this time, we are going to release said data. And that was the first time I've ever seen that type of, I think they now call them double extortion attacks where they don't just encrypt your stuff, they steal your stuff and threaten to release it. Now that's a standard practice now pretty much with every ransomware attack. I mean, there's very few ransomware attacks that are just encryption. They're always, we've stolen your stuff and we've encrypted your stuff. But that particular incident, that was the first time I'd ever seen it. And as far as I was concerned that was a complete game changer because it had gone from being something that is easily fixable through backups and recovery and all that kind of stuff to something that, well. And the customer literally said to me, do you think they have our data? And I was like, I don't know, I can't answer your person a perfectly reasonable question. Now, in that case, I don't think they did. I think it was more threat or hollow threat than anything else. But still, that was the thing that worried that customer more than how long is it going to take us to get back up and running the mess and thinking about what the solution is. Tell me a little bit about threatlocker. What really makes Threat Locker unique and has it helped you feel like you're tackling some of those challenges? It's probably the most common feedback. I lucky that I get the opportunity to speak to lots and lots of customers. Because we do lots of events, I have the privilege of speaking at some of them. So I get the opportunity to talk to a lot of customers. And probably the most common positive feedback I get from people is you help us sleep at night. And that means the absolute world, because it means that not only are we doing something that is beneficial to people's businesses, we're also doing something that is fundamentally beneficial to people's lives. So that pretty much goes without saying. That is the best and nicest thing that anyone could possibly say to me and to us as a company. We worked the company now for pushing five and a half years, joined in 2021 in the height of COVID which was an interesting time to move jobs, but it has been unbelievably exciting, incredibly rewarding. The fact is, we are. I'd like to thank a cyber security company like no other. Threat Locker as a company works on a very different principle, a very different approach to everything that's out there. And fundamentally that approach is one of deny by default and permit by exception. So if you think about cybersecurity for the last 20 years, they all effectively work on the same principle, which is trust but verify, which is I'm going to allow this thing to run unless I know it to be bad, or I'm going to allow this thing to happen unless I know it to be bad, at which point, hopefully I'm going to be able to detect it and respond to it. That approach fundamentally has been proven over many, many years not to be effective, or at least not to be effective all of the time. It's effective most of the time, except when it isn't. So that's why the approach the Threat Locker takes, which is, look, we're not going to allow everything to run just because we don't know it's bad. We're going to allow what's required to run and no more. So it's effectively a complete 180 from that traditional approach to cybersecurity. It's not dependent on detection. It is about controls. And once you get your head around what we do and why we do it, it makes perfect sense. Why would you allow every conceivable application to run on a machine in your environment? If you only need 20 or 40 or 50 or 100 different applications to run, why not just let those 20 or 40 or 50 or 100 applications to run and nothing else? So it solves so many problems by just applying that logic, that control solves the problem of new malware, unknown malware, zero days. Everything that comes from having to detect everything that's bad goes away. All of those complications goes away. All of those trying to constantly keep up with everything that's happening on a day basis, it just goes away because you are blocking everything that isn't required by default. And you mentioned you've been there now for, I think you say, coming up to five years, the business must have changed. It's been growing consistently, consolidating position in the market, all those kinds of things. And I imagine just what it feels like as a company to work for now versus when you started must be very different. Can you tell me a little bit about the journey that you've been on and what your place in that is? When I first came over to the office with maybe 50 people in the company, I was like, oh, this is a big organization. I dealt with many people on Zoom, but I'd never actually met most of them. But that was obviously back in 2021. Today, I think we're about 750 staff. We've just bought this new building that we're. I'm sitting talking to you and right now, because we were basically running out of space where we were previously. And that's happened twice over the last four years. But the growth has been phenomenal. The number of customers we protect has increased exponentially. I mean, I think we're currently somewhere about 65,000 companies around the world are protected by Threat Locker. And As I said, 750 staff. So the days of knowing everybody, when you walk in the door, unfortunately, very much gone. But at the end of the day, we are still. Even though scale has increased. We are still basically the same company at heart. So we have, we applied the same