Can cyber investigations be canned? Find out what Sadia Mirza, Kamran Salour, and Shawn Tuma have to say as they discuss their thoughts and opinions on the subject.
Can cyber investigations be canned? Find out what Sadia, Kamran, and this month’s guest, Shawn Tuma of Spencer Fane, have to say. The gloves come off as these three breach coaches duke it out for the final word on this topic. Just kidding, we cordially discuss our thoughts and opinions on the subject and discover Shawn’s love for Winnie-The-Pooh.
Unauthorized Access: Can Cyber Investigations Be Canned?
Recorded: September 2022
Sadia Mirza:
Welcome to Unauthorized Access, the pod that tells you what's going on in incident response today. My name is Sadia Mirza, and I am joined by my friend, colleague, and co-host Kamran Salour. Today we are talking about the dos and do nots of forensic investigations. Kamran, how excited are we about this episode?
Kamran Salour:
Sadia, we are very excited, not only because I think we have a great topic today about forensic reports, but I think more importantly, at least for me, I'm excited just to get a chance to talk more with Shawn Tuma. I mean, Shawn is obviously the co-chair of the data privacy and cybersecurity practice at Spencer Fane, but to me, Shawn is a guy you just want to talk to, because whenever you talk to Shawn he envelopes you with his warmth. You feel like you're the most important person in the room when Shawn is talking to you, and he has such empathy and passion for what he does, and for people. And I think to me, that's one of the most important traits of any cybersecurity attorney. So any chance I get to talk with Shawn, and I guess to a lesser extent you Sadia, I am very excited.
Sadia Mirza:
Shawn, now you know why I said, "Okay, I will let Kamran introduce you." Because I knew I wasn't going to do you as much justice as Kamran just did. But Shawn, do you want to take a couple moments to introduce yourself?
Shawn Tuma:
I've got to tell you after that wonderful introduction Kamran, I really don't have anything to say. I'll just stop right here, because I can't get any better than that.
Kamran Salour:
Well, you don't have to do anything. Just hearing you and your voice just puts a smile on my face, and I'm sure for everybody else as well. We want to thank you for joining, and you're a man that needs no introduction I guess. So we will leave it at that.
Shawn Tuma:
Well I certainly appreciate that, that means a lot to me, because I enjoy knowing both of you, I've enjoyed getting to know you over time. And I appreciate you're putting me at that head of the line here, of all the people that are jumping to get on this super exciting, thrilling... What are all the words we have to describe it? Pod, this pod. I'm excited to be here, thank y'all. Kamran, you nailed it, I do what y'all do, I'm a cybersecurity data privacy attorney, I've been trying to figure out what I'm doing in this area for about 22, 23 years now. I still wake up each day in an absolute panic that I have no idea what I'm doing, because things move so quickly, and we all deal in so many gray areas with what we do.
The rules usually are not written, we're kind of winging it sometimes, and building on experience and judgment. And quite frankly, that's one of the things I love so much about this practice, and it's what I love about the collegial environment that all of us have that practice in this area. That we can pick up the phone and call each other, and talk, and visit about things like this, not in a competitive environment, but in an environment of really trying to help each other. And I don't think many areas of the law are truly like that, we're like pioneers out on the range exploring and learning together, and I really love that. And I appreciate y'all.
Kamran Salour:
Well, that was beautiful Shawn.
Sadia Mirza:
I know, so beautiful. And I was going to say, Shawn, one of the things that Kamran and I always talk about, aside from your professional career, your personal life, that's also something we discuss all the time. But mainly you being a father, and I know Kamran has said that he really looks up to you in that role. And so the one thing we always like to share with the audience, more of a personal side to all of us, Shawn, can you tell us how many kids do you have?
Shawn Tuma:
I have six kids, two dogs, and a grand pig, and soon to be a grandbaby next spring. Just wonderful, I love my kids, my family more than anything. And as much as I enjoy what we do at a professional level, that's really what life is all about, is our family and the stuff like that, that's the enjoyment right there.
Sadia Mirza:
Well, a big congratulations on the grandbaby, is it a baby girl or a baby boy, do we know yet?
Shawn Tuma:
We do, it's a baby girl.
Sadia Mirza:
I'm jumping out of my chair as a mama to three girls, and Kamran has three girls, we are definitely team girl over here. So congratulations, I think that is very exciting, and I can already imagine that you are going to be the best grandfather ever.
