Welcome, Damien Fortune

Rachael Lyon:
Hello everyone. Welcome to this week's episode of the To The Point Podcast. I'm Rachael Lyon, here with my co-host, John Knepher. John, you're in Granada right now.

Jonathan Knepher:
Yes, I am now in Granada. I'm here visiting my daughter and her boyfriend, who's going to school out here and just got in last night. So if I look a little groggy, it's because it was a 26-hour trek to get here from San Diego. Wow.

Rachael Lyon:
Wow, that's. I mean, that's like going to Singapore for me. That's a very long trip.

Jonathan Knepher:
Yes, it was crazy. You know, cars, planes, trains, the whole nine yards.

Rachael Lyon:
So, for the benefit of our listeners who probably have not been to Granada, John, what is a fun fact about Granada? No pressure that you have learned since.

Jonathan Knepher:
Arriving there so far, some of the best things I've found is there is a coffee shop on basically every corner and the coffee here is just fantastic.

Rachael Lyon:
Oh, I'm so jealous. Like literally. The coffee aisle is my favorite aisle at the store. I like walk down it and I just stand there and like sniff. It's heaven coffee. So I'm very, very jealous. Bring you back some coffee beans. Thank you in advance.

Rachael Lyon:
All right, so let's jump into the podcast, which is why we're all here. Please welcome to the podcast Damien Fortune. He's founder and CEO of SENTRIQS, a company that focuses on cutting-edge cryptography and user-centric design to empower organizations to protect their most sensitive information. Into the quantum age. His career began on Wall Street, where he worked as a sell-side analyst covering energy and industrial equities and led a research group covering special situations, if I could say that. From there, he transitioned into private equity as a portfolio manager, followed by a role as CFO and COO of a portfolio company as part of his B2C to B2B reorganization and transition. What a background. Welcome.

Rachael Lyon:
Welcome to the podcast, Damien.

Damien Fortune:
Thanks so much for having me, guys.

[02:19] Why Legacy Systems Still Are a Liability

Jonathan Knepher:
So dam, I want to kick this off on some of your other things you've talked about before. You've talked about how breaches are still originating from weaknesses that are sometimes 20 years old. Why do these legacy systems still remain such a persistent cybersecurity liability for us?

Damien Fortune:
Yeah, I mean, there's always this trade-off between convenience and security. Right. And for a lot of folks managing huge workforces, the priority is still, okay, I need to facilitate 1,000 people working, 100 people working, and for that, I'm going to use the most mainstream tools possible, and I'm going to cross my fingers that that's safe enough to work without opening myself up to vulnerabilities. The problem, though, is at the end of the day, it's still people using these systems, and it doesn't really matter how many locks you have on your front door if you leave your window open. And most of the time, we find that that's how these breaches do start.

Rachael Lyon:
So, I mean, so what are the barriers here to, you know, I guess, addressing, you know, outdated infrastructure and. Or, you know, how addressing technical debt really is what we're talking about? Is it. Is it operational? Is it financial? Is it just, hey, it's. We. We don't really feel like it's broken. Nothing's happened, so we think we're good for now. Like, what is your perspective on what you're seeing out there?

Damien Fortune:
Yeah, I mean, it's all of those things. It's also this tremendous amount of inertia around training. Nobody wants to retrain an entire workforce on a new. It's already a slog to get folks to go to cybersecurity training and those sorts of things. That's certainly part of it. The financial piece is certainly huge. And then there's also a certain amount of security around legacy products. There's a saying that CISO's never going to get fired for using Microsoft or McAfee or something like that.

Damien Fortune:
So there's a little bit of gamesmanship there. The average lifetime of a CISO in a particular role is 24 months. Right. So a lot of times it's, you know, maybe this will be the next guy's problem and not mine, and that sort of thing.

Jonathan Knepher:
Are you seeing that there's also other financial barriers and stuff as well on moving forward here?