principles, we still move broadly speaking, like a startup. And that's something that's kind of instilled on us from above. So Danny Jenkins, our CEO is, I hate to say this in public, but he's basically a genius and is very much the inspiration and driving force behind the company because he is quite frankly the brains of the operation. But his work ethos, his or his work ethic, his ethos, his body believes in, fundamentally filters down from the very top to the very bottom. So whether it's people are working in support, I mean, one of the things that our customers are most familiar with is what's called our cyber heroes, our cyber hero support. So one of the things, and again, as a X msp, I know what good support looks like, I know what bad support looks like. I mean anybody who's ever logged an urgent ticket with Microsoft and has somebody come back to them three days later knows what I'm talking about. I mean, we have a 60 second response time on our cyber heroes and that's something that we feel very strongly about and something that came directly from Danny. Fun factor, fun side story is Danny actually there's an urban legend that Danny used to have an alarm that went off in his house, in his home if a chat went above 60 seconds. So basically, if somebody was waiting more than 60 seconds for somebody to respond to them, an alarm would go off in Danny's house. Now I'm here to tell you right now, that is not an urban legend, that is not a myth. It is true. He used to have an alarm that went off in his house if a chat went over 60 seconds is a really good example or illustration of how strongly we as a company believe in giving good support or providing good support to our customers. And I suppose when you say we still move like a startup, what are some of the tangible examples of that and how is that possible at 700 people? Well, there's a couple of different aspects to it. I mean, the first is we are lucky. We are somewhat unique because of the approach that we take, which is that deny by default. We're not like an antivirus or an EDR where we have to detect, detect new signatures or behaviors or techniques or tactics that threat actors use because generally speaking, by denying by default, you don't need to respond quickly to those kind of things. It's not as if we have to detect them because again, are not dependent on detection. But that isn't to say that for example, I mean, when I joined the company, said five years ago, there was effectively three parts to what we do, three core products or three core modules to the product. I think at latest count it's about 15. We released two new things which we may speak about later at Zero Trusted World this year. We released three products last year at Zero Trust World. The year before, I think there was two. The year before that there was another two as well. So while the core of what we do hasn't changed significantly over the years, we are always looking to A, add to the portfolio of things that we can offer, the boxes that we can tick for people, but B, we are always striving to make what we do as easy as possible, as attainable as possible, as manageable as possible. So if we can spend a little bit of dev time, meaning somebody can do something in one click rather than three clicks, we will absolutely do it because it makes the user, the administrator and threat locker experiences better. That's just a couple of between new products and also refining and improving the products we already have. We move fast, basically, just as I said, like a startup. I've been very lucky because I actually do still to this day spend quite a bit of time with customers as part of for a variety of reasons, since when I joined, primarily because we didn't have enough people at the time, I ended up effectively working as one of our solutions engineers out of the office in Dublin. And that basically gave me the opportunity to deal with customers on a daily basis. So I'd be getting on calls, I'd be helping them get everything set up, getting them secured, making sure they've no problems. And I keep doing that or continue to do that to this day. So there's still still quite a number of customers who I'll deal with on a daily basis. As I said, I'll also talk to people at events, boardrooms, getting feedback from people as to what they find easy. But in reality, what's actually almost better for us is not only what they find easy, but what they find hard. What is difficult about it? What are the challenges you face on a daily basis and how can we fix those problems? So it's interesting that you might think that positive feedback is the best thing that you can get in a position like I have. But to be perfectly honest, negative feedback is almost more useful because it gives us problems that we can solve for people. It is interesting you've done quite a few different roles across operations, product sales, so I suppose you've got quite a good view of how all of these different things can connect and the impact that they make. What do you think? Because that's, I suppose, a relatively unique perspective. What do you think you've learned by working in all those different bits of the business about how they should all slot together? I suppose it is something that if somebody only works in a certain part of the organization, if all you are or all you're doing is sales, and you see sales your focus, you see, and likewise solutions, engineers, likewise product, likewise operations, I mean, it is very easy to get pigeonholed and just think about your own