Shawn Tuma:
Well, thank you. And so I'm going to jump in with one more thing here, building on your last wonderful podcast with Linda. My favorite Disney character is Winnie-the-Pooh, because that's who I used to watch Pooh Bear with, with my first child, my daughter, who's now going to make me a grandfather.
Kamran Salour:
That's so sweet.
Sadia Mirza:
Well Shawn, I know our team always tells us to do a 20 minute podcast, but Kamran and I spent 15 minutes talking about nothing related to the topic. Before we jump into the questions, I wanted to share why we thought that this was an important topic to cover. Going back to the forensic investigations and reporting, and I'll say that oftentimes when Kamran and I are dealing with clients or insureds during a breach, there always seems to be a hesitancy to initially engage forensics. I think a lot of times it seems to be a cost concern, but other times the business just doesn't understand why it's needed. And so we would love to hear your thoughts Shawn, on why is forensics important, and what is it intended to accomplish?
Shawn Tuma:
I agree with you, forensics is very important. I want to commend y'all on the excellent Law360 article y'all wrote about a month or so ago, it really did a nice job of summarizing a lot of these issues. So I experienced the same hesitancy, I think cost is a factor, I think another issue that is often at play is protectionism. It's the internal IT information security team being concerned about having someone else come in and understanding what our role is, and what the role of forensics is. And understanding that we're not coming in to critique them, we're not coming in to bash them and point out all of the things that they've done wrong. But what we're really trying to do is figure out what happened, because at the end of the day that's what this investigation is all about, because we know something happened that got us to this point, now we need to determine the extent of it.
We need to know how was the network impacted, how was data impacted, what data was there, what happened with it? And more importantly, whether the bad guys are still in the network or not. These are real people we're dealing with, they're scared, they've just had a traumatic event take place and now they've got these people they oftentimes don't know, if they had done proper incident response planning, maybe they would already know us, and they'd already be accustomed to working with us in our roles, but most of the times they're not. And so first of all they have to get comfortable with us as people, and understand we're there to help them, we're there not as a tool of the insurance company to figure out how to deny their claims, which many of them think sometimes, and that we're on the same team. And so to me, helping them understand that in that first conversation or two is critically important, to then having things work smoothly from there.
Sadia Mirza:
Shawn, that's an excellent point, and I've made a note. Kamran, you realized that we missed that in our brilliant article, because that is a great point, helping the client understand that we are on their team, we are their partner, we're here to guide them through the response. A lot of times, Kamran, we even get that question, or people will make statements about, "Look, we know you represent the carrier." Because they're confused about why we're being inserted into the IR process, but having that initial conversation... And Kamran, I know you and me try to do that a lot. The first step is almost building the trust with the client/insured, because that goes a long way then in getting them to really follow your guidance and direction.
Kamran Salour:
Absolutely, the problem sometimes comes when you're dealing with an active ransomware event. Time is of the essence of course, and so you have to try to build that rapport in an accelerated state, but you certainly start to plant the seeds at that early stage, and as the matter progresses, and as the sense of urgency starts to dwindle you have more and more time to really nourish those seeds and watch them grow. But you're absolutely right, at the outset the obstacles we face as attorneys, are we representing the insurance company? Are we here trying to point figures at IT? And then we still need to deal with IT through this process, and so we have to build that cooperation with IT, but we also have to be able to be confident and candid enough when we're talking to the company about... Sometimes companies have bad IT, and we have to be able to relay that to them in the process, but still using IT, and not alienating IT. So it's a difficult balance as you're traversing all these things, that's what makes it exciting, but of course that's what also makes it very challenging.
Sadia Mirza:
One of the things that comes up Shawn, is we understand that we need to figure out what happened, how it happened, is the incident contained? But why can't the business just do it itself? Why can't the internal IT company do the investigation? How do you usually respond to that?
Shawn Tuma:
This really goes to the way Kamran just summarized that. I mean, so much of our role here is counselor, not that of legal counselor, but more of counselor and leadership. Of how do we lead a team through this process when the team doesn't even know each other, they don't trust each other, they're all scared, and like Kamran said, we're under this really compressed timeline. And what we want to say, is we want to say, "For goodness sakes people, they just got you into this problem, we can't trust them now to get you out of it. They were the ones in charge of protecting you, you've now had a problem, and so we need to bring in others." That's really not a true statement, but it's how it feels a lot of times. We have to help them understand what the role of forensics is, first of all, a lot of companies will say, "Oh yeah, we can do forensics on our team."