Damien Fortune:
Yeah, totally. I mean, it's. We're seeing more and more folks are trying to reduce the number of vendors they have, reduce the number of platforms that they have. Right. There was this push for a while when. When budgets were big, and everyone could kind of put a hat on a hat in terms of cybersecurity. But now you've got this really consolidation and narrowing and leaning down, so you have to make a different case. Right now.

Damien Fortune:
It's. You really need this tool because the cost on the other side of something does go wrong. Is Tremendous. And it's worth kind of playing the insurance game to make sure that your organization is safe financially, reputationally, and so on.

[05:01] Reactive vs. Proactive Risk Reduction

Rachael Lyon:
So I'd love to talk a little bit, explore a little bit more, this idea of like, reactive versus proactive risk reduction as well. You know, it's an interesting dichotomy. Meaning you look at Southwest, for example, and this is my favorite observation with, I think it was the CrowdStrike outage, because I guess they were really running outdated systems or maybe hadn't patched them in quite some time, made them not vulnerable. Whereas those maybe that have automated patching, good cyber hygiene, particularly, maybe were more affected. What is your perspective on this? Yin and yang?

Damien Fortune:
Yeah, I mean, I think that being on top of things is obviously the best thing you can do. We always give the same sort of advice. Update your systems, make sure you've got the latest patches, change your passwords. That's the kind of easy BuzzFeed Top 5 things you can do to not get hacked lists. The trick still becomes that the bad guys have evolving tools that make them better and better at what they do. So it's not just the kind of general maintenance stuff. You have to be educating people on what the new threats are, how they can make mistakes now, what actually is a risk or what's an open window that wasn't before, and those sorts of things.

Jonathan Knepher:
Can you talk a little bit more, though, on, like, how that engagement goes with, you know, your partners and others, on how to secure, how you're interoperating together with them? Right. Like, you know this, as Rachael mentioned. Right. The CrowdStrike breach was, you know, kind of a side effect of being so up to date. But there's gotta be a way to handle these kind of like supply chain and. And partner vulnerabilities, right?

Damien Fortune:
Yeah. We're seeing more and more of these cyber bills of materials, as they're called. So kind of understanding what components, what integrations are built into the software, all the way down the supply chain with your vendors, we're seeing more vigilance around that now. You know, one of the issues there, though, is when you get into these massive legacy systems, they're just too big to really inventory correctly. And they also benefit from having that legacy. So you're kind of using Microsoft. Again, not to pick on them. But as an example, no one's really worried about the Latest exploit in PowerPoint if you're using Microsoft Teams.

Damien Fortune:
Right. Unfortunately, that's how a lot of these things happen. So there's that increased vigilance piece. One of the things that we've been seeing is this actual move more in-house, more local than before. We saw this pendulum swing out where everything was in the cloud, and anybody could sign in and access all this data from anywhere. Particularly during COVID, right. Starting to see that pullback and say, okay, we're going to use specific tools, specific pathways to do these kind of interactions. We're going to try to restrict access to these things as much as possible, just again, to kind of close those doors down.

Damien Fortune:
In a post-COVID world, we have seen some return to the office, but everyone in this call, it looks like, is working from home. And that's one of the new parts of the social contract, and certainly part of the war for talent and those sorts of things. So it's. There's all this additional threat surface that you have to manage, and folks are trying to bring it in-house virtually as much as they can.

Jonathan Knepher:
I want to dig a little deeper in on that. Sorry, Rachael, but the whole coming back from the cloud to on-premises, we've heard that from some of our other guests, too. And I think there's a lot of pros and cons both ways. Can you talk some more about the security implications on both sides of that?

Damien Fortune:
Yeah. So obviously, bringing more things out of the cloud reduces the threat surface. So you've got less entry points to get in, less potential unattended endpoints. So we always give the example of Starbucks WI Fi or a public library computer where somebody could stay signed in and forget to click the sign-up button. So that's an endpoint where someone could get access. So risky cloud integration on that side, the challenges on the other side are mostly operational. Right. I mean, the cloud movement was this big convenience play.