part of it. One of the things that we do, obviously, and the example of Danny with support is a relevant one, but we do try to make people aware of the bigger picture. It's actually. So another thing that we still do to this day is we do basically monthly company calls. So everybody in the company, and it's now, as I said, upwards of 700 people who are on that company call. And something that goes back to literally before I joined, is that we will do a. We tell everybody what's going on with the company. We'll tell everybody that's going on with the product, we'll show them improvements, things that have changed, that kind of stuff. But one of the really interesting things is we do what's called a pitch off. And the pitch off was born before I joined the company. But it was one of the things that I had to do after I joined, which was that Danny had been in a elevator with a salesperson for another company, said, oh, what do you do? And they weren't able to tell him what they did. Or he, at least by the end of the elevator journey, was no wiser as to what they actually did. So that basically out of that was born the idea of the pitch off. So everybody in the company and everybody who joins knows this is a thing. But everyone in the company basically can be called upon a company call in front of 700 people, where Danny will either say, look, well, what does Threat Locker do? Or what does this aspect of Threat Locker will do? And they have to explain it as best they can. And again, it's a really good example of what, like, it's not that relevant, you might argue, to somebody who's in finance to be able to explain what the company does, or to somebody who's in some other area that pick an area of the organization. But it does focus everybody's mind on understanding what we do as a company. Because fundamentally, what we do as a company is what pays everybody's wages. So I just think it's another relevant example of where it's more than just what you do. It's about what the company as a whole does. And that's at random every time you have one of those. Completely random. Normally somebody new, not necessarily always somebody new. Could be somebody who's been with the company for five years. Could be somebody who's been, you know, with the company. Company for two weeks. A completely random. Just two names get picked out, right? Tell us what X parts of the solution does or tell us what we do as a company or whatever the case may be. But as I said, it was something that I was, I'm not going to say subjected to, but it was something I was subjected to when I joined the company originally. It's something I was very much worried about. And again, that was in front of 25 people. I wasn't in front of 700 people. But basically everybody now knows what to expect. They know that you may be called upon at any given time to explain either as I said we do as a whole or what a certain part of what we do does. So everybody tries to learn and understand that and explain it in a 30 second elevator pitch. I'm picking up on this and I this a lot. The culture at Threat Locker sounds sounds pretty unique. There's definitely some things which we've just spoken about I haven't really heard about before. If you were thinking just again about those founders who are listening to this thinking, I really hope I get to where threatlocker is in 5 years time or however long that takes. What are some of the other things that you think have been really, really essential within the Threat Locker culture to growing the way you have? I'll speak to some extent to my own experience in the past. So the company I worked for before marketing was never really a thing. To be perfectly honest, I have no idea how we ever got new business. It was primarily word of mouth but marketing basically wasn't a thing. And if we ever did it, we dabbled in it and we always came back with the conclusion that it doesn't really work. One of the things that I become more and more aware of and more and more appreciative of is the fact that our marketing team are amazing. They're absolutely rockstar, are absolute rock stars and again they are allowed to be so they are encouraged to try things. As I mentioned, events are kind of at the core of what we do. And we do, I think over a thousand events a year at current count. And our approach and again this comes from the top down, but our approach has basically always been to attack these things with gusts though, basically to go big or go home effectively from a marketing perspective. And that's been incredibly, it's been an eye opener for me, but I think it's been incredibly important in how the company has grown. I've had friends who've worked in other, won't say smaller companies, but maybe similar companies or smaller companies and they're taking their first steps into, you know, we're doing a little bit of, we're doing X event for example, you know, how what do you think of it? Or how would you recommend it? And again they're always on a much lower scale than we were would be doing now. But the fact of the matter is we would always have been doing it effectively at the scale we're doing now, even when we were much smaller as a company. Because as I said, that attitude of, or that approach of go big or go home from a marketing perspective has always been a thing at the Rat Locker. We've seen Figma's stock get hit, we've seen Palo Alto's stock got hit by some of the things that they're doing. It feels like a lot of the conversations I'm having have shifted slightly from how do we differentiate