Shawn Tuma:
And they may have someone that really has some experience, but they're not like a true credentialed forensic expert. To me, that's one of the first steps I want to vet, is what capabilities do you even have on your team? Because a lot of times they're not going to have that, most of the times they're not going to have that. And so that's an easy way to say, "You know what? That's great, we appreciate the expertise, and we're going to lean on you for a lot of this, but we really need to bring in some outside experts."
I think the points that y'all covered in your article about the third-party privilege being retained under counsel, and having them work under privilege is a great point, and one we never want to lose sight of. As well as the optics part that you covered, because so much of this is about the optics, how is this going to be taken down the road, what we're doing today? And how's that going to impact potential regulatory investigations, potential litigation, things like that? Having an unbiased expert come in is always preferred, I don't want to say always, usually preferred, especially if you're going to be taking a position that the event that occurred is not notifiable or reportable data breach. If you're going to be taking that position, you absolutely need that third-party expert with all the appropriate credentials to come in and to do their independent investigation, and to give you the ammunition you need to support that conclusion.
Kamran Salour:
Shawn, I think you raised some excellent points as you were talking. I scribbled on my notepad here optics, because I think to me the optics goes a very long way being able to message internally and externally, that you have an independent third-party conducting the investigation. One other area where I think it's very helpful to have the outside forensic firm come in, is sometimes if we're dealing let's say with a fraudulent wire transfer, and we have a dispute from the company and the vendor as to, which environment did the threat get into, the company or the vendor? And who's at fault for the missing funds?
Kamran Salour:
I think having a independent forensic investigator conduct the investigation certainly helps me when I'm trying to negotiate a resolution in those situations, because I can always if I'm representing the company have the call with the vendor and vendors counsel, and I can punt a lot of the specific questions to say, "Well, the independent forensic firm is handling that." It creates an extra buffer, and an extra layer of separation, that I think we can use to your advantage when you're trying to negotiate a resolution. It's much harder to selectively present information that could be beneficial in that discussion if the company itself is the one doing the investigation, it's much harder for the company to say, "Well I don't have access to this information at this time." I think that's another reason that outside forensics can play a role that internal forensics or internal IT cannot.
Shawn Tuma:
That's a great point Kamran, having the ability to lean on that expertise, because each side in that situation is going to immediately say, "Oh no, it wasn't my email, it was yours." And that's just the default response. And being able to say, "Well, hang on a minute, we brought in an outside expert that has done hundreds or thousands of these, and this is what they've been able to find." It carries a lot of weight. And then like you said, being able to buffer that then, to maybe if something comes up during that conversation to buy some time to go investigate and learn more before coming back and responding, I think is very important.
Sadia Mirza:
I'll give a shout out to Violet too, because I think I remember when we posted the article on LinkedIn, she made a comment about, "Look, IT is not the same as forensics." As we're having this discussion the other thing that I thought about, is that when you pull your IT team away to help with the investigation, the IT team also has a day job. Especially when there's coverage for a forensic investigation, it would be in the business' standpoint, thinking about the employees, and the fact that they have their day-to-day job to handle as well, sometimes it's a lack of resources. And when you have the support of an external team who specializes in this, why not take advantage of that?
Shawn Tuma:
That is a great point, and I do remember Violet making that point. Part of the maturity, or maturization, maybe that's the word, of cyber and cyber risk, is first of all the understanding that IT and security are two completely different things. IT makes stuff happen, security stops bad things from happening, they're different skill sets, they're different tools, they're different objectives. So when you see a company that distinguishes between those two, it shows a certain level of maturity of understanding cyber risk.
But then you take that the next step further, internal security even within an organization that has those capabilities is still not at the level of true expertise of what our outside vendors that we work with bring to the table. Number one, from a security standpoint. And number two, from a forensics investigation standpoint. What we are dealing with in today's world now, sure we have your script kiddies, people out there doing a lot of this, but we also are dealing with true experts on the hacking side. And to take someone off of your internal security team, and task them with figuring out what the true people who do nothing but attack, day in and day out, 24/7 are doing, they're just not equipped for that. It's like taking our national guard and putting them up against the most elite special forces of an adversary, they're just not designed for that, and they don't have the tools and the skillset. And so we have to trust and rely on the experts to go do battle with the experts in this.