Damien Fortune:
So now you've got the problem of I'm away from my desk, I'm at that Starbucks, and I can't get access to change a file really quickly or update an email, or send something over to somebody that's kind of in a rush or pressed for time. So that's the struggle that people are trying to navigate through. We've taken this position that you kind of have to live in the middle lane where you want to give people access, but have enough controls around that access so that you can be super sure that whoever it is, wherever they are and whatever device they're on, you've got eyes on what they're doing, how they're accessing it, and then have the ability to control that activity.

[09:40] Supply Chain, Vendors and Shared Accountability

Rachael Lyon:
Nice. So I want to talk more about the vendor thing. Because this is a really interesting area. More so about shared accountability. Nowadays, bods can be fiduciary responsibility for a breach. But when we look at, you know, vendors, I know there's always kind of the checklist of things that we require them to have, but a lot of times it's compliance, right? You know, are you compliant with these areas? But compliance isn't enough. So how could we get to more of a shared accountability model as well?

Damien Fortune:
Yeah, a lot of that thus far has really just been around rules of engagement and kind of determining what platforms folks that are using. I mean it's. You're exactly right. The compliance thing is kind of the good hygiene checklist. A lot of times, those things are unfortunately self-attested. So you know, you don't have a third party coming in and checking super frequently on things. And the way that things are evolving so quickly now, a certification that's three months old might not even be all that useful anymore. So that's certainly part of it.

Damien Fortune:
We're seeing more and more specialized tools like our platform or like Kite Works in the legal industry, for example, where folks are saying, okay, if any kind of activity looks like a file transfer, we're going to use this platform. Because then we know that anything on your side is going to flow through a couple of layers of checks and a couple layers of access management, so that we can at least build some comfort around where this stuff is coming from. One of the things that we hear more and more from the CISOs is we're scared of doing business over email. It's kind of like the last bastion of super-insecure ways of collaborating. That's a terrible hill to die on. Right? We're not out there trying to say don't use email anymore, but what we are trying to do is say don't identify and inventory the important stuff, the important workflows, the important people, and shift that part over. Even if you need to use email for your town hall, company announcements, and those sorts of things, just be mindful of what's going where.

Jonathan Knepher:
And how does that interplay as well with transparency and communication, especially around what if there was a breach or the wrong type of information being shared?

Damien Fortune:
Yeah, that's always a tricky one. We are seeing a huge push towards compliance. There are a lot of consumer tools that became in vogue during COVID. We saw Signal Gate earlier this year, right? Signal's got great encryption, decent device management, those sorts of things, but really was being used as the wrong tool for the job. Square peg, round hole kind of thing, where your interest is keeping this stuff secret or secure. A little bit of a stumble there, but the compliance piece was just left wide open. So when they went back and said, okay, we need to see these conversations for the Federal Records Act, they kind of threw their hands up and said, sorry, this is a tool that doesn't do that. So we're seeing a push all of a sudden for, okay, anything that we use has to have compliance attached to it, accountability, auditability.

Damien Fortune:
So that that environment is shifting a little bit. It's still tough going because a lot of those tools that were the defaults and Signal again, for example, are free. And it's hard to go to a CISO and say, hey, I know this was working well for you before, but now you've got to implement something. And by the way, that budget's got to come from somewhere.

Rachael Lyon:
Right? Which is everyone's favorite conversation.

Damien Fortune:
Exactly.

[13:11] Preparing for Quantum Risk and Critical Infrastructure

Rachael Lyon:
So you also talk a lot about Quantum, which is one of my favorite favorite conversations. I was reading a blog you wrote last year on SecureWorks, kind of looking at, you know, Quantum and Q Day, you know, Harvest now, Encrypt later, you know, and every time I want to talk about Quantum, a lot of folks like, oh, it's still so far out and why do we got to worry about it now? You know, but I think there are some realities. I think you read another article where you're talking about, without quantum-safe encryption, critical infrastructure will crumble under new threats. Which I think is interesting. So what should be people. Should people be doing now? Organizations be thinking about now and implementing now to prepare for what could be five, seven, however many years ahead, but it's going to come.