from the other competitors in our space to how do we make sure we're differentiating from the large AI models. And there's got to be a bit of a story there because everybody's expecting at some point people will have the alternative, well, we can just build something with agents or they'll release a specific tool that helps address some need in cybersecurity and there'll be a lot of hype about it. It'll be amazing. All of those kind of things that we're all having to live with on a day to day. How is that affecting your role in product at Threat Knocker? The first sort of part of the answer to that question as and if you were, when you were at RSA recently, you will have noticed that basically almost every booth have got some mention of AI or agentic on them. And it's obviously a lot of people are trying to hitch their wagon to the AI train, so to speak. It's interesting. So AI from our perspective it presents a massive opportunity to us as a company because AI is obviously it's got potential to be used from a defensive perspective, but it also has potential to be used by an attacker as well. And there's so many different examples of this. I mean this Last count or current estimates are somewhere about 560,000 new pieces of malware released every single day. Lots of them. I saw estimates of about 40% of them are either created by, enhanced by, or augmented by AI. And the question is, then, how do you possibly keep up with that level of new things being released every single day? The evidence would suggest is you just can't. So that's why the approach that we take, the unique approach that we take of denying by default is so important and becoming more important by the day, as far as I'm concerned. So, as I said, it presents us with huge opportunity to differentiate ourselves from all of those companies that are out there that are trying to attach themselves to the AI bandwagon. I genuinely believe that that is how we set ourselves apart. It is almost unique in the market, but we experimented with using AI to categorize unknown websites first. So we basically get an unknown website, we'd give it to an AI tool, and we'd say, look, tell us what that is according to these different categories, it got it right somewhere in the region about 85% of the time. About 85% of the time, we got it right. 15% of the time, we got it wrong. And we'd need a human being basically to check those results and verify. Now, one of the most common questions that we get asked is, why don't you use AI to decide what to allow and what not to allow in threat locker? And 15% wrong. If we were to apply that same logic, 15% of the decisions whether something should be allowed or not are as good as bad. That will be catastrophic. 50% miscategorization of malware basically, would be catastrophic because all of our customers would be wiped out by ransomware pretty much overnight. But the way I try to explain it to people is anything greater than 0% is less good than default deny. So default deny basically is going to block everything. Okay, good, bad, doesn't make any difference. Malware, ransomware, we're going to block all of that stuff. Anything, as I said, greater than 0% is less good than blocking everything, which is why we won't. Where we draw the line basically, is we won't use these tools to make decisions about what's good or what's bad, because anything greater than 0% is going to be less good than default deny. I mean, obviously things are moving quickly, and even in the last couple of months, it has basically gone from, oh, my God, if we're speaking specifically about agentic stuff. So, oh, my God, are these agentic Tools running in my environment. I mean, I literally have had customers go to us is openclaw running on any of my computers? And my answer to them was, well, did you explicitly allow openclaw to run? No. Then it's not running on any of your computers. But with what, particularly what anthropic are doing with Claude code and cowork, etc. It's gone from I don't want any of these things to run. And look, Default Deny takes care of them running. If you just don't want to run these tools, Default Deny is going to block all of them. I mean, antivirus isn't going to block an agentic AI tool from running, nor is ED or. But if you want to block them, then Default Deny takes care of that. But what we've entered into over the last probably two, three months is a situation where it's not that we want to block these things running, is that we want to allow them to run safely. And the safely is a really important part of that. And it's actually really interesting because. And something we haven't even mentioned thus far is we have a. Effectively, we have a solution already to that problem of allowing things to run safely, which is we have product called Ring Fencing. So part of what we do, we look at application control holistically is probably a bad way to describe it, but we see application control as being more than just walk and run and what can't run. What can run and what can't run is basically what's going to stop ransomware from running. It's going to. What's going to stop malware from running, it's going to stop remote access tools, I shouldn't be allowed to run from running. But equally good things can be misused. So tools like PowerShell, Command Prompt Reg Serve, all those things that are on people's computers already as well, called living off the land. They can be weaponized, they can be misused. So we developed a technology many years ago now which is a thing called Ring Fencing, which