Kamran Salour:
I think that's very well said Shawn, because you're right, I think a lot of times people will just say, "All you're doing is looking at some blogs, somebody on my team can do that, I don't need to outsource this. Or I have some program that I can use that can scan the logs. Or I have antivirus on my system, I don't need to have an expert in the field." But you're absolutely right, and I think part of that maybe comes in those initial scoping calls for the forensic firms to really explain what they're doing, and why what they're doing is different. And maybe that's something as attorneys that we should focus on, trying to trump up that aspect of what the forensic firm is doing, making sure that they're able to deliver the message that their services are specialized, their experts and what they're delivering is going to be unique, and that's why you need to retain them.
Sadia Mirza:
Kamran, before we jump onto that next question, the one thing I'll say, is I think what we're saying applies to a majority of the incidents that we deal with. I can recall a handful of incidents that we've worked on together, where surprisingly the client actually did have the team in-house to handle an investigation. It's a mature company, I don't think you're going to find that in a lot of organizations, but we've seen it happen before, where you and me sat back and said, "Okay, wow, they really do have it under control." And maybe you bring someone just to augment the investigation, but for the most part the client was leading and directing it, and did a good job on uncovering the findings. But for most incidents that we deal with, I think forensics is a critical component.
Shawn Tuma:
Yeah, and let me echo that, I agree. And we've had the same situations come up, where they really did have some excellent people on their team. Or the nature of whatever the event was, it just didn't require going overboard. And part of that is the judgment that I think we have to bring to the table to say, "You know what? We have a much better understanding of this situation, and we agree that this really doesn't require it. It doesn't call for it, but we also understand that if something's discovered going forward, then we're going to bring them in." So that's part of our role and our judgment, and I've certainly made that call in cases as well, and feel justified in doing so.
Kamran Salour:
Now that we've talked about forensic investigations, and sort of the hurdles of emphasizing and explaining to the impacted organization the need for forensics. I know we could talk about the benefits of a forensic investigation probably much longer, but let's shift gears a little bit and talk about memorialization of the forensic investigation and forensic report.
Kamran Salour:
I know for some people they as attorneys will always want a forensic report of the investigation, I know a lot of times dealing with clients they'll want to report for internal purposes, but they'll also be under the impression that they can share that report with pretty much anybody that asks for it, no matter how many times you tell them it's a privileged document. I would love to hear your take, Shawn. I know a lot of it is just flying by the seat of your pants in a sense, where you're making this up as you go, and I wholeheartedly understand that because a lot of this is your internal gut check and judgment based on your prior experience. But do you have a rule of thumb in terms of when you like to have a report?
Shawn Tuma:
Yeah, absolutely, Kamran. And I wasn't kidding when I said I'm literally always trying to reassess and understand how I'm doing things, and whether it's the right way. And in fact this particular issue, my approach has changed over the last couple of years, because a few years ago I was in the camp of always requesting a forensic report, unless there was some really compelling reason not to. But over the last few years, my approach has changed now to really more of a default of not asking for a report, unless there's a good reason for it. And that came about because of a case we had a few years back, where I knew based on the nature of the event and the individuals impacted that there was either going to be litigation, or regulatory investigation, or whatnot. And so I was working with a great forensics firm, that we walked through the report or the findings before ever putting anything in writing. We talked about them, we managed everything we could, I reviewed drafts of the report for any kind of language that I thought was going to come back to hurt us.
And I was like, "You know what? This is a really good report." When I was finished with it. And then the demand and lawsuit came, and I pulled that report out, because the first thing they're asking for in their letter is a copy of the report. And I looked at it, and I was like, "Oh my god, this thing kills us at every level. How did we ever let something like this get drafted?"
And I mean, I spent a lot of time trying to make sure it was as good as we could get it, and it really just reinforced in my mind of, why are we doing this if there's not a good reason for it? How many times are these reports helping us, versus how many times are they hurting us? And is there a regulatory reason, is there some other reason why we need to have this drafted? If not, maybe we don't get one. I think it just depends on an understanding of the case, the clients, the event, the carriers, the potential regulatory agencies that'll be involved, because they're going to ask for it. I don't care who it is, when the adverse engagement comes along, they're going to start asking for it.
Sadia Mirza:
A lot of times when the client wants a report, and especially given if the nature of the incident is something where there wasn't too much forensics involved, sometimes we'll lean towards doing an executive summary. So at least we can have the conclusions down coming out of the forensic report, and we have that to back up what we're saying, or at least providing our legal counsel or the notification advice on. I think we've been leaning towards more of that executive summary, and not including a very detailed overview of what happened. I don't know if you've done those before, Shawn, but that's kind of where we've been leaning.