Damien Fortune:
Yeah, yeah. So, you know, the QA conversation is always interesting, right? Like, we talk to folks every now and then, they're like, look, man, that's the next guy's problem. You know, quantum computers are on the same shelf as the flying cars, right? Like, call the next guy. But we have seen that Q Day estimate keep getting pulled forward. I mean, even when we did that article with SecureWorks, we were saying, okay, it's between 20, 2030, and 2035. I was at a conference about a month ago where speakers from the companies that make quantum computers were saying, look, this Q Day is going to be here in three years or less. So even in a short amount of time, we're seeing that timeline come in from a threat perspective. It's really kind of existential in some ways.

Damien Fortune:
If you think about all of your data kind of being laid bare for critical infrastructure in particular, there's this increase danger there because the folks that are going to have access to quantum computing early are going to be kind of state actors, and they don't really care about your email so much as they care about shutting down the electrical grid. So we're seeing, we work a lot with NGO in the utility space, for example, we're seeing more vigilance and more awareness there on those sorts of things in terms of what businesses need to do. Again, it's that kind of inventorying of, of your data and your conversations and saying, okay, what stuff could we kind of let fly for a little while? You know, stuff we're not too worried about that's not going to be hurtful, or that doesn't have the shelf life. Right. I mean, there's a lot of stuff that we talk about that's not really valuable tomorrow, let alone five years from now. But there's plenty of stuff out there that is going to be critical. Healthcare data, financial data, system architecture, all of that sort of stuff. The military readiness information.

Damien Fortune:
So that stuff you have to identify and get on top of early, particularly if it's regulated information. If you think about financial transactions or healthcare data right now the regulations say that stuff has to sit on a server for five or seven years. So if it's encrypted with today's encryption, it's going to be sitting on a shelf vulnerable in five to seven years. And that's, we think at this point, going to be well beyond Q day. So building that awareness and taking action sooner is certainly really urgent at this point.

Jonathan Knepher:
Can you talk some more about the critical infrastructure bit? That's something that I think is, is definitely scary, and I remember reading quite a bit in your background in that space, and what things can we do to help maintain operational trust in this, even when things might become vulnerable?

Damien Fortune:
Yeah, I mean, that's really been a subject of a lot of discussion this year. We've seen funding moving all over the place, and in some cases, not come back out of the federal government for initiatives like this. We've seen our adversaries do everything from cyber attacks to installing malicious code in hardware, solar panel controllers, and those sorts of things, to using deepfakes and AI to install folks from adversarial countries as employees within these companies. And that's a whole different set of challenges when you get physical access. So really all that we can do is continue to work with these NGOs, continue to work with the utilities themselves to build up these defenses. And this awareness, I will say that the encouraging thing is out of all the industries that we talk to about the implications of Quantum and the dangers of Quantum, the utility folks are the most proactive thus far in saying, okay, this could be a really big problem. We understand that if we get into a war with the Chinese and they want the war to stop before it starts, they just make the lights go off. Right.

Damien Fortune:
So they're being more proactive, and we've been really encouraged by that.

Rachael Lyon:
So I'm interested in a little bit more about this whole harvest now, decrypt later. Right. In the realm of Quantum, I mean, we talk a lot about the existential threat, but I mean, if we had to kind of solidify this a little bit more, I mean, how, I guess, how scary is it? Right? To Jonathan's earlier question, I mean, you know, like when we talk about, you just feel like they're just lurking everywhere, and you know, and one day there's a flip, is a switch is going to flip, and we're going to see a lot of chaos. But is that really accurate?

Damien Fortune:
So for some industries, we do think it's, that really is the risk. Right. Particularly when we're talking about nation-state actors. Right. I mean, it's not hard. All of the governments around the world have set up these data vacuums, let's call them, that have been sucking up basically all the traffic that they can get access to for over a decade at this point. And a lot of that data, it'll be benign, right. But even in the age of AI now, no data is worthless.