is I want this thing to run, but I don't want it to access my files. I don't want it to reach out to the entire Internet. I don't want it to, you know, access the registry, whatever the case may be. So we effectively. It's like a firewall around an individual application, as I said, designed five years ago, six years ago, long before agentic AI was a thing. But the cleverness about it is it's exactly the solution that's needed for these agentic AI tools. Which is I want this to run on my computer, but I don't want it to be able to access my finance share, my management share, my, you know, network shares, my documents, any of those locations. So effectively it's denied by default, permit by exception, but for access to data and to the Internet. So using ring fencing you can allow these things to run safely. And that is what companies are, if they haven't come to that conclusion already, they will be coming to that conclusion pretty soon, which is these things are valuable, these things can make us more efficient, they can help us as an organization, but we're afraid of them. So what can we do? As I said, we've got a pre made solution right there, which is ring fencing. But for every person like you who will consciously make a decision about, well, do I want to allow to do this and do I want allowed to do that, you will have your average user who will just say yes, yes, yes, yes, yes, yes, yes, yes, yes. When it asks a question. Yeah, and don't get me wrong, a lot of the time I'm approving stuff and I'm like, well, I don't fully understand the implications of that, but what I'm hopefully doing is putting some boundaries around what it can impact. I think it's very interesting your approach isn't such just block everything is to try and put those boundaries in place. The deny by default is fundamentally, even from an application control perspective, deny by default is what's going to keep you safe. Deny by default is what's going to stop malware, ransomware, all that kind of stuff from running and equally what's going to stop PowerShell from reaching out and downloading a payload, or it's going to stop it from running remote code, or it's going to stop it from exfiltrating data. The permit by exception basically is what allows businesses to continue to operate. So that's what is letting me use Chrome on my computer right now. It's why I've got teams running on my computer, I've got Outlook running on my computer. All those things are running because of the permit by exception. But the same applies to ring fencing, which is, look, I don't want this thing to be able to reach out to the entire Internet, but I do want it to be able to go to anthropic.com for example, or I don't want it to allow any of my files except these. And you're putting, as I said, guardrails in place that are outside of the direct control of the user because you have to assume, as I said, that the user is going to say yes to all those questions without actually considering the implications. That's correct. Great. And you mentioned earlier in the conversation a couple of new launches that have just come out. Do you want to tell me a little bit more about those, please? We run an event in Florida, here in Orlando, every year, sort of February, March time, which anyone who's ever been here knows is the best time to come to Orlando. It's the best time to be in Florida because it's not too hot. But Zero Trust World and every year at Zero Trust World, we tend to, as I said, announce new products. This year we announced two products, Zero Trust Network Access and Zero Trust Cloud Access. Very briefly, Zero Trust Network Access. I mean, pretty much everybody knows what it is. But the problem we're trying to solve, I suppose, is the fact that VPNs are dangerous. A lot of organizations still use VPNs. They have ports open to the Internet and all it takes is either a vulnerability in the firewall itself, which realistically happens on every day of the week that ends in Y, or compromised credentials, which are pretty much out there and everywhere and purchasable to anybody. So if fundamentally our approach with ports open to the Internet is every port you leave open to the Internet makes you more exposed in the same way as every application that you're allowed to run increases your attack surface. So ZTNA or ztna, I've actually got used to that because I speak to Americans so often. I've got used to the whole Z thing. So my apologies to anybody who's not in America. Z or ZTNA basically is the solution to that problem, which is you don't need to open ports to the Internet. Your servers will effectively publish services and we broker connections to them for those people who need access to them. Again, most people will know what it is. Again, it's just we do it through our agent, through our portal, same policy engine, same thing that people are already used to, et cetera. The other problem we're trying to solve is that of phishing business email compromise, cloud service compromise. I mean, there was a fairly large attack in the last month where a medical devices company got effectively completely wiped out from an intune initiated device wipe. But again, the weakness that we have never really previously, we've always been very much endpoint focused. So our controls have been around protecting the endpoint, because that's where most of the action was happening. What's become more apparent over the last couple of years is if they can't get in through the endpoint, they will try and get in through your cloud services