Shawn Tuma:
That's where we lean more often. If we're going to get anything, it's going to be an executive summary. I mean look, the privilege is great, but there's no guarantee to the privilege, and the best privilege of all is if you don't have it, well then it doesn't exist. And there you go, it's in thin air, which always leads back to putting the people on the witness stand, and asking them questions about facts, and they can always come out.
But it just is a matter of convenience I think a lot of times, it's one less fight you're going to have to have, and it's a greater understanding of your situation, and what your objectives are for this. Why are we investigating it? Where are we likely headed with this? And why do we need a report? If we need it, if we need to memorialize those findings, great. Where it really gets complicated, and we could talk all day about this, is PCI investigations. When you bring in the PCI investigator, and you have your privilege investigator going simultaneously, all those kind of things it just dovetails into a lot more. But I think you need to question it, and say, "Hey, why am I doing this? Why do we need it?" And then make your decision that way.
Kamran Salour:
And sometimes Shawn, that decision comes down to, what will make the client feel good at the end of the day? Because a lot of what we talked about is, why are we even having a forensic investigation? Why from the client's standpoint, am I incurring this additional cost? Sometimes the client just wants a piece of paper to memorialize the cost that they spent on the forensic investigation.
And sometimes even if there really isn't a great reason to have a report, maybe just the fact that this is going to give the client some peace of mind, it's going to give them justification for their expense. And of course obviously we don't want a report that's going to have damaging information in there, or anything that could come back to haunt the company. But if it's a fairly innocuous situation where maybe a report isn't necessarily the most crucial, but really was not going to cause any harm, but the client really insists on it, sometimes as part of our role of placating the client and making sure the client feels good about the end result, we might defer to just, "Hey, let's do an executive summary so you have something for your records, you have that peace of mind." Sometimes that's as good of a reason to have a report as any.
Shawn Tuma:
Yeah, I agree a hundred percent. And I think that's where you're going to see all of this comes down to, is there aren't really a lot of hard and fast rules. There's where we start maybe as a default, and then kind of reasoning through and factoring all these things in, because you're right, some clients they feel like, if I don't get a report then I've wasted my money, what have I paid for?
Kamran Salour:
Yeah. Conversely, I've seen many clients complain about the bills, saying, "I paid that much for a report?" It's for 10 pages of writing, so it's an interesting dynamic, but we'll talk about that at another time.
Sadia Mirza:
I can think of times though where it would make sense. Even if we do an executive summary, I can think about cases now where it's helpful to have a record of at least what was reviewed. Especially if you assume there's going to be, or you believe there's going to be an investigation that's going to follow or some kind of litigation, having a document that says, "Look, this is what was done as part of the investigation." It's needed sometimes to be able to say that, "Yeah, we did a thorough investigation, here's what was reviewed."
And so you have to balance all these factors together, and I think you make then an informed decision. And so Shawn, to your point, there's not really a rule of thumb when it comes to forensic reporting, it just depends on the particular incident at hand. But this is a good segue into our final question, I know you've reviewed hundreds or thousands of forensic reports, are there any tips on things you like in forensic reports, or things you don't like to see? Every time you open up a forensic report, is there one thing that you're always redlining out of it?
Shawn Tuma:
I think the most important thing is that the investigator understands the objective of why we've retained them, and what their particular purpose is in this case. The one thing that I can't stand in the past, is whenever we bring someone in, in a likely data breach situation, and there's a particular timeframe when it started, and they want to start going and finding every potential event that ever occurred in the history of this company. And they're like, "Oh look what we found, five years ago this." And I'm like, "That is not your job right now. Stay focused, we're not trying to go out and hunt for 10 years of data breaches that were never disclosed, or never even known." That's the kind of thing that really drives me crazy, is when we get put with an investigator that may not understand what they're doing in this particular context, they tend to do that kind of stuff.
Now on the other hand, if we're retaining someone to come in, like an insider misuse case, where someone has stolen company data and they've been with the company for years. Hey, then by all means, I want you to find everything they've ever done, so that we can use this in the litigation against them or whatnot. I mean, obviously that could be a data breach as well, depending on what they did with it. Understanding their objective is really an important part, and that's why it's great to work with experienced investigators that we all work with on a day-to-day basis, because we're all on the same team, we understand what we're trying to do. But aside from that, when we want your opinion, most of the time we want to just stick to the facts, and keep it as simple as these are the facts, don't go putting your opinion in.