Damien Fortune:
You can feed a bunch of data to a machine learning model and draw some kind of useful conclusion out of it. But when you think about things like a patent for a biotech company that might be with their lawyers over email or even Kite Works right now, a secure system that five years, seven years from now, someone could decrypt and just blow that market apart. Right. Suddenly, that product is no longer yours; it's yours and someone else's. And depending on where that data is compromised, there's really very little recourse that you have to go after those folks and shut them down. So, depending on the industry, sometimes it could be again, existential for the business.

[19:23] Data Integrity, AI Threats and the Human Element

Jonathan Knepher:
So talk some more about data accountability and what's that involved from a cybersecurity discipline side of things, can be on the compliance issues.

Damien Fortune:
Yeah, yeah. So we're seeing more and more this idea that because access is so distributed, because access is so easy these days, that file integrity is a big deal, or knowing that you're Talking with the right person on the other end of the phone or that a document was last accessed by the person that you think it was are kind of key issues. Right. Because if you go in with the blind trust, unfortunately, sometimes that's kind of the exact exploit that the bad guys are banking on. Right. So we're seeing more and more this idea that. Or we're being asked a lot more, what are you doing for logging? What are you doing for access monitoring? How can we tell who is the last person that touched this file? Or how can we tell that this file hasn't been accessed? So we've been pushed to build more tools and more processes around that, and we're seeing that kind of across the industry. That's another one of those ideas where malicious code can be installed into a file, for example, like mid workflow at a law firm or at a manufacturer.

Damien Fortune:
And when that file gets opened by someone assuming that it's okay, you're suddenly backdoors into the system or multiple systems are compromised, and those sorts of things. So the implications are really far-reaching. So we're starting to see more vigilance around it. Again, though, when you're dealing with the human element, it's so, so tough to be on top of that.

Rachael Lyon:
And that's a really interesting, I guess, perspective too, right? Because, as we know, there's always people in the mix. It's almost kind of like everyone to the defense of data integrity. We all have our part to play depending on where we sit in the business and what data we touch, of course. And so there's a lot of talk about training, kind of real-time education. But I wonder, do we get to a point of view, you know, kind of fatigue, right, from employees? It just, you know if I, if they do one more phishing, you know, practice exploit on me, you know, and so sometimes they just rebel, and they click on it anyway because they know it's it. But, you know, how do we kind of keep people vigilant, right?

Rachael Lyon:
With. Without getting kind of overwhelmed?

Damien Fortune:
Yeah, it is such a big challenge. And that's, I mean, you're exactly right, like fatigue is a piece of it. Kind of recalcitrants is a piece of it. But I've talked about this on Capitol Hill, I've talked about it on Wall Street. One of the things that is common across all of these industries or agencies is that anyone that has access has to go through this cybersecurity training, whether it's quarterly, annually, in some cases, very frequently. We've all had that phishing email training. But the reality is all of those people also have this common thread of being really busy or getting distracted or the mess hitting the fan and suddenly needing to take action, really. And all it takes is that kind of fraction of diverted attention to prevent you from taking that extra step to be like, oh, is this email really from who I thought it was from? Is this link something that I should be clicking on? Do I really know what I'm opening here? And that's what the bad guys bet on, right? So it's really tough, right? Like I've got an 11-year-old kid, and I'm trying to give life advice to him, and it's kind of like, yeah, yeah, sure, it's the same kind of thing around, like, take a second, breathe, think about this.

Damien Fortune:
And it's hard to keep that discipline in the moment when these sorts of things are happening. So what we've tried to do as much as we can is protect our users not just from the bad guys and the nation state actors, but to protect them from themselves by setting up safeguards to say, okay, we're going to do everything that we can to say, if you're accessing a file in our system, at least you'll know that that's from the person that it purportedly is from, or that this file has gone through some sort of screening to make sure that it's safe for you to click on so that you don't have that stutter in your step. And also hopefully not have any sort of operational issues.