as well. So the problem we're trying to solve with Zero Trust cloud access is, well, look, do we need the entire Internet to have access to our cloud resources? If we're using Office 365 or G Suite or Salesforce or whatever the case may be be, why would we allow the entire Internet to access that? Can we limit it to a small number of IP addresses? In this case one or two, which means that even if my credentials get compromised, if somebody has access to my password, it doesn't make any difference, they still won't be allowed to connect. We had a couple of our salespeople last year fell victim to phishing attacks and we were really lucky because what happened when the attackers got in is the attackers did what attackers usually do, which is they set up stupid forwarding rules in Office365. That's what triggered our ED and that's what made our MDR basically react to it and get on top of it. The question is though, would have happened if they didn't do any of those stupid things that attackers usually do, we would not have known people. They could have been in there for weeks or months or years, potentially undetected. It doesn't matter if it happens to you, it doesn't matter if you have my username, my password, anything. You still won't be able to access my cloud resources because fundamentally you're not going to be on a trusted IP address, which is. Is only these devices will be able to connect to. Everybody can have a bad day, right? Everybody can just half read an email. It's absolutely, it's so easy. And as I said, these are like, we do training basically monthly. Everybody should know what to spot, what to expect. But because, and as I said, we did use AI in crafting these emails, we use publicly accessible and available information with who would be sending something like this and who would they be sending it to? And it was. Was unbelievably and surprisingly effective. It's interesting because, I mean, it's a great data point for you in a sense, because you can then say to your customers that these are genuinely worldly. The experts in this, they were caught out by it, but it's also brave to go with it. Also, we were caught out by it and our leading security experts were as well. And then the alarm goes off in your living room. We've come full circle. But before we go, I always think it's Quite interesting. Just to end with this thought, so you've grown incredibly Threat Locker. I mean, rather than you. I don't know whether you've always been this height or not. When you think back, if you were to go back those five years to day one, what would be the words of wisdom that you would give your younger self and the bits of advice as you think about the next five years? I am going to answer the question, but I got to answer in a slightly different way, which is, I wish I'd done it sooner. So I've known, or I had known Danny for many years prior to coming to work for Threat Locker. We were, the company I worked for, were one of his first customers in previous enterprises. So I'd known him for many years. I'd known how clever he was. I'd known his propensity to build things that were, quite frankly, excellent for many years. And Danny had actually been trying to contact me for some time before he eventually did get me to sit down and talk to him about the opportunity that Threat Locker presented. He wanted to talk to me about it probably for a year before I actually spoke to him about it and took to the decision and joined. I wish I'd spoken to him earlier. I wish I'd listened to him earlier. I wish I'd made the decision and jumped earlier. That's all I would have said to myself as well. And technically it's cheating on the question because I couldn't say to myself, go back in time and listen to him earlier. But that's what I would have done. That is probably my only and biggest regret is I didn't do it a year earlier or a year and a half earlier whenever I could have done it because I was too busy doing other stuff at the time. Time, isn't it? I think that's fine. And within the rules of this, you've turned up in a time machine. All you've done is say, get in, we've got to go back another year. Absolutely. That is the only thing that I would or could have done differently. I mean, to be honest, it has changed my life in so many different ways. It was. It is undoubtedly the best thing I've ever done from a work and life perspective. But as I said, the only thing I would have changed is I would have done it earlier. I would have done it than Sooner. Sooner. Amazing. Well, thank you, Rob. It's been great to chat to you today. Really appreciate you coming on. Of course, if this resonates with you and you're listening to this now check out threatlocker please, I guess. Rob, can people reach out to you on LinkedIn anywhere else? I'm on many things, yes, absolutely. Reach out to me on LinkedIn. Do check out threatlocker.com we are on all of the socials. We do lots of stuff on YouTube. We do lots of webinars. I mean you basically find us anywhere and everywhere but you yeah, very much free to open me on LinkedIn. I'd be delighted to connect. Well thanks very much Rob and thanks everyone for listening. We will see you next time. COP Products is brought to you by Yaya, helping cybersecurity companies define who they're for, what they do and how they're different. To learn more, visit Yaya Co. And don't forget to search for cult products in Apple podcasts, Spotify or wherever you listen. Follow the show so you never miss an episode. On behalf of the team at Yaya, thanks for listening.