But we all know there's that one area, where how many cases do you have where you can absolutely prove beyond a shadow of a doubt that there was no access to or exfiltration of data? That's pretty rare. So maybe that would be an area where I might want a little bit of an opinion of, "Based on our experience in dealing with this threat actor group, and knowing their habits, and knowing the tools they've used, we do not believe this was a case... Or in our experience this was not..." Something like that. I don't mind a little bit of opinion there sometimes, but it's got to be at the right time. So it's a matter of having them understand why we have them in this case, and knowing how to work with us, and us them. And what to put in writing, what to send emails about, all those kind of things, it's part of working together as a team.
Kamran Salour:
That's a great point, Shawn, on the balance. Just like we have to balance in the instant response process, the forensic investigator does as well, especially in the context of the report with the balance of the facts and the opinions. And I absolutely agree, there's certain times where I would love to have the forensic report give a reasoned opinion on why the forensic firm does not believe there was exfiltration under the given set of circumstances. In my experience, more recently I found that the forensic firms are less inclined to make those opinions. I can only speculate that they made the opinion one time, and for whatever reason that came back to haunt them. So they have a lot of their own internal counsel that puts a lot of restrictions on them, which sometimes can be frustrating in terms of trying to deliver the best situation for the insured here. Have you noticed more pushback from forensic firms on opinion?
Shawn Tuma:
I have. And we're trying to find the truth here, all of us are engaged in that same objective, we want to know the truth. If they believe data was exfiltrated, then we need to get to notifying. But there are some of those cases where everybody knows, you just know there was nothing more than some innocuous little access here, or there, or whatever. But sometimes it requires some lengthy conversations of explaining, and understanding, and going through that, and I think that's a big part of what our role is. I mean, we want to find the truth, and then we want to make sure that our report confirms it, and supports it, and it's challenging. When they understand where we're trying to go and why, I've found that they're either going to tell us why or why not. And sometimes that's good enough, because that why not may tell us, you know what? If they can't make that conclusion, then we can't really support this, and we need to default to the notification, because it's just too much of the gray area, and there's no way around it.
Kamran Salour:
Absolutely. Unfortunately, we are running out of time, and I'll speak for Sadia here, as I often do, we would love to continue this discussion with you, so stay tuned, Shawn, we'll be reaching out to you, because I think there's a lot more here about the ins and outs of the forensic report that we could definitely discuss. But I wanted to thank you so much for your time and your insights, I certainly feel like I learned a lot today about the process. And Sadia knows this, I describe what I do, you make it up as you go, in respect to a lot of these things, because there aren't any clear-cut answers. And to know that someone of your caliber in this industry and experience has a similar approach is very gratifying for me internally, I appreciate that.
And I really like your mantra of finding the truth, I think that's a very important mantra to echo as you go through the process. That's what the goal is here, and I think that's a great mantra to explain really at the outset of when you're discussing your role, that might go a long way in reducing some of the hesitancy of having a forensic firm, at least with respect to internal IT. We're not looking to find blame, we're looking to find truth. So I really like that, and I might steal that from you, so I will steal first and ask for a forgiveness later.
Sadia Mirza:
Did you say we were running out of time or no?
Kamran Salour:
Am I long-winded now? Thank you, Sadia for keeping me back on track. I will close this edition here, and I will stop waxing poetic. Thank you very much, Shawn, for your time, we all learned a lot. As we close pod, we like to close it with a trivia question. And today's trivia question is, how many children does Shawn have? And if you know the answer to that question, you can email the Troutman Pepper Incident Response email, at incident.response@troutman.com with the number of children that Shawn has, and the first person to do so will win a Troutman Pepper hacker hoodie. And so Sadia doesn't yell at me, I will just say thank you so much, Shawn, we couldn't have a more enjoyable time, and we look forward to talking with you in the near future. And thank you of course, Sadia, as always.
Sadia Mirza:
Kamran, before signing off I just want to clarify that if we use the word pod, we have to do it much more naturally with a little bit of swag, so it comes off much cooler than what was just said. But yes, thank you for everyone for tuning into the pod, I hope you know we're looking forward to the next episode. Shawn, thanks so much.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.