Rachael Lyon:
I would love that. Just FYI, John, if you're taking notes, I would love to have something come through, and it's like certified 100% fresh and free of any concerns. I got one of those today from a media source that I've worked with for years, but it was a sketch looking email so I don't dare reply to him, you know, and I'm just, I'm very stymied because I really want to reply, but he does like a hyperlink thing in there and I don't know, it just looks super sus and I just need that certified fresh, John.

Jonathan Knepher:
Yeah, I mean, I wish that were possible. I got a crazy one the other day from, you know, a car rental company. I was like, this can't possibly be to me, but somebody put in my email like the whole thing was legit, it just wasn't mine. It was so weird.

Damien Fortune:
And that's, that's the rise of AI, right? Like, I mean, the days of the poorly worded email from a Nigerian prince trying to share his inheritance with you are a thing of the past. Right. You know, ChatGPT, Claude, all of these sorts of things let folks generate really convincing material and then be really prolific about it, and sending out tons and tons of emails. And you know, again, it's a numbers game. If someone's distracted or someone's kind of less trained or versed in kind of the risks that are out there. You get more hits when you can use these tools to be everywhere all at once.

[24:39] Damien Fortune's Path to Cyber

Rachael Lyon:
Absolutely. I'm ready to get into the personal stuff. John, I don't know about you, I am too.

Jonathan Knepher:
But I have a question I want to ask on the personal front. I know Rachael, you normally take these off, but Damien, there's quite a few people in the cybersecurity space and some other high-tech roles that I've known where people started out with their JDs, and I'm noticing you did the same. Can you talk about how, how the interaction between those backgrounds fits together?

Damien Fortune:
Sure, yeah. It's probably not an uncommon story, but I graduated with a finance degree in 2008, which is a decidedly bad time to graduate with a finance degree. So I had to find something to do with myself. So I went to law school. Wall Street was kind of back on its feet by my third year of law school. So, a full-time law student, full-time investment banking junior. And that was a challenge for my sleep cycles, but we made it through. So, I mean, the training's always been super useful.

Damien Fortune:
As a startup guy, being able to kind of step in and put on the general counsel hat is super interesting. What we've seen now in applying that in my life as a cybersecurity executive. Rachael, you hit on it earlier, right? All of this stuff's built into the contracts now. Your levels of certification, your cyber bill of materials. So understanding how to navigate those things, how to shape our policies, how to use our policies to inform how users train and interact with our systems has been super important. It's always got the benefits of good critical thinking and being able to communicate and write, and those sorts of things. But yeah, it's weird to say, but I never took the bar, but I find my JD super useful.

Rachael Lyon:
And how did you find? This is always curious to me because people in cyber can come from such very diverse backgrounds. We had like a PhD in, I don't know, like medieval combat or something. I forget what it was. And he was a CISO. But what an interesting start with the finance background, the JD. And then you made your Way here to cyber. I mean, what did that path look like? How did that come about?

Damien Fortune:
Yeah, so I really started to get into the technology world when I was doing special situations, which is just Wall Street parlance for looking at stuff that no one else really focuses on. So all the weird situations and companies going public in weird ways or splitting apart, dealing with activist investors, and a lot of that happens in the tech world. So I started to kind of get it there. When I moved into private equity, we dealt mostly with technology companies, so that's kind of the transition started there. I ended up parachuting into one of our portfolio companies in New York City called Savory, which is a tech-enabled food delivery company, still a shareholder. So if you guys are hungry and in the city, please do check them out. And from there, we turned that company around and exited it literally a couple of months before COVID shut the world down. So it was kind of payback for that 2008 timing in my career.

Damien Fortune:
And my business partner and the CTO of Savory and I were kind of doing the life after exit thing. We were meetings and trying to figure out what was next, and talking with lawyers and accountants and all this sort of stuff. And we kind of started to run into this was in the early days of COVID, all of the early trappings of Zoom bombing and unwanted content coming up in meetings. We had a kid crash one of our meetings and take his shirt off and spin it around his head. So we kind of had this moment where a couple of weeks on, I'm having this conversation with Dylan. I'm saying, man, do you remember that crazy thing that happened to us? We started to say, okay, there's got to be a better way of doing this. And that kind of set us on our journey to thinking about cybersecurity and thinking about collaboration in the context of cybersecurity. We were super fortunate in attracting a group of backers and investors from kind of the Alphabet soup of the DoD and the intelligence community and things like that.

Damien Fortune:
So they pushed us even harder into that kind of bleeding-edge, cutting-edge cybersecurity encryption, thinking about Q day five years ago, those sorts of things. So that was kind of the genesis of it. Thankfully, my partner Dylan is brilliant and kind of keeps me on the cutting edge just by virtue of him being there. So, yeah, it's been a great partnership, and it's been really fun as a person. That was not a cyber guy 10 years ago to now be a cyber person and to even in conversations like this, think Back to like, oh, God, when I was a banker, I was doing things I definitely shouldn't have been doing, crossing my fingers I was part of the problem, and now I'm trying to preach the solution.

Rachael Lyon:
That's fantastic. I was also looking at one of my favorite things is counterintelligence. And I see that you guys recently announced a partnership with. Was the last name Kumba, I think, but someone with a really interesting background, and kind of. It sounds like extending the work that you're doing to kind of more of the, I guess, classified realm.

Damien Fortune:
Yeah. Yeah. So, Rachael, you kind of touched on it earlier, the board level, fiduciary responsibility thing, right? When you get into the upper echelons of any org chart, you start finding these folks that have unique security needs, or most of the stuff that they're talking about or where they're traveling or who they're interacting with, suddenly become just, by the very nature of who that person is, all sensitive information. So, one, it was an easy market for us to get into because they were the folks that get it. They were the ones that are up at night worrying about cyber breaches and data loss and reputational loss, and those sorts of things. And through the work of some great folks on our team, we've been introduced to folks like Pat Kumba who play in that realm, really at the highest levels and really get to take to match products that we make that really focus on that use case and introduce it to these folks that have been, you know, historically kind of rolling the dice again with consumer products and hoping that things would be okay.

Rachael Lyon:
Nice. So I know we're coming up on time here. I can't believe we're actually on the to the point schedule. Do you have any kind of parting words, right, in terms of, you know, planning for Quantum and, you know, thinking about encryption in the next maybe three years or two and a half years and what needs to happen, what would you be your parting words of wisdom for our listeners?

Damien Fortune:
I mean, the big thing, again, is that taking the moment to do the inventory, right? Thinking about all the ways that you interact with your financial institutions, your lawyers, your accountants, your doctors, your intellectual property, your kids' information, and thinking about the systems that you're doing those activities on, and saying, okay, which of these needs to change? Which of these workflows? Do I need to ask whoever my counterparty is, should I be asking my bank, hey, what are you doing to protect my financial information? Should I. Should I be saying to my doctor, Should I be text messaging you this picture of my arm or whatever, right? So it starts with that inventory and figuring out what you have that's sensitive or at risk. And we found a lot of times in doing that exercise, people start to say like, holy cow, there's a lot here that's sensitive and a lot more than I maybe thought of as I was walking around day to day.

Rachael Lyon:
That's good advice. So, John, we're coming up on that on that time. And, you know, thank you, Damien, for joining us, and thanks again to all of our listeners for joining us for another really awesome conversation. And then, John, drumroll, smash that subscribe button. Ah, shameless. Plug. And you get a fresh episode every single Tuesday. So everyone, until next time, stay secure.

About Our Guest

Damien’s career began on Wall Street, where he worked as a sell-side analyst covering energy and industrial equities, and eventually led a research group covering Special Situations. From there, he transitioned into private equity as a portfolio manager, and eventually into a role as CFO/COO of a portfolio company as part of its reorganization and transition from B2C to B2B.

He holds a Juris Doctor from the Benjamin N. Cardozo School of Law in New York, and a Bachelors Degree in Business Administration from the College of William & Mary in Virginia.

Damien also serves as Senior Financial Adviser for SuperAlloy Interactive, one of the leaders in motion capture for the film